PCs, Passwords, Multi-factor Authentications Fell Vulnerable - Cybersecurity Toolkits Help Improve

A song crashes computers, passwords no longer protect your data, and even multi-factor authentication (MFA) may fail you. This month's cybersecurity "News on the Spotlight" may sound daunting but do not worry! We have a variety of recommendations from podcasts, e-certificates and in-person arbitration events in Istanbul for coping with the cyber-stress that the news may create.

News on the Spotlight

Not Just a Song! Janet Jackson’s Song Crashes Computers

Apparently, some computers that carry a 5400 RPM hard drive cannot bear to hear Janet Jackson’s “Rhythm Nation” as it resonates with the frequency and they crash down. This is considered a vulnerability from the cybersecurity perspective. Read the full coverage here.

Still Using Passwords? Think Twice!

A recent Accenture study revealed that most attacks are a result of phishing. Tech companies are working on abolishing passwords altogether. Read Microsoft’s passwordless technologies to get a deeper understanding of the apps and products that are developed for this transition.

A Guide to Data Protection Engineering

The EU Agency for Cybersecurity ENISA has come up with a report for data protection engineering. The report discusses the practical implications of existing technologies, and how to ensure compliance with the principles of GDPR. The report provides conclusions and proposes recommendations for the stakeholders. Download the report here.?

Continuing Legal Education in Cybersecurity for the NY Lawyers

The New York State Bar added 1 credit cybersecurity training among its CLE requirements. The contents of the course are not yet determined but it is expected to be mostly related to the ethical duties, protection of confidential information and security issues concerning the escrow funds. Read the full coverage here.

NCSC’s 10 Commandments to Cybersecurity?

National Cyber Security Centre of the UK explains the 10 steps to ensure cybersecurity for organizations. The site provides good beginner’s guidance to understand and manage cybersecurity risks. Go through the full guide here.

The Threat with Metaverse

Metaverse has spurred the news about how it will change business and day-to-day interactions. The security aspect of the metaverse is not paid great attention to. Trendmicro’s incredible website guides the readers through the Metaverse and the possible security threats that come with it. We believe it’s worth visiting.

Unified Standards to Fight Cyberattacks?

More than a dozen companies including the BigTech like amazon gathered at the Black Hat cybersecurity conference to announce Open Schema Cybersecurity Framework. The project aims to simplify the process of detecting and sharing cyberattacks among companies by creating an open standard. Read the full story here.

Cisco Falls Victim of MFA Fatigue Tactics

Cisco, which is a preferred telecommunications company by many businesses including the law sector, has been hacked by using an employee's credentials. Multifactor Authentication (MFA) Fatigue is the method that was used by hackers. Following this tactic, attackers send large numbers of push notifications waiting for you to accept and allow access. After fatiguing a Cisco employee, the hackers take control once they have access to the company’s network. Read more about the incident here.

German Chambers of Industry and Commerce (DIHK) Hit by a Cyberattack

In the first week of August, DIHK was hit by a cyberattack causing organization to shut down its IT system. The attack was considered to be massive and the officials were not certain about the duration of the disruption. Read more about the incident here.

NHS 111 is Disturbed by Cyberattack

NHS fell victim to a cyberattack. The officials confirmed that it affected only a few servers and realizing the cyberattack, they isolated the health environments. The attack is considered not to be ransomware. Hospitals have been a popular target for attackers. Read more about the incident here.

Didi’s Fined for Breaching China’s Cybersecurity Laws

Didi Chuxing, a popular transportation company, has been fined USD 1.2 billion for breaching China’s cybersecurity, personal data protection and privacy laws starting in 2015. Didi was listed on New York Stock Exchange on June 30, 2021, and two days later, the Cyberspace Administration of China suspended Didi’s activities after its cybersecurity review. The suspension of the activities caused USD 4.7 billion loss in revenues. Read more about the legislation and Didi’s breach here.

Care for Learning About More Cybersecurity Threats?

Unfortunately, there is more to the reported and publicized cyberattacks. ENISA (EU Agency for Cybersecurity) prepared a report analyzing the ransomware incidents that took place in Europe, the UK and the US from May 2021 to June 2022. The report states different ransomware models, the type and amount of data stolen, and the weak links in the organizations’ networks. The report provides interesting statistics and recommendations to increase your resilience. Download the report here.

Twitter’s got Broken Wings

Bad news for Twitter users. About 5.4 million Twitter users have been the victim of a major data breach. The breach revealed that Twitter is vulnerable to hacking by the ones with very basic knowledge of coding. The information was stolen for malicious purposes and they are on sale. Read full coverage here.

Looking for a New Podcast?

If you are not yet following, the IT Governance UK Podcast is a gem. Episode 4 has particularly caught our attention. Listen to the podcast here.

* * * * * *

News from CyberArb

CyberArb becomes the Media Sponsor for Istanbul Arbitration Week 2022 (ISTAW)?

Istanbul Arbitration Week (ISTAW) will be held between October 10th-14th 2022 in Istanbul, Türkiye. The program aims to bring the arbitrators, academics, in-house counsels, lawyers and other arbitration stakeholders together for a week of insightful discussions and exchange of ideas.

CyberArb Executive Board Member is Appointed as Co-chair for CEPANI40

Katherine Jonckheere, one of the members of CyberArb’s executive board has been appointed as the co-chair of CEPANI40, the under-40 group of the Belgian Center for Arbitration and Mediation (CEPANI). The handover took place on August 30th. We congratulate the well-deserved appointment.

CyberArb Academy

One of cyberArb’s toolkits is the e-academy on cybersecurity in international arbitration. The new edition of courses will be soon available. To register for the current edition please visit Arbitrate University. The course brings together area experts and globally recognized arbitrators like Sophie Nappert , Claire Morel de Westgaver and Karina Albers . The next edition - coming soon - even has a white hacker included! Stay tuned.

Upcoming Event: Pathways to Greener Arbitrations

CyberArb Executive Board Member?Ariana Ospina?will talk about "Cybersecurity and data protection considerations in arbitral proceedings" in the upcoming?ICC YAAF event, "Pathways to Greeber Arbitrations", organized in partnership with?Greener Arbitrations?on 12 September 2022 (13.00 (Morocco Time), 14.00 (CET), 16.00 (UAE Time)). Registration is free of charge and can be made?here.?

New Blog

Read Arijit Sanyal’s blog entry on Part II of the CIArb Guidelines on the use of Technology in International Arbitration: Mitigating Data Breaches in International Arbitration Proceedings, where Arijit breaks down the Part II of the Guidelines and explains their implications in detail.

* * * * * *

CyberArb is a non-profit organization dedicated to creating awareness about cybersecurity for international arbitration practitioners. The newsletter compiles the highlights from cybersecurity that arbitration enthusiasts should be aware of. The newsletter shares important updates with CyberArb and announces upcoming events.

Interested in CyberArb’s work? Reach out to our team at [email protected] for your partnership ideas or join our team!?

Follow us on www.cyberarb.com and LinkedIn. Subscribe to CyberArb’s monthly LinkedIn Newsletter.