North America’s Largest Cybersecurity Community also Continues Live Virtual Summits, Reaching Professionals in Part of the Continent

CHESTERFIELD, MO – MAY 25, 2021     Data Connectors, representing the largest cybersecurity community in North America, has announced its event schedule for the second half of 2021, including a return to its conference series in several cities across the United States.

Amid COVID concerns and shelter-in-place orders all over North America in March 2020, the Data Connectors Cybersecurity Community informed its over 650,000 members that all gatherings would be held as Virtual Summits. Today, the company announced it will resume the Cybersecurity Conference Series, which has been rated among the top-20 such events across the continent.

The company says it consulted with government agencies, local public health organizations, and surveyed many of its members, affiliates and partners to come to the decision.

“As the first organization to bring our immersive virtual cybersecurity summits amid the pandemic, we felt it was fitting we are the first to move back,” said Dawn Morrissey, CEO and founder of Data Connectors. “Our Virtual Summits are best-in-class, and we have found new ways to connect with our membership, so we’re excited to continue offering them, while at the same time responding to our community’s desire to start connecting again in-person,” she added.

With more than 50 Virtual Summits past, the company says it maintained over 85% of the planned schedule, and actually reached three times as many members with live, immersive online events. The many features that have been added, including the expanded Solutions Showcase, Expert Panel Discussions and Special Guest Keynotes, will all become a part of the (in-person) Conference Series, which resumes July 8th in Omaha, Nebraska.

“The rapid shift to work-from-home caused massive disruption for cybersecurity leaders, who also have endured some of the most epic cyber-attacks in history during the 2020-21 pandemic era,” said Michael Hiskey, Chief Strategy Officer at Data Connectors. “The SolarWinds Orion Supply Chain Compromise, Hafnium/Microsoft Exchange Vulnerabilities and the continued barrage of ransomware attacks, such as the recent Colonial Pipeline attack have made headlines — and required savvy leaders to stay connected with peers, law enforcement and industry thought-leaders, for which our Summits provided a means,” he added.

The following cities are slated for Conferences in 2021:

• Omaha on July 8
• Hartford on August 11
• Los Angeles on September 22
• Dallas on October 6-7
• Atlanta on October 27-28
• Miami on November 10
• St. Louis on December 2

Virtual Summits will continue to provide learning opportunities, networking, and updates from government agencies like the Department of Homeland Security, US Secret Service, and FBI, among others. They serve regional needs for professionals who cannot travel, prefer to connect online, or are in areas that continue to have tighter restrictions on physical gatherings.  The Virtual Summit Series will continue in the following dates and locations:

• Great Plains on July 16
• Denver on July 22
• New England on August 18
• Canada East on September 8-9
• Philadelphia on September 16
• Southern California on September 30
• Washington, D.C. on October 21
• Canada West on November 23
• Great Lakes on December 14

Further details regarding this schedule are soon to follow, including specific venues and session information. Interested attendees and sponsors can visit dataconnectors.com/events to learn more or to join the Data Connectors Community.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Top-rated Conference Series Resumes as Cybe …

Press Releases Posted by Jen Greco on May 24, 2021

As Threat Landscape Continues to Grow, Experts Offer Guidance and Leadership for the Path Forward

SAN FRANCISCO – MAY 20, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in Northern California next week.

The 2021 Northern California Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. Leaders from law enforcement agencies team with Chief Information Security Officers (CISOs) from the private sector at the virtual summit this Tuesday, May 25.

Highlighting this summit is a keynote session from Richard Stiennon, the Chief Research Analyst for IT-Harvest. Calling upon his 26 years of industry experience, he’ll be addressing the Northern California audience shortly before the release date of the Security Yearbook 2021 that he penned.

“The cybersecurity industry has had the spotlight this year, and now more than ever, IT leaders need to come together to build winning strategies,” Stiennon said. “In the wake of the latest Executive Order calling for improved cybersecurity protocols at all levels of government, it’s vital to develop best practices and to ensure that our industry is moving in the right direction.”

To further these topics, the Summit will also host an exclusive panel discussion, featuring agents from various segments within the Department of Homeland Security sharing how their agencies provide education, prevention and remediation for cyberattacks of all flavors.

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around operational technology and industrial control systems, defense-in-depth, ransomware,, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves through the rest of the year.

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top security leaders from organizations throughout the region:

• Phil Cox — VP, Security & Compliance, Coupa Software
• Jason Loomis — CISO, MINDBODY
• Jay Gonzales — Chief Security Officer, Samsung Semiconductor
• Bryan Hurd — VP/CISO, Aon Cyber Solutions
• Lee Whiteley – Director of Compliance & Security Operations, 6Connex

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Cisco, Attivo Networks, Pure Storage, Proofpoint and many more.

The Summit will take place on May 25 starting at 8:00 a.m. PT. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation.

More information can be found at dataconnectors.com/norcal

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Executive Order on Cybersecurity, Ransomwar …

Press Releases Posted by Jen Greco on May 20, 2021

The Biden Administration has issued an executive order regarding cybersecurity. This order is part of a series of executive actions that indicate the dire need for improved security. The order seeks to “identify, deter, protect against, detect, and respond to” the various cyberattacks that are reaching both the public and private sectors.

Comprising more than 8,000 words, the order itself begins by stating a fact that all cyber professionals already know: cybersecurity requires far more than government action and calls for a partnership with the private sector to ensure maximum protection. The order requires all federal systems to meet or exceed the requirements outlined in the EO.

Here’s the “high-level” bullet points of the EO. The actions outlined seek to:

• Reform contracts with software providers to ensure greater transparency.
• Implement cybersecurity best practices, including zero-trust and multi-factor authentication.
• Review and create standards for the software supply chain as provided to the Federal Government.
• Establish a Cyber Safety Review Board.
• Tighten government’s response plan (“playbook”) for cyber incidents.
• Implement an Endpoint Detection and Response initiative to improve detection of vulnerabilities and incidents.
• Develop an internal process for logging events and investigating and remediating incidents.
• Implement National Security Systems requirements where they currently are not being used.
  

THE NUTS AND BOLTS

The order calls for reform on all contracts involving information technology and operational technology service providers contracting for the federal government, in order to remove all contractual barriers that prevent the organizations from sharing threat and incident information on Federal Information Systems. These organizations will be required to collaborate with federal cybersecurity agencies upon observing a cyber threat or incident of any kind.

The order also requires the federal government to implement security best practices. In the order, this includes:

•   Advancing toward zero trust architecture utilizing NIST protocol
• Secure cloud services
• Centralize and streamline cybersecurity data to drive analytics
• Invest in technology and personnel to meet these goals

CISA is leading the charge to ensure that federal orgs adopt multifactor authentication and data encryption over the next six months.

Additionally, the director of NIST will be working with the government, academia and the private sector to determine the best way to offer new standards for the software development supply chain for use by the federal government. The deadline on this process is still years away for software developers, but the plan for the guidance is to include standards and procedures regarding implementation of secure environments with multi-factor and risk-based authentication, documented dependencies, data encryption, automation and other steps to improve both transparency and security.

The executive order establishes a Cyber Safety Review Board, composed of government officials and private sector members, who will convene following a significant cyber incident. This can be called upon by the president or by the secretary of Homeland Security whenever they find it necessary.

The remainder of the order focuses on the government’s plan for mitigating and responding, as well as protecting from future cyber attacks internally. For example, the director of CISA along with other federal officials are charged with re-tooling the federal government’s standardized response to a cybersecurity incident or threat, which the EO calls their “Playbook.” This playbook will require all NIST standards to be followed and is meant to describe progress and completion of all phases of incident response.

The order also mandates that agencies deploy an EDR initiative as dictated by the director of CISA. This will also require agencies to develop logging and reporting protocols to ensure the government’s ability to investigate and remediate the issues. In the final main section of the order, the secretary of Defense is expected to adopt these requirements at a minimum within the National Security Systems.

THE TAKEAWAY AND REACTIONS

The next few months are going to be busy for CISA, but the Department of Homeland Security has offered its full-throated support behind the executive order. Secretary Alejandro N. Mayorkas issued a statement yesterday, citing the recent incidents as a reminder of how important a strong cyber infrastructure is. 

“Recent cybersecurity incidents impacting SolarWinds, Microsoft, and Colonial Pipeline are a stark reminder that malicious cyber activity can significantly disrupt Americans’ daily lives and threaten our national security. Addressing these risks to our way of life is a shared responsibility that depends upon close collaboration between the public and private sectors.”

Acting Director Brandon Wales of CISA also issued a statement:

“As the nation’s lead agency for protecting the federal civilian government and critical infrastructure against cybersecurity threats, CISA serves a central role in implementing this executive order.  This executive order will bolster our efforts to secure the federal government’s networks, including by enabling greater visibility into cybersecurity threats, advancing incident response capabilities, and driving improvements in security practices for key information technology used by federal agencies.  And because the federal government must lead by example, the executive order will catalyze progress in adopting leading security practices like zero-trust architectures and secure cloud environments.”

In addition, the Chairman for the House Committee on Homeland Security Rep. Bennie G. Thompson (D-MS) and the Chairwoman of the Subcomittee on Cybersecurity, Infrastructure Protection & Innovation Rep. Yvette D. Clarke (D-NY) released a joint statement, also offering their support for the order. Calling upon the same incidents cited by Mayorkas, the representatives stated that they were pleased with CISA’s access to the resources it needs to be successful.

“Cybersecurity is a national security issue, and we commend the Administration for prioritizing it that way. From the SolarWinds supply chain attack that gave Russian actors access to Federal networks to the Colonial Pipeline ransomware attack that temporarily shut down 5,500 miles of gas pipeline, cyber attacks jeopardize our national and economic security. If nothing else, the cyber incidents that have occurred over the past six months have demonstrated that bold action is required to defend our networks today and in the future. The Executive Order signed by the President today is just that.”

Executive Order Seeks Zero Trust Architectu …

Hot Topics in Cybersecurity Posted by Jen Greco on May 13, 2021

As if pulled from a tabletop exercise, a ransomware attack has crippled the supply of gas throughout the Eastern United States. Panic and anxiety are spreading as gas prices are rising and stations are shutting down for lack of supply.

The pipeline, which crawls along the east coast from Southeast Texas up to New York, is a primary supplier of gasoline and jet fuel for the region. Colonial confirmed the attack in a news release on Saturday, May 8; it prompted them to take certain systems offline “to contain the threat” – which, in turn, halted the operations of the pipeline, the statement said.

The Alpharetta, Georgia-based Colonial Pipeline hired FireEye Mandiant to launch an investigation on the nature and scope of the attack, and they also engaged federal law enforcement and related authorities. The Department of Energy headed up the government response, their May 9 statement said.

ASIDE: Confidential sources tell us that Colonial has been less -than super cooperative with law enforcement. Perhaps this brings about the suggestions we have seen by the US House of Representatives subcommittee on Cybersecurity, Infrastructure Protection, & Innovation to suggest the need for legislation that requires collaboration among victim organizations and agencies.

The full reach of the Colonial Pipeline. Mississippi, Alabama, Georgia and the Carolinas have been greatly affected by this attack. (Source: Colpipe.com)

INDUSTRY PERSPECTIVES

The attack on the Colonial Pipeline is a page out of the worst-case scenario book that keeps most CISOs awake at night. It is a reminder that their daily work to create cultures of security throughout their organizations is working. After all, a role that is notably missing from Colonial Pipeline’s executive team page: a Chief Information Security Officer.

In their just-posted blog on the topic, Venu Vissametty, VP of Security Research at Attivo Networks, highlighted the perpetrators of the attack as the DarkSide ransomware group as per the FBI confirmation, and pointed out the group’s methods, which lead to “Active Directory enumeration, identify paths to high-privilege targets and deploy ransomware organization-wide.”

Read the full blog post here on Attivo’s site.

Following the post, Vissametty discussed with Data Connectors what organizations could learn from such an attack. He pointed out the importance of implementing tools for protecting these valuable assets.

“The biggest lesson to learn from this attack is that organizations need to protect their Active Directory. It is a treasure trove of information and left inadequately protected can result in loss of Domain control,” he said. “With loss of control over Active Directory, a business dramatically increases their risk of large ransomware, data theft and disruption of service attacks. To prevent this, organizations must invest in understanding exposed attack paths from endpoints, vulnerabilities and misconfigurations within AD, and least privilege cloud entitlements.”

As an industry, cybersecurity experts have been open with their perspectives on this impactful attack. James Saturnio, Senior Lead Technical Advisor at Ivanti, pointed out the fact that ransomware continues to grow in both cost and downtime. And while the details are still pretty unclear, there are some general lessons for all organizations to learn from this incident, he said.

“This hack is a reminder that every organization needs to make defending against ransomware attacks a top priority. Organizations need to take a multi-layered approach to cybersecurity to secure their digital workplaces and reduce the risk of breaches. First and foremost, organizations need to implement good cyber hygiene practices and host frequent employee training on detecting and remediating social engineering attacks like phishing,” Saturnio said.

Read his complete commentary in Ivanti’s guest post on this topic.

Colonial Pipeline Tanks in New Jersey (Ted Shaffrey/AP)

THE DARKSIDE RANSOMWARE GROUP

While it’s becoming increasingly difficult to keep up with all the hacking and ransomware groups, DarkSide has a particularly unique story. In a breakdown from Data Connectors Community Partner SentinelOne, they cover the group’s main mission. The blog states:

DarkSide launched as a RaaS (Ransomware-as-a-Service) with the stated goal of only targeting ‘large corporations.’ They are primarily focused on recruiting Russian (CIS) affiliates, and are very skeptical of partnerships or interactions outside of that region. From the onset, DarkSide was focused on choosing the ‘right’ targets and identifying their most valuable data. This speaks to their efficiency and discernment when choosing where to focus their efforts. From their inception, DarkSide claimed they’d avoid attacking the medical, educational, non-profit, or government sectors. 

The post highlights the group’s recruiting process, as well as their continually evolving processes — as well as some key indicators of compromise.

MalwareBytes, another Data Connectors Community Partner, also shared a post describing DarkSide as being used by APT group Carbon Spider. (Check out CrowdStrike’s Adversary Profile on Carbon Spider to learn more about this Russia-based group).

According to MalwareBytes blog, DarkSide will encrypt all files, empty recycle bins, uninstall services, delete shadow copies, terminate processes, encrypt local disks and encrypt network shares once it is deployed. Then, they’ll post it on DarkSide Leaks. 

But unlike other groups, DarkSide has a Robin Hood-style approach to their work. They’d (attempted) to donate some of their ransom cash to charity organizations — but the charities were unable to accept it due to the legality around taking fraudulent cash, according to the post. 

DON’T JUMP TO THE DARKSIDE RIGHT AWAY…

However, it’s important to keep in mind that just because the attack has been attributed to DarkSide doesn’t tell us exactly who they’re working for, according to Mike DeNapoli, lead solutions architect for Cymulate, a Data Connectors Community Partner. 

“While the ransomware in question has been attributed to the Threat Actor Group known as DarkSide, it’s important to realize that this group may not have ordered the attack.  DarkSide is an APT group known to both target companies themselves and to resell their ‘Ransomware as a Service’ to third parties who want to perform an attack but lack the skillset and infrastructure to do so — or who need political cover to attack sensitive targets without pointing suspicion to their own operations directly,” DeNapoli said. 

So yes, according to DeNapoli, though DarkSide was involved in this attack, we can’t rule out the fact that the potential for the attack to have been carried out and paid for by anyone — from a disgruntled former employee to a state-sponsored group.

Continue monitoring the Data Connectors news page for updates and other insider perspectives on this topic. 

Cybersecurity Industry Leaders Respond to C …

Hot Topics in Cybersecurity Posted by Jen Greco on May 12, 2021

As if pulled from a tabletop exercise, a ransomware attack has crippled the supply of gas throughout the Eastern United States. Panic and anxiety are spreading as gas prices are rising and stations are shutting down for lack of supply.

The pipeline, which crawls along the east coast from Southeast Texas up to New York, is a primary supplier of gasoline and jet fuel for the region. Colonial confirmed the attack in a news release on Saturday, May 8; it prompted them to take certain systems offline “to contain the threat” – which, in turn, halted the operations of the pipeline, the statement said.

The Alpharetta, Georgia-based Colonial Pipeline hired FireEye Mandiant to launch an investigation on the nature and scope of the attack, and they also engaged federal law enforcement and related authorities. The Department of Energy headed up the government response, their May 9 statement said.

ASIDE: Confidential sources tell us that Colonial has been less -than super cooperative with law enforcement. Perhaps this brings about the suggestions we have seen by the US House of Representatives subcommittee on Cybersecurity, Infrastructure Protection, & Innovation to suggest the need for legislation that requires collaboration among victim organizations and agencies.

The full reach of the Colonial Pipeline. Mississippi, Alabama, Georgia and the Carolinas have been greatly affected by this attack. (Source: Colpipe.com)

INDUSTRY PERSPECTIVES

The attack on the Colonial Pipeline is a page out of the worst-case scenario book that keeps most CISOs awake at night. It is a reminder that their daily work to create cultures of security throughout their organizations is working. After all, a role that is notably missing from Colonial Pipeline’s executive team page: a Chief Information Security Officer.

In their just-posted blog on the topic, Venu Vissametty, VP of Security Research at Attivo Networks, highlighted the perpetrators of the attack as the DarkSide ransomware group as per the FBI confirmation, and pointed out the group’s methods, which lead to “Active Directory enumeration, identify paths to high-privilege targets and deploy ransomware organization-wide.”

Read the full blog post here on Attivo’s site.

Following the post, Vissametty discussed with Data Connectors what organizations could learn from such an attack. He pointed out the importance of implementing tools for protecting these valuable assets.

“The biggest lesson to learn from this attack is that organizations need to protect their Active Directory. It is a treasure trove of information and left inadequately protected can result in loss of Domain control,” he said. “With loss of control over Active Directory, a business dramatically increases their risk of large ransomware, data theft and disruption of service attacks. To prevent this, organizations must invest in understanding exposed attack paths from endpoints, vulnerabilities and misconfigurations within AD, and least privilege cloud entitlements.”

As an industry, cybersecurity experts have been open with their perspectives on this impactful attack. James Saturnio, Senior Lead Technical Advisor at Ivanti, pointed out the fact that ransomware continues to grow in both cost and downtime. And while the details are still pretty unclear, there are some general lessons for all organizations to learn from this incident, he said.

“This hack is a reminder that every organization needs to make defending against ransomware attacks a top priority. Organizations need to take a multi-layered approach to cybersecurity to secure their digital workplaces and reduce the risk of breaches. First and foremost, organizations need to implement good cyber hygiene practices and host frequent employee training on detecting and remediating social engineering attacks like phishing,” Saturnio said.

Read his complete commentary in Ivanti’s guest post on this topic.

Colonial Pipeline Tanks in New Jersey (Ted Shaffrey/AP)

THE DARKSIDE RANSOMWARE GROUP

While it’s becoming increasingly difficult to keep up with all the hacking and ransomware groups, DarkSide has a particularly unique story. In a breakdown from Data Connectors Community Partner SentinelOne, they cover the group’s main mission. The blog states:

DarkSide launched as a RaaS (Ransomware-as-a-Service) with the stated goal of only targeting ‘large corporations.’ They are primarily focused on recruiting Russian (CIS) affiliates, and are very skeptical of partnerships or interactions outside of that region. From the onset, DarkSide was focused on choosing the ‘right’ targets and identifying their most valuable data. This speaks to their efficiency and discernment when choosing where to focus their efforts. From their inception, DarkSide claimed they’d avoid attacking the medical, educational, non-profit, or government sectors. 

The post highlights the group’s recruiting process, as well as their continually evolving processes — as well as some key indicators of compromise.

MalwareBytes, another Data Connectors Community Partner, also shared a post describing DarkSide as being used by APT group Carbon Spider. (Check out CrowdStrike’s Adversary Profile on Carbon Spider to learn more about this Russia-based group).

According to MalwareBytes blog, DarkSide will encrypt all files, empty recycle bins, uninstall services, delete shadow copies, terminate processes, encrypt local disks and encrypt network shares once it is deployed. Then, they’ll post it on DarkSide Leaks. 

But unlike other groups, DarkSide has a Robin Hood-style approach to their work. They’d (attempted) to donate some of their ransom cash to charity organizations — but the charities were unable to accept it due to the legality around taking fraudulent cash, according to the post. 

DON’T JUMP TO THE DARKSIDE RIGHT AWAY…

However, it’s important to keep in mind that just because the attack has been attributed to DarkSide doesn’t tell us exactly who they’re working for, according to Mike DeNapoli, lead solutions architect for Cymulate, a Data Connectors Community Partner. 

“While the ransomware in question has been attributed to the Threat Actor Group known as DarkSide, it’s important to realize that this group may not have ordered the attack.  DarkSide is an APT group known to both target companies themselves and to resell their ‘Ransomware as a Service’ to third parties who want to perform an attack but lack the skillset and infrastructure to do so — or who need political cover to attack sensitive targets without pointing suspicion to their own operations directly,” DeNapoli said. 

So yes, according to DeNapoli, though DarkSide was involved in this attack, we can’t rule out the fact that the potential for the attack to have been carried out and paid for by anyone — from a disgruntled former employee to a state-sponsored group.

Continue monitoring the Data Connectors news page for updates and other insider perspectives on this topic. 

Cybersecurity Industry Leaders Respond to C …

Hot Topics in Cybersecurity Posted by Jen Greco on May 12, 2021

The following post was written by James Saturnio, Senior Lead Technical Market Advisor for the Technical Marketing Engineering team at Ivanti.

Ransomware is an intensifying problem for all organizations. There are more players in the ransomware space than ever before. And the average ransom is not the $500 Bitcoin that it used to be. On average, organizations pay $233,217 and suffer 19 days of downtime following a ransomware attack.

As security professionals, we need to be vigilant and remain focused on what we can do to protect our organizations to avoid ransomware incidents, as well as what we need to do to recover when ransomware hits our environments.

Few details are available about how the Colonial Pipeline ransomware attack happened, but social engineering, email phishing, and malicious email links are major vectors that criminal organizations use to infiltrate environments and deploy malware.

Unpatched vulnerable software also leaves organizations unprotected from malicious cyber threat actors exploiting known threat vectors to get a foothold into connected endpoints and then move laterally up the cyber kill chain to evolve into an advanced persistent threat. These APTs are often undetected and living off the land within a victim company’s network.

This hack is a reminder that every organization needs to make defending against ransomware attacks a top priority. Organizations need to take a multi-layered approach to cybersecurity to secure their digital workplaces and reduce the risk of breaches. First and foremost, organizations need to implement good cyber hygiene practices and host frequent employee training on detecting and remediating social engineering attacks like phishing. Organizations should implement proven and reputable mobile threat defense and antivirus/endpoint security solutions on mobile devices and laptops, desktops, and servers, respectively.

Organizations should also make sure that all company software and apps are patched and up-to-date, implement a passwordless multi-factor authentication (MFA) solution that employs stronger biometrics and device-as-identity or security keys, and deploy unified endpoint management (UEM) as part of an overall zero trust strategy for access control.

Automated spear phishing exploits have been reported to have defeated two-factor authentication (2FA) in the wild. Hyper-automation technologies that are powered by deep intelligence and employ supervised and unsupervised machine learning algorithms provide visibility and accurately discover all connected endpoints and data, effectively managing these assets and providing the capability to self-secure and self-heal themselves with minimal human intervention.

Additionally, organizations need to prepare for ransomware attacks and do drills to make sure they can recover. If an organization doesn’t have a recovery plan in place, then the ability to not pay the ransom is somewhat jeopardized. In order to recover from a ransomware attack, you can’t simply restore data from a backup onto corrupted systems. You need to reimage hundreds or thousands of systems, prior to putting the data back on. And that, oftentimes, takes a significant amount of time and requires a lot of manual effort and resources. Without a plan in place, organizations might find themselves in a situation where they must pay the ransom in order to get their systems back up and running.

Guest Blog: Can Our Industry Learn from the …

Hot Topics in Cybersecurity Posted by Jen Greco on May 12, 2021

Virtual Summit Talks Data Security Requirements for Western Canada in the Wake of Colonial Pipeline Cyber Attack

VANCOUVER, BC, CANADA — MAY 11,  2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in the western Canada region next week.

The 2021 Canada-West Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. 

Headlining this two-day summit on May 12-13 is an international keynote session, featuring Graeme Sloane, sergeant for the Calgary Police Department, along with Eric Adams of the United States Secret Service, Vancouver Field Office. They’ll be discussing the important relationship between Canadian Counter-Cybercrime local agencies and the Secret Service when it comes to protecting North Americans from cyber crime. 

“The needs of cybersecurity professionals can and do cross all borders, and that’s why we’re so grateful for the opportunity to gather our Western Canadian cybersecurity community,” said Data Connectors CEO Dawn Morrissey. “The unique perspectives that our featured industry thought leaders will share can help security professionals grow their careers and improve their own organizations.”

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. Industry experts will dive into topics around cloud security, the role of women in cybersecurity, strategies for defense-in-depth, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout Western Canada:

• Dr. Chandana Unnithan, Chief Security and Informatics Officer (CSIO), Lifeguard Digital Health
• Gordie Mah — CISO, University of Alberta 
• Sabino C Marquez — CISO & Dir., Privacy Operations Allocadia Software
• Curtis L. Blais —CISO, Cybera
• Jo-Ann Smith — CISO, Long View Systems 
• Jameeka Aaron — CISO, Auth0 

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Proofpoint, Pure Storage, Ordr, and Attivo Networks.

The Summit will take place on Wednesday and Thursday, May 12-13, commencing at 8:00 a.m. PDT. Registration is free for qualified professionals, who can also obtain Continuing -Professional Education (CPE) credits for participation.

More information can be found at dataconnectors.com/canadawest.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Cybersecurity Leaders Discuss Cross-border …

Press Releases Posted by Jen Greco on May 11, 2021

The two countries boast the world’s longest land border, but when it comes to cybersecurity, the United States and Canada share so much more.

In a Q&A session, broadcast on LinkedIn Live on Monday, May 10, I was joined by Special Agent Eric Adams of the U.S. Secret Service from the Vancouver Field Office, where we discussed the agency’s mission in its dealings with Canada.

Adams will be holding a joint keynote session with Sergeant Graeme Sloane of the Calgary Police Service where they discuss the partnership between the agencies to ensure the safety of their citizens. During this special session, the speakers will be live and interacting with the Summit audience by answering your questions.

Have you gotten a chance to claim your spot for this talk? Register for the Canada West Virtual Cybersecurity Summit. Then, be sure to log in on Wednesday, May 12 by 12:20 p.m. PDT so you can catch this informative session.

During yesterday’s livestream, Adams delved into the role of the Secret Service  — beyond the typical mission of protecting the president.

“The mission of the Secret Service, both domestically and abroad, is the same.  And that mission is to safeguard the nation’s payment systems and overall financial infrastructure, which helps us to preserve the integrity of the economy,” Adams said during the live session.  “We’re able to accomplish this in our foreign offices by working with the world’s law enforcement community  by developing and forging partnerships and by providing guidance and expertise to safeguard those financial infrastructures through what we call a cross-border partnership.”

Did you miss the LinkedIn Live session? Catch the recording on the Data Connectors LinkedIn page. And, be sure to follow us so you don’t miss out on more of these live sessions with experts from across the industry.

Sneak Preview: Security Across Borders with …

Virtual Events Posted by Jen Greco on May 11, 2021

Of course, as a cybersecurity pro, you’re effortlessly on top of all your software and security updates. But it’s been a particularly busy week when it comes to vulnerabilities on common devices and software. This week, we’re seeing some major security patches from Dell and Apple, plus some news on pretty popular Samsung devices.

Dell: Better Late Than Vulnerable

The laptop you brought to college (though not quite hot off that “Dude, You’re Getting a Dell!” marketing campaign) may be due for an update (likely alongside the one you’re working on now). 

There’s an security issue on a driver going back to 2009 which includes five high-severity flaws — as uncovered by Data Connectors Community Partner Sentinel One. Attackers can use the newly discovered vulnerabilities “to locally escalate to kernel-mode privileges,” according to SentinelLabs. The team there has done an extensive deep dive and shown their proof of concept of the hack on their blog — an extremely clear and thoughtful dive that is well-worth the read. Dell has sold millions of laptops since 2009 with this flawed driver, including more recent XPS models. 

In their research, the Sentinel team did not find any evidence of abuse in the wild, but Dell has responded with a fix on the dbutil_2_3.sys driver, and detailed instructions on how to mitigate this vulnerability on your device.  Still have questions? Check out Dell’s complete FAQ on this — because chances are, if you’re using a Dell computer, you’ve likely been impacted by this.

Apple: An Update for WebKit Flaws

 Following up on more ubiquitous devices with security flaws… it’s time to update your iPhone (model 6s and later), iPad (all models of Pros, 5th generation or later, Minis 4th generation or later). and iPod Touch (7th generation). 

This one sounds pretty nefarious. The impact, as cited by Apple: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Fortunately, the fix is in — update your device. Don’t wait til tonight, because you’ll want to get this one fixed quickly.  Apple has been patching lots of vulnerabilities lately (particularly following that AirDrop flaw that was leaking users’ email addresses), so it’s definitely worth it to stay on top of your available updates.

Samsung Galaxy S8 and S8 Plus Facing Sunset

If you’re still hanging on tight to your Samsung Galaxy S8 and S8 Plus, say goodbye to your security support. The company has taken up the policy of ending product support after four years, and so these are now officially going into retirement. 

SentinelOne Uncovers Dell Vulnerability, Im …

Hot Topics in Cybersecurity Posted by Jen Greco on May 6, 2021

If you’re looking for some clarity on CMMC and what it means for you and your organization, you may find it a bit overwhelming to visit the official site, where even the very definition of CMMC is overly complicated. 

That site says: CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.

Basically, the government wants to be able to trust that your company can handle data safely, based on their given set of standards. But what’s it take to achieve compliance? That one is a bit more complicated, said EJ Hilbert, former FBI Agent-turned CISO, at the Chicago Virtual Cybersecurity Summit.

“It changes the way we as companies certify to the US government that we are able to protect the data they’re giving us. It no longer allows you to self-certify, it no longer allows you to come up with your own various rules. You have to bring an expert third-party in to watch over you, and if you do not comply, you don’t win the work,” Hilbert said.

The pressure to adapt CMMC comes hot off the heels of SolarWinds supply chain compromise, which, according to Hilbert, was a major exposure of some of the shortcomings of our current system and our supply chain.

“What people don’t recognize is, the government cannot regulate everybody. They can only place rules for those groups that want to do business with the government,” he said. “Though the DoD is the only group right now that has this in place, it could spread to all government contractors across the board, and it would force them to have the same levels of standard.”

Ultimately, CMMC compliance will require you to check off the boxes for NIST 800-171 — which had been prescribed to organizations working with the government, but “had no teeth,” according to Hilbert. That’s part of what brings us to where we’re headed with CMMC.

“It wasn’t required by anybody. It was suggested,” he said. Less than 30% of government contractors actually met the requirements by the Dec. 31, 2017 deadline. Laziness on the part of the contractors, Hilbert said, is primarily to blame. And contractors could still do the work if they had a plan-of-action for compliance in place.

By 2020, roughly 50% of the government contractors met the basic standards for compliance. And, unfortunately, a Russian hacking group found their way into an organization that carried the full trust of the U.S. government that had not met the standards, Hilbert said.

And since then, government agencies have been focused on closing the loopholes that allowed for companies to not meet the initial standards that were set. Now, with CMMC, all contractors for the Department of Defense must meet the 110 NIST controls, plus the additional 24 controls set out by the requirement. If you’re a DoD contractor and don’t have this done by 2022, you’re out of luck. Keep in mind, of course, that government contracts are set years in advance. That means your organization should be getting started on working toward those controls.

And, according to Hilbert, it’s pretty clear that this will soon apply to all government contracts.  The bottom line: compliance with the standards set by CMMC is a safeguard against attacks, as well as a requirement if you want to do business with the government. It’s worth it to meet these controls for the safety of your team and the organizations you work with.

Keep up with compliance and regulations with the rest of the Data Connectors Community by attending a Virtual Cybersecurity Summit, where our expert panels cover this topic regularly. Submit a question for an upcoming panel to learn more.

SolarWinds, Non-Compliance, and What Brough …

Hot Topics in Cybersecurity Posted by Jen Greco on Apr 28, 2021