Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: U.S. Gov’t Turns Up Heat on Breach Notifications, While Cyber Concerns Still Hamper Cloud Value

Cybersecurity Snapshot: U.S. Gov’t Turns Up Heat on Breach Notifications, While Cyber Concerns Still Hamper Cloud Value

Learn all about the FCC’s plan to accelerate telecom breach reports. Plus, why cyber worries remain a cloud obstacle. Also, find out how to rate your cloud MSP’s cybersecurity strength. Then check out our ad-hoc poll on cloud security. And much more!

Dive into six things that are top of mind for the week ending Jan. 13.

1 - FCC wants telecoms to report data breaches immediately

Telecom companies that suffer a breach in which proprietary customer data is compromised may soon be required to disclose it right away if the U.S. Federal Communications Commission (FCC) updates its data breach reporting rule, in place since 2007.

The revised rule would mandate that telecoms notify customers and federal law enforcement immediately after discovering a breach involving “customer proprietary network information.”

Currently, the FCC requires telecom providers with 5,000 customers or more to report breaches within seven days, while providers with under 5,000 customers have 30 days to do so.

FCC wants telecoms to report data breaches immediately

“This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” FCC Chairwoman Jessica Rosenworcel said in a statement. 

The FCC’s proposal is just the latest initiative by the U.S. federal government to spur businesses into reporting breaches more quickly and, in general, to be more transparent about their cyber risk and their cybersecurity practices.

U.S. government agencies currently working on new cyber breach notification requirements include the Securities and Exchange Commission and the Cybersecurity and Infrastructure Security Agency.

For more information:

2 - Report: Security still a main obstacle to cloud value

As organizations strive to maximize the benefits of their cloud investments, they continue to struggle with recurrent and persistent obstacles, including security and compliance risks.

That’s a finding from Accenture’s report “The race to the cloud: Reaching the inflection point to long-sought value,” based on proprietary research and a global survey of 800 IT and business leaders.

Compared with the report’s previous edition, published in 2020, surveyed organizations have made progress towards achieving full value from their cloud efforts, with 42% reporting having fully achieved their cloud goals, up from 37%.

But a set of “stubborn barriers” continues to stand in the way, with security and compliance risks tied for first along with complexity of business and operational change. Legacy application modernization ranked third in this list of usual suspects hampering cloud-value realization.

Security still a main obstacle to cloud value

(Source: Accenture’s report “The race to the cloud: Reaching the inflection point to long-sought value,” January 2023)

A key reason why these obstacles remain is that organizations’ cloud efforts are becoming more complex, as more business-critical workloads shift from on premises. 

“The challenge now will be in defining the right use cases centered on a much broader definition of value, and using cloud as an operating system to bring together data, AI, applications, infrastructure and security to optimize operations and accelerate growth,” the report reads.

For more information, check out report highlights or read the full report.

3 - An ad-hoc poll on cloud security

During the recent Tenable webinar “When It Comes to Effective Cloud Security, Sharing is Caring,” we polled attendees on various aspects of their cloud security processes, tools and strategies. Check out the results below.

Tenable polls users on cloud security

(Source: 57 respondents polled by Tenable, December 2022)

Tenable cloud security poll results

(Source: 46 respondents polled by Tenable, December 2022) 

A Tenable user poll on cloud security

(Source: 46 respondents polled by Tenable, December 2022) 

For more information about cloud security, check out these Tenable resources:

4 - All quiet on the IoT breach front?

In its list of 2022’s most relevant trends and happenings in the IoT world, market researcher IoT Analytics left vacant the category “IoT security breach of the year.” While in years past it has singled out major IoT breaches, it determined that none of the IoT security incidents recorded in 2022 rose to that level of significance.

“We interpret this as a positive sign and a direct result of the investment that has gone into security research and solutions,” the firm wrote in its “IoT 2022 in review: The 10 Most Relevant IoT Developments of the Year” report.

Instead, IoT Analytics turned its attention to various IoT attack tools, malware and vulnerabilities that emerged in 2022 and that it considers particularly dangerous.

For more information about IoT security:

5 - Using MSPs to manage your cloud services? Here’s some security advice

If you’re outsourcing the operation of your cloud services to a managed service provider (MSP), the U.K.’s National Cyber Security Centre (NCSC) has some recommendations to keep your organization safe.

Along with the benefits of handing over tasks like provisioning new cloud instances to an MSP come security risks from, for example, giving the MSP administrative access to your data, the NCSC points out in a recent blog.

“This increases the attack surface, as there are now more systems that, if attacked, would compromise your data,” the blog reads.

How to evaluate MSP cyber preparedness

Here’s a list of questions the NCSC recommends you ask to reduce the risk of falling victim to a cyberattack via a third-party like an MSP:

  • Have you given the MSP only the cloud privileges they need to provide the contracted services, or have you granted them excessive access?
  • Do you have full visibility from your security operations center of the cloud services actions the MSP takes on your behalf?
  • Does the MSP follow secure administration practices and document them?
  • Is the MSP itself outsourcing administration of some of your cloud services to another organization – a fourth-party in this case?
  • What is the MSP contractually required to disclose regarding breaches that impact your services or data, and to what extent are they required to collaborate with you in case of a security incident?

For more information about managing MSP third-party risk:

VIDEOS:

How SMBs should select a security-savvy managed service provider (IDG TECHtalk)

Rethinking Efficient Third-Party Risk Management (RSA Conference)

6 - Cyber among WEF’s top 10 global risks

A cyber risk ranks among the top 10 in the World Economic Forum’s (WEF) lists of short- and long-term global risks. The WEF’s “Global Risks Report 2023” lists widespread cybercrime and cyber insecurity as the eighth most severe global risk within a two-year period and within a 10-year period.

Global Risks Ranked by Severity over the Short and Long Term

Cyber risks among the most severe globally

(Source: World Economic Forum’s “Global Risks Report 2023”, January 2023)

Moreover, another cyber-related risk – cyberattacks on critical infrastructure – ranks fifth among what WEF calls “currently manifesting risks,” which are those expected to have a global impact this year. 

Other technology-related risks mentioned in the report include digital power concentration, digital inequality and dangers of emerging technologies like AI and quantum computing. “Technology will exacerbate inequalities while risks from cybersecurity will remain a constant concern,” reads the 98-page report.

To tackle global cybercrime in particular, WEF calls for more cooperation between countries, including more transparent information sharing, international rules and joint efforts. WEF currently is involved in collaborative efforts with public- and private-sector partners in areas including:

  • Free cybersecurity training and education
  • Research into risks from next-generation technologies
  • Guidance for IoT security

The report is based on a survey of 1,200-plus experts from academia, business, government. For more information, check out a report summary, report highlights or the full report, as well as as a separate article about cybercrime risks and solutions.

Press conference on the WEF’s Global Risks Report 2023

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training