The ninth installment in a series published by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) designed for military and national security decision-makers looks at the potential damage of limited or near-total shutdown of the internet during a crisis, the takedown of a major botnet, the hacking of the control system of a water plant in Florida, and several other incidents. The CCDCOE report highlights takeaways for the senior leaders in order to be better prepared for emerging cyber threats.
Compromised? Joint FBI and CISA Cybersecurity Advisory on Microsoft Exchange Server Vulnerabilities
According to the recent FBI and CISA Cybersecurity Advisory on Microsoft Exchange Server vulnerabilities, these vulnerabilities allow an attacker to access a victims’ Exchange Servers, enabling them to gain persistent system access and control of an enterprise network. It has the potential to affect tens of thousands of systems in the United States and provides adversaries with access to networks containing valuable research, technology, personally identifiable information (PII), and other sensitive information from entities in multiple U.S. sectors.
Luck of the Irish? Data Protection Commission of Ireland Publishes Annual Report
As shared by the Commissioner for Data Protection, Helen Dixon, “The progress the DPC has made in 2020 provides a solid platform on which to build across our enforcement and complaint-handling functions in particular. The GDPR must be understood as a project for the now, but equally for the longer-term. The DPC intends to continue as a leader in its full implementation.”
SOARing Costs? Considering Data Breach Economics
Consisting of analysis from 524 organizations that experienced data breaches between August 2019 and April of 2020, the Cost of Data Breach Report 2020 from the Ponemon Institute shares key information, findings, and data points harvested from more than 3,200 interviews on areas ranging from global data breach costs to data breach lifecycles in influential countries and industry sectors.
Embracing Trust? NSA Shares Guidance on Zero Trust Security Model
According to the recently released cybersecurity guidance from the National Security Agency (NSA), as cybersecurity professionals defend increasingly dispersed and complex enterprise networks from sophisticated cyber threats, embracing a Zero Trust security model and the mindset necessary to deploy and operate a system engineered according to Zero Trust principles can better position them to secure sensitive data, systems, and services.
A Generational View of Remote Security? HaystackID™ Releases 3.0 Security Enhancements to Review Technology
According to HaystackID’s Senior Vice President and General Manager for Review Service, Matt Daimler, “Security has always been an essential part of our remote review. But since we first offered it in 2014, we have had to adapt to rapidly changing security risks. Now increased cyber threats and exponential growth in remote work due to the pandemic have driven the need for even greater protection. Our 3.0 platform is the next step in that evolution using cutting-edge, next-generation technology.”
The Digital Services Act: Transformational Digital Regulation from the European Commission
According to the European Commission, the Digital Services Act is a comprehensive set of new rules, which regulate the responsibilities of digital services. Together with the Digital Markets Act, it will create a safer digital space for users of digital services, protecting their fundamental rights online. The Acts will also create a level playing field so that digital businesses can grow within the single market and compete globally.
[Annual Update] The Intersection of International Law and Cyber Operations: An Interactive Cyber Law Toolkit
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 19 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia. Its first general annual update was published on October 2, 2020.
New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
NIST has released NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
Collaborative Cyber Defense: The U.S. Army and Estonia Sign Historic Agreement
“Estonia is a cyber country of excellence with a robust cyber defensive system in terms of technology and people. Given their deep expertise, I believe they will have substantial lessons to share, which will be enormously helpful in finding efficiencies in our science and technology efforts while understanding how best to defend against cyber warfare,” said Robert Kimball, the C5ISR Center’s senior research scientist for cyber security. Kimball also noted Estonia is home to the NATO Cyber Defense Center and Cyber Range.