CyberWeekly: Cloud Wars, Shutdown Affect on Cyber Security, and Small Business Cyber Risk
CyberWeekly Newsletter: Weekly Edition
Cloud Wars Are Coming
Get ready. A battle for cloud computing dominance is coming. To readers in the United States it may sound like I’m about to describe competition between AWS, Microsoft Azure, and Google Cloud. I have seen a lot of AWS advertisements lately. Readers in Asia may have more accurately guess that I’m referring to the growing importance of Chinese cloud computing firms. As with other sectors of the Chinese economy, government policy encourages Chinese companies to work with homegrown players. Thus Chinese tech firms such as Alibaba, Baidu, and Tencent have a built in advantage.
Admittedly, conference attendance isn’t highest quality of indicators, however in September 2018 reportedly 120,000 people attended the Alibaba cloud conference from across China and Asia. I can tell you from recent experience that the international terminal at the Beijing International Airport has a bunch of Alibaba Cloud advertisements.
The emergence of strong Chinese competition for cloud computing is understandable considering that nearly 1 out of every 5 people on Earth is a citizen of the People’s Republic of China and approximately 3 out of every 5 people live in the Asia-Pacific. I can certainly see a scenario in which Chinese companies become the preferred providers of cloud computing in countries involved with the Belt and Road Initiative. Despite the current dominance of AWS with 34% market share, Amazon and other US cloud providers will need to continue to innovate and aggressively expand—particularly in Asia-Pacific—to keep ahead of Chinese competition.
Grand Opening, Grand Closing
(Alternate title: Welcome, you’re furloughed.) Okay, the one-month-old Cybersecurity and Infrastructure Security Agency (CISA) isn’t quite closed, but it’s certainly off to a lousy start. As of this writing the US government has been partially shut down for 29 days. In addition to the litany of problems you’ve probably seen documented elsewhere, CISA—part of the Department of Homeland Security (DHS)—has had 43% of its staff furloughed. It doesn’t take an overly clever threat actor to realize, that if you’re going to take a shot at the United States, a government in turmoil presents a unique opportunity.
Admittedly, the Department of Defense—including US Cyber Command—and the National Security Agency (NSA) are still doing their jobs, but protecting America’s cyberspace and critical infrastructure was already a big task for a fully staffed US government. Furthermore, I suspect this shutdown will be net negative for the retention of skilled cybersecurity professionals. Many public sector professional work for the government out of a sense of purpose, duty, and the greater good. That being said, how many missed paychecks do you think that government cyber professionals will suffer before they start looking for greener pastures in the private sector? Professionals with a spouse, kids, and/or mortgage have to look out for their families.
We may continue to feel the repercussions of the government shutdown in cybersecurity long after the government reopens… whenever that is.
Cyber CEO Acting Like a Leader
While there a plenty of disappointment to go around during the US government shutdown, I do have one feel good story for you. Besides hundreds of thousands of government employees not getting paid, there’s an entire ecosystem of companies that service government contracts, which also not getting paid. I’m getting to the feel good part. Moe Jafari, CEO of HumanTouch an IT company with multiple cybersecurity government contracts, is forgoing his salary for the duration of the shutdown in order to ensure his employees get paid. In exchange HumanTouch’s employees are giving up one day a week. Now that’s a CEO acting like a real leader.
Small Fish Beware
This week I was enjoying the popular Korean dish myulchi bokkeum, a tasty side dish consisting of spicy stir-fried anchovies. It reminded me of an article out of Hong Kong that the city’s small businesses thought, “we’re too small to be hacked.” I imagine that, if anchovies were more sentient, these inch-long fish would have thought the same thing… we’re too small to be fished. Sure, bite-size fish don’t make the same meal that a salmon or a swordfish would, but you can net a bunch of them with minimal effort for a nice little snack.
The same clearly goes with small businesses. While they don’t provide the same payout as the breach of a multinational company, threat actors can scoop up a bunch of small businesses with minimal effort. Sure, these businesses may be too small to spearphish (or line fish, as the analogy goes), but search engine like Shodan represent the digital fishing nets of the internet.
Security through obscurity is not the way to defend a small business. No wonder 70% of the Hong Kong small business surveyed had actually been breached or had data compromised, despite their false confidence bolstered by their small fish status. The article was about Hong Kong, but it really applies everyone.
MLK Day
Martin Luther King Day (January 21) provides a excellent opportunity for self-reflection. Let us all seek to be better versions of ourselves in 2019.
“Injustice anywhere is a threat to justice everywhere. We are caught in an inescapable network of mutuality, tied in a single garment of destiny. Whatever affects one directly, affects all indirectly.”
— Dr. Martin Luther King, Jr. (Jan 15, 1929 - Apr 4, 1968)
Cool Job of the Week
New York University (NYU) — Chief Information Security Officer and Director, Office of Information Security (Location: New York, NY)
Veteran-Preferred Job of the Week
NextEra Energy — Senior Cybersecurity Analyst (Location: Juno Beach, FL)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.