Cybersecurity Chronicles |            
16 October 2023
Netswitch, Inc.

Cybersecurity Chronicles | 16 October 2023

Week in Headlines

APT - New Group Tactics Point Towards Intel Gathering

A previously undocumented threat actor named Grayling has been linked to a number of cyberattacks it pursued against manufacturing, IT, biomedical, and governmental agencies - all were achieved by exploiting public-facing infrastructures.

HEALTHCARE - Largest Healthcare Data Breach 6TB Data Stolen

ALPHV ransomware group posted about hacking the Michigan-based McLaren Healthcare. Calling it the largest healthcare data breach, the threat actors have threatened to release the stolen data if ransom payment is denied.

TECHNOLOGY - 3rd Largest Ransom, Counter an "insult"

CDW, the IT solution provider giant [NASDAQ: CDW], is investigating a security incident that impacted its Sirius Federal subsidiary and is ‘aware’ of LockBit's claims that data stolen from the subsidiary has been leaked on the dark web.

?INSURANCE - Provider Wasn’t Using Anti-Virus

A recent ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) occurred while the organization's antivirus software subscription had expired.? PhilHealth was attacked around September 22 and shut down many of its systems to battle an infection for which the Medusa ransomware gang claimed responsibility.

PRIVACY - Delete Me.? CA's New Delete Act by 2026

California's Delete Act mandates data collectors to delete all collected information upon an individual's request, going beyond existing privacy laws. The law grants the California Privacy Protection Agency more regulatory power and will take effect on January 1, 2026, potentially inspiring similar laws in other states. However, privacy advocates are wary of industry efforts to propose less stringent legislation that could create a different template for states, potentially leading to a patchwork of rules.


Join The CyberRisk Governance Group

Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.

The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?

Would you like to join us?

Here's the link:?https://www.dhirubhai.net/groups/13991569


LinkedIn Live Event - Voice of Experts

Navigating Cybersecurity Challenges: Expert Insights for Regulatory Compliance

If you're a risk and compliance pro, this is a must-watch conversation with John Levonick , a seasoned professional with over 20 years of experience in financial services, regulatory compliance, and technology.

Better understand the dynamic future of financial services regulatory compliance and learn more about:

  1. Cybersecurity Demands for Financial Institutions
  2. Growing Obligations of Vendors
  3. Fiduciary Responsibility and Cybersecurity
  4. Role of SEC and Evolving Regulations

These insights highlight the dynamic nature of the fintech industry and the growing importance of cybersecurity in financial institutions.


INSIGHTS & EXPERT PERSPECTIVES

OPERATIONS - How Acceptable is Your Acceptable Use Policy?

There is a need for a modern approach to Acceptable Use Policies (AUPs) in the context of today's technology and work landscape, where employees work from various locations and devices.?

Traditional AUPs, often laden with jargon and prohibitive language, need to evolve into more user-friendly, incentivized, and culture-centric policies.? HR departments should be more involved in the enforcement of these policies, and organizations should consider behavioral economics and change management principles in shaping AUPs.

?INSIGHTS: We have suggestions you and your organizations can make for immediate improvements to your AUPs, to promote better compliance, cybersecurity awareness, and a culture of security within the company.

Consider using more user-friendly language and avoid using prohibitive terminology and jargon that often alienate employees. Engage with your HR department to ensure that AUP enforcement is carried out effectively, with appropriate disciplinary actions. HR personnel should be trained in security and privacy awareness for proper incorporation into HR Handbooks and Onboarding Documents. Reduce digital friction, and deliver security insights to users in real-time. Consider providing targeted training moments based on user roles and specific projects.

STRATEGY - Ransomware Presents an Allure of Data Recovery

The debate on whether companies should pay ransom demands in the aftermath of cyberattacks continues. There are various perspectives on the issue, with some experts opposing blanket bans on ransom payments, and advocating for a risk-based approach.? Other experts emphasize the ethical and legal concerns associated with paying ransoms. There are degrees of unpredictability of outcomes when organizations choose to pay ransoms, as data recovery is often incomplete - only 65% of data is recovered, and just 8% successfully retrieve all their data.

INSIGHTS: While there are several recommended steps for strengthening your organization's cybersecurity to reduce the risk of having to pay ransom, the top actions to implement right away are:

  1. Know the Unknowns - Have a security and risk assessment performed to get a clear understanding of your current posture.
  2. Strengthen Defense - With the results of the assessment, you can then effectively deploy appropriate measures to reduce the risk of cyberattacks in the short term.? These include ensuring systems and software are up to date, implementing strong encryption, and strengthening firewall and intrusion detection systems.
  3. Security Awareness & Education - Educate employees on the latest threats, such as phishing and social engineering, and provide guidelines on how to recognize and respond to potential security risks.? One of the best ROI's in cybersecurity.
  4. Data Backup and Recovery - Ensure that critical data is regularly backed up, securely stored, and easily retrievable - this may prevent the need to pay a ransom.

?These actions address both immediate vulnerabilities and long-term prevention; and a stronger defense against cyber threats.

Improve your organization's overall security posture, and provide a safety net for data recovery in the event of an attack.


Ways We Can Help You Elevate Your Cyber Risk Cognizance

Get a Fast and Comprehensive Risk Assessment

Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.

  • Identify Gaps
  • Reorient Resources
  • Prioritized For Network

Contact Netswitch for more info.

Attend a LinkedIn Live Event

We host regular LinkedIn Live Events to provide insights to elevate your cognizance.

Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.

Keep up to date about future events by following Netswitch.

https://www.dhirubhai.net/company/netswitch-technology-management/events/

Signup for Our "Quick Start" Pilot Program?

  • Reduce Control Misalignment
  • Meet GRC Requirements
  • Improve Cyber Resilience

Know your risk level in cybersecurity and governance at NO COST.

To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled

Join Our CyberRisk Governance Group

Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.

The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?

Would you like to join us?

Here's the link:?https://www.dhirubhai.net/groups/13991569

DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.

Cristian Nistor

Digital Marketing Specialist | Copywriter | Content Manager

11 个月

Followed! Thanks for this, it's nice to have an overview of all the news in the cyberspace. Btw Stanley, from your point of view, had cyber attacks grew in frequency with the development of AI and LLMs?

要查看或添加评论,请登录

社区洞察

其他会员也浏览了