Secure your knowledge. Newsletter - January 2024

A very Happy New Year from the C8 Secure team! We kick-start the year with a blog looking at the year ahead and the key threats and trends we can expect to see in 2024. We continue to review the latest cyber attacks across the globe and provide guidance on how best to fortify your defenses.

?? FINAL REMINDER: Sign up to our upcoming webinar discussing AI and the use of Deepfakes in cyber attacks!

Read on below ??

EVENTS ??

WEBINAR – Navigating AI and the Deepfake era: Who are you actually speaking with? ???

REGISTER NOW

Join Patrick Gardner , David Brace and Craig Lusher for an eye-opening?webinar?where we unveil the darker side of AI and how attackers are exploiting its vulnerabilities to wreak havoc in the digital landscape.???

Tuesday 16 January – 10am EST | 3pm GMT

Register here: https://bit.ly/3tUCNaj

BLOG ??

As we enter the new year, the cybersecurity landscape is facing pivotal transformations. For example, the increasing frequency and complexity of cyber threats, like phishing with deepfakes, are pushing the boundaries of traditional security frameworks. Grasping these emerging threats is crucial for organizations in this changing digital world.

Learn more about the changing cybersecurity landscape and key trends to watch here

THE LATEST CYBER ATTACKS & NEWS ???

PlayStation studio victim of cyber attack

Insomniac, a PlayStation game studio behind the Spider-Man 2 game has been the victim of a ransomware attack. Hackers demanded around $2 million from the Sony-owned studio to keep the stolen information private. It is understood that this information included private employee data and internal company mails.?

Rhysida a ransomware group has claimed responsibility. The same organization is believed to have been behind the recent and similar attack on the British Library.

Patrick Gardner, C8 Secure’s Managing Partner, says: "The ransomware attack on Insomniac Games is yet another example of the escalating cyber threats facing the video gaming industry. This incident involving a $2 million ransom demand and the subsequent leak of sensitive company data highlights critical cybersecurity lessons.

“First, the gaming industry's allure isn't just in its financial success; it's also in the highly anticipated content it produces. This makes gaming companies like Insomniac prime targets for cybercriminals looking to capitalize on fan excitement and company secrets. The leak of future releases and work-in-progress footage is not just a breach of intellectual property but also impacts the company's strategic marketing plans.

“Second, the attack reaffirms the urgency of comprehensive cybersecurity measures across all sectors, including entertainment and gaming. The nature of the attack – using ransomware to lock files and demand payment – identifies what should be a universally deployed protection control. Companies must ensure that their defenses are up-to-date and capable of preventing such attacks.

“Finally, this incident echoes the call for industry-wide collaboration and intelligence sharing to combat these threats. Fellow developers, like Remedy Games, expressing solidarity and urging non-dissemination of the stolen content shows the importance of community support in the face of cyber threats.

“As the gaming industry continues to grow, so does its appeal to cybercriminals. It is imperative for companies to invest in comprehensive cybersecurity strategies that protect not only their intellectual property but also the sensitive data of their employees and customers."

Cyber attack leads to First Americans taking its IT systems offline

The second-largest insurance company in the US was forced to take some of its systems offline to contain the impact of a cyber attack. The company added a statement to its website, although the full details of the attack are yet to be released.

This is not the first time the company has been attacked, although the one in May 2019 is said to be unrelated. In this cybersecurity incident, the company was asked to pay the New York Department of Financial Services $1 million as part of a cybersecurity violation settlement.

Patrick Gardner, C8 Secure’s Managing Partner, says: "First American's response, taking certain systems offline to contain the impact, is a prudent initial step. It echoes the importance of having a robust incident response plan that I've emphasized in previous posts, especially in the context of the sophisticated threats posed by groups like the ALPHV/BlackCat ransomware gang. These groups are notorious for their targeted attacks and the efficiency with which they exploit procedural security weaknesses and vulnerabilities.? It’s not a question of if its when.

“The $1 million penalty First American had to pay last year shows how seriously New York's Department of Financial Services takes these issues and their dedication to the protection of personal and financial data of its consumers.? This should serve as a model for other regulators to follow.”

CYBER TIP OF THE MONTH ??

"Streamlining compliance: Navigating regulatory waters with ease" ??

Staying compliant with regulatory requirements is not just about avoiding penalties but also about strengthening your defences. Let's explore how to streamline your compliance process, referencing real-world examples like the New York State Department of Financial Services (NYDFS) and the upcoming changes in PCI (Payment Card Industry) regulations. ??

Understand your regulatory environment: Case in Point: NYDFS Cybersecurity Regulation: First American Financial Corporation's $1 million penalty highlights the cost of non-compliance. Familiarize yourself with the specifics of regulations relevant to your industry, like NYDFS / PCI / HIPAA / GDPR / DGA / ISO , to ensure you meet all requirements.

Incorporating time for transition: Adjusting to new regulations: One of the most critical aspects of anticipating regulatory changes is allowing sufficient time to implement necessary adjustments before new regulations take effect. This process involves several key steps:

1. Understanding the timeline: Familiarize yourself with the implementation timeline of the new regulation. Regulatory bodies often provide a transition period before the new rules become mandatory. Knowing these dates is crucial for planning.
2. Strategic planning: Develop a strategic plan that outlines the steps needed to achieve compliance with the new regulation. This plan should include a detailed timeline with specific milestones and deadlines.
3. Resource allocation:? Assess the resources required for the transition, including staffing, technology upgrades, and training. Ensure that these resources are allocated well in advance to avoid last-minute rushes.
4. Phased implementation: Consider a phased approach to implementing changes. This allows for a more manageable transition and helps in identifying and addressing any issues early in the process.
5. Testing and validation: Before the regulations take effect, allocate time for testing and validating the changes made. This is crucial to ensure that the new systems and processes are compliant and functioning as expected.
6. Employee training and adaptation: Provide training and support to your employees. It’s important for them to understand the new regulations and how changes in your organization’s procedures affect their roles.
7. Feedback and iteration: After implementing changes, gather feedback from different departments and stakeholders. Be prepared to make iterative adjustments to ensure full compliance and operational efficiency.
8. Audit and compliance checks: Conduct internal audits and compliance checks before the new regulations take effect. This proactive measure helps in identifying any gaps or non-compliance issues.
9. Engage with regulatory bodies: If uncertainties or challenges arise during the transition, don't hesitate to engage with regulatory bodies for guidance and clarification.
10. Documentation and record-keeping: Maintain thorough documentation throughout the transition process. This is vital not only for internal tracking but also as proof of compliance efforts.

• Final thoughts: Adapting to new regulations is a complex but essential process. By planning ahead and allocating sufficient time for transition, your organization can ensure a smooth and compliant shift to new regulatory environments. Start the process early to leave adequate time for implementation.

Implement a compliance framework: Use frameworks like NIST or ISO to guide your compliance strategy. These frameworks offer a comprehensive approach, making it easier to align with multiple regulations.

Regular audits and assessments: Conduct regular internal audits to assess your compliance status. This helps identify gaps early and allows you to address them before they become issues.

Leverage technology for compliance management: Invest in compliance management tools. These can automate many aspects of compliance, from tracking regulatory changes to monitoring your compliance status.

Vendor Compliance: Your compliance is only as strong as your weakest link, often third-party vendors. Ensure that they also adhere to relevant regulations, especially if they handle sensitive data.

Seek expert advice: Don't hesitate to consult with legal or cybersecurity experts, especially for complex regulations or when making significant changes to your compliance strategy.

Compliance is an ongoing process. By staying informed, prepared, and proactive, you not only adhere to requirements but also build a stronger, more secure organization.

For more tips and insights, subscribe to our monthly cybersecurity newsletter

Learn more about C8 Secure at www.c8secure.com