Cybersecurity Chronicles | June 23 2023

HEADLINES OF THE WEEK

SOFTWARE - MOVEit Adds Victims

A MOVEit ransomware attack on PBI Research Services impacted the personal data of 2.5 million Genworth Financial policyholders. It also compromised the personal information, including SSNs, of 769,000 retired California state employees.

APT - Hackers Targeted G7 Summit

Chinese APTgroups exploited a 17-year-old Microsoft Office vulnerability to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan.

DEFENSE - Fresh Emphasis On Stealing Credentials?

Microsoft identified a surge in credential-stealing attacks conducted by the Russian hacker group APT29. The attacks are targeting governments, IT service providers, NGOs, and defense and critical manufacturing industries.

AVIATION - Drones Are Riddled with Vulnerabilities

Researchers at smart city security provider Angoka identified 156 different threats to drone control systems. The top 50 threats fall into four categories: reporting falsified data, denying access to real-time data, impersonation of UAS and its operator, and tampering with telemetry data. Shadi Razak, CEO of Angoka, said, “Many drones are insecure by design.”

Insights & Expert Analysis

LEGAL

4 Areas Where CLOs Can Flourish as Strategic Advisors?

Beyond just leading the legal function, CLOs are increasingly demonstrating their effectiveness in a broader capacity.?

INSIGHT:?Our Legal Ecosystem Partners have provided two questions for us to deal with cybersecurity and GRC. Will the organization use Plausible Deniability or Legally Defensible to avoid the efforts and cost?

As regulation continues to gain teeth around the world, we often use the questions above, but ask our clients in a different way to identify the cultural perspectives of their Business Executives. If they lean towards the former, there is a high chance that they are looking for scapegoats and we need to rethink their value as a client.

STRATEGY

How DORA Will Force Financial Firms to Adopt Cyber Resilience?

The EU's Digital Operational Resilience Act (DORA) marks a shift in cybersecurity regulation, from a focus on preventing cyber-attacks to also ensuring the ability to recover quickly and effectively from them – a concept that is commonly called cyber resilience.?

INSIGHT:?We define Cyber Resilience as I.T. + Cybersecurity + GRC. Is Cyber Resilience the same as Cyber Hygiene or Cyber Posture? This is one of the problems in our industry.

The marketing team is very creative to differentiate themselves so they can sell more products, but in the end, it is about the corporate management and how they want to define their culture, starting with their own interpretation of the terms. The corporate management needs to make sure everyone, including vendors, understands the interpretation and meanings.

STRATEGY

Advisory Firm Launched Advanced Cyber Quantified Model

Willie Towers Watson has a strong reputation in providing strategic advice and solutions ranging from risk, people, and capital issues to clients in various industries around the world.?

The necessity for the upgraded Cyber Quantified model arises from the increasing cyber threats, data loss, and extortion cases affecting businesses. WTW aims to counteract these urgent matters by providing a powerful tool that offers in-depth decision support and comprehensive analysis.?

INSIGHT:??It is critical for cyber insurance to update their modeling to reflect the current risks; however, have they considered their client's perspective and how they can align the objectives with respect to the client's industry, size, cybersecurity maturity, and hygiene??How does their model reflect the most recent type of attacks which might not affect most of the clients, i.e., clients with Oracle solution?

They are heading in a good direction, and the hope is that there is real-time tactical integration to reflect the update-to-date cyber risk.

GOVERNANCE

Cyber Threat Report: Legal Sector

The purpose of this Cyber Threat Report is to help law firms, lawyers and legal practices understand current cyber security threats and the extent to which the legal sector is being targeted.

The cyber risk applies to law practices of all sizes and types of work, from sole practitioners, mid-size and large firms?in-house legal departments, and international corporate firms. Cybercriminals are not fussy about whom they attack, which means all organizations are at risk.

INSIGHT:?Law offices must prioritize cyber resilience as they as an industry face unprecedented challenges in safeguarding sensitive client information. The prevalence of cyber threats makes it critical for law offices to prioritize cyber resilience.

Often they’re focus has been on providing legal advice to their clients, and while quite bright they are not IT technically versed, and they’ve often ignored the vulnerable position they often put themselves in by improperly securing the data in which they’ve been entrusted.

This lack of resilience jeopardizes not only themselves and their clients but also puts at risk the integrity of the legal profession.

Technology drives legal operations, and law offices must embrace cyber resilience as a strategic imperative.?They need to determine their level of Governance and Compliance.?But they also need to understand where their risk is today, get a plan to improve, and work with a team to elevate their cyber resilience.

3 Ways We Can Help You Elevate Your Cyber Risk Cognizance

1. SARA Delivers Automated & Accurate Risk Assessment

Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.

• Identify Gaps
• Reorient Resources
• Prioritized For Network

Message us for more info.

2. Join Our Cyber Risk Governance Group

Our LinkedIn Group is dedicated to Cyber Risk Governance, compliance, cybersecurity, and enterprise risk management.

Join us if you're passionate about navigating the complex world of cyber threats and ensuring strong risk management practices within your organization.

We are a community of risk professionals, industry experts, thought leaders, and cybersecurity enthusiasts who are eager to share their knowledge, experiences, and insights.

Our goal is to foster a collaborative environment where we can collectively tackle the challenges posed by cyber risk and work towards creating resilient and secure organizations.

Join Here - https://www.dhirubhai.net/groups/139915

3. Join Our "Quick Start" Pilot Program

• ?Reduce Security Incidents
• ?Meet GRC requirements
• ?Improve Cyber Resilience

Know your risk level in cybersecurity and governance at NO COST.

Email contact@netswitch.net to learn more.

Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.