Latest

Fraud Management & Cybercrime

Lawsuits Allege Colonial Pipeline Had Inadequate Cybersecurity

Scott Ferguson  •  June 23, 2021

Colonial Pipeline Co. now faces at least two lawsuits seeking class action status in the aftermath of a ransomware attack in May that led the firm to shut down the operations of a 5,500-mile pipeline for nearly a week.

Cybercrime

US Seizes Domains of Websites Linked to Iran, Iraq

Jeremy Kirk  •  June 23, 2021

The U.S. has seized the domains of 36 websites linked with Iran and Iraq for allegedly publishing disinformation and running malicious influencing campaigns targeting Americans. Those running the sites violated sanctions by not obtaining a license to buy domain names from U.S. companies.

Fraud Management & Cybercrime

CISA Shifting Einstein Detection System Deeper Into Networks

Scott Ferguson  •  June 22, 2021

CISA is moving its Einstein intrusion detection system deeper into federal networks in an effort to better detect supply chain attacks after its failure to detect the espionage campaign that targeted SolarWinds and its customers, including federal agencies.

►

Fraud Management & Cybercrime

The Changing Nature of the Insider Threat

Anna Delaney  •  June 22, 2021

Cybercriminals and nation-states are attempting to recruit insiders at companies around the world to help steal credentials and intellectual property, says Joseph Blankenship, vice president and research director at Forrester, who offers risk mitigation insights.

Cybercrime

Lawmakers Unveil Cybersecurity Legislation

Scott Ferguson  •  June 21, 2021

Republican and Democratic lawmakers have recently introduced several cybersecurity-related bills seeking to address issues ranging from imposing tougher penalties for cybercriminals to improving protection of school districts.

►

Security Operations

Using Automation to Update a SOC

Suparna Goswami  •  June 21, 2021

How can organizations update their SOCs to ensure they keep up with evolving cyberthreats? Three experts - Sean Duca of Palo Alto Networks, Rishi Rajpal of Concentrix and Anish Ravindranathan of Tata Digital - offer insights.

Business Continuity Management / Disaster Recovery

Senate Approves Chris Inglis as National Cyber Director

Scott Ferguson  •  June 18, 2021

The U.S. Senate has unanimously approved Chris Inglis as national cyber director. He assumes the role as the country is still reeling from a series of ransomware attacks and the SolarWinds supply chain attack. Meanwhile, confirmation of a new CISA director is on hold.

Breach Notification

Senators Draft a Federal Breach Notification Bill

Scott Ferguson  •  June 18, 2021

A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.

►

Fraud Management & Cybercrime

ISMG Editors’ Panel: NATO's Cybersecurity Policy and More

Anna Delaney  •  June 18, 2021

In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including NATO's new cyber defense policy, the outlook for congressional regulatory action to address the ransomware threat, and cybersecurity comments by U.S. Rep. Jim Langevin.

NSA Offers Tips on Securing Unified Communication Channels

Akshaya Asokan  •  June 18, 2021

The U.S. National Security Agency has released new guidance to help federal agencies as well as business enterprises protect their unified communications channels and voice/video over IP calls from cyberthreats.

DDoS Protection

Peak DDoS Traffic Up 100%, Researchers Report

Rashmi Ramesh  •  June 18, 2021

The daily peak of DDoS attack traffic increased 100% from January 2020 to May 2021, reaching 3 Tbps, with most of the high-bandwidth, high-intensity attacks originating from fewer than 50 hosting companies, Nokia Deepfield reports.

Governance & Risk Management

Pay Attention to the Fine Print on 'War Exclusions' in Cyber Policies

Marianne Kolbasuk McGee  •  June 18, 2021

When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.