Five U.S. Capitol IT contractors are under investigation by federal law enforcement officials for alleged cyber shenanigans involving the computer network of the House of Representatives. The contractors provide IT services for approximately 40 Democratic members of the House. The contractors are being accused of a number of shady things, such as unauthorized access to the House computer network, swiping sensitive information and transferring it to an external cloud server, stealing computers and servers amounting to hundreds of thousands of dollars and making unapproved IT-related purchases on behalf of government clients. 

The instances of unauthorized access and the House information stored in an external cloud server are of particular concern, as it puts the House at an incredible risk for exposure.  This has of course further fried the nerves of folks on Capitol Hill who have endured one high-profile political attack after another. While no arrests have been made, the IT contractors’ access and privileges have been barred by House officials as authorities look into the matter. 

“At the request of Members of Congress, the United States Capitol Police are investigating the actions of House IT support staff,” US Capitol Police spokesperson Eva Malecki told BuzzFeed News. “No Members are being investigated. No arrests have been made. It should be noted that, administratively, House staff were asked to update their security settings as a best practice. We have no further comment on the ongoing investigation at this time.”

Police and others investigating the suspicious activity have speculated that the contractors could potentially be a front for an organization attempting to steal sensitive information from the U.S. Congress. At this time, though, lawmakers and other staff have been encouraged to change their passwords and hang tight. “They said it was some sort of procurement scam, but now I’m concerned that they may have stolen data from us, emails, who knows,” one lawmaker stated. 

Perhaps this is the kick in the pants the new administration and federal agency directors need to develop their own plans to get their infrastructure up to snuff. It will certainly be interesting to see how this story develops, and if anything changes because of it. To be hit from the inside – that’s got to sting a bit. 

Our second story takes a look at a recently-formed power group made up of cybersecurity industry heavy-hitters. AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic have joined forces to launch what they’re calling the IoT Cybersecurity Alliance, which is intended to drive education and awareness in terms of better securing the IoT ecosystem. As we move further into the age of IoT, massive amounts of data will be flowing to and from connected devices and sensors, which of course means that the amount of security risks will increase exponentially. 

It’s already starting. In the past 3 years, AT&T has seen a 3,198 percent increase in attackers scanning for vulnerabilities in IoT devices. According to the telecom giant, business leaders are well aware of the potential havoc that IoT devices without the proper security framework built in could wreak, and the disastrous effects it could have on their organizations. However, according to a survey conducted by AT&T in 2016, 58 percent of those leaders stated that they were not confident in the security of their IoT devices.

“The explosive growth in the number of IoT devices is only expected to continue; therefore, so must the associated cybersecurity protections,” said Mo Katibeh, AT&T senior vice president of Advanced Solutions. “Today’s businesses are connecting devices ranging from robots on factory floors to pacemakers and refrigerators. Helping these organizations stay protected requires innovation across the whole IoT ecosystem to enable sustainable growth.”

The IoT Cybersecurity Alliance will focus on researching security challenges of IoT across several important verticals and use cases in order to solve potential security issues at every critical layer. Specifically, the goals of the Alliance are to:

IoT offers tremendous benefits and efficiencies to businesses, but security concerns often prevent businesses from adopting these emerging technologies. This is where channel partners have a chance to step in. The increase in IoT devices and data is already transforming the way business is conducted, and therefore has forced channel partners to shift their focus from delivering simple products, solutions and software to holistic business outcomes. It seems, in this new IoT landscape, that both the channel and the Cybersecurity Alliance have similar goals: to peel back the layers of security – every last one of them – and shove them under a microscope in order to help educate businesses and consumers on how to best protect their connections.

We end the week with a quick geography lesson. In honor of Safer Internet Day, which occurred on Tuesday, Avira posted a blog focused on why borders matter when it comes to malware. The post breaks down the continuing role geography plays in determining what types of malware people are exposed to. 

Avira tallied the number of malware attacks over the course of a month, and found that people received a different assortment of malware based on their geographic location. “While we think of the internet as a border-less phenomena, our data shows there are real and significant differences by country,” said Alexander Vukcevic, Director Avira Virus Labs. “But if you look at these threats by country and think about what is needed to defend against each of them, you can get a good international boost to your security.”

Here are some interesting takeaways from the U.S. and some key EU countries:

So, when it comes to malware, borders are more important than you’d think. Make every day a Safer Internet Day. 

The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.