Cybersecurity

RSS

The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Election Assistance Commission (EAC), released the Election Risk Profile Tool, a user-friendly assessment tool to equip election officials and federal agencies in prioritizing and managing cybersecurity risks to the Election Infrastructure Subsector.  

Organizations may consider adopting an adaptive risk-based trust approach to securing their privileged access. This approach uses least-privilege, zero-trust as a baseline for how organizations build trust scores which will then be used to determine the level of security which is required to gain access to the cloud, and specific applications and systems.

In Spring 2020 as the COVID-19 pandemic was starting to spread across the globe, a survey of approximately 250 U.S. consumers commissioned by Awake Security found that the two threats from the DHS list that worry Americans most are cyberattacks on core infrastructure (electric, water, transportation etc.) and cyberattacks on corporations. Diving deeper into the results surfaces something that is contrary to the popular narrative: consumers take responsibility for their personal cybersecurity and even help out those around them. They hold the government and enterprises ultimately accountable, but also understand the role each individual has to play.

To enhance security following an increase in use of video conferencing apps, Zoom introduced two-factor authentication (2FA) for all users on its client and mobile apps. 

Recently, schools throughout the U.S. have endured delays in reopening after experiencing massive ransomware attacks that force the shutdown of critical information technology systems.

Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.

Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision. In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.

The Information Security Forum (ISF) is hosting it’s Annual World Congress (Digital 2020), which takes place November 15-19, 2020. For the first time, the ISF World Congress will be held virtually, providing a unique online, interactive global event experience, available in multiple time zones, allowing attendees to watch and participate in the full show at times that best suit their schedules.