McCrary Institute for Cyber & Critical Infrastructure Security’s Post

A Better Investigatory Board for Cyber Incidents: When an airplane crashes, impartial investigatory bodies leap into action, empowered by law to unearth what happened and why. But there is no such empowered and impartial body to investigate CrowdStrike’s faulty update that recently unfolded, ensnarling banks, airlines, and emergency services to the tune of billions of dollars. We need one. To be sure, there is the White House’s Cyber Safety Review Board. On March 20, the CSRB released a report into last summer’s intrusion by a Chinese hacking group into Microsoft’s cloud environment, where it compromised the U.S. Department of Commerce, State Department, congressional offices, and several associated companies. But the board’s report—well-researched and containing some good and actionable recommendations—shows how it suffers from its lack of subpoena power and its political unwillingness to generalize from specific incidents to the broader industry...

https://lnkd.in/gya5uWRT Cybersecurity is no joke! 🔐🛡️ Let's all stay vigilant and protect our digital selves. Remember, prevention is better than cure! #CybersecurityAwareness #StaySafeOnline

https://lnkd.in/epPdT25S - #XeroxHelps - “Government entities will have to adopt cybersecurity standards to protect its data, network, equipment and other technology resources. These standards must be consistent with generally accepted best practices from the National Institute of Standards and Technology (NIST). The required adoption dates for these standards depend on the size and type of your entity: -- The deadline is Jan. 1, 2024 for counties with a population of 75,000 or greater and municipalities with a population of 25,000 or greater. -- The deadline is Jan. 1, 2025 for counties and municipalities falling under these thresholds." The article also points out that these NIST standards highlight the need for implementing advanced security measures to prevent ransomware attacks and other intrusions, such as zero-trust methodology."

The U.S. government has released draft federal rules for cyber incident reporting, marking a significant step towards enhancing national cybersecurity resilience. 💻🔒 This article from The Wall Street Journal provides valuable insights into the proposed regulations and their potential impact on organizations' cyber incident response strategies. It highlights the proposed timeline changes where an organization operating in one of the critical infrastructure sectors would need to report significant cyberattacks within 72 hours and report ransom payments within 24 hours. Feel free to reach out if you would like to discuss your existing IR strategies and determine ways to take it to the next level! #Cybersecurity #IncidentResponse #Regulations #CyberThreats

Two years after the U.S. signed into law #CIRCIA the Center for Internet Security released the first draft of their 447-page proposal. With new requirements for reporting cybersecurity incidents, breaches, and ransomware payouts, companies with critical infrastructures need to pay close attention. To comply with CIRCIA, organizations must establish a robust incident reporting framework. This involves setting up systems to detect cyber incidents, creating protocols for rapid reporting within the specified timelines, and ensuring data protection during the reporting process. By focusing on enhancing detection capabilities and streamlining reporting procedures security teams could significantly contribute to compliance efforts.

Doesn’t #CyberIncidentReporting sound tough? Check out this article from @WSJ to read about the newly released draft #cybersecurity reporting process published by the @CISAgov. It’s easier if you secure your data with Digitech Systems! #ImageSilo #PaperVision https://bit.ly/4cDx8Hq

Straight from a public Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation (FBI) joint report. I don’t need to evangelize data security too much these days. The attackers/attacks do it themselves. This attacker was in multiple enterprise organizations for WEEKS without detection because people continue to ignore file level security and simply pawn the lock down to a basic MFA approach. Nation states and adversaries are after your DATA exclusively. The perimeters have been - and will continue to be breached and there is nothing that can be done about it besides hope your compromise doesn’t happen this year. The damage that can be done is IMMENSE because everyone has access to everything in most cases, and data isn’t properly cordoned or classified to have policy properly enforced. Varonis will continue to assume breach and be ready to automate outcomes around data security as it has been for 20 years now.

https://lnkd.in/eWKt7dba Troels Oerting, I am sharing your interview at Davos from a few years ago with the network on cybercrime. Well it just happened to me and my data. I wrote an opinion piece of the big wave coming in 2018 on cybercrime, however it was never well received. I just received notice that all of personal medical data along with my personal information has been hacked through a security breach at a research hospital. What they are saying from the letter carefully written from the Chief Technology Officer we had a security breach. The important point to share with all CEOs on this network that the CTO does not share the WHY for the security breach at the hospital. The real reason the breach happened and the CTO does not admit is that the system broke down for security patches including all security protocol. They should be evaluating in detail how this break down ocurred (people in charge of security updates, time deadlines met for upgrades, the overall sense of urgency the staff have in meeting deliverables, training needed, impact and cost to customers this breach may have, impact and cost impact to the company handling calls or legal action from customers that suffered a loss from their data being leaked). The report should be reviewed with the CEO and the executive leadership team delivered by the CTO. It would not be a comfortable meeting, however necessary to prevent from happening in the future.

What qualifies as a substantial cyber incident? The picture is getting a little clearer, one case and one report at a time. “For example, a distributed denial of service attack that temporarily stops customers from visiting a company’s public website wouldn’t qualify as substantial, nor would a successful phishing attack that is quickly halted without impact. However, a DDoS attack with significant downtime for critical functions, or unauthorized access to a company’s systems through credentials of a third-party provider would meet the criteria.” Thoughts?

These regulations mandate that critical infrastructure entities report significant cyber incidents within just 72 hours and ransom payments within 24 hours. While the intention behind these rules is good, it’s raising legitimate concerns in the cyber security industry. #securitygovernance #cyberincident #cybersecurity #getgutsy https://lnkd.in/dtu4ni-s