The COVID-19 pandemic has led to a spike in businesses teleworking to communicate and share information over the internet. With this knowledge, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities. While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping.
NIST is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
According to Shyam Oza, Director of Product Management at Spanning, “The best way to protect your business from Ryuk is to avoid it. Avoidance comes when employees are educated in the matters of ransomware. Some employees do not receive the training, some do, and some know it all too well. Yet, human errors seem to be responsible for 90% of data breaches. Clearly, this tactic is not working.”
Epiq, a global leader in the legal services industry, today shared that it has taken its systems offline globally to contain the threat of a confirmed ransomware attack. The timeline for the online restoration of the systems remains unclear at the current time.
Governed under the auspices of OASIS, which offers projects a path to standardization and de jure approval for reference in international policy and procurement, the Open Cybersecurity Alliance (OCA) has announced the availability of the first open-source language for connecting cybersecurity tools through a common messaging framework, OpenDXL Ontology. Given the challenges of interoperability in the field of eDiscovery, data discovery and legal discovery professionals may benefit from this example of coordination, collaboration, and standardization.
Provided in this post is a compilation of informational article extracts that may be helpful for those seeking to learn more about cybersecurity and how it is approached from strategy and vision to interoperability and architecture by one of the most digitally-advanced and cybersecurity-savvy countries in the world, Estonia.
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 14 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia.
“This was a deliberate and sweeping intrusion into the private information of the American people,” said Attorney General William P. Barr, who made the announcement. “Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us. Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information.”
According to the National Security Agency, managing risk in the cloud requires that customers fully consider exposure to threats and vulnerabilities, not only during procurement but also as an on-going process. Clouds can provide a number of security advantages over traditional, on-premises technology, such as the ability to thoroughly automate security-relevant processes, including threat and incident response. With careful implementation and management, cloud capabilities can minimize risks associated with cloud adoption, and empower customers to take advantage of cloud security enhancements.
“The goal is to develop an automized cyber threat intelligence system between the US and Estonian defense forces, tailored to the specific needs of the two nations to enhance the cyber defense capabilities of the two parties. Regular exchange of threat intelligence between actors is one of the core principles of cyber defense today,” said Kusti Salm, Director General of the Estonian Centre for Defence Investment.