Cybersecurity News of the Week, March 24, 2019

Cybersecurity News of the Week, March 24, 2019


Individuals at Risk

Cyber Privacy

FEMA ‘major privacy incident’ reveals data from 2.5 million disaster survivors: The Federal Emergency Management Agency shared personal addresses and banking information of more than 2 million U.S. disaster survivors in what the agency acknowledged Friday was a “major privacy incident.” The Washington Post, March 22, 2019

Cyber Defense

Why Phone Numbers Stink As Identity Proof: Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online. KrebsOnSecurity, March 17, 2019

Information Security Management in the Organization

Information Security Management and Governance

Breaking the cybersecurity stalemate by investing in people: In 2018, the financial toll cyber breaches took on organizations hit $3.86 million, a 6.4 percent rise from 2017. Before last year’s close, analysts at Gartner claimed worldwide spending on infosec products and services would increase 12.4 percent, reaching over $114 billion in 2019. In fact, when the U.S. government announced a 2019 budget of $15 billion for cybersecurity-related activities, it came with a 4.1 percent jump and a caveat: “Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget.” HelpNetSecurity, March 21, 2019

12 tips for effectively presenting cybersecurity to the board: Don’t let your board presentation miss the mark. Follow these best practices and common mistakes to avoid when communicating cybersecurity risk to the board. CSO, March 19, 2019

Does GDPR compliance reduce breach risk?:
A new report from Cisco suggests that GDPR compliance reduces data breach impact. Incident response, legal and security experts agree but caution not to rely on compliance alone. CSO, March 19, 2019

2019 Cost of Cybercrime Study: In the Ninth Annual Cost of Cybercrime Study, Accenture and Ponemon Institute analyze the latest cost of cybercrime to help leaders better target investments and resources. Accenture, March 6, 2019

Cybersecurity in the C-Suite

Organisations have been blind to GDPR “business opportunity”: Obsession with headline-grabbing fines has eclipsed the benefits of new regulation. ITPro, March 21, 2019

Cyber Warning

Beazley data reveals a 133% increase in business email compromise incidents from 2017 to 2018: Business email compromises (BEC) accounted for 24% of the overall number of incidents reported to Beazley Breach Response (BBR) Services in 2018, compared to 13% in 2017, according to a new report published today by Beazley. Beazley, March 21, 2019

Cybersecurity in Society

Cyber Privacy

The Nexus of Information Security and Data Privacy: Why Focusing on Both Can Keep Us Safer: Most year-end retrospectives dub each year as the “Year of the Data Breach,” with each year worse than the one before. But 2018 ended that trend and instead became the year data privacy dominated public discourse. Despite growing breach fatigue, unauthorized data access became personal. When looking at the range of high-profile breaches, the public does not differentiate between Facebook’s mishandling of data with Cambridge Analytica or Equifax’s data breach. While one included a hack and the other unauthorized disclosure, the end result is the same for the victims. Both incidents include unauthorized data access, and ultimately contributed to the growing societal swell in favor of greater data protections. The nexus of security and privacy became the epicenter of the public debate. Instead of acquiescing that privacy is dead or security is futile, this nexus can be the spark that ignites the policy, legal, and technological innovation required to counter the full range of unauthorized data access. CPO, March 22, 2019

One year in, how is the GDPR working? It’s been almost a year since the EU’s data privacy regulation went into effect. It’s been very successful in one regard, but largely failed in another. Slate, March 20, 2019

Cyber Attack

Aluminum manufacturing giant Norsk Hydro shut down by ransomware: Norsk Hydro, one of the largest global aluminum manufacturers, has confirmed its operations have been disrupted by a ransomware attack. Techcrunch, March 19, 2019

Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’: It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers. MotherBoard, March 23, 2019

Norsk Hydro will not pay ransom demand and will restore from backups: Microsoft employees have arrived in Norway to help Norsk Hydro recover after ransomware attack. ZDNet, March 22, 2019

Ransomware Attack Hits Computer Network of North Carolina County: The entire Orange County, N.C., computer network was out of service Monday after it was attacked by a ransomware virus, causing slowdowns and service problems at key public offices such as the Register of Deeds, the sheriff’s office and the county libraries. Governing, March 21, 2019

Cyber Espionage

A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments: Sophisticated surveillance, once the domain of world powers, is increasingly available on the private market. Smaller countries are seizing on the tools — sometimes for darker purposes. The New York Times, March 21, 2019

National Cybersecurity

Cyber-espionage warning: Russian hacking groups step up attacks ahead of European elections: Researchers at FireEye say Kremlin-backed hacking operations are attempting to target governments, media and political parties as elections approach. ZDNet, March 21, 2019

The Cybersecurity 202: Government can’t fight cyber threats alone, DHS secretary says: The U.S. government can’t manage cybersecurity threats from Russia and China on its own and it needs private businesses to help, Homeland Security Secretary Kirstjen Nielsen said Monday. The Washington Post, March 19, 2019

Triton is the world’s most murderous malware, and it’s spreading: The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too. MIT Technology Review, March 5, 2019

Cyber Regulation

FCC has to pay journalist $43,000 after hiding net neutrality records: FCC pays journalist’s legal fees after failing to comply with records request. ars technica, March 22, 2019

Cyber Medical

Vulnerability in thousands of Medtronic implantable defibrillators could let hackers control devices: The Department of Homeland Security has issued a medical advisory alert over a serious flaw in Medtronic cardio defibrillators. A vulnerability in the implanted products could allow attackers within close proximity of a patient to take control of a device. TechSpot, March 22, 2019

Cyber Enforcement

The Cybersecurity 202: Michael Cohen investigators relied on controversial cell-tracking device: FBI agents wanted to search Michael Cohen’s hotel room, but didn’t know which room he was in. So, they used a controversial device that captured his cellphone’s location. The Washington Post, March 21, 2019

Cyber Shame

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years: Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. KrebsOnSecurity, March 21, 2019

Desperate to get through to executives, some cybersecurity vendors are resorting to lies and blackmail: Cybersecurity vendors drive a lot of the news you read about the industry. Here’s how that might hurt consumers. CNBC, March 18, 2019

SecureTheVillage Calendar

Webinar: SecureTheVillage April Webinar: CCPA, Part 1
April 4 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – April 2019
April 12 @ 8:00 am – 10:00 am

Webinar: SecureTheVillage May Webinar:
May 2 @ 10:00 am – 11:00 am

Webinar: SecureTheVillage June Webinar
June 6 @ 10:00 am – 11:00 am

Financial Services Cybersecurity Roundtable – June 2019
June 14 @ 8:00 am – 10:00 am

The post Cybersecurity News of the Week, March 24, 2019 appeared first on Citadel Information Group.

from Citadel Information Group
via Citadel Information Group