Cybersecurity has been a national priority, really? 2020 accelerated many events and cyberattacks were no exception. From record attacks due to the pandemic with our new normal as it relates to work and education to the recent SolarWinds hack. We are in a phase of digesting, learning, and evaluating what these events mean moving forward. This week’s brief highlights a few of the concepts circulating around the evolution of the cybersecurity industry and suggestions that experts are sharing.
As we have seen in recent weeks, the threat of cyberattacks is still a very real issue. Mimecast, an email security vendor, is one of the latest organizations to report the occurrence of a security compromise. Mimecast announced that a certificate used to authenticate products provided to Microsoft 365 was the focus of the attack, and around 10% of the company’s customers had already accessed the targeted certificate. The company is currently asking those customers to promptly delete the connection. While CRN asked Mimecast if the attack had any relation to the SolarWinds incident, the company did not provide an answer.
Tom Johansmeyer shares in the Harvard Business Review that we have “entered a new era of cyberattacks.” And while we look toward the potential of dealing with increased sophistication in attacks, one of the main considerations is the option of cyber insurance. According to Johansmeyer, this particular field of insurance is growing and may continue to grow, especially in demand. However, there are still constraints on this growth such as lack of ability to provide funding for cyber insurance. But Johansmeyer advises that a best practice for obtaining cyber insurance is to purchase small amounts of insurance at first and increase the amount over time. This, he suggests, allows for an investment that will develop over time as insurers abilities develop too.
While cyber insurance may witness more investing, the cybersecurity industry overall is certainly experiencing increased investing from venture capitalists even as other industry investments dropped. The shift to increased digital work due to the pandemic and surmounting cybersecurity threats have only fueled this expansion. Mike Janke, co-founder of DataTribe, presented two specific insights from this trend with SC Magazine. For one, he stated that investors seem to be seeking out more cybersecurity experts that come from the government sector whereas the trend used to favor those from the private sector. The other insight is that investors are increasingly tapping into cybersecurity organizations earlier in their development processes.
One of the areas impacted by the concerns that have seemingly led to this greater emphasis on cybersecurity is higher education. The shift to remote learning and work has made this very apparent. Christian Schreiber, a cybersecurity platform strategist at FireEye, provided suggestions to Ed Tech Magazine. The first suggestion is that a cybersecurity plan be included in the broader business plan of the institution right away. He also recommends maintaining a mindset characterized by continuous evolution. Technology and threats change over time, so keeping the plan and employees open to new information is critical. Lastly, the teams at universities and colleges should understand the specific threats that could affect their systems. The type of threat could depend on factors such as what type of research is conducted at the school.
“Hackers Compromise Mimecast Certificate for Microsoft Authentication” – Michael Novinson, CRN
- Email security vendor, Mimecast, reported that an attack has been carried out on a certificate used by the company to authenticate products provided to Microsoft 365.
- Around 10% of the company’s customers reportedly used the compromised certificate.
- The company did not answer if this attack had any connection to the recent SolarWinds incident.
“Cybersecurity Insurance Has a Big Problem” – Tom Johansmeyer, Harvard Business Review
- Due to the enhanced sophistication in cyberattacks, C-suites are turning to cyber insurance.
- However, there are still issues with cyber insurance including lack of money.
- Johansmeyer, the author of the article, suggests that companies grow investments in cyber insurance over time allowing for the field to further develop as they adapt to the evolving cybersecurity landscape.
“Early-stage cybersecurity investment flowing, despite pandemic” – Derek B. Johnson, SC Magazine
- The cybersecurity industry is continuing to experience great interest from investors.
- Challenges presented by the pandemic and increasing threats have aided in boosting investments.
- Two highlighted trends coming from investors are an increased interest in experts coming from the government sector and investing at early development stages of cybersecurity organizations.
“3 Ways to Elevate Your College’s Cybersecurity Defenses” – Suchi Rudra, Ed Tech Magazine
- The continuing shift to remote work that higher education institutions have had to undergo intensifies the importance of enhancing cybersecurity systems.
- Schools should implement cybersecurity plans into overall business plans.
- Not only should these plans remain flexible as technology and threats evolve, but the plans should also consider specific threats that individual institutions may face.