This section has to do with current trends in cyber security. Our President, Bill Palisano hand selects articles he thinks are pertinent to read and understand every few weeks. Keeping up with this section will enable you to stay updated, informed and current so that you never find yourself without the tools to secure your information.
Avoiding the snags and snares in data breach reporting: What CISOs need to know.
Ambiguities in a growing list of US reporting requirements keep CISOs up at night: Will they be compelled to report every breach even if they can prove the data was untouched? Experts advise on how to avoid trouble.
Is your Coffee Pot Watching You?
Devices become vulnerable to attack within minutes of connecting to the Internet. The device could be a computer or a smartphone, but it doesn’t have to be. It could be a security camera, light bulb, teddy bear, or car. The world is becoming more connected, and cybercrime is getting easier and more accessible.
Ransomware & Air Gapping leads to Record Breaking Tape Capacity Shipments
Tape Shipment Report Reveals Record Breaking Tape Capacity Shipments – "Ransomware is more rampant than ever and a significant challenge for protecting data, especially as employees continue to work remotely amid the current pandemic," said Christophe Bertrand, Senior Analyst, The Enterprise Strategy Group, Inc. “Air gapping with tape technology should be a serious consideration for any company looking at best practices to ensure their company’s data and their customers’ privacy."
Ransomware attacks on schools continue to increase:
Schools have been under extreme pressure this year due to the COVID-19 pandemic. Students need additional help with the new safety measures or remote learning, and parents are flooding schools with questions, suggestions, or complaints. U.S. schools were an attractive target for ransomware in 2019, and they’ve become more popular this year as the pandemic caused a massive disruption in how education is delivered to students. Barracuda research shows that attacks on schools and universities made up 15% of attacks in 2020, compared to 6% in 2019. Here are stats and some defenses:
Election Crimes and Security
Concerned about our upcoming elections and foreign intervention? Check out this 9 Minute Video. IT IS WORTH YOUR TIME! The Directors of the FBI, the NSA, CISA (the Cybersecurity & Infrastructure Security Agency) and NCSC (National Counterintelligence & Security Center) speak about what your Country is doing to safeguard our elections. POWERFUL! In addition to election security – understand this: these people and agencies are working 24/7 to protect us from any and all cyber threats. I’m glad they’re on our side:
Here’s the 9 min video (on youtube): https://youtu.be/H-3Ek14eO7o
Here’s the complete FBI Web Page “Election Crimes and Security”: https://tinyurl.com/LA-CyberBP10-6-20
Air gaps – the most effective defense against cyberattacks
In data protection, air pockets or gaps are actually highly recommended, as they play an important role in terms of protecting your business-critical data against cyber attacks. These threats are becoming more frequent, and are capable of simultaneously corrupting live, backup and archive data. Consequently, it is an enormous challenge for all businesses to protect themselves from this type of data loss.
NYDFS enforces its cybersecurity regulation for the first time
On July 22, NYDFS filed a statement of charges against a title insurer for allegedly failing to safeguard mortgage documents, including bank account numbers, mortgage and tax records, and other sensitive personal information. This is the first enforcement action alleging violations of NYDFS’ cybersecurity regulation (23 NYCRR Part 500), which took effect in March 2017 and established cybersecurity requirements for banks, insurance companies, and other financial services institutions.
"He, who does not learn from history, is condemned to repeat it."
Equifax really learned from its’ mistakes when attackers breached it and stole the personal information of 182 Million Americans. And we can ALL learn from what they share here. There is an incredible amount of wisdom, insight and actionable measures in this 5-minute read. It’s not all sunshine and rainbows, but will definitely teach you a valuable lesson or two. Let’s learn from their mistakes and be much wiser moving forward. Enjoy:
When Aston Martin (James Bond’s car) did a self-assessment of its’ IT Security, its’ focus was laser sharp:
“The brand is enormously important. It's the thing that keeps us where we are. So, protecting that is a bigger focus for us than maybe some other things. If we had, for example, a breach and lost customer data, with the types of people that buy our cars you don't want to be the person on BBC News for instance explaining what's happened and how that's going to hurt the brand. The reputation damage would be enormous on that.”
SANS Institute, which drills cyber professionals in defense, suffers data breach:
The SANS Institute, which trains cybersecurity professionals around the world, was hacked, resulting in the compromise of 28,000 records of personally identifiable information, the organization said Tuesday.
5 traits all the best CISOs have:
I know many CISO’s. If you’re an Owner, CEO, President, or C-Suite, you’ll want to read this. It is RIGHT ON TARGET! As a career entrepreneur and business person, #3 resonates with me. It is what separates a GOOD CISO from a GREAT CISO. Think about yours… Is he/she good, or great?:
FBI Issues DDoS amplification attack alert:
The Federal Bureau of Investigation (FBI) in the U.S. has issued an alert warning organizations that distributed denial of service (DDoS) amplification attacks are on the rise. With all of the attention to Ransomware, DDoS attacks have taken a back stage, but, they’re still there. Get Ready to be attacked:
Cracking the cyber liability code leads to better insurance coverage:
Many clients/friends I’ve spoken with ‘think’ (hope) they’re insured properly for cyber-liability. And in some cases, I get the hint that they’d rather not dig into it (ignorance is bliss?). Well, ‘hope’ is NOT a strategy, nor a contingency plan. This 5 minute read has a GREAT explanation and 5 item listing of MUST HAVE’s for cyber-liability coverage:
The Lesson here is really Behind the Scenes:
A somewhat ‘typical’ ransomware against a city in Alabama. But the educational value is within the “Comments” section.
Read the article and then: READ THE COMMENTS at the end. Especially the conversation thread started by this question:
“Can someone kindly explain to me how a security firm in Wisconsin can “see” what’s happening with regards to an attack inside a network in
Cyber security 101: Protect your privacy from hackers, spies, and the government
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
With the huge surge in unemployment claims, and state unemployment systems being over-run, you had to know this would be coming:
1 Day, 3 New Ransomware Attacks reported, not all successful. Why?
Magellan Health – proving (during this COVID Crisis) “There is no Honor among the Thieves.” Threat Vector: Phishing (as usual). Undetermined: Was exfiltrated data anonymized and do they need to notify breached individuals?
Pitney Bowes – After their previous Ransomware Attack – 7 months ago, a New Successful Attack & Breach BUT Unsuccessful Ransomware Execution! New endpoint detection & response and advanced threat protection tools deployed – Won the Day!
Texas Court – Partially shut down by Ransomware. Although they “will not pay” the ransom, they do acknowledge the need for more/better security training of their employees. As government branches continue to be targeted by these types of attacks, they continue to struggle to keep pace with the security required to deliver information to citizens, yet protect it from nefarious use by bad actors:
Threat Spotlight: Coronavirus-Related Phishing.
As much of the world grapples with the new coronavirus, COVID-19, and how to handle it, attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web..
5 ways COVID-19 is reshaping the cybercrime economy.
As the COVID-19 pandemic pushes the above-ground economy to the brink of a major recession, the cybercrime economy appears to still be hard-charging ahead. And yet, the virus has rapidly reshaped the way business is being done on the dark web, as buyers and sellers jump on the opportunity to capitalize on global fears, as well as dramatic shifts in supply and demand.
SBA emergency loan applicants’ data likely exposed.
breach at the Small Business Administration may have exposed personal information on almost 8,000 small businesses that applied to the agency’s Economic Injury Disaster Loan program (EIDL), recently expanded to include organizations affected by the COVID-19 pandemic..
Zoombombing provides teachable moment for cybersecurity teams.
Most of the instances of conference calls being hacked, popularly known as Zoombombing, are from a cybersecurity perspective a self-inflicted wound. The fact that malicious actors could, for example, use publicly posted meeting links, guess meeting IDs, and discover personal meeting IDs posted online to join a meeting uninvited is not some newly discovered set of vulnerabilities. It’s only been with the need for large swaths of the population to remain at home that these issues are coming to the fore. Zoom, as the most popular video collaboration platform of the moment, is naturally at the center of the storm.
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings.
Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.
Working from Home? SANS Security Awareness Deployment Guide (for businesses) & Top 5 Tips for Working from Home Securely (for employees)
With the coronavirus disrupting business as usual, organizations and school districts worldwide are implementing work-from-home policies. Not only does this pose new challenges for organizations that lack the processes and technologies required to secure a remote workforce, it puts an even greater burden on families who must quickly adapt to a new way of working and learning from home — and do so safely and securely.
Five billion records exposed in open ‘data breach database’
More than five billion records were exposed after a Keepnet Labs Elasticsearch “data breach database” housing a trove of security incidents from the last seven years was left unprotected.
Malicious coronavirus map hides AZORult info-stealing malware:
Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware.
The SHIELD Act: NY’s New Data Protection Requirements Take Effect:
In his Health Law column, Francis J. Serbaroli discusses New York’s new SHIELD Act, which imposes new data security and data breach reporting requirements on any entity in possession of private information of New York residents regardless of whether the entity is located in New York. The Act also levies higher penalties for non-compliance with its data security and reporting requirements, but does not provide for a private cause of action.
25 Tech Predictions for 2020:
Much will be different, relative to ten years ago. The year 2020 opens a new decade and much will be different, relative to ten years ago. Here are more than two dozen predictions about what to expect, according to industry experts and executives.
Ring camera hacks show the need for better IoT security:
Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.
Snatch ransomware reboots PCs into Safe Mode to bypass protection:
Cyberthreats to financial institutions 2020: Overview and predictions:
BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups - in the field:
Ransomware attack on nursing homes’ services provider threatens lives:
How to negotiate with hackers:
How tape backup systems improve data protection:
What it takes to preserve business continuity, recover quickly from a cyber disaster
VPN to world:
Reports of my death are greatly exaggerated
How ready are you to respond to a ransomware attack?