As Threats Soar, Biden Administration, CompTIA Prioritize Cybersecurity

Cybersecurity threats capture their share of the headlines — every day, it seems. In fact, the SolarWinds breach alone continues to make the news.

In government and the private sector, experts are responding. At the federal level, President Joe Biden is renewing emphasis and focus on cybersecurity with the help of a new team. On the private side, CompTIA has formed a group with the specific intent of helping organizations and channel partners with cybersecurity. And, finally, vendor Netwrix has published a report that shows just how much the soaring number of cybersecurity threats hurt organizations last year during the COVID-19 pandemic. Channel partners should keep in mind, those problems are not disappearing. They’re only getting worse.

Biden Rebuilding Cybersecurity as Key Government Priority

President Joe Biden is assembling a national cybersecurity team. That news comes on top of the administration’s recent announcement that it proposes to funnel $9 billion into national cybersecurity.

The activity follows the now-infamous SolarWinds breach.

Reuters reports that Jen Easterly, a former high-ranking National Security Agency official, stands at the head of the line for cyber director. Easterly worked in the Obama administration and helped created the warfare division, U.S. Cyber Command.

Biden further intends to nominate Rob Silvers as director of the Cybersecurity Infrastructure Security Agency, Reuters said. He would replace Chris Krebs, whom former President Trump fired in November. Krebs said there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

The new president also created a new position, deputy national security adviser, Reuters said. Anne Neuberger holds that title. She works at the NSA and has drawn praise “for quickly alerting companies to hacking techniques in use by other countries,” according to Reuters.

Other new cybersecurity hires include Michael Sulmeyer, senior director for cyber; Elizabeth Sherwood-Randall, Homeland Security adviser; Russ Travers, deputy Homeland Security adviser; and Caitlin Durkovich, senior director for resilience and response at the National Security Council,

“The incoming administration is putting people in important strategic positions that understand the importance of cybersecurity to national security,” Microsoft corporate vice president Tom Burt wrote on Twitter. “We look forward to working with them.”

Biden is rebuilding cybersecurity as a priority after the previous administration took emphasis off the field. As Reuters reported, Trump demoted cybersecurity as a policy field. Officials discontinued the cybersecurity coordinator role, reducing headcount on the State Department’s cyber diplomacy group.

Microsoft was among the companies hit by the SolarWinds hack. Cyber criminals were able to access its source code. A number of government agencies fell victim to the breach as well, and Forbes just said today that Qualys and the Virginia State Corporation Commission were targeted, too.

A number of managed security service providers have government clients, so what impacts agencies impacts them, and vice versa.

Familiar Names Helm New Cybersecurity Advisory Council at ‘Critical Time’

CompTIA’s Annette Taber

Tech association CompTIA has formed a new group, the Cybersecurity Advisory Council.

“Recent events have underscored the dangerous cyber environment that all of us are operating in,” said Annette Taber, senior vice president for industry outreach and relations at CompTIA. “Combatting these threats requires a collaborative effort that brings together expertise from across the cybersecurity spectrum.”

On that note, CompTIA has appointed 16 people to the council. They will offer guidance for …

… addressing cybersecurity threats, and come up with new practices and protocols for safeguarding organizations. The following experts lead the new committee:

Members include:

“There is no more critical time to bring together the new CompTIA Cyber Security Council,” McDonald said. “The nearly constant changes, growing number and sophistication of threats and threat actors call for a far more coordinated approach to cybersecurity. Our community and customers deserve better, and we aim to help in making it better.”

Phishing, Ransomware, Data Leakage Hurt Organizations in 2020

More than half of organizations storing customer data in the cloud faced security incidents last year.

The most common threats? Phishing, ransomware or other malware, and accidental data leakage.

Those findings come from cybersecurity vendor Netwrix in its new Cloud Data Security Report. The company interviewed 937 IT professionals. Forty percent reported they were targets of phishing in 2020. Twenty-four percent said they had to deal with ransomware or other malware. And 17% confessed to accidental data leakage. More than half of respondents said these breaches meant they had to get extra money to shore up security.

As a result of those incidents, Netwrix found that 62% of organizations plan to remove sensitive data from the cloud or have already done so.

MSSPs will want to take note of some other data points, too. For example, respondents cited lack of IT staff (52%), lack of budget (47%) and lack of cloud security expertise (44%) as reasons they suffered problems. MSSPs can fill those gaps.

Netwrix also uncovered damaging data theft instances that hurt valuations for a third of organizations, and customer churn and competitive losses for another 35%, respectively.