Cyber Risk Update 19 MAY 2023

Bonus

• Cybersecurity Governance Unleashed: Empowering for Effective Risk Oversight https://www.learnsecurity.org/single-post/cybersecurity-governance-unleashed-empowering-for-effective-risk-oversight

Collaboration Resource

• Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

• Most Companies Can’t Handle Cybersecurity Alone. Few organizations have the right tools, people, infrastructure, and processes to protect themselves. https://hbr.org/2023/05/most-companies-cant-handle-cybersecurity-alone

Data Breach

• Dallas courts are still closed two weeks post-ransomware attack. Continued outages also prevent police from accessing data, which is severely impacting efforts to reduce crime as summer approaches, Police Chief Eddie Garcia said. https://www.cybersecuritydive.com/news/dallas-courts-closed-ransomware/650523/

• Dallas Officials Say Ransomware Recovery Could Take Months https://www.govtech.com/security/dallas-officials-say-ransomware-recovery-could-take-months

• Washington, D.C. transit system accessed this year by a computer in Russia, report finds. A former tech contractor of the Metro accessed a cloud system in January, one of several security gaps that leave the transportation system open to cyberattacks, according to the Office of Inspector General. https://www.washingtonpost.com/transportation/2023/05/17/dc-metro-russia-breach-cyber/

• Published Data Shows Breadth of Lowell, Mass., Hack. The data, released by the ransomware group Play, seems to include personal and personnel data such as medical billing records and employee disciplinary cases. The data was posted on the dark web May 11. The city provided its first status update since May 5 on its website, noting that "At this time, and for a number of reasons, the claim that data has been exfiltrated is being monitored by a variety of agencies, and waiting to be further assessed. Incidentally, it is important to point out that in the event any data was in fact exfiltrated, anyone accessing it for any reason would be subject to criminal prosecution. The City continues to monitor and ensure compliance with all obligatory reporting related to this event." https://www.govtech.com/security/published-data-shows-breadth-of-lowell-mass-hack

Third-Party and Supply Chain Risk

• Server Outage Disrupts Logan County, Colo., Government. Officials have been unable to access important data for a week because their server host has been unable to connect with its server farm. Several other counties across the Midwest are also experiencing outages. https://www.govtech.com/computing/server-outage-disrupts-logan-county-colo-government

Critical Infrastructure

• Small electric utilities, wastewater facilities and hospitals struggle with defending their organizations against emerging cyberthreats given their meager resources, U.S. government officials said. Many utilities have failed to adopt cyber best practices despite the available tools and training. Lack of Money, Expertise Creates Big Challenges for Small Infrastructure Providers. https://www.careersinfosecurity.com/small-utilities-hospitals-struggle-newer-cyberthreats-a-22086

Guidance

• "CISOs are dealing too much with the procurement process instead of the use process," he said. "Reduce the number of vendors, reduce the amount of complexity and leverage more of what you acquired. Be more secure." https://www.careersinfosecurity.com/no-1-cybersecurity-strategy-you-should-implement-it-a-21833

• Why and how to report a ransomware attack. The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks. https://www.cybersecuritydive.com/news/how-report-ransomware-attack/650631/

• Secret Service and CISA Release Toolkit for K-12 Schools to Strengthen School Safety Reporting Programs https://www.secretservice.gov/newsroom/releases/2023/05/secret-service-and-cisa-release-toolkit-k-12-schools-strengthen-school

Governance

• SEI Sphere: How Cyber Risk Is Business Risk. Director of Cybersecurity Mike Lefebvre on Approaching Cyber as a 'Cyber Fiduciary' https://www.govinfosecurity.com/sei-sphere-how-cyber-risk-business-risk-a-21730

• Utah Audit Examines State, Local Cybersecurity Gaps. More state, local and educational entities should follow cybersecurity frameworks and ensure all staff participate in regular cybersecurity awareness training, the performance audit advised. Plus, the state legislative branch needs to develop both short-term and long-term cyber plans. https://www.govtech.com/security/utah-audit-examines-state-local-cybersecurity-gaps

• The Digital World Is Changing Rapidly. Your Cybersecurity Needs to Keep Up. Companies need to do more to understand when and how their software is failing. https://hbr.org/2023/05/the-digital-world-is-changing-rapidly-your-cybersecurity-needs-to-keep-up

Insider Threats

• EPA Memo Ramps Up Cyber Regulations for Water Utilities https://www.fitchratings.com/research/us-public-finance/epa-memo-ramps-up-cyber-regulations-for-water-utilities-11-05-2023

• Cyberrisk doesn't always come from the outside. Jack Freund of BitSight looks at how Hanlon's Razor — "Never attribute to malice that which can be adequately explained by stupidity" — should come into play in cybersecurity and what can be done to avoid catastrophic incidents by minimizing user errors. "We should never ignore our external adversaries in cybersecurity, but neither should we ignore the adversary in ourselves," Freund writes. https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2023/volume-20/the-role-of-hanlons-razor-in-cybersecurity

AI Threats

• 10 Types of AI Attacks CISOs Should Track Risk from artificial intelligence vectors presents a growing concern among security professionals in 2023. https://www.darkreading.com/threat-intelligence/10-types-of-ai-attacks-cisos-should-track

Cyber Risk

• Digital trust can make or break an organization. (This also applies to taxpayer trust.) Digital trust should be integrated throughout an organization at all times, not just after a security breach, says Mark Thomas, president of Escoute Consulting, adding: "If you want to ensure your customers trust you, you need to look at it as an organizational goal, or have it as a part of the strategy." Some obstacles to attaining trust include budget issues, lack of training and lack of prioritization https://www.csoonline.com/article/3696241/security-breaches-push-digital-trust-to-the-fore.html

Nation States

• DOJ links Iran, China and Russia to five IP theft-related cases https://www.scmagazine.com/news/cybercrime/doj-links-iran-china-and-russia-ip-theft-cases

• Finland, Hungary, and Turkey have been inundated with DDoS attacks over the past year. Why? The answer lies in the fallout of the Russo-Ukranian war, as these three nations all have been instrumental in getting Finland and Ukraine to join NATO. https://www.netscout.com/blog/asert/ddos-attacks-targeting-nato-members-increasing

Reports

• 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem https://www.darkreading.com/endpoint/2023-at-t-cybersecurity-insights-report-edge-ecosystem

Find more on Discord https://discord.gg/PGz3NDKb5V