Cybersecurity Chronicles | 16 October 2023
Week in Headlines
APT - New Group Tactics Point Towards Intel Gathering
A previously undocumented threat actor named Grayling has been linked to a number of cyberattacks it pursued against manufacturing, IT, biomedical, and governmental agencies - all were achieved by exploiting public-facing infrastructures.
HEALTHCARE - Largest Healthcare Data Breach 6TB Data Stolen
ALPHV ransomware group posted about hacking the Michigan-based McLaren Healthcare. Calling it the largest healthcare data breach, the threat actors have threatened to release the stolen data if ransom payment is denied.
TECHNOLOGY - 3rd Largest Ransom, Counter an "insult"
CDW, the IT solution provider giant [NASDAQ: CDW], is investigating a security incident that impacted its Sirius Federal subsidiary and is ‘aware’ of LockBit's claims that data stolen from the subsidiary has been leaked on the dark web.
?INSURANCE - Provider Wasn’t Using Anti-Virus
A recent ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) occurred while the organization's antivirus software subscription had expired.? PhilHealth was attacked around September 22 and shut down many of its systems to battle an infection for which the Medusa ransomware gang claimed responsibility.
PRIVACY - Delete Me.? CA's New Delete Act by 2026
California's Delete Act mandates data collectors to delete all collected information upon an individual's request, going beyond existing privacy laws. The law grants the California Privacy Protection Agency more regulatory power and will take effect on January 1, 2026, potentially inspiring similar laws in other states. However, privacy advocates are wary of industry efforts to propose less stringent legislation that could create a different template for states, potentially leading to a patchwork of rules.
Join The CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?
Would you like to join us?
Here's the link:?https://www.dhirubhai.net/groups/13991569
LinkedIn Live Event - Voice of Experts
Navigating Cybersecurity Challenges: Expert Insights for Regulatory Compliance
If you're a risk and compliance pro, this is a must-watch conversation with John Levonick , a seasoned professional with over 20 years of experience in financial services, regulatory compliance, and technology.
Better understand the dynamic future of financial services regulatory compliance and learn more about:
These insights highlight the dynamic nature of the fintech industry and the growing importance of cybersecurity in financial institutions.
INSIGHTS & EXPERT PERSPECTIVES
OPERATIONS - How Acceptable is Your Acceptable Use Policy?
There is a need for a modern approach to Acceptable Use Policies (AUPs) in the context of today's technology and work landscape, where employees work from various locations and devices.?
Traditional AUPs, often laden with jargon and prohibitive language, need to evolve into more user-friendly, incentivized, and culture-centric policies.? HR departments should be more involved in the enforcement of these policies, and organizations should consider behavioral economics and change management principles in shaping AUPs.
领英推荐
?INSIGHTS: We have suggestions you and your organizations can make for immediate improvements to your AUPs, to promote better compliance, cybersecurity awareness, and a culture of security within the company.
Consider using more user-friendly language and avoid using prohibitive terminology and jargon that often alienate employees. Engage with your HR department to ensure that AUP enforcement is carried out effectively, with appropriate disciplinary actions. HR personnel should be trained in security and privacy awareness for proper incorporation into HR Handbooks and Onboarding Documents. Reduce digital friction, and deliver security insights to users in real-time. Consider providing targeted training moments based on user roles and specific projects.
STRATEGY - Ransomware Presents an Allure of Data Recovery
The debate on whether companies should pay ransom demands in the aftermath of cyberattacks continues. There are various perspectives on the issue, with some experts opposing blanket bans on ransom payments, and advocating for a risk-based approach.? Other experts emphasize the ethical and legal concerns associated with paying ransoms. There are degrees of unpredictability of outcomes when organizations choose to pay ransoms, as data recovery is often incomplete - only 65% of data is recovered, and just 8% successfully retrieve all their data.
INSIGHTS: While there are several recommended steps for strengthening your organization's cybersecurity to reduce the risk of having to pay ransom, the top actions to implement right away are:
?These actions address both immediate vulnerabilities and long-term prevention; and a stronger defense against cyber threats.
Improve your organization's overall security posture, and provide a safety net for data recovery in the event of an attack.
Ways We Can Help You Elevate Your Cyber Risk Cognizance
Get a Fast and Comprehensive Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Contact Netswitch for more info.
Attend a LinkedIn Live Event
We host regular LinkedIn Live Events to provide insights to elevate your cognizance.
Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.
Keep up to date about future events by following Netswitch.
Signup for Our "Quick Start" Pilot Program?
Know your risk level in cybersecurity and governance at NO COST.
To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled
Join Our CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?
Would you like to join us?
Here's the link:?https://www.dhirubhai.net/groups/13991569
DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.
Digital Marketing Specialist | Copywriter | Content Manager
11 个月Followed! Thanks for this, it's nice to have an overview of all the news in the cyberspace. Btw Stanley, from your point of view, had cyber attacks grew in frequency with the development of AI and LLMs?