On the same day that Comcast disclosed a data breach affecting 36 million Xfinity accounts, the National Security Administration (NSA) issued its annual cybersecurity report, which reviews high-level efforts to improve A.I. security, Chinese cyberattacks on critical U.S. infrastructure, and how government, industry, and academia can coordinate efforts to improve highly advanced data protection efforts.
The Comcast breach, which the company first discovered on October 25, exposed personal data, including usernames and scrambled passwords, through a vulnerability in a third-party software called Citrix. The cable giant made customers reset their passwords and urged them to use two-factor authentication to protect their accounts. While the company said it received no reports of problems from customers and the security loophole has been fixed, security breaches can snowball into problems that can force a business to close.
In fact, cybersecurity remains a vital issue for businesses of all sizes, from sole proprietors worried about data breaches and identity theft to giant defense contractors that enjoy the best protections the National Security Agency can provide.
At a macro level, cybersecurity issues remain a leading national security concern, as Chinese and Russian efforts to break into government and business networks continue unabated.
"Recently, we've seen the nature of conflict evolve: Cyberspace is contested space," NSA Director Gen. Paul Nakasone wrote. "It's become clear that the shift from competition to crisis to conflict can now occur in weeks, days, or even minutes."
Rapid changes in technology also remain a force in cybersecurity concerns, particularly the dizzying rise of artificial intelligence applications, which pose new forms of threat.
The global landscape becomes ever more complex as the technology we use in cyberspace continues to advance," Nakasone's introduction read. "One such example is Artificial Intelligence (AI), which has the capacity to upend multiple sectors of society simultaneously. We must stay ahead of our global competitors in the race to understand and harness its potential, as well as protect ourselves from adversarial use."
Rob Joyce, the agency's director of cybersecurity, cited alerts about the discovery of Russian-backed Snake spyware and the agency's alert on how to respond to the security vulnerability found in Citrix, the third-party software linked to the Comcast breach.
"When we know something, it only provides value when net defenders can take real action with it. By sharing information bi-directionally in an unclassified environment with our partners, we improve both cybersecurity and national security. The combined talent of our partnerships is the greatest competitive advantage we have to confront the increasingly sophisticated threats we see today."
The NSA is also charged with protecting the Defense Industrial Base (DIB), a list of companies whose work on military equipment and technology requires added vigilance.
"Although many people associate the DIB with large defense contractors, more than 70 percent of the DIB is made up of small businesses," the report said. "Upon signing a contract with DoD, these companies often become targets for nation state actors. Small businesses generally do not have the resources to defend against nation-state activity alone."
The agency said it has worked hard to add DIB companies to its protective cyber-net, quadrupling the number of businesses it protects.
"NSA now provides cybersecurity assistance to more than 600 companies within the DoD supply chain, including suppliers who may lack adequate cybersecurity resources of their own."
No comments:
Post a Comment