SecureTheVillage Calendar
InfraGard Webinar: Malign Foreign Influence and Election Security Threat Briefing October 15 @ 8:15 am – 12:00 pm PDT
Financial Services Cybersecurity Roundtable: Managing 3rd Party Service Providers in Financial Services with John Coleman. October 16 @ 8:00 am – 10:00 am PDT
Insurance Brokers Cybersecurity Roundtable: Navigating the Strange World of Cyber Risk, Cyber Exposures, & Cyber-Gotchas with Jason Meshekow October 20 @ 2:00 pm – 3:00 pm PDT
Technology & Security Management HappyHour: Talking to the CSuite: Open Fair Standard. October 27 @ 4:30 pm – 5:30 pm PDT
Cybersecure 2020: A A Reasonable Guide to Reasonable Security. October 28 @ 1:00 pm – 5:00 pm PDT
LMG Security Virtual Class: Cyber First Responders. November 5 @ 9:00 am – 6:00 pm PST
Information Security Management Webinar: Conversation on the Cyber Risk Landscape with Deron T. McElroy, CISA. November 12 @ 10:00 am – 11:00 am PST
Insurance Brokers Cybersecurity Roundtable: Case Study of a Breach: Helping Your Clients Prepare for the Inevitable. November 17 @ 2:00 pm – 3:00 pm PST
Financial Services Cybersecurity Roundtable: November 2020. November 20 @ 8:00 am – 10:00 am PST
Individuals at Risk
Information Security Management
A Cybersecurity Checklist For The New Norm: Covid-19 has caused a seismic shift in how businesses operate. Offices have shut down, and workers have gone remote. Employees returning to offices are putting additional stress on limited resources that have shifted to some extent to supporting the work-from-home option. On one hand, IT infrastructure is struggling to cope with an increase in demand while on the other, attackers are seeking to exploit vulnerabilities in this newly expanded remote work environment. Forbes, October 8, 2020
Secure The Human
It’s never too early to teach your kids about cybersecurity: Technology is here to stay, and it continues to advance and grow all the time. Because of its prominent place in the world, it can seem like today’s generation is practically born with an iPhone in hand. In fact, as of 2015, 61% of children ages 3-18 had access to the internet at home. That number has undoubtedly increased today, as it’s become more of a necessity thanks to everything from remote learning to teens looking for careers in cybersecurity. The Next Web, October 8, 2020
Cybersecurity Awareness Month: How to protect your kids from identity theft: Freezing your child’s credit is one way to stop cybercriminals from stealing their identity. But you have to be careful to keep the key to thaw it later. TechRepublic, October 7, 2020
Cyber Warning
How Cybersecurity and Cyberbullying are Intertwined in K-12 Schools: Cybersecurity and cyberbullying are uniquely related in K-12 online learning systems. SecurityBoulevard, October 8, 2020
Microsoft warns of Android ransomware that activates when you press the Home button: New MalLocker.B ransomware is currently spreading via online forums and third-party websites. ZDNet, October 8, 2020
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks: A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers. ThreatPost, October 8, 2020
Don’t Get Suckered by Phishing Scams About Trump’s Health: A new phishing scam is duping unsuspecting victims with enticing links promising access to President Trump’s alleged health records and top-secret COVID-19 treatment information. In reality, these misleading links are triggering downloads that sneak a new, dangerous form of malware onto the PCs of unsuspecting truth-seekers. LifeHacker, October 8, 2020
Humor
Information Security Management for the Organization
Cybersecurity in the C-Suite & Board
Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines: Board decisions on cybersecurity spending are slowly improving following the impact of regulatory fines and COVID-19. InfoSecurity, October 8, 2020
Making Cybersecurity a Priority in the Boardroom: Cyber risks are ever-increasing in the Covid-19 era. On one hand, businesses are going through a radical transformation while on the other, the attack surface is rapidly expanding due to more people working from home. There is increased pressure on executive teams to step-up and get a better handle on cybersecurity. InfoSecurity, September 28, 2020
Information Security Management
Why MSPs Are Hacker Targets, and What To Do About It … Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance: It’s commonly understood that smaller businesses have smaller IT budgets, which often does not leave much room for IT security. Even in 2020, many of these companies have never heard of NIST, ISO 27001, or other security frameworks, let alone implemented them. And with more than 30 million businesses falling in the category of fewer than 1,000 employees, small businesses represent a significant part of the American economy. For an attacker, this is a gold mine of potential opportunity, but the key to that financial reward means operational scalability, putting the target squarely on managed service providers (MSPs). DarkReading, October 9, 2020
Companies opting out of DHS threat-sharing platform call for better data: Since its inception in 2016, the Department of Homeland Security’s threat-sharing platform has been plagued by a lack of participation from public and private organizations alike. DHS is now vowing to make improvements, as the security community calls for better quality of data and more tangible payback for opting in. SCMedia, October 8, 2020
Amid Growing Ransomware Attacks, OFAC Pushes Private Sector, FBI Cooperation: While a recent advisory from OFAC is hoping to push companies impacted by ransomware into the arms of the FBI and other law enforcement agencies, businesses that are fearful of losing control over the subsequent investigation may be reluctant to comply. Law.com, October 8, 2020
Only 27.9% of organizations able to maintain compliance with the PCI DSS: Global organizations continue to put their customers’ cardholder data at risk due to a lack of long term payment security strategy and execution, flags the Verizon report. HelpNetSecurity, October 8, 2020
Cybersecurity Awareness: 6 Myths And How To Combat Them: National Cybersecurity Awareness month is upon us. And, so is the opportunity to look at what common C-suite misconceptions could be handcuffing security awareness efforts. SecurityIntelligence, October 7, 2020
Using PCI Scope to Lower Risks and Cost … By leveraging newer technology and risk transfer, organizations can in some cases reduce questions almost tenfold. This article discusses leveraging technology identified in PCI Self-Assessment Questionnaires A and P2PE to reduce the risks and costs to an organization when processing credit cards, which also subjects the organization to fewer and less onerous compliance requirements. By leveraging newer technology and risk transfer, organizations can in some cases reduce questions almost tenfold. By R. Scott Pierangelo and David Lam, Members SecureTheVillage Leadership Council, ISSA, October 2020
Privacy Management
New CCPA Amendment Extends Exemptions for Employment, B2B Data: A new amendment to the California Consumer Privacy Act allows California employers and businesses that collect personal information of business partners to take some comfort from the fact they may continue to rely on two important CCPA exemptions. Morgan, Lewis & Bockius LLP partner Reece Hirsch explains the impact and predicts more enforcement from state regulators. Bloomberg, October 8, 2020
Cyber Warning
FBI Issues Warning of Using Hotel WiFi if Teleworking from Hotel: The Federal Bureau of Investigation is issuing this announcement to encourage Americans to exercise caution when using hotel wireless networks (Wi-Fi) for telework. FBI has observed a trend where individuals who were previously teleworking from home are beginning to telework from hotels. US hotels, predominantly in major cities, have begun to advertise daytime room reservations for guests seeking a quiet, distraction-free work environment. While this option may be appealing, accessing sensitive information from hotel Wi-Fi poses an increased security risk over home Wi-Fi networks. Malicious actors can exploit inconsistent or lax hotel Wi-Fi security and guests’ security complacency to compromise the work and personal data of hotel guests. Following good cyber security practices can minimize some of the risks associated with using hotel Wi-Fi for telework. FBI, October 6, 2020
Cyber Talent
The cybersecurity skills gap: California educates the workforce of the future: California is a beacon for global innovation, home of Silicon Valley and a center for space tech. Its economy outpaces many nations, beating both the Russian Federation and Italy for gross domestic product. Big name enterprise players, the U.S. military, and government all vie for top talent; and there isn’t enough to go around. SiliconAngle, October 8, 2020
Secure The Human
More scoring, less boring: How companies can gamify security training: Video games, quiz show competitions and undercover “mole” operations are among the more inventive ways companies are trying to spice up their security awareness training. SCMedia, October 8, 2020
Cyber Insurance
Consumers and Business Owners are Underprepared for Evolving Cyberthreats: As COVID-19 drives more Americans to turn to virtual or digital business interactions, cyber criminals have found fertile hunting ground for new opportunities to exploit weaknesses. According to a new Nationwide Agent Authority survey, many American consumers and businesses are dangerously underprepared to defend against common and evolving cyberthreats. CPA Practice Advisor, October 1, 2020
Cybersecurity in Society
Cyber Crime
Senate Democrat raises concerns around Universal Health Services breach: Sen. Mark Warner (D-Va.) on Friday raised concerns around a recent cyberattack on hospital chain Universal Health Services (UHS) that resulted in the data of millions of customers potentially being compromised. The Hill, October 9, 2020
German tech giant Software AG down after ransomware attack: The Clop ransomware gang is demanding more than $20 million from German tech firm Software AG. ZDNet, October 9, 2020
Number of corporate credentials exposed on the dark web increased by 429%: While there has been a year-over-year decrease in publicly disclosed data breaches, an Arctic Wolf report reveals that the number of corporate credentials with plaintext passwords on the dark web has increased by 429 percent since March. HelpNetSecurity, October 8, 2020
Clinical Trials Hit by Ransomware Attack on Health Tech Firm: No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on computer networks. The New York Times, October 3, 2020
Know Your Enemy
Elusive hacker-for-hire group Bahamut linked to historical attack campaigns: The Bahamut group targets high-value victims and takes meticulous care with its own operational security. CSO, October 9, 2020
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work: There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained. KrebsOnSecurity, October 8, 2020
Cyber Freedom
Cyberattacks, Foreign Interference, and Digital Infrastructure: Conducting Secure Elections Amid a Pandemic: The coronavirus pandemic has introduced an additional layer of complexity into the already challenging task of conducting secure, democratic elections. Prior to the pandemic, many democracies were working to secure their elections from foreign adversaries, often with limited budgets. These challenges have only grown more acute because of the pandemic. Since the coronavirus arrived, much attention has, correctly, been focused on how to administer elections in a manner that reduces the likelihood of voters and pollworkers contracting the virus. However, after reviewing many elections held in Europe and the United States, including several during the pandemic, we believe that more can and should be done to secure human, physical, and cyber election assets. Both the pandemic and foreign interference threats show no signs of abating; meanwhile the pandemic creates further windows of opportunity for authoritarian regimes to interfere in elections. Alliance for Securing Democracy, October 8, 2020
Technology a double-edged sword for U.S. election security: Technologies are being weaponized to undermine the 2020 U.S. presidential election, but IT systems will also help identify fraud and verify results in a contested election. SearchSecurity, October 8, 2020
Homeland Security steps up warnings about 2020 U.S. election security: WASHINGTON (Reuters) – The U.S. Department of Homeland Security (DHS) on Tuesday stepped up warnings about foreign threats to U.S. election security, affirming other agencies’ concerns regarding Russian interference in particular. Reuters, October 6, 2020
Election security bolstered in key states for 2020 presidential race. Will they hold?: With the presidency on the ballot in less than a year, fears of another attempt by Russia or other foreign powers to interfere in the election seem to grow with each passing day. The Fulcrum, December 9, 2020
Disinformation
Facebook, Twitter dismantle global array of disinformation networks: LONDON/WASHINGTON (Reuters) – Facebook Inc FB.O and Twitter Inc TWTR.N said on Thursday they had taken down more than a dozen disinformation networks used by political and state-backed groups in multiple countries to deceive users on their platforms. Reuters, October 7, 2020
