In a summer that’s been somewhere in between pandemic panic and the return to real life, there have still plenty of reasons to celebrate. In the Data Connectors Cybersecurity Community, we’re excited to see so many of our members making big moves and advancing their careers over the last few months.

OUR SPEAKERS AND THOUGHT-LEADERS

We’re excited to see Lester Godsey, CISO for Maricopa County, Arizona, has been appointed the Interim Program Chair for the Arizona Chapter of InfraGard. Lester has been featured previously as a keynote speaker and CISO panelist at several Virtual Cybersecurity Summits. 

One of our featured CISOs Krista Arndt is now the Director of Security Risk & Compliance for Voyager. Krista is an active member of FS-ISAC, ISACA, and Infraguard and mentors other women interested in building a career in cybersecurity. When off the clock, Krista takes her affinity for overcoming challenges to the race track, where she competes in a national drag racing series and uses her racing as a forum to advocate for autism awareness.

Cyber expert Jeff Horne announced his new position as Head of Security at Skydio. Jeff is well known for his insight in interviews for numerous news channels and publications, speaking roles at various security conferences, as well as authoring several vulnerability disclosures and patents.

CISO RoundTable regular Hadas Cassorla has been named the CISO at M1 Finance. She has built corporate security offices from ground-up and help develop them into departments of Security as a Service. When not managing security, Hadas works as an improvisational actor and corporate trainer, teaching companies how to get to “yes” and stay on course in a fast-changing world where the unexpected happens every day.

Previous keynote speaker and CISO panelist Naomi Buckwalter announced the launch of her non-profit organization, the Cybersecurity Gatebreakers Foundation. She has over 20 years’ experience in IT and Security, and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people get into cybersecurity.

Community member and featured speaker Eric Yancy is now the Information Security Officer for the City of Denton, Texas. Eric retains multiple information security credentials including Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified Cloud Security Knowledge (CCSK), Certified Information Systems Auditor (CISA) and two National Security Agency certifications on Information Security Assessments.

Recently featured on a CISO RoundTable, Randall Frietzsche started his new position as Head Program Tutor – Cybersecurity: Managing Risk in the Information Age at Harvard University. Fritz is very involved in the Information Security industry, as a speaker, blogger and mentor. Fritz is a Distinguished Fellow with the Information Systems Security Association (ISSA) and was the President of the Louisville, KY ISSA chapter for 8 years.

Featured expert Trey Guinn was promoted to the role of Field Technologist for the Office of the CTO at Cloudflare, one of our Community Partners. His key areas of focus are network security, identity management, and modern cloud computing architectures such as Zero Trust and SASE. Trey has worked in network architecture roles for over 20 years across a range of industries from multinationals to one room startups in the United States, New Zealand, and the Netherlands.

Recent CISO RoundTable panelist Douglas Brush has stepped into an additional role as a cybersecurity tutor at Harvard University. Douglas is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cyber security, incident response, digital forensics, and information governance. His full-time job is that of Global Advisory CISO for Splunk.

OTHER MOVES IN OUR COMMUNITY

• Jason Alexander has expanded his role at VCU Health to include both the VP and CISO titles.
• Mike Phillips is now the Chief Information Officer and Deputy Director for Air, Space and Cyberspace Operations for the United States Air Force.
• Gram Ludlow is now the CISO for Marriott Vacations Worldwide.
• Arthur Braunstein is now the Chief Revenue Officer at Great Horn.

LIFE UPDATES

Extra congratulations to former FBI Agent and Community Thought Leader Michael F.D. Anaya and his wife welcomed their third child earlier this summer. Michael has been speaking, writing and sharing his knowledge on cybersecurity across a variety of media.

Have you recently changed jobs or gotten a promotion – or, have you added a new executive to your team? We’d love to share it. Email marketing@dataconnectors.net and use the subject line “On the Move” to be included in our next edition of this post.

Cybersecurity Pros On the Move: Summer 2021

Hot Topics in Cybersecurity Posted by Jen Greco on Aug 11, 2021

Cracking Down on Cybersecurity at the State Level

“The cybersecurity space is incredibly dynamic, with the threat and vulnerability environment changing almost daily, so these (state) leaders are constantly weighing the law of unintended consequences as they address public safety on one hand and over-regulation of business on the other,” wrote Mark Weatherford — former state CISO for both Colorado and California, and the federal Department of Homeland Security’s first deputy undersecretary for cybersecurity. He documented the challenges state leaders face with newfound advanced, damaging cyber attacks in “What State Leaders Need to Know About Cybersecurity.”

THE CURRENT LANDSCAPE

Over the past year and a half, companies all over the world have had to adjust to the work-from-home mandate and new hybrid working environment while ensuring cybersecurity protection of both the organization’s endpoints and their employees.  Local governments have had to adapt to the necessary new regulations for cybersecurity as well.

While headline-grabbing attacks like Colonial Pipeline and SolarWinds grab headlines, state and local governments, as well as municipalities and public education facilities have long been the target of debilitating ransomware attacks.

It’s clear that local governments need to take drastic action to improve cybersecurity, but where should they start?

State CISOs, governors and other elected officials have signed orders, put together task forces and advised people on the possible ramifications from cyber attacks all in an attempt to better regulate and inform the public yet cyber threats are still as prevalent as ever.

Steve Harpe, Oklahoma State COO, said the state fends off more than 36 million cyber attacks a day.

“When building a business-first state, trying to be more open to business, it drives the perception that ‘you’re not really caring about security.’ That’s absolutely not true,” Harpe said. “The last year and a half brought a lot of learning for us to run state government better but also how to deal with things in a crisis.”

In an effort to limit the damage of cyber attacks, the New York State Public Service Commission (PSC) has taken preventative measures and granted the state’s largest electric and gas utilities permission to take care of utilities in the United States or Canada in the event of a cyberattack. This initiative is part of the Cyber Mutual Assistance (CMA) program that provides mutual aid in preparation of, during, or following a cyber incident.

“New York is a hub for significant financial, governmental, manufacturing, and transportation infrastructure that has higher than normal risk of cyberattack for either criminal or geopolitical reasons,” said PSC Chair John B. Howard. “Our utilities’ participation in this type of mutual assistance program is both appropriate and timely in light of the increased recent cyberattacks on critical infrastructure. Being able to recover and return to normal operations as quickly as possible is critical, thus pre-approval of transfers of utility property and equipment under the CMA program is in the public interest.”

In nearby Connecticut, Governor Ned Lamont signed a bill intended to encourage businesses in the state to step up their cybersecurity, according to GCN. “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” will take effect October 1, and will protect businesses from damages resulting from a breach of personal data if they have adopted and adhere to industry-standard cybersecurity measures. These organizations will only be covered if they are aligned with the current version of any recognized security framework, GCN reported.

CONNECT WITH LOCAL LEADERS

Local cyber executives will discuss these topics at the New England Virtual Cybersecurity Summit on  August 18. Following this on August 19 in Hartford, Connecticut many of them will continue the conversation in person at the New England Cybersecurity Community Rooftop Reception, which starts at 4pm.

Cracking Down on Cybersecurity at the State …

Industry News Posted by Jen Greco on Aug 10, 2021

“This is the first in-person cybersecurity event I have been to since March 2020.” This jarring statement rang true for many attendees last night at the ‘New York Information Security Meetup’, hosted by David Raviv.

The Data Connectors Team supports local cybersecurity-related gatherings all over North America, as a way to bring the community to more professionals.  This week, New York City Area CSO Michael Hiskey and Marketing team member Emily Ramsey attended the New York Information Security Meet-up, along with numerous cybersecurity field experts. The lineup included Keith Sazer from Community Partner CriticalStart, Jeff Hudesman, Chief Security Officer & VP of Information Security at DailyPay, and Doug Britton, Founder of Haystack Solutions.

Critical Start’s team talked about the importance of cybersecurity in the lives of regular citizens, and Keith related a personal experience from his days on Wall Street in the financial sector and transition to the MDR provider.

Veteran US Army linguist Doug Britton talked about the Cyber Aptitude and Talent Assessment (CATA), which the firm he founded is now making commercially available.  Organizations use the assessment to uncover the natural proclivity individuals have, and how they potentially align to cybersecurity roles. 

Look for Doug at the Philadelphia Virtual Cybersecurity Summit next month, talking with expert panelists on the “Cybersecurity Skills Shortage.”   

The agenda covered a wide range of hot topics in cybersecurity, including a personal narrative from Doug Britton who experienced first-hand the effects of the Colonial Pipeline ransomware hack. Britton admitted that the panic of searching miles to find no gas was just as terrifying as the COVID-19 pandemic — further proving how critical cybersecurity is for national security.

When this attack first happened, Data Connectors sat down with John Felker, former Assistant Director for the Department of Homeland Security Cyber Infrastructure Security Agency (CISA) for a LinkedIn Live Briefing. He discussed what was compromised, and how; where attackers likely entered; what is known about the DarkSide Russian Cybercrime ring involved.

One of the most engaged CSOs one could find in a FinTech start-up would have to be Jeff Hudesman. DailyPay, which enables employees of large firms like McDonalds, DollarTree, and T-Mobile to get advances on their paychecks.  Jeff spoke about the robust defenses his team put in place to combat these threats and keep DailyPay’s customers secure. With access to all of that Personally Identifiable Information (PII) and financial institution detail, you can be they see their fair share of credential-stuffing, identity theft, and other attacks, just as the large banks do.  Jeff talked a bit about the role of a CSO in a start-up, and many of the unique challenges therein.

Along with the discussions of cybersecurity’s effects in our day-to-day lives, the major takeaway from this meet-up was that people are ready to network and connect in person again. However, the ongoing concerns of the pandemic still limit large gatherings from taking place in many places.

In a recent poll, Jerod Brennen asked his LinkedIn followers how soon they plan on returning to conference life. Over 50% responded with “Bring it! I’m ready now.” While some Community.

Members choose to travel to BlackHat this year, many stayed home – we’ll know more as that event wraps-up in Las Vegas.  As was posited in this infographic, community survey data points to members preferring a mix of in-person regional conferences in nearby cities and virtual gatherings for the immediate future.

As restrictions fluctuate, and the desire to return to in-person continues to rise, the industry that thrives on networking must continuously adapt. Data Connectors was the first to transition to Virtual Summits, and are now hosting a handful of live conferences this fall and winter.

David Raviv, cyber security industry veteran and a startup enthusiast founded the New York Information Security Meetup in January 2013 and has held over 120 gatherings. The community consists of 5,500 security professionals from the New York Tri-State area.  David said, “People crave the human connection. Despite hosting on-line events a couple of times a week, being in front of a screen is no substitute to rubbing shoulders with fellow practitioners,” when we spoke this week.  When not hosting events, David is the general manager for findings.co, a company set to disrupt how enterprise handles supply chain cyber risk.

The first in-person gathering will take place as a follow-up to the New England Virtual Cybersecurity Summit on Wednesday, August 18th.  That will be an in-person happy hour gathering for those who attended the Virtual Summit.  Join Hartford-area Community Members on Thursday, August 19th, for the New England Cybersecurity Community Rooftop Party & Networking Reception.  

We hope to see you there!

The Return of Local In-Person Gatherings

Hot Topics in Cybersecurity Posted by Michael Hiskey on Aug 4, 2021

Congress is answering the age-old question of “How are we going to pay for all of that?” with a new answer: cryptocurrency.

The recent $1 trillion infrastructure bill, or formally, “The Infrastructure Investment and Jobs Act,” as agreed upon by both the executive and legislative branches, will raise nearly $28 billion over ten years by cracking down on cryptocurrency transactions, according to the Joint Committee on Taxation.

The plan would come from extending Congress’s ability to track larger cryptocurrency transactions by increasing reporting requirements, Fox Business reported.

This addition to the bill comes after the Internal Revenue Service Commissioner Charles Rettig told Congress that it should have the authority to collect information on cryptocurrency transactions greater than $10,000, as reported by Reuters. In his statement to the Senate Finance Committee on June 8, Rettig said that the world crypto market capitalization is greater than $2 trillion, and most are “designed to stay off the radar screen.”

This cash grab, according to Coin Center Executive Director Jerry Brito, definitely represents a legal gray area for Congress. In a Tweet, Brito said: “Such a requirement is essentially forcing miners, lightning nodes, etc., to identify others on the network. Not only is this nonsensical from a technical perspective, such a mandate would very likely be unconstitutional surveillance.”

Bloomberg’s coverage of the bill cites the crypto industry as one of the bill’s losers, along with drugmakers and owners and manufacturers of electric vehicles (and, of course, Deficit Hawks).

While the bill hasn’t officially been signed into law just yet – Senators will be continuing to add amendments prior to putting it for a vote and getting it to the president’s desk.

Cryptocurrency Industry Posed to Take a Hit …

Industry News Posted by Jen Greco on Aug 3, 2021

The White House this week issued a statement titled “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.”

This move is part of a series of cyber-related actions from the executive branch, but this one carries a particular focus on responding to recent attacks such as the Colonial Pipeline and JBS Foods. In effort to further protect Americans from attacks on our critical infrastructure, the memo seeks to:

• Have CISA collaborate with NIST to develop cybersecurity goals for critical infrastructure
• Establish the Industrial Control System Cybersecurity Initiative – a collaborative effort between the federal government and those providing critical infrastructure to facilitate the deployment of cybersecurity means and methods.

According to the Q&A released from the White House along with the official memo, these steps will ensure that attacks on pipelines and similar infrastructure components will be limited.

“We look to responsible critical infrastructure owners and operators to follow voluntary guidance as well as mandatory requirements in order to ensure that the critical services the American people rely on are protected from cyber threats,” the release said.

The ICS Security Initiative was piloted by the electricity subsector, but it will now be implemented among natural gas pipelines. After that, the memo said, water and wastewater sector systems and the chemical sector will follow later in the year. The memo states:

“The Initiative builds on, expands, and accelerates ongoing cybersecurity efforts in critical infrastructure sectors and is an important step in addressing these threats.  We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”

White House: US Critical Infrastructure Nee …

Industry News Posted by Jen Greco on Jul 30, 2021

Stay tuned for this update each week. This is a joint cybersecurity weekly product from the Missouri Information Analysis Center, St. Louis Fusion Center, Kansas City Regional Fusion Center and the Missouri Office of Homeland Security.

Businesses Fall Victim to Ransomware Despite Precautions

According to a new survey of 200 decision makers in businesses that had suffered a ransomware attack since 2019, more than half of victims had received anti-phishing training and 49 percent had perimeter defenses in place at the time of attack. The study conducted by Sapio Research for Cloudian finds that phishing continues to be one of the easiest paths for ransomware, with 24 percent of attacks starting this way. Phishing succeeds despite the fact that 54 percent of all respondents and 65 percent of those that reported it as the entry point have conducted anti-phishing training for employees. The public cloud is the most common point of entry for ransomware, with 31 percent of respondents being attacked this way. One an attack is under way things happen quickly, 56 percent of survey respondents report that attackers were able to take control of their data and demand a ransom within just 12 hours, and another 30 percent say it happened within 24 hours.

Success of Ransomware Attacks Shows the State of Cybersecurity

According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year. The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated. In addition, 73 percent of respondents say that their IT staff have been targeted by phishing attempts, and 47 percent of those attempts were successful. Asked about the causes of successful attacks, 37 percent of respondents cite a lack of both technology and employee understanding. However, 34 percent blame successful attacks on a lack of employee understanding. While 96 percent of IT professionals report that their organization offers cybersecurity training to teach employees about common attacks like phishing and ransomware, only 30 percent of respondents say that 80-90 percent of employees have completed the training.

SonicWall: ‘Imminent’ Ransomware Attack Targets Older Products

The attack exploits a known vulnerability that was fixed in new versions of firmware released this year. SonicWall is alerting users to an “imminent” ransomware attack targeting Secure Mobile Access (SMA) 100 series and the older Secure Remote Access (SRA) series running unpatched and end-of-life (EOL) 8.x firmware. The campaign is using stolen credentials, the company reports, and the exploitation targets a known vulnerability that has been patched in newer versions of the firmware. Businesses using a range of EOL SMA and/or SRA devices running firmware 8.x should update their firmware or disconnect their devices, as per guidance SonicWall outlines in an advisory. As an additional mitigation, SonicWall advises organizations using SMA or SRA devices to reset all credentials associated with them, as well as for any other devices and systems that use the same credentials.

Who is Responsible for Guarding Against Software Supply Chain Attacks? Who Knows!

Software supply chain attacks like that on SolarWinds have become more of a threat in recent months. But when it comes to defending against them businesses can’t decide who is responsible according to a new report. The study from machine identity management company Venafi is based on the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries. It finds that 97 percent agree that the techniques and procedures used to attack SolarWinds software development environment will be reused in new attacks this year. But despite this certainty, there is no agreement between security and development teams on where responsibility for improving security in the software build and distribution environments should lie.

57% of Reported Incidents are Caused by Insiders

Insider data breaches were the top cause of data and cybersecurity incidents reported in the first quarter of 2021, according to the ICO. 57% of reported incidents were caused by insiders, with over 1,000 incidents reported in the first three months of 2021. Misdirected email was behind most of the incidents, with over 400 reports. Phishing was the second-biggest named cause, with over 200 incidents caused by employees falling for malicious emails. For the fourth quarter running, healthcare was the hardest hit, with over 420 reported incidents in just three months, while financial services was the industry targeted with the most phishing attacks.

Half of Organizations are Ineffective at Countering Phishing and Ransomware Threats

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. The findings come from a study compiled from interviews with 130 cybersecurity professionals in mid-sized and large organizations. “Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats,” said Jon Clay, VP of threat intelligence for Trend Micro. “Organizations need multi-layered defenses in place to mitigate these risks.” The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

Five Critical Password Security Rules Your Employees Are Ignoring

Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits — and discovered that a lot of remote workers are letting password security go by the wayside. Here are 5 critical password security rules they’re ignoring.

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed “Diicot brute,” the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two DDoS botnets, including a Demonbot variant called chernobyl and a Perl IRC bot, with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021.

When ‘Later’ Never Comes: Putting Small Business Cybersecurity First

Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. Let’s talk about startup culture for a second. What do you envision when you hear ‘startup’? Mark Zuckerberg, Silicon Valley, cold brew on tap, standing desks and a race to the finish line? You probably don’t think about late nights obsessing about small business cybersecurity. And therein lies the problem.

FragAttacks: Everything You Need to Know

A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity world because people only recently discovered and described them. Researchers unveiled the details on May 12, some nine months after discovery. The researchers will present their work at the USENIX Security conference at Black Hat USA in late July and early August.

Is Cryptocurrency-Mining Malware Due for a Comeback?

The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect attackers to quickly embrace something else – but what? We’ve been here before. In late 2017, driven by a surge in bitcoin’s value, many criminals shifted from using ransomware, which at the time was typically spread via drive-by downloads and spam attacks, to using the same tactics to instead spread cryptocurrency-mining malware. Attackers don’t seem to prioritize any given approach over another. Or at least if there was a cult devoted to the first type of ransomware ever seen in the wild – the AIDS Trojan, which in 1989 began spreading via floppy disk – any lingering adherents would be in dire need of a day job.

Toddler Mobile Banking Malware Surges Across Europe

Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the Netherlands. Toddler was first disclosed by Cleafy following its discovery in January. While still under active development, the mobile Trojan has been used in attacks against the customers of 60 European banks. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the Netherlands. Toddler was first disclosed by Cleafy following its discovery in January. While still under active development, the mobile Trojan has been used in attacks against the customers of 60 European banks.

Cybercriminals Customizing Malware for Attacks on Virtual Infrastructure

Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds. According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total. Cybercriminals attacked government institutions, industrial companies, scientific organizations, and educational institutions the most. Their main targets are personal data and credentials, and attacks on organizations are also aimed at stealing commercial secrets.

IoT Malware Attacks Rose 700% During the Pandemic

Zscaler released a study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The report analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. The research team identified the most vulnerable IoT devices, most common attack origins and destinations, and the malware families responsible for the majority of malicious traffic to better help enterprises protect their valuable data.

CISA Alerts and Announcements for this week:

Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department: Review here

Your Weekly DHS/CISA Threat Assessment (Jul …

Hot Topics in Cybersecurity Posted by Data Connectors Newsroom on Jul 28, 2021

Ready for a dose of cyber anxiety? By 2025, Gartner predicts that cyber attackers will weaponize operational technology environments to harm or kill humans.

In coming after OT – that is, hardware and software that monitors and controls equipment – attackers gain the ability to impede upon cyber-physical systems (CPS), according to Gartner. This is the evolution from attacks like that on the Colonial Pipeline – disruption is one thing, but with enough access, bad actors can impact the health and welfare of private individuals.

“In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” said Wam Voster, senior research director at Gartner. “Inquiries with Gartner clients reveal that organizations in asset-intensive industries like manufacturing, resources and utilities struggle to define appropriate control frameworks.”

Of course, in a world where money talks, Gartner cites the financial impact on CPS as greater than $50 billion by 2023. Gartner also anticipates CEOs becoming personally liable for incidents where individuals are harmed.

And while hospitals are often considered key targets for these types of attacks, its also worthwhile to consider other possibilities – for example, the thwarted attack on a Florida water treatment plant earlier this year. In this attack, a hacker attempted to increase the amount of sodium hydroxide (lye) in the supply of drinking water. While the attack was quickly caught before any harm occurred, this is one example of ways cyber criminals can hack into operational technology.

The Data Connectors Cybersecurity Community is a discussion on life-threatening cyber threats (LTTs) at the New England Virtual Cybersecurity Summit on August 18. The Summit will be hosting guest keynote speaker Menny Barzilay, who will be giving a presentation titled: “Cyber Kills.”

One of the biggest challenges, which Barzilay will discuss in his keynote, is that current industry standards don’t protect against these types of threats – in fact, they’re barely even discussed. However, they need to be incorporated into every organization’s risk management strategy. After all, these attacks (currently) rarely happen – even though they’re very possible.

Gartner: Cybercriminals Will Kill by 2025

Hot Topics in Cybersecurity Posted by Jen Greco on Jul 23, 2021

Slated to take effect on July 1, 2023, the Colorado Privacy Act was signed earlier this month, and will join California and Virginia as an early-mover in embracing residents’ privacy rights.

Gov. Jared Polis signed the bill on July 7, which gives Coloradans the right to access, correct and delete personal data held by organizations. Residents will also be able to opt-out of the sale of their information and personal data for targeted ads.

The law borrows, at least, in part, from the European Union’s General Data Protection Regulation (GDPR), as well as from similar statewide laws passed in California and Virginia.

Unlike the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA), the Colorado law applies to nonprofit organizations that meet specific thresholds. The CPA also does not apply to business-to-business or employee data, according to law firm Gibson Dunn.

The National Law Review notes that the CPA does not contain a revenue threshold for businesses, but does require any organization processing the data for 100,000 or more consumers each calendar year or deriving revenue discounts from the sale of personal data for at least 25,000 consumers. The CPA gives businesses 45 days to respond and fulfill consumer requests.

National Law Review states: “It is important to note here that the CPA uses a heightened “consent” standard that is similar to the standard used by the CPRA. “Consent” under the CPA means “a clear, affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement, such as by a written statement, including by electronic means, or other clear, affirmative action by which the consumer signifies agreement to the processing of personal data.””

The star of the bill, according to House Rep. Terri Carver in an interview with Colorado Politics, is that it allows for a universal opt-out, which goes into effect on July 1, 2024. This means that in a single click, consumers can ask to be removed from all data-sharing on any and all websites or companies covered by the bill – all in just one click.

The state has been working toward these laws for many years – Colorado Politics writes that calls for tighter consumer protections have been made since at least 2005.

Colorado Joins Cadre of States Enacting Pri …

Hot Topics in Cybersecurity Posted by Jen Greco on Jul 19, 2021

The US Senate unanimously confirmed Jen Easterly as the new permanent head of the Cybersecurity & Infrastructure Security Agency (CISA).

Easterly served in the Army for 20 years, worked in the Obama White House for the National Security Administration, and most recently, the head of global cybersecurity at Morgan Stanley. She was appointed with the full support of the Senate on July 11.

She will be the second official head of CISA since the organization was created in 2018, following the firing of former Director Chris Krebs in November 2020. Easterly will be taking the reins from Acting Director Brandon Wales.

CISA, which falls under the auspices of the Department of Homeland Security, has been instrumental in combatting the recent cyber attacks and threats, ranging from SolarWinds to the Colonial Pipeline ransomware. DHS Secretary Alejandro N. Mayorkas issued a statement highlighting his approval of Easterly’s appointment.

“I congratulate Jen Easterly on her confirmation as Director of CISA. Jen is a brilliant cybersecurity expert and a proven leader with a career spanning military service, civil service, and the private sector. I am proud to welcome her to the DHS team and look forward to working together to protect our country from urgent cybersecurity and physical threats,” Mayorkas said in the statement.

Asserting his support on the Senate floor, Sen. Gary Peters (D-Mich.) highlighted the recent Kaseya ransomware attack as a motivating factor for pushing her appointment as quickly as possible, The Hill reported.

“These attackers will stop at nothing to infiltrate our networks, and we urgently need qualified, Senate-confirmed cybersecurity leaders in place to fight back,” Peters was quoted in The Hill. “With more than three decades of cybersecurity expertise in the public and private sectors, Ms. Easterly is more than qualified to lead CISA.”

Senate Confirms New CISA Head Following Lat …

Industry News Posted by Jen Greco on Jul 13, 2021

It’s been quite a week when it comes to ransomware. The Kaseya attack has permeated the cybersecurity headlines across the pages of the Data Connectors Community Partners. The REvil ransomware group has gained a reputation for big cash sums and sweeping attacks – but where do they come from, and what are they looking to accomplish? Several of our partners have great perspectives published on their blogs. Here are a few of the highlights from the last week. Follow our Community Partners for a better understanding of this topic, and other major cybersecurity issues.

PURE STORAGE

With ransomware being the cybersecurity buzzword of the year, it’s important to understand the profile of the most common victims. Pure Storage offers a deep dive on the topic in their latest blog, “Who Are Ransomware Attackers and What Are They After?” Find out if you’re a potential target for an attack, and how to protect yourself from the imminent threats we all face.

CROWDSTRIKE

In the market for a solid history lesson on now-notorious hacking group REvil? Look no further than CrowdStrike’s blog, “The Evolution of PINCHY SPIDER from GrandCrab to REvil,” where they break down the motives of these RaaS groups and their history of exploiting via phishing, netting them hundreds of thousands of dollars per attack.

ATTIVO NETWORKS

After Kaseya was targeted by the REvil ransomware group, with a demand for $70 million in Bitcoin to unlock the system, many were reminded of the SolarWinds attack at the end of 2020. Attivo Networks has shared a breakdown of the attack in their blog, “Kaseya VSA Supply Chain Ransomware Attack.”

CISCO

Kaseya is the talk of the cybersecurity community, and Cisco’s blog post on the topic is no exception. Check out an interview session with Talos’ US Outreach Team lead and its accompanying blog post, discussing the impact on the affected organizations following the REvil attack.

Vendor Partner Round-Up: REvil Reviled, Kas …

Hot Topics in Cybersecurity Posted by Jen Greco on Jul 12, 2021