This month’s SWK Cybersecurity News Recap will take a look at some of the top updates from December 2021 through January 2022, as well as trends to watch out for carrying over into the new year. Research compiled from late last Quarter reveals that the increase in network security activities has produced significant tension and stress, for employees both inside and on the tail end of those efforts.
Security Policies & Culture Breaking Down
Multiple surveys and studies point to a disparity between cybersecurity policy enforcement and actual cyber hygiene practices, from poor remote worker security to open pushback from executives. Overall, the research implies that high-level best practice – and the people employed to inform and execute on them – are grating against traditional business processes and culture, to the point where the wheels are threatening to fall off and bring everything to a screeching halt.
Employee Cybersecurity Burnout
A report released by 1Password revealed that employee burnout amidst the global pandemic is becoming the next big cybersecurity vulnerability, with clear correlation between stress and decreasing cyber hygiene. A majority of respondents surveyed for the report expressed feeling burned out, with increased rates for both security professionals and employees considering seeking new jobs amid the Great Resignation.
Conflicting Priorities
A survey conducted by Devo and Ponemon Institute found that SOC (security operations center) professionals and managers were finding themselves at odds with their organizations over policy execution, as well as with each other at times. Responses indicated huge operational disconnects and a significant level of politicking between all parties, such as when security staff and leaders gave different answers when asked about their impact at their companies. A majority of the respondents also reported poor communication with other teams and silos preventing them from fulfilling their roles.
Productivity vs Security
Another survey by Avast reinforced findings found earlier in the COVID-19 pandemic, revealing that many employees and even IT decision-makers fell behind on cyber hygiene after switching to working from home. A 2020 study by Tessian produced similar data, with the key difference being the inclusion of more IT managers and the more blunt look into how even those responsible for deciding policy were experiencing difficulties. As with these reports, similar research has consistently returned to the same conclusion (especially in the US) – remote employees frequently sacrifice diligence for expediency in order to keep up their pace of productivity, which extensive security protocols can interrupt.
Cybersecurity News Updates
Here is a quick roundup of a few top cybersecurity stories with the latest information from the latest news cycle:
Kronos Ransomware Fiasco
Ultimate Kronos Group (UKG a/k/a Kronos) experienced a crippling ransomware infection December 11, 2021 in their Kronos Public Cloud environment that had far-reaching consequences, shutting down payroll for thousands of customers*, such as the New York MTA (Metropolitan Transportation Authority). The attack made headlines not only for its impact, but because a large part of its severity was owed to the fact that the perpetrator managed to infect even Kronos’ backup files. As of January 2022, UKG is promising the data will be restored but giving vague answers as to when and how this occurred; meanwhile, the HR and payroll software provider is facing lawsuits from multiple parties.
*This attack was limited to Krono’s cloud storage, and SWK has worked with our partners in the Workforce Go! and Scissortail (built on the Kronos platform) ecosystem to ensure that the impact has not spread to these solutions
Log4J Fallout
For more background on the Log4J Java logging software bug, please read SWK’s earlier article on it here. As of this writing, news on the Log4Shell vulnerability has remained fairly consistent since its discovery, with organizations around the world desperately patching affected systems while activity around the exploit from state-sponsored hackers and ransomware gangs increases. However, one item of note is a growing momentum from within the tech industry to bring greater security attention to open source software like Log4J, including a meeting between the Biden administration, Google, Facebook, Microsoft, Amazon, Oracle, Apple and others.
FCC Regulations
The FCC (Federal Communications Commission) announced it was considering new rules for data breach reporting for telecommunication companies in a statement released by Chairwoman Jessica Rosenworcel. The changes would create greater obligations for breached carriers to directly notify the FCC and customers, and more promptly – likely in response to the multiple T-Mobile breaches in 2021.
Breach Lawsuits
Even as data privacy regulations expand their requirements, businesses are having to answer to a much more demanding audience when they fail to protect PII (personally identifiable information) – their clients. Several individual and class action complaints are currently running various court systems, and others have reached settlements in the millions, including Capital One and several healthcare organizations.
Get More Cybersecurity News, Updates & Tips from SWK
Staying up to date on the latest cybersecurity news, tips and tricks will help you stay on top of developing trends and compliance guidelines for information security. Let SWK Technologies empower your business to take better control of your security in 2022 – watch our webinar on-demand to learn more.
Sign up to watch our on-demand webinar here and discover how to better understand and ultimately improve your cybersecurity stance in the new year (and beyond).