Just a few hours after Donald Trump declared victory in the US election last week, reports of a cyber attack targeting government workers, universities, think tanks and NGOs made headlines.
The attack arrived in the form of a phishing email, designed to fool the recipients into believing it was pertinent election-related information.
While there is nothing new in cybercriminals taking advantage of world events to snag a few more victims, this election-related phishing attack got us thinking: with President-elect Trump in the power seat, how much will things change in the land of cybersecurity?
In October 2013, Trump indicated that cybersecurity would be a key focus, “As President, improving cybersecurity will be an immediate and top priority for my Administration.”
Trump vision for cybersecurity
Let’s a quick look at Trump’s published vision for cybersecurity. It includes:
+ an immediate review of critical infrastructure of cyber defences and vulnerabilities. The review will include specific recommendations on how to improve cyber threat deflection;
+ streamlining law enforcement responses to cyber threats, trickling down from the DoJ all the way to local authorities;
+ development offensive cyber capabilities to deter and, where necessary, respond; and
+ enhancing US cyber command, focusing on both defensive and offensive cyber strategies.
(As an aside, former New York City mayor Rudolph Giuliani recently told Fox News that he would “love to become the person that comes up with a solution to cybersecurity” for team Trump.)
Problem: lack of cyber experts
Truth be told, there is not a lot of meat on this rather skeletal cybersecurity vision, so there’s little for us to sink our teeth into.
However, we do know that these tasks need cyber experts, and there seems to be a distinct lack of them out there, and not just in the USA. Looking at Intel Security’s global report issued in August 2016, it says that 82% of organizations surveyed reported a “lack of cyber-security skills within their organization.”
And here’s another publication making similar observations:
“Hiring is cyber’s biggest pain point. There is a severe shortage of information security professionals, in both government and public sector companies, and leading industry experts say it’s only getting worse.”
If Trump wants the US to dominate in terms of cyber security and counter cyber measures, he will need more than a handful of experts. It will be interesting to see how the President-elect will overcome this challenge.
Trump on Privacy
With regards to privacy and NSA surveillance, more than a few people have raised concerns. Engadget reports that Trump thinks the NSA “should be given as much leeway as possible.”
In another article, Trump said, “I support legislation which allows the NSA to hold the bulk metadata. For oversight, I propose that a court, which is available anytime on any day, is created to issue individual rulings on when this metadata can be accessed.”
And earlier this year, Trump lambasted Apple for refusing to help the government access the phone of one of the San Bernardino shooters, calling it “common sense.”
These words and actions suggest that Trump will look to increase surveillance, all in the name of improved cyber defense.
For now, for those of you out there who want to know what you can do to further protect your privacy, we suggest:
-use apps with end-to-end encryption;
-ensure all data is encrypted;
-maintain strong password policies;
-choose partners wisely, and ensure you understand their privacy policy; and
-ensure all staff are trained in cyber security and social engineering tactics
Next steps
It will take some time for the new leader of the US to substantiate the cybersecurity vision outlined above.
In the interim, we think it is wise for us all to expect changes in how we protect our networks, how we report data leaks, and how we store and retrieve sensitive data. In other words, watch this space.
In the meantime, it might be wise to warn staff not to open unsolicited emails promising presidential election information.
TBG Security is a leading provider of information security and risk management solutions for Fortune 100 and Fortune 500 companies. TBG designs and delivers cyber security solutions to work in harmony with existing operations. Companies depend on TBG services in areas including risk management, penetration testing, security policy development, security strategies for compliance, business continuity, network security, managed services, software and service integration and incident response.
For more information on how TBG Security can help your organization with your information security initiatives please visit https://tbgsecurity.com.