This Week in Cyber: Eight Months After the …
Is this cyber war? Real talk – this week’s news isn’t necessarily brimming with optimism. As if it wasn’t enough to hear the US Olympic Committee warning athletes that they should anticipate being spied on while competing in China, now our intelligence agencies are warning us of possible cyber attacks as the tensions rise at the Russian/Ukrainian border.
To keep this post from sounding like a remake of “We Didn’t Start the Fire,” you can read more about the Russian threats here. Follow the blog later this week for some insights on our status with China, with thoughts from Phoenix Cybersecurity Conference keynote speaker Dr. Jonathan Ward.
What’s the hold up? Eight months after the ink dried on President Joe Biden’s executive order on cybersecurity, a critical component – the US Cybersecurity Board (a la NTSB) – has yet to be established. People are starting to ask questions … namely, what’s up?
“We will never get ahead of these threats if it takes us nearly a year to simply organize a group to investigate major breaches like SolarWinds,” said Sen. Mark Warner (D, Va.) to the Associated Press. “Such a delay is detrimental to our national security and I urge the administration to expedite its process.”
The EO gave the proposed board 90 days to report on what happened with SolarWinds, but gave no required timeline to establish the group, the AP reported. According to the article, the Department of Homeland Security is on the hook for the task force – we’ll all stay tuned on this one.
Speaking of SolarWinds… Security crises collided earlier this week, when SolarWinds uncovered a Serv-U bug when attackers tried logging in with the log4j flaw, according to ThreatPost. Fortunately, SolarWinds has already patched the issue, but it’s a reminder that even the most vigilant organizations can have openings for hackers.
Not really a good look. A Volkswagen employee was terminated after raising some red flags on cybersecurity concerns, including the possibility of fraud following an attempted cyberattack, according to reporting from Financial Times. The employee also told leadership that if they took no action, the company could face regulatory issues. The reports were made in September 2021, and the employee was terminated by October – VW defended their personnel move to Financial Times, citing that the employee’s warnings were irrelevant to that termination and that it was a matter of professional differences.
Lucky for that guy, Cybersecurity salaries are on the rise. An org called Analytics Insight as found that top cyber jobs will be averaging salaries north of $200,000 USD. The company predicts that CISOs, bug bounty hunters, lead software security engineers, cybersecurity sales engineers, and project managers are set to bring in the big bucks in 2022. So now everyone knows who’s picking up the tab at the next company happy hour.
Get out of town. The Data Connectors team is hitting the road with the Salt Lake City Cybersecurity Conference. Locals can still register for Thursday’s event here. Can’t meet us in SLC? Head to the comfort of your computer for the SouthWest Virtual Cybersecurity Summit on Feb. 2-3; register for free today. We’ve got a sneak peek of Special Agent in Charge Frank Boudreaux: don’t miss out.
Recent news posts
Cyber Fraud Task Force: Weekly News Update
Cloud Computing, Data Protection Top List of In-Demand Skills: ISACA Annual Report
Cyber Preparedness Consortium Bill Heading to President’s Desk
Explainer: CISA’s Shields Up Warning
Note to Self: Smishing Schemes Are on the Rise
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.