Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: U.S. Gov’t Turns Up Heat on Breach Notifications, While Cyber Concerns Still Hamper Cloud Value

Cybersecurity Snapshot: U.S. Gov’t Turns Up Heat on Breach Notifications, While Cyber Concerns Still Hamper Cloud Value

Learn all about the FCC’s plan to accelerate telecom breach reports. Plus, why cyber worries remain a cloud obstacle. Also, find out how to rate your cloud MSP’s cybersecurity strength. Then check out our ad-hoc poll on cloud security. And much more!

Dive into six things that are top of mind for the week ending Jan. 13.

1 - FCC wants telecoms to report data breaches immediately

Telecom companies that suffer a breach in which proprietary customer data is compromised may soon be required to disclose it right away if the U.S. Federal Communications Commission (FCC) updates its data breach reporting rule, in place since 2007.

The revised rule would mandate that telecoms notify customers and federal law enforcement immediately after discovering a breach involving “customer proprietary network information.”

Currently, the FCC requires telecom providers with 5,000 customers or more to report breaches within seven days, while providers with under 5,000 customers have 30 days to do so.

FCC wants telecoms to report data breaches immediately

“This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches,” FCC Chairwoman Jessica Rosenworcel said in a statement. 

The FCC’s proposal is just the latest initiative by the U.S. federal government to spur businesses into reporting breaches more quickly and, in general, to be more transparent about their cyber risk and their cybersecurity practices.

U.S. government agencies currently working on new cyber breach notification requirements include the Securities and Exchange Commission and the Cybersecurity and Infrastructure Security Agency.

For more information:

2 - Report: Security still a main obstacle to cloud value

As organizations strive to maximize the benefits of their cloud investments, they continue to struggle with recurrent and persistent obstacles, including security and compliance risks.

That’s a finding from Accenture’s report “The race to the cloud: Reaching the inflection point to long-sought value,” based on proprietary research and a global survey of 800 IT and business leaders.

Compared with the report’s previous edition, published in 2020, surveyed organizations have made progress towards achieving full value from their cloud efforts, with 42% reporting having fully achieved their cloud goals, up from 37%.

But a set of “stubborn barriers” continues to stand in the way, with security and compliance risks tied for first along with complexity of business and operational change. Legacy application modernization ranked third in this list of usual suspects hampering cloud-value realization.

Security still a main obstacle to cloud value

(Source: Accenture’s report “The race to the cloud: Reaching the inflection point to long-sought value,” January 2023)

A key reason why these obstacles remain is that organizations’ cloud efforts are becoming more complex, as more business-critical workloads shift from on premises. 

“The challenge now will be in defining the right use cases centered on a much broader definition of value, and using cloud as an operating system to bring together data, AI, applications, infrastructure and security to optimize operations and accelerate growth,” the report reads.

For more information, check out report highlights or read the full report.

3 - An ad-hoc poll on cloud security

During the recent Tenable webinar “When It Comes to Effective Cloud Security, Sharing is Caring,” we polled attendees on various aspects of their cloud security processes, tools and strategies. Check out the results below.

Tenable polls users on cloud security

(Source: 57 respondents polled by Tenable, December 2022)

Tenable cloud security poll results

(Source: 46 respondents polled by Tenable, December 2022) 

A Tenable user poll on cloud security

(Source: 46 respondents polled by Tenable, December 2022) 

For more information about cloud security, check out these Tenable resources:

4 - All quiet on the IoT breach front?

In its list of 2022’s most relevant trends and happenings in the IoT world, market researcher IoT Analytics left vacant the category “IoT security breach of the year.” While in years past it has singled out major IoT breaches, it determined that none of the IoT security incidents recorded in 2022 rose to that level of significance.

“We interpret this as a positive sign and a direct result of the investment that has gone into security research and solutions,” the firm wrote in its “IoT 2022 in review: The 10 Most Relevant IoT Developments of the Year” report.

Instead, IoT Analytics turned its attention to various IoT attack tools, malware and vulnerabilities that emerged in 2022 and that it considers particularly dangerous.

For more information about IoT security:

5 - Using MSPs to manage your cloud services? Here’s some security advice

If you’re outsourcing the operation of your cloud services to a managed service provider (MSP), the U.K.’s National Cyber Security Centre (NCSC) has some recommendations to keep your organization safe.

Along with the benefits of handing over tasks like provisioning new cloud instances to an MSP come security risks from, for example, giving the MSP administrative access to your data, the NCSC points out in a recent blog.

“This increases the attack surface, as there are now more systems that, if attacked, would compromise your data,” the blog reads.

How to evaluate MSP cyber preparedness

Here’s a list of questions the NCSC recommends you ask to reduce the risk of falling victim to a cyberattack via a third-party like an MSP:

  • Have you given the MSP only the cloud privileges they need to provide the contracted services, or have you granted them excessive access?
  • Do you have full visibility from your security operations center of the cloud services actions the MSP takes on your behalf?
  • Does the MSP follow secure administration practices and document them?
  • Is the MSP itself outsourcing administration of some of your cloud services to another organization – a fourth-party in this case?
  • What is the MSP contractually required to disclose regarding breaches that impact your services or data, and to what extent are they required to collaborate with you in case of a security incident?

For more information about managing MSP third-party risk:

VIDEOS:

How SMBs should select a security-savvy managed service provider (IDG TECHtalk)

Rethinking Efficient Third-Party Risk Management (RSA Conference)

6 - Cyber among WEF’s top 10 global risks

A cyber risk ranks among the top 10 in the World Economic Forum’s (WEF) lists of short- and long-term global risks. The WEF’s “Global Risks Report 2023” lists widespread cybercrime and cyber insecurity as the eighth most severe global risk within a two-year period and within a 10-year period.

Global Risks Ranked by Severity over the Short and Long Term

Cyber risks among the most severe globally

(Source: World Economic Forum’s “Global Risks Report 2023”, January 2023)

Moreover, another cyber-related risk – cyberattacks on critical infrastructure – ranks fifth among what WEF calls “currently manifesting risks,” which are those expected to have a global impact this year. 

Other technology-related risks mentioned in the report include digital power concentration, digital inequality and dangers of emerging technologies like AI and quantum computing. “Technology will exacerbate inequalities while risks from cybersecurity will remain a constant concern,” reads the 98-page report.

To tackle global cybercrime in particular, WEF calls for more cooperation between countries, including more transparent information sharing, international rules and joint efforts. WEF currently is involved in collaborative efforts with public- and private-sector partners in areas including:

  • Free cybersecurity training and education
  • Research into risks from next-generation technologies
  • Guidance for IoT security

The report is based on a survey of 1,200-plus experts from academia, business, government. For more information, check out a report summary, report highlights or the full report, as well as as a separate article about cybercrime risks and solutions.

Press conference on the WEF’s Global Risks Report 2023

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until February 28th.
Buy a multi-year license and save more.

Add Support and Training