Cyber Security Headlines Of 2019 Bring Lessons Learned

Half of survey respondents cite phishing scams or data exposure as most significant

Add bookmark

lessons learned from cyber security headlines

In a recent audience survey, Cyber Security Hub realized that media coverage has a lot to do with what drives more awareness of where cyber security professionals should be focusing. In an open-ended survey question, we asked respondents to identify what they believed was the biggest headline of 2019 so far and what we could learn from them.

See Related: “Top 5 Cyber Security Breaches of 2019 So Far

Digging through the data, about half of respondents referenced some sort of phishing/email breach, or data exposure element. One respondent also wrote in this section that recent headlines show the same victims getting hit multiple times, asserting that “More security awareness is a serious ongoing challenge that is top priority to the business.”

CNBC Cyber Security Reporter Kate Fazzini said in a recent interview, “I think the Yahoo email breaches are also very important for the same reason. Everyone says they’re not worried about what’s in their emails, because they’re not an important person. Even if that’s true, what if you’re a CEO a decade from now? Are you going to be worried about something embarrassing you said over an old Yahoo account in 2006? Well, it’s sitting in some server in Russia right now just waiting for your rise to power.”

In many recent interviews and cyber security coverage in general — Equifax, Cambridge Analytica and just about any Facebook headline always tops the list of most referenced cyber security breaches to note. Here are 10 newsworthy breaches and insights from the survey worth noting:

  1. Salesforce breach. ‘Even reputed vendors can be subject to attacks.’
  2. First American title breach. ‘Possible cloud security configuration issue calls for better expertise and process.’
  3. Wipro breach. ‘You’re only as strong as your weakest link. If you invite a service provider to look after your assets then you have to accept they will introduce risk and not reduce it.’
  4. Emotet malware. ‘We need to find a better solution to protect against ransomware and its variants.’
  5. Singapore’s NHS data breach. ‘Detection of unusual activities is key to damage control.’
  6. Not all encryption is created equal. ‘Data at rest encryption mitigates the threat of someone stealing discs from data centers and being able to access data from them. Data at rest encryption does not protect against the majority of attacks or breach types. Data in transit encryption and data in use encryption are things that security leaders need to create more awareness about.’
  7. Wolters Kluwer malware. ‘More education of employees.’
  8. ‘Inherent trust is a bad thing.’
  9. Intrusion by foreign powers. ‘We must continue to maintain a security awareness posture.’
  10. First fine of GDPR non-compliance in Poland. ‘GDPR is real.’

See Related: “6 Cyber Security Trends To Watch Going Into 2020