Cybersecurity News of the Week, October 18, 2020

SecureTheVillage Calendar

Insurance Brokers Cybersecurity Roundtable: Navigating the Strange World of Cyber Risk, Cyber Exposures, & Cyber-Gotchas with Jason Meshekow October 20 @ 2:00 pm – 3:00 pm PDT

Technology & Security Management HappyHour: Talking to the CSuite: Open Fair Standard. October 27 @ 4:30 pm – 5:30 pm PDT

Cybersecure 2020: A Reasonable Guide to Reasonable Security. October 28 @ 2:30 pm – 5:00 pm PDT

LMG Security Virtual Class: Cyber First Responders. November 5 @ 9:00 am – 6:00 pm PST

Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST

Insurance Brokers Cybersecurity Roundtable: Case Study of a Breach: Helping Your Clients Prepare for the Inevitable. November 17 @ 2:00 pm – 3:00 pm PST

Financial Services Cybersecurity Roundtable: November 2020. November 20 @ 8:00 am – 10:00 am PST

Individuals at Risk

Cyber Update

Microsoft Patch Tuesday, October 2020 Edition: It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up. KrebsOnSecurity, October 13, 2020

Cyber Humor

Information Security Management for the Organization

Cybersecurity in the C-Suite & Board

In the Age of Coronavirus, Infectious Disease Isn’t the Top Business Risk in the US; Cyber Attacks Are: Though the Covid-19 crisis is still not in check in the United States after seven months of public restrictions and it is still unclear when a vaccine will be developed, infectious disease clocks in as only the second-greatest business risk category in 2020. Cyber attacks remain the country’s greatest challenge, something that bucks a general global trend among the world’s major economies. CPO, October 13, 2020

Cyberattacks now cost companies $200,000 on average, putting many out of business: In an age of ongoing digital transformation, cybercrime has quickly become today’s fastest-growing form of criminal activity. Equally worrying for modern executives, it’s also set to cost businesses $5.2 trillion worldwide within five years, according to Accenture. CNBC, October 13, 2020

Ransomware: Once you’ve been hit your business is never the same again: In additional to financial costs and reputational damage, a ransomware attack can also lower the confidence of your information security team too. ZDNet, October 12, 2020

Information Security Management

Top 5 Cybersecurity Frameworks to Secure Your Organization: Before we get into what the top cybersecurity frameworks are, let’s go through what exactly a cybersecurity framework is. All of these different cybersecurity frameworks provide standards and guidelines to secure your organization against cyber adversaries. Many industries have different cybersecurity requirements and standards. For example, the energy sector has the NERC CIP standards and the medical industry has HIPAA. Organizations often use cybersecurity platforms or frameworks to secure their organization and ensure compliance with these mandates. To select the best security framework for your organization you’ll need to make a few considerations. SecurityBoulevard, October 14, 2020

The Important Difference Between Cybersecurity And Cyber Resilience (And Why You Need Both): Cyber threats like hacking, phishing, ransomware, and distributed denial-of-service (DDoS) attacks have the potential to cause enormous problems for organizations. Not only can companies suffer serious service disruption and reputational damage, but the loss of personal data can also result in huge fines from regulators. Forbes, October 14, 2020

Ransomware is growing: Here are four ways attackers are getting into your systems: Ransomware attacks continue to grow. Here are the four ways the initial attack is likely to start, according to data from investigations company Kroll. ZDNet, October 12, 2020

How Cybersecurity Threat Intelligence Teams Spot Attacks Before They Start: Rigorous intelligence assists clients in the critical moment — when an attacker is already on the network and defenders need to act swiftly before significant damage is done. Yet even when the critical moment is over, intelligence has a multiplying effect by injecting new information gained into platforms that inform incident response consultants, managed security clients, and consumers of data. SecurityIntelligence, October 9, 2020

Facing a Privacy Breach Under Growing GDPR-inspired Laws Can Pose Challenges for Companies: Almost everyone at this point has heard about the European Union’s (EU) General Data Protection Regulation (GDPR). You’ve probably received an email from a company that you have shopped with explaining the recent changes in their privacy policy. Or, you’ve sat through a GDPR training at work, or you’re simply aware that some of the world’s largest companies with European subsidiaries need to comply with it. SecurityIntelligence, October 16, 2020

Secure The Human

Phishing Awareness Training is Far From Permanent; New Study Shows the Effects Last Only a Few Months: Cybersecurity professionals always stress awareness as a critical component of security readiness, suggesting that all of an organization’s employees be provided with regular reminders and even occasional simulated training scenarios. But how well do these efforts “stick” with the average employee who is not particularly technically inclined? According to a new study, it looks like phishing awareness training needs to be repeated at least once every six months to avoid having the effects of it wear off. CPO, October 5, 2020

Cyber Talent

Professor creates cybersecurity camp to inspire girls to choose STEM careers: Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science. TechRepublic, October 16, 2020

As attackers evolve their tactics, continuous cybersecurity education is a must: As the Information Age slowly gives way to the Fourth Industrial Revolution, and the rise of IoT and IIoT, on-demand availability of computer system resources, big data and analytics, and cyber attacks aimed at business environments impact on our everyday lives, there’s an increasing need for knowledgeable cybersecurity professionals and, unfortunately, an increasing cybersecurity workforce skills gap. HelpNetSecurity, October 15, 2020

Cyber Update

US Cyber Command: Patch Windows ‘Bad Neighbor’ TCP/IP bug now: US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month’s Patch Tuesday. BleepingComptuter, October 14, 2020

Cybersecurity in Society

Cyber Crime

Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials: A ransomware attack targeting medical technology firm slowed down clinical trials for the past two weeks, according to the New York Times. The attack targeted a Philadelphia company that develops software for clinical trials, including the crash effort to develop rapid coronavirus tests, treatment, and the vaccine. The attack on eResearch Technology forced clinicians to track their patients with pen and paper after locking the researchers out of their data. CPO, October 16, 2020

Cybercrime Losses Up 50%, Exceeding $1.8B: Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often. DarkReading, October 16, 2020

Breach at Dickey’s BBQ Smokes 3M Cards: One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. KrebsOnSecurity, October 15, 2020

Cyber-Attack on Major US Bookseller: American bookseller Barnes & Noble has been hit by cyber-criminals the day after resolving a connection issue with its Nook e-reader service. InfoSecurity Magazine, October 15, 2020

Seyfarth Shaw Targeted by Weekend Cyberattack … The firm said it shut down many of its systems as a precautionary measure after what seems to have been a ransomware attack: Seyfarth Shaw is the latest Big Law firm to get hit by a cyberattack. The firm said in a statement Monday morning that it was victimized by “a sophisticated and aggressive malware attack that appears to be ransomware” over the weekend., October 12, 2020

Cyber Defense

Report: U.S. Cyber Command Behind Trickbot Tricks: A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. KrebsOnSecurity, October 10, 2020

Know Your Enemy

Phishers Capitalize on Headlines with Breakneck Speed: Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure. ThreatPost, October 16, 2020

25% of BEC Cybercriminals Based in the US … Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns: Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by security firm Agari. BankInfoSecurity, October 14, 2020

Cyber Insurance

A Promising Way To Contain Havoc Cyber Attacks … A well-developed cyber insurance industry could collect the right information, and create the right incentives, to improve cybersecurity and reduce cyber risk on a vast scale: Insurance is one of the most promising tools for addressing pervasive cyber insecurity. A robust market for insuring cyber incidents could, among other things, financially incentivize organizations to adopt better cyber hygiene—thereby reducing cyber risk for society as a whole. But cyber insurance is not yet mature enough to fulfill its potential, partly due to uncertainty about what kinds of cyber risks are, or can be, insured. TechnologyTimes, October 14, 2020

Cyber insurance is only a few claims away from disaster. This is why it matters: Cyber insurance may still be in its infancy, but over the past few years, we have seen rapid growth followed by what we all hope to be a temporary plateau. Insurers are issuing more policies. The amounts of protection are increasing. In fact, our community has finally seen the first cyber insurance programme to exceed $1 billion. Meanwhile, the breadth of coverage continues to expand. Absent the slowing of growth, it would seem that cyber insurance is maturing, and that businesses are adapting to the new and emerging cybersecurity threat. World Economic Forum, October 9, 2020

Cyber Fine

Morgan Stanley Fined $60 Million for Data Protection Mishaps: OCC: Investment Bank Didn’t Properly Oversee Decommissioning of Data Center Equipment. BankInfoSecurity, October 12, 2020

Cyber Freedom

Late-game election security: What to watch and watch out for: Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns. CSO, October 15, 2020

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy: Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign. ThreatPost, October 15, 2020

Pennsylvania becomes a battleground over election security: Pennsylvania is one of this year’s most hotly contested battleground states and also is facing a flurry of lawsuits, complaints and partisan finger-pointing over its election procedures and systems. ABC, October 14, 2020

Ransomware is the latest threat to the 2020 election. Here are the facts: (CNN Business)As the nation careens toward Election Day fears are bubbling up about potential election interference from a fresh source: ransomware. CNN, October 14, 2020

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge