The week in security: Boards wear more cyber risk as threats continue to get worse

An Australian IT consultant has been jailed for 3 years after hacking a WiFi network to get insider trading information.

Also creating problems was a concerted attack on the world’s telecommunications companies, which saw more than 100GB of call record data stolen but fell short of the worst-case scenario.

Telecoms providers aren’t the only ones that should be improving their cybersecurity game, however: with the introduction of new CPS 234 cybersecurity regulations on 1 July, boards of financial-services organisations face a new level of scrutiny and responsibility around cyber security.

That responsibility may shape board responses but it’s not the only thing that needs to change about cybersecurity: with DNS exploits reaching new levels of sophistication and nation-state hackers getting on the bandwagon, significant infrastructure threats are now very real.

The DNS problem has gotten so bad that Oracle has begun winding down its Dyn DNS platform – which was recently compromised by a massive DDoS attack – and pushing customers onto Oracle Cloud services.

Also moving to the cloud is VirusTotal, the security-scanning tool that will run on Google Cloud after a reorganisation of Alphabet-owned security venture Chronicle.

The escalating situation in Iran is spawning cyber attacks that have led the US government to recommend that everybody use two-factor authentication (2FA).

That’s hardly news for seasoned IT professionals, who have been screaming for ages about the importance of better security practices.

Better security will also be a focus for a newly appointed EU boss who will enforce a new law designed to improve cybersecurity standards across the continent.