Cyber Risk Update 14 APR 2023
Cyber Risk Update for the week of April 14, 2023.
Events
Webinar "Cyber Tabletop Exercises: Mastering Cyber Resilience through Tabletop Exercises" register: https://us06web.zoom.us/webinar/register/WN_OgiKHUPHQbGgt5GEEyg48g#/registration
Convene, Security Training and Awareness Conference, The National Cybersecurity Alliance, September 6 - 7, The Watergate Hotel 2650 Virginia Avenue Northwest Washington, DC 20037 https://www.eventbrite.com/e/convene-washington-dc-tickets-593323916807
National Emergency Communications Plan (NECP) webinar: Is This Thing On? Using Backup Communications Systems To Ensure Mission Readiness, April 26th Register: https://www.cisa.gov/news-events/events/thing-using-backup-communications-systems-ensure-mission-readiness
Career
Cybersecurity professionals looking at the top job have the technical skills to become a CISO but may wonder if they have what it takes to lead a team while ensuring management and board support. Here are five ways to tell if you are CISO material or not. https://www.csoonline.com/article/3691772/5-ways-to-tell-you-are-not-ciso-material.html
Rethinking Cybersecurity's Structure & the Role of the Modern CISO https://www.darkreading.com/operations/rethinking-cybersecurity-s-structure-the-role-of-the-modern-ciso
Security Convergence
The Importance of Converging Physical and Cybersecurity an Interconnected World https://www.learnsecurity.org/single-post/the-importance-of-converging-physical-and-cybersecurity-an-interconnected-world
Data Breaches
FBI investigating electronic ‘network disruption’ at San Bernardino County Sheriff’s Department https://www.sbsun.com/2023/04/08/fbi-investigating-electronic-network-disruption-at-san-bernardino-county-sheriffs-department/
Hackers Behind Modesto PD Attack Begin Releasing Data https://www.govtech.com/security/hackers-behind-modesto-pd-attack-begin-releasing-data
NJ Police Agency Hit by Ransomware, Delaying Investigations https://www.govtech.com/security/nj-police-agency-hit-by-ransomware-delaying-investigations
Two years after the Port of Seattle lost $572,683 to phishing email scammers, the Washington state auditor's office has released the findings of an audit noting issues with consistency and adherence to procedures. https://www.govtech.com/security/port-of-seattle-cyber-audit-released-following-2021-phishing-loss
A pro-Russian hacking group may have targeted Canada's energy infrastructure in February, the New York Times has reported citing the leaked Pentagon documents. https://www.reuters.com/world/americas/canadian-energy-infrastructure-unharmed-after-cyberattack-says-trudeau-2023-04-11/
The Vice Society cybercrime group on March 31, 2023, took credit for a cyberattack on Lewis & Clark College, posting samples of passports as well as documents that included Social Security numbers, insurance files, and W-9 forms. https://therecord.media/lewis-clark-college-ransomware-attack-vice-society
The Jefferson County School System suffered a ransomware attack, but school officials say there was no breach of sensitive information. https://www.wvtm13.com/article/large-alabama-school-system-hit-by-ransomware-attack/43486343
The UK's Criminal Records Office (ACRO) confirmed that a “cyber security incident” caused online portal issues since January 17, 2023. https://www.bleepingcomputer.com/news/security/uk-criminal-records-office-confirms-cyber-incident-behind-portal-issues/
Rorschach ransomware, with a rare encryption speed, makes it even harder for companies to respond
The potential impact and victims claimed by Rorschach remain unknown, but one expert said some yet-undetected attacks are likely underway. https://www.cybersecuritydive.com/news/rorschach-ransomware-encryption-speed/647693/
Incident Response
CISOs and cyber leaders may not see reporting a breach as the most pleasant of tasks, but experts say mandatory and voluntary sharing of intelligence around incidents can only improve the readiness and resilience of responders. https://www.csoonline.com/article/3692815/why-reporting-an-incident-only-makes-the-cybersecurity-community-stronger.html
Financial Impact
Ensuring Transparency and Disclosure: Navigating Cybersecurity Risks in the Municipal Bond Market https://www.learnsecurity.org/single-post/ensuring-transparency-and-disclosure-navigating-cybersecurity-risks-in-the-municipal-bond-market
Awareness
National Public Safety Telecommunicator Week https://www.learnsecurity.org/single-post/national-public-safety-telecommunicator-week-2023
Ethics
Organizations are increasingly under pressure to protect customer data and ensure it is used responsibly. To hold themselves accountable, companies need a formalized data program. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/tech-forward/ethical-data-usage-in-an-era-of-digital-technology-and-regulation
The Bitdefender 2023 Cybersecurity Assessment, which was released recently, has shed light on the pressure faced by cybersecurity teams to keep quiet about data breaches. According to the report, 74.7% of respondents in the United States reported experiencing a data breach or leak within the last year. Of these respondents, 70.7% stated that they were instructed to maintain confidentiality about the security breach when it should have been reported. Additionally, the report found that 54.7% of respondents admitted to keeping a security breach confidential even when they knew it should be reported. https://businessresources.bitdefender.com/bitdefender-2023-cybersecurity-assessment
Cyber Insurance
Cyber Insurance in 2023: Trends and Insights from Industry Experts https://www.learnsecurity.org/single-post/cyber-insurance-in-2023-trends-and-insights-from-industry-experts-watch-now
The cost of cyber insurance doubled in the past year for Saint Paul Public Schools in Minnesota, to $120,000. https://kstp.com/kstp-news/top-news/minnesota-lawmakers-consider-school-cybersecurity-funding/
With cybercrime spreading, insurers are offering a new kind of product to meet the threat: policies that protect individuals, as opposed to businesses. Here's what consumers need to know. https://www.wsj.com/articles/cyber-liability-insurance-coverage-8afc4fdd
Nation States
Mandiant Bolsters The Case That North Korean Hackers Were Behind 3CX Supply Chain Hack https://www.scmagazine.com/analysis/third-party-risk/mandiant-bolsters-the-case-that-north-korean-hackers-were-behind-3cx-supply-chain-hack
Russian APT Hackers Actively Targeting European NATO Allies https://www.databreachtoday.com/russian-apt-hackers-actively-targeting-european-nato-allies-a-21678
Cyber Criminals
Today’s established cybercrime gangs operate like large enterprises. Those with 50-plus staff have affiliates, a few management layers, and more than $50 million in annual revenue. https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches
National Guardsman Arrested for Military, Intelligence Leaks. Jack Teixeira, 21, Accused of Sharing Classified National Defense Info on Discord. https://www.databreachtoday.com/national-guardsman-arrested-for-military-intelligence-leaks-a-21677
AI
How threat actors are using AI and other modern tools to enhance their phishing attempts https://blog.talosintelligence.com/ai-and-other-modern-tools-enhance-phishing/
ChatGPT Already Involved in Data Leaks, Phishing Scams & Malware Infections https://networkassured.com/security/all-chatgpt-cybersecurity-risks-attacks/
AI-created malware sends shockwaves through cybersecurity world https://www.foxnews.com/tech/ai-created-malware-sends-shockwaves-cybersecurity-world
Time to rethink the AI ethics narrative https://www.humanbrainproject.eu/en/follow-hbp/news/2023/04/13/time-rethink-ai-ethics-narrative/
IoT
If TikTok is spyware, then what about Chinese IoT? https://www.techradar.com/opinion/if-tiktok-is-spyware-then-what-about-chinese-iot
For today’s fragmented Internet of Things (IoT) to reach its potential as a fully interconnected ecosystem, the answer may lie in the convergence of cybersecurity and the IoT. https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/cybersecurity-for-the-iot-how-trust-can-unlock-value
Education Sector Sees 34% Increase in IoT Attacks https://www.scmagazine.com/news/device-security/education-sector-34-increase-iot-attacks
Emergency Management
The Increasing Concern of Public-Sector Cybersecurity in State and Local Government https://www.govtech.com/sponsored/the-increasing-concern-of-public-sector-cybersecurity-in-state-and-local-government
Cybersecurity Needs its Place in Emergency Management Now https://www.cpomagazine.com/cyber-security/cybersecurity-needs-its-place-in-emergency-management-now/
Cybersecurity For the C-suite
The Local Government Officials Guide to Cybersecurity https://www.learnsecurity.org/single-post/the-local-government-officials-guide-to-cybersecurity
Why CEOs Need To Prioritize Online Safety Compliance https://www.forbes.com/sites/forbestechcouncil/2023/04/07/why-ceos-need-to-prioritize-online-safety-compliance/
Cyber Risk Is Growing. HBR. The consequences of cyber-attacks are growing increasingly severe. And as “bad actors” become increasingly well-financed, and the “attack surface” where cyber threats are deployed becomes increasingly larger and more complex, it’s becoming practically impossible to ensure that everything is properly secure. https://hbr.org/2023/04/cyber-risk-is-growing-heres-how-companies-can-keep-up
Guidance
CISA Releases Zero Trust Maturity Model Version 2 https://www.cisa.gov/news-events/alerts/2023/04/11/cisa-releases-zero-trust-maturity-model-version-2
Federal Zero Trust Strategy https://zerotrust.cyber.gov/
Legislation Watch
Senator Calls for Cybersecurity Audit of Law Enforcement Wireless Network https://www.nextgov.com/emerging-tech/2023/04/senator-calls-cybersecurity-audit-law-enforcement-wireless-network/385110/
Federal Government
U.S. embassies to get cyber experts by the end of 2024. Nathaniel Fick, ambassador at large for cyberspace and digital policy at the State Department, said he plans to install a Foreign Service staffer trained in cybersecurity at each U.S. embassy worldwide. https://federalnewsnetwork.com/cybersecurity/2023/04/state-dept-cyber-bureau-plans-to-add-tech-experts-to-every-embassy-by-next-year/
The Cyberspace Solarium Commission wants space systems to be considered critical infrastructure sector number 17 https://cyberscoop.com/solarium-commission-space-systems-critical-infrastructure/
Comments