Cybersecurity FOCUS JUNE 2021 ISSUE VOL. 6 by DataSecureInc

JUNE 2021 ISSUE VOL. 6

CYBER ATTACKS

10 MAJOR

WITNESSED GLOBALLY IN Q1 2021

+ GET VALUABLE TIPS

BLOCKCHAIN

Unpacking The Colonial Pipeline Incident Colonial fuel pipeline ransomware attack that caused gas shortages in eastern u.s. may be the work of amateurs

Cybersecurity & Trends Magazine BEST SELLING MONTHLY CYBERSECURITY & TRENDS MAGAZINE

June 2021 Issue – Vol. 6

--------------

The Future Use Cases of For Cybersecurity

Executive Business Leaders Cybersecurity Program Cybersecurity concerns have evolved into being a business issue that requires executive leaders to be to be fully engaged. ITGCSI Executive Cybersecurity Program will help you develop and navigate cybersecurity concerns for your organization. Developed with industry experts and tailored for executives, you will learn to • • • •

Recognize the risks associated with remote and mobile computing Identify global privacy obligations that may affect your organization Communicate cybersecurity issues across your whole organization and beyond Know an executive’s crucial role in reporting security incidents

Program modules include: • Effective Communication for Non-Technical Leaders • Cybersecurity Foundations and Frameworks • New Cybersecurity Trends – What is Shaking the Field? • Cybersecurity Strategy

DURATION 8 Weeks Online 5 - 6 hours per week

Get in touch today.

For more information get in contact now Email: info@itgcsi.com

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Johannesburg: +27(11) 083-7086 | New York: +1(917) 725-4164 Harare: +263 (242) 254-550 | London: +44 (20) 3286-0766

BUSINESS MANAGERS CYBERSECURITY PROGRAM

Managers play a crucial role in administration and coordinating resources for achievement of organizational goals. This course has been designed for managers who seek the knowledge that will help them develop a custom cybersecurity program for their organization or improve an existing one. It goes beyond the technical solutions and presents cybersecurity as an enterprise-wide risk management challenge, with an impact at technical, organizational and governance levels. This course will equip you with the framework, vocabulary and understanding of cyber risks, and will give you the confidence to take the lead in cybersecurity initiatives. With the knowledge and tools you gain, you will be able to prepare your organization for current as well as future cyber threats.

Learning Outcomes • Develop a cybersecurity strategy for your organization • Build a culture of cyber awareness in your organization • Develop the vocabulary of cybersecurity to support informed conversations with your CISO, CTO, and other technology leaders

DURATION 8 & 12 -week options, online 5 - 6 hours per week Get in touch today.

For more information get in contact now Email: info@itgcsi.com

Johannesburg: +27(11) 083-7086 | New & York: +1(917) 725-4164 Cybersecurity Trends Magazine 03 June 2021 Issue – Vol. 6 Harare: +263 (242) 254-550 | London: +44 (20) 3286-0766

Content 05

Colonial Fuel Pipeline Ransomware Attack Unpacking The Colonial Pipeline Incident Colonial Fuel Pipeline Ransomware Attack That Caused Gas Shortages in Eastern U.S. May Be the Work of Amateurs

1 billion records breached

List of data breaches and cyber-attacks in April 2021 – 1 billion records breached

19 29

Hotel giant Marriott to be fined 99m for data breach

Cyber Resilience

Future-proof your security team

Rethink your cyber budget

South Africa’s personal data of 533 million Facebook users which included full name were leaked online

Rethink your cyber budget to get more out of it

Effective Cybersecurity Organization

Confidence in current cyber budgets and processes is low today (Percentage of respondents who are not ‘very confident’)

The Future Use Cases ofBlockchain for Cybersecurity

Verizon Data Breach Report 2021

14.3 million South Africa Facebook users hit by data leak

Cybersecurity, IT Modernization & Leadership

10 Major Cyber Attacks Witnessed Globally in Q1 2021

Cyber SecurityAwareness Email To Employees (Plus 6 Templates)

The Publisher We are very excited to launch the first issue of our cybersecurity magazine, Cybersecurity FOCUS - in the sub-Saharan Africa region which will raise awareness on both global and regional cybersecurity trends and address the growing 21st century cyber incursions. Facing cybersecurity as a business risk, not merely a technology risk, is not as scary as it sounds. Following simple guidelines can help a business to do just this. Businesses need an approach that integrates cyber protection into all aspects of the organization, from the IT department, to employee training to security policies. DataSecc’s Cyber Security Framework is one example of this, ensuring cyber security is approached as a whole business framework by covering four areas: business context, policy and standards, security capabilities and controls, and the environment. Cyber Security FOCUS is a bi-monthly magazine published by DataSecc, a premier cybersecurity and advisory services firm incorporated in New York, USA with footprint in the sub-Sahara Africa region to raise awareness on cyber risk trends in the Information Age. We hope you enjoy the publication and please feel free to let us know your comments and feedback info@datasecc.com I www.datasecc.com

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Colonial Fuel Pipeline Ransomware Attack Unpacking The Colonial Pipeline Incident Colonial Fuel Pipeline Ransomware Attack That Caused Gas Shortages in Eastern U.S. May Be the Work of Amateurs Photo Credit Envato

hen the first reports of the ransomware attack on the Colonial Pipeline began to appear, it was natural to assume the worst. A state-backed actor had finally grown bold enough to make a direct attempt on United States utilities, in this case a critical fuel pipeline that runs for 5,500 miles and supplies coastal states from Texas up along the East Coast to New York. After several days of investigation by the FBI, a new for-profit ransomware gang called DarkSide has been fingered. But DarkSide has issued a statement shifting the blame for the ransomware attack to “an affiliate,” indicating that the actual culprit may have been a hapless ransomware-as-a-service customer that may not have had much idea of what it was doing.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

uel pipeline shutdown causes gas shortages in several states

The DarkSide group first appeared around August of 2020, both executing its own highly targeted attacks on English-speaking companies and running a ransomware-as-aservice business for less sophisticated cyber criminals. While not particularly dangerous or advanced as compared to other ransomware gangs, DarkSide made news for its “ethical” posturing. It issued press releases promising to keep ransomware attacks away from vulnerable targets such as hospitals and non-profit agencies, and offered victims “friendly” terms including a professional-sounding live chat. It even offered to send donations to several charities, though these were declined. It appears that DarkSide was not extending its code of ethics to its clients, according to a public statement made by the group after the FBI named it in the media: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives … Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” “Unfortunately, the cyber-attack against Colonial Pipeline is only a teaser of the future of cyber-attacks. As cyber criminals and foreign adversaries seek opportunities for financial gain and power projection, our national critical infrastructure is an easy target. Industrial environments are operating with infrastructure that commonly maintains obsolete technology that can’t be patched, and staff that frequently are not as cyber savvy as they need to be to keep attackers at bay. This leads to a situation where cyber security risk 06

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

levels are below acceptable tolerances, and in some cases organizations are blind to the risk. One additional risk factor of pipelines is that they are highly distributed environments, and the tools that are used to enable asset operators remote connectivity are optimized for easy access and not for security. This provides attackers opportunities to sneak through cyber defenses as we saw in the water utility attack in Oldsmar, Florida earlier this year … Among critical infrastructure sectors, energy is especially at risk. Our researchers have found that the energy sector is one of the most highly impacted by industrial control system (ICS) vulnerabilities, and it experienced a 74% increase in ICS vulnerabilities disclosed during the second half (2H) of 2020 compared to 2H 2018.” DarkSide claims that it never intended to cause a disruption of this nature or size with its ransomware attacks. Colonial Pipeline completely shut down its operations on May 7 after discovering the ransomware attack, which included halting its fuel deliveries along the Gulf Coast and Eastern Seaboard. Consumers started feeling the pain at the pump on May 10 as a number of gas stations in multiple states ran completely dry of fuel. Colonial Pipeline has implemented manual operations to get gas out but does not expect regular supply to be restored for about a week, during which time the southeastern states will be hit particularly hard by shortages and an expectation of panic buying. Ransomware attack appears to be for-profit, no strong ties to nation-state threat actors DarkSide has some known links to Russia; its operators have been seen speaking the language, have email and IP addresses linked to the country, and it includes a number of Russian for-profit organizations among its list of targets that are off-limits due to its supposed ethical code. However, there is Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

presently no direct evidence that it is affiliated with Russian intelligence and the Biden administration has said that it does not believe there is a link in the fuel pipeline attack. DarkSide ransomware attacks are known to exfiltrate the data of targets and threaten to post it publicly if the ransom is not paid. That appears to have happened here as investigation sources report that about 100 gigabytes of data was stolen from the fuel pipeline’s IT network during the two-hour period prior to the ransomware lockout, but a threat of a public leak has yet to emerge. “Current reporting suggests that this is a group that is new, but composed of experienced members. The ransomware itself is not that novel – there is a good technical explanation here. What seems to set this group apart is the research they conduct before compromising a victim – so they know the reporting structure, who in the organization makes decisions and who handles finances. If that is true, it is unlikely that this event is an artifact of the “spray and pray” type of attack and was highly targeted. That diminishes the theory that this gang is just the “dog that caught the car”, as this was an entirely intentional act … While there may be an actual financial motive, the (likely) Russian government may be testing the waters here, using a criminal foil to ascertain whether the US will “draw the line” between what is criminal and what is an act of aggression.” The ransomware attack is still under investigation by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Following the incident, CISA executive assistant director Eric Goldstein told reporters that ransomware is an ongoing threat to organizations of all sizes in all industries and encouraged everyone to strengthen security postures. The attack on the fuel pipeline almost immediately 08

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

followed an announcement of a proposed federal “ransomware task force” that would bring together various federal agencies in partnership with private tech and security firms to address the growing threat. Ransomware attack disrupting fuel supplies Though the government is strongly indicating that the attack on the fuel pipeline is not statebacked, the timing is particularly disruptive. It comes just ahead of the usual summer season of peak demand, one that is expected to be particularly high as Americans plan vacations and travel after a year of coronavirus restrictions. The Colonial Pipeline transports some 2.5 million barrels of gasoline each day to mostly eastern and southern coastal states, serving both private and commercial customers. It is also relied upon by airports in these states which includes some of the largest hubs in the country, such as HartsfieldJackson International Airport in Atlanta and Nashville International Airport in Tennessee. Some of these airports have resorted to trucking or even flying in fuel from other sources in order to remain fully operational during the supply shortage. The ransomware attack impacts fuel supplies to nearly every state on the coast of the US from east Texas up to New Jersey; Tennessee also relies on a branch of the fuel pipeline that comes in from neighboring Georgia. Florida is the lone exception among these coastal states as it draws gasoline directly from Gulf Coast refineries via tanker ship rather than from the fuel pipeline. The Houston area of Texas may be impacted, but the rest of the state (including the Dallas-Fort Worth International Airport) is supplied by fuel from different sources. Experts are anticipating that there may be significant gas price spikes if the issue drags out for longer than a week.

1 billion records breached List of data breaches and cyber-attacks in April 2021 – 1 billion records breached Photo Credit Envato

It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records. Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches. Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

List of data breaches and cyber-attacks in April 2021 – 1 billion records breached Cyber attacks • Aneurin Bevan health board suffers cyberattack (unknown) • Drinks giant C&C Group subsidiary shuts down IT systems following security incident (unknown) • Colchester Institute suffers cyber security attack (unknown) • Facebook users’ phone numbers leaked on hacking forum (533 million) • California’s La Clinica de la Raza discloses malware attack (unknown) • Manquen Vance notifies those affected by email breach (unknown) • Squirrel Hill Health Center discloses malware attack (unknown) • Italian municipalities Brescia and Rho hit by cyber-attack (unknown) • US Ivy League school Brown University hit by cyber criminals (unknown) • Singapore’s National Trades Union Congress’ Employment and Employability Institute breached (30,000) • Administrative Advantage notifies patients of Remedy Medical Group after email hack (unknown) • California’s El Monte City Hall investigating unauthorized access (unknown) • La Ville de Vallauris Golfe-Juan impacted by cyber-attack (unknown) • Atlantic Media says someone gained unauthorized access to its servers (unknown) • Hacking group’s site Swarmshop targeted by fellow criminal hackers (12,344) • Cyber criminals dump data from Canada’s Durham Region (unknown) • Data from COVID-19 test centres in Hamburg, Berlin, Leipzig and Schwerte

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

• • • • • • • • • • • • • • • • • •

breached (14,000) Scraped Clubhouse user records leaked for free on a popular hacker forum (1.3 million) LinkedIn profiles has been put for sale on a popular hacker forum (500 million) Retail broking firm Upstox discloses security incident (unknown) CareFirst BlueCross BlueShield Community Health Plan District of Columbia discloses breach (unknown) ParkMobile breach exposes license plate data and mobile numbers of its users (21 million) Two New Jersey school districts report cyber-attacks (unknown) Gay dating site Manhunt hacked, thousands of accounts stolen (6 million) Italian winery Asti DOCG targeted by criminal hackers (unknown) Celsius email system breach leads to phishing attack on customers (unknown) Switzerland: Schaffhausen hospitals suffer major IT failures (unknown) France’s Grésivaudan clinic victim of a cyber-attack (unknown) French calibration services firm Trescal facing cyber-attack (unknown) Codecov discloses 2.5-month-long supply chain attack (unknown) Geico admits fraudsters stole customers’ driver’s license numbers for months (unknown) Elliman’s property management arm suffers data breach (unknown) Canac hardware stores victims of a cyberattack (unknown) Cyber-attack targets Santa Clara Valley Transportation Authority (unknown) Data compromised in cyber-attack on

Japan’s Cabinet Office (231) • Malware attack on Radixx Res disrupts 20 airlines’ ticket reservation systems (unknown) • Passwordstate hacked to deploy malware on customer systems (29,000) • Champagne group Laurent Perrier has been victim of cyber-attack (unknown) • A cyber-attack affected the Spanish city council of Xixona (unknown) • Synchronised cyber-attack affects Spanish government (unknown) • Germany’s Grocer Tegut is the target of a cyber-attack (unknown) • Pharmaceutical company Mipharm SPA victim of a hacker attack (unknown) • Nissan Securities reveals disruption following unauthorized access (unknown) • Cyber-attack disrupts Fiji’s government online services (unknown) • DigitalOcean says customer billing data accessed in data breach (unknown) • Fourth time’s a charm – OGUsers hacking forum hacked again (unknown) • Hackers target Italian pharmaceutical company Zambon (unknown) • Thrifty Drug Stores Inc. discloses security incident (unknown) • St. John’s Well Child and Family Center discovers data compromise (unknown) • France’s Invicta Group at a standstill since Monday after a cyber-attack (unknown) • Cyber spies target military organizations with new Nebulae backdoor (unknown) • Toronto hit by ‘potential cyber breach’ from Accellion file transfer software (unknown) • Data breach discovered at Achievement Center of LECOM Health (unknown) Ransomware • University of Portsmouth closes campus due to ransomware attack (unknown) • UK rail network Merseyrail likely hit by Lockbit ransomware(unknown) • University of Maryland, Baltimore latest to confirm Accellion breach (unknown)

• Hackers hit Italian menswear brand Boggi Milano with ransomware (unknown) • Missouri’s Affton School District discloses ransomware attack (400) • The largest supplier of car parts based in Cluj-Napoca blackmailed by hackers (unknown) • Canadian retailer Home Hardware hit by ransomware (unknown) • J&B Importers falls victim to a ransomware attack (unknown) • TriHealth says employees and staff were affected by ransomware (unknown) • National College of Ireland hit by ransomware attack (unknown) • Technological University of Dublin victim of ransomware attack (unknown) • Ransomware attack forces Haverhill Schools to cancel classes (unknown) • Thousands of schools potentially affected by Axios Italia cyber-attack (unknown) • City of Lawrence hit with significant ransomware attack (unknown) • Saint-Gaudens hospital latest French hospital to suffer cyber-attack (unknown) • Austria’s Nah&Frisch Wieser Türnitz hit by ransomware attack (unknown) • Dutch transport company Bakker Logistiek hit by ransomware (unknown) • Czech city of Olomouc paralyzed by a cyberattack (unknown) • French city Isle-sur-la-Sorgue victim of ransomware (unknown) • Realty firm Ansal Housing fears data loss following multiple ransomware attacks (unknown) • Italy’s Gino Group car dealership notifies customers of ransomware attack (unknown) • Italian healthcare facility USL Umbria2 attacked with ransomware (unknown) • French City of Morières-lès-Avignon hit by ransomware (unknown) • The town hall of Douai suffers ransomware attack (unknown) • Hardware company Würth France involved in suspected ransomware attack (unknown) Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

List of data breaches and cyber-attacks in April 2021 – 1 billion records breached • Belgian city of Floreffe victim of a suspected ransomware infection (unknown) • Czech consumer electronics firm Asbis hit by ransomware (unknown) • Turin Territorial Housing Agency infected with ransomware (unknown) • Swiss firm Griesser AG victim of ransomware attack (unknown) • Houston Rockets hit by Babuk ransomware (unknown) • Maritime services provider Bourbon Group hit by a cyber-attack (unknown) • Brazil’s National Library website falls victim to a ransomware attack and goes offline (unknown) • Phone House Spain hit by Babuk ransomware (3 million) • Malta’s Nationalist Party affected by ransomware (unknown) • State institution in Slovakia target of ransomware attacks (unknown) • Hackers post files from Broward School District following ransomware attack (26,000) • Bavarian city of Kammelta hit by ransomware (unknown) • University of Castilla-La Mancha (UCLM) suffers a ransomware attack (unknown) • Hackers target Japan’s Hoya Corp with ransomware (unknown) • Cegos Group victim of ransomware attack (unknown) • Illinois Attorney General’s Office in suspected ransomware attack (unknown) • Germany’s Madsack publishing group hit by ransomware (unknown) • Ransomware attack on Norway’s Nordlo knocked out systems in several care institutions (unknown) • Queensland hospitals and aged care 12

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

• • • • • • •

facilities crippled by ransomware (unknown) New York’s Guilderland Central School District hit with ransomware (unknown) Oregon’s Centennial schools shuttered after hackers breach systems (unknown) France’s Bourg-Saint-Maurice town hall is the target of a cyber-attack (unknown) Italy’s Banca di Credito Cooperativo suffers cyber-attack (unknown) Presque Isle police data leaked by threat actors (unknown) Baclesse cuts its Internet connection to prevent the spread of a computer worm (unknown) Cyber-attack against the company involved with the 1915 Çanakkale bridge and motorway project (20,000)

Data breaches • Social worker shared confidential details of someone in care on Facebook (unknown) • Furious Football Index investors have their identities revealed by DCMS email gaffe (500) • HMRC outlines late-filing penalty notices data breach (18,496) • New Zealand’s Allied Press hit by data breach (unknown) • Woolfson Eye Institute says employee laptop was stolen (unknown) • Education nonprofit Edraak ignored a student data leak for two months (20,000) • Signify Health notifies covered entities’ patients of possible access to their PHI (unknown) • Q Link Wireless exposes data of its customer base (2 million) • Certis exposes personal data from e-mails (62,000) • Chattanooga Library card owners revealed

in data breach (5,000) • Privacy breach at Algoma Public Health (unknown) • Swinburne University confirms that staff and students affected in data breach (5,300) • Chesterfield County Public Schools mistakenly releases names of students, staff with COVID (1,000) • Wake Forest University Counseling Center sends errant email to hundreds (860) • Reverb discloses data breach exposing musicians’ personal info (5.6 million) • Wyoming Department of Health leaking data online (164,021) • Maine government website displayed mental health patients’ confidential information (unknown) • Israel: Private patient cases of deceased psychologist found on the street (unknown) • Contact tracing data breach exposes health information of Pennsylvanians (72,000) Financial information • Arup staff hit by cyber hacker attack at payroll provider (unknown) • Hacker grabs users’ payment details from Cardpool.com (330,000) • University of Colorado data breach affects social security numbers and financial information (310,000)

• AmeriFirst warns customers of December data breach (unknown) • Tennessee-based First Horizon discloses data security breach (unknown) • Breached online ordering platforms expose hundreds of restaurants (340,000) • Hotbit cryptocurrency exchange down after hackers targeted wallets (500,000) Malicious insiders and miscellaneous incidents • VA staffer used medical records to stalk and harass female vet (unknown) • Winnipeg Regional Health Authority contacted those affected by data breach (58) • Privacy breach at Canada’s RDRHC Diagnostic Imaging department (3,224) • Montefiore Medical Center discloses another insider-wrongdoing breach (unknown) • Software developer charged with damaging the computer system of a Cleveland company (unknown) • A hard disk with data people stolen from the Amsterdam tax office (30,000) • Peak Vista Community Health patient information on stolen computers (unknown) • Calgary Police officer charged with privacy breaches (unknown)

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

14.3 million South Africa Facebook users hit by data leak Check if you are affected Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

South Africa’s personal data of 533 million Facebook users which included full name, phone number, birthdate, location data and email addresses were leaked online Facebook ID, just to name a few.

ccording to security experts, this online leak has a huge impact on privacy. “In early 2020, a vulnerability that enabled seeing the phone number linked to every Facebook account was exploited to create a database containing the information of 533 million users across all countries. Data Breaches needs to be quickly and swiftly reported to authorities and or the affected public. Victims of data breach need to respond quickly to reduce the risks to their clients and the company’s reputation. All organizations that have employees, customers, or vendors must comply with the appropriate reporting procedures to let consumers know about the loss or suspected loss of Personal Identifiable Information (PII). However, regulations around the world vary. Also, many authorities require reports immediately or within 24-72 hours after the incident.

breach once it has happened. Compounding the situation is the complex procedure involved in reporting a data breach. The consequences of noncompliance in data breach reporting can be very serious and can include greater regulatory scrutiny as well as financial, civil, and even criminal penalties for negligence.

Data breaches can occur at any time without warning, and it is often difficult to spot a

Knowledge is Prevention It’s crucial for your company to know the

It is extremely important in this technology driven age to have a plan in place in the event of a data breach, not only to protect your clients but also to protect your company from any damaging fallout. Take, for example, a company’s human resources department. The department has contact information, identification numbers, and insurance documents for every employee within the company. If a data breach occurs, all employees within the company could be at risk of identity theft.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

procedure for reporting a data breach and how to go about letting authorities, employees, and clients know about the situation. At the same time, handling data breaches can be risky in itself. Harsh civil and criminal sanctions can be filed against your company even if you are missing just one of the required reports. Find our from your local authorities the specific requirements. For some reason if there are no structures established for cybersecurity and data breaches in your area then make sure that your organization is protected from civil suit and, or reputation damage, just to name a few. Vendors like DataSecure, can assist you develop a robust cybersecurity program to proactive fight cyber-incursions. Global Regulations For instance, if your organization is subject to comply with the GDPR (General Data Protection Regulation) Data Privacy Law, the first 72 hours after you discover a data breach are critical. GDPR (General Data Protection Regulation) requires that all organizations to report certain types of personal data breach to the relevant supervisory authority. More specifically, Article 33 says that, in the event of a personal data breach, data controllers should notify the appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. But how do you report a data breach, and what are the pitfalls when it comes to meeting this requirement? What is a data breach? Let’s start with the basics. The GDPR is concerned only with personal data – i.e. information that relates to a natural person, as opposed to company details. It’s only when personal data is breached that you need to consider your GDPR compliance requirements. But ‘breach’ here doesn’t simply refer to cyberattacks. Article 4 of the Regulation defines a personal data breach as any event leading to the accidental or unlawful destruction, loss, 16

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. As this definition suggests, data breaches aren’t always a result of cyber criminals hacking into an organization’s systems. Breaches are just as likely to occur when an employee: • Accidentally sends personal information to the wrong person; • Accesses files that aren’t relevant to their job function; • Shares information with someone outside the organization; • Loses a device, such as a laptop, that contains personal information; or • Fails to secure information online, making it publicly available. • Incidents that render organizations unable to access systems containing personal data are also considered data breaches, such ransomware attacks or damaged hardware, because the information is no longer accessible. How to report a data breach Data breach notifications need to be sent to your supervisory authority. For instance, for GDPR, organizations subject to this regulations: Your report must contain: 1) Situational analysis: You must provide as much context about the breach as possible. This includes the initial damage, how it affected your organization, and what caused it. 2) Assessment of affected data: You’ll need to determine the categories of personal data that has been breached, and the number of records affected. 3) Description of the impact: Next, you’ll need to outline the consequences of the breach for affected parties. This will depend on the information that was compromised and if the

data subject is aware of the breach 4) Report on staff training and awareness: If the breach was a result of human error, you’ll need to disclose whether or not the employee(s) involved received data protection training in the past two years. If they have, you should provide details of your staff awareness training program. 5) Preventive measures and actions: Outline what (if any) preventative measures you had place before the breach occurred. You should also explain what steps have you taken, or plan to take, to mitigate the damage. 6) Oversight: Finally, you’ll need to provide the contact details of your DPO (data protection officer) or the person responsible for data protection.

The GDPR acknowledges that it may be difficult to produce this much information within 72 hours, but the important thing is to demonstrate that you’ve made progress. You don’t need to be obsessed over an exact 72-hour deadline. It is far more important that the risks to the data subjects are addressed. The timings of breaches are not an exact science; if you find yourself approaching the 72-hour deadline, contact the regulator with the specific not speculative details that you have. A swift response that’s documented clearly but sent a few hours late is better than a shoddy response that was rushed in order to meet the disclosure deadline.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Hotel giant Marriott to be fined 99m for data breach Marriott International was fined £99.2 million for a massive data breach that it disclosed last year. Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

The penalty, levied by the GDPR’s ICO (Information Commissioner’s Office), relates to a cyber-attack that occurred in 2014 but was only disclosed last November. The names and contact details of 383 million customers were compromised in the incident, along with millions of password numbers and payment card details.

he ICO’s announcement came a day after it fined British Airways £183.4 million for a breach it disclosed in September 2018. These are the two largest fines for data breaches and the first to be issued in the UK under the GDPR (General Data Protection Regulation). The Regulation, which came into effect in May 2018, promised to revolutionize data protection in the EU, giving supervisory authorities the power to issue fines of up to £20 million or 4% of an organization’s annual global turnover (whichever is greater). What happened? The breach occurred after cyber criminals discovered a vulnerability in the reservation system of the hotel’s Starwood subsidiary, giving them access to a database containing

customer booking information. The third-party IT company that managed the database spotted an anomaly in September 2018 and contacted Marriott. The hotel chain investigated the incident, initially reporting that as many as 500 million customers were affected. However, it later downgraded that figure to 383 million. Most of the compromised records were customers’ names and contact details. However, the crooks also accessed 25.55 million passport numbers, of which 5.25 million were unencrypted, and 8.6 million payment card records, all of which were unencrypted. The information includes 30 million records belonging to EU residents.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cyber Resilience 12 cyber security questions to ask your CISO Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cyber security affects companies of all sizes in all sectors. Moreover, threats are constantly evolving and your legal and regulatory requirements have become major issues – particularly with the introduction of the EU’s GDPR (General Data Protection Regulation) and NIS Directive (Directive on security of network and information systems).

alone. Your requirements must be placed front and center in the boardroom. This is the only way that directors will understand cyber risks and what it means for their oversight responsibilities. Armed with the right information, the board can play an essential role in preventing problems before they arise. Industry and practicing practitioner have identified the top questions that you need to ask your (CISO) chief information security officer.

ll of this means that regular communication between management and the board regarding cybersecurity is more important than ever. It’s only by discussing these issues regularly and in a formal environment that you can protect your sensitive data and company interests. Boards must ensure that they understand the legal implications of cyber risk. Laws often require that customers be notified in the event of a breach, and international laws, including privacy practices, may apply to some companies. Companies should have plans in place to deal with these risks. As you have probably seen, failure to do that could result in staggering financial penalties. So how should you get started? The first thing to note is that cybersecurity is no longer something that your CIO handles

1. What are the top risks our organization faces? 2. Are we testing our systems before there’s a problem? 3. Are we conducting comprehensive and regular information security risk assessments? 4. How do we demonstrate compliance with our cybersecurity controls? 5. Do we have an effective information security awareness program? 6. In the event of a data breach, what is our response plan? 7. Are we adequately insured? 8. Do we comply with leading information security frameworks or standards? 9. Is our information security budget being spent appropriately? 10. Do we have visibility into the network? 11. Are supplier and supply chain risks part of our risk register? 12. When did we last test our recovery procedures? Cyber threats may reach the organization through any number of vulnerable points along the supply chain. The cybersecurity of any one organization within the chain is potentially only as strong as that of the weakest link in the supply chain. It is often the smaller organizations within a supply chain that, due to more limited resources, have the weakest cybersecurity arrangement. Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Dealing with supplier risks requires a broad, inclusive approach that allows organizations to identify their place within the supply chain, and map their cybersecurity dependencies and vulnerabilities. Organizations should implement a multi-stakeholder supply chain risk assessment process that engages as many members of the supply chain as possible. Reset your cyber strategy, evolve leadership roles for the new times In the pandemic’s first three months, CEOs reported that their organizations digitized at surprising speed, advancing to year two or three of their five-year plans. The future is now: digital health, industrial automation and robotics, enhanced ecommerce, customer service chat bots, virtual reality-based entertainment, cloud kitchens, fintech, and more. The health crisis and economic recession have stoked further change, according to our Global DTI 2021 survey: 40% of executives say they’re accelerating digitization — perhaps taking on business strategies they hadn’t imagined before. Their digital ambitions have skyrocketed. Twenty-one percent are changing their core business model and redefining their organizations (the “redefiners”), while 18% are breaking into new markets or industries (the “explorers”). Both categories have doubled since our survey last year. Doing things faster and more efficiently is the top digital ambition for 29% of executives (“efficiency seekers”), while 31% are modernizing with new capabilities (“modernizers”). More than one-third — 35% — say they’re speeding up automation to cut costs, which is no surprise at a time when revenues are down. New times call for a resetting of cyber strategy 22

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

New technologies and business models — and the fast pace of adoption — bring new risks. But, like the high-powered brakes on a racecar, cybersecurity makes high-speed digital change a lot safer. Nearly all (96%) say they’ll adjust their cybersecurity strategy due to COVID-19. Half are more likely now to consider cybersecurity in every business decision — that’s up from 25% in our survey last year. Savvy CISOs are in step with the vision and goals of their enterprise as a whole, not just IT. “One of our key jobs is to engage with our partners throughout the organization that will help us achieve our objectives. If I haven’t created a culture where people want to engage and proactively come to security rather than

50%

Cybersecurity and privacy baked into every business decision or plan

44%

New process of budgeting for cyber spend or investments

44%

Better and more granular quantification of cyber risk

43%

More frequent interactions between CISO and the CEO or boards

43%

Greater resilience testing for more low-likelihood, high-impact events

No change due to COVID-19

Don't know/unsure

CISOs need to play encompassing roles to help

20%

Operational leader and master tactician

16%

Transformational leader

15%

Experience officer

12%

Enterprise risk authority

12%

Data value creator and protector

10%

Resilience czar

Steward of costs

shy away from us, I don’t think we’ll be able to get there,” said Katie Jenkins, CISO, Liberty Mutual. CISOs are evolving to the needs of business New times also call for new CISO leadership modes. Forty percent of executives say they need the CISO to be a transformational leader (20%) or an operational leader and master tactician (20%). These roles are encompassing and call for the multifaceted expertise that CISOs have built. The transformational CISO leads crossfunctional teams to match the speed and

boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans. The operational leader and master tactician is a tech-savvy and business-savvy CISO who can deliver consistent system performance, with security and privacy throughout the organization and its ecosystem amid constant and changing threats. Some CISOs already inhabit these roles, and are exhibiting four qualities most prized by executives: strategic thinking (38%), the ability to take smart risks (38%), leadership skills (36%), and ability to recognize and nurture innovation (34%). From cybersecurity to digital trust It’s a critical juncture for cybersecurity and CISOs. A business-driven cyber strategy is the important first step for business and security leaders amid sweeping, rapid business digitization. This reset not only defines the expanding role of the CISO, it also affects the way the organization sets cyber budgets, invests in security solutions, plans for resilience, and enhances its security organization. It determines whether CISOs may grow to become stewards of digital trust, able to lead their organizations securely into the new era with strategies to protect business value and to create it. “One of our key jobs is to engage with our partners throughout the organization that will help us achieve our objectives. If I haven’t created a culture where people want to engage and proactively come to security rather than shy away from us, I don’t think we’ll be able to get there.”

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Future-proof your security team Wanted: 3.5 million people for 2021 cybersecurity jobs Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

ore than half (51%) of executives in PwC’s Global DTI 2021 survey say they plan to add full-time cybersecurity personnel over the next year. More than one-fifth (22%) will increase their staffing by 5% or more. Top roles they want to fill: cloud solutions (43%), security

and social skills In their new hires, more than 40% of executives are looking for analytical skills (47%), communication skills (43%), critical thinking (42%) and creativity (42%). Shaping the future of cybersecurity — one that is in step with the business — means hiring the people who are ready to work collaboratively with others to tackle new, as-yet-undiscovered problems and analyze information. These in-demand qualities correspond with the expanded role of the CISO as not merely a tech leader, but one who works with colleagues in the C-Suite and the business side to add value overall. “Works well with others” is an increasingly important trait for advancement in cyber. CISOs used to look for the person who knew the most about how to configure a firewall or identity and access management, for example. Not anymore. They’ve realized that those skills could be taught a whole lot easier than executive skills. Good communications, good analytical thinking, and the ability to step outside the process and imagine new and better ways to do it — those soft skills are harder to teach.

intelligence (40%), and data analysis (37%). Cloud security and security analysis are among the skills that a joint ESG and ISSA survey cited as being in shortest supply. Hiring managers face tough competition in the cyber labor market. The most recent studies indicate that, in the US alone, 50% fewer candidates are available than are needed in the cyber field. Globally, some 3.5 million cybersecurity jobs are expected to go unfilled in 2021. Hire for 21st-century skills: digital, business,

To attract this new breed of cybersecurity professionals, organizations find the following to be most effective: flexibility, compensation, and training and “cutting-edge projects, technology, and work environment.” Tuition support ranks high with employees in the technology, media, and telecommunications industry, as well. Hire from within: upskilling 2.0 Enterprises feeling the pinch of the cybersecurity skills gap may find much talent in their own backyards. Organizations are hiring from within, offering upskilling to increase current employees’ skills in the same key areas they’re hiring for: digital skills, Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

business acumen, and social skills.

constant upgrades.

Organizations should challenge long-held beliefs about training, and design their programs to be people-powered, business-led, and results-oriented. This approach, which we call upskilling 2.0, uses techniques such as gamification to increase participation, improves effectiveness and recall by having students apply their newfound knowledge to challenges they face on the job, and rewards progress toward tangible business outcomes.

An overwhelming majority — nearly 90 percent — of executives use or plan to use managed services. Eighteen percent say they’re already realizing benefits from managed services, while 49% are starting to use them, and 18% plan to do so in the next two years.

Executives set a good example: almost three-quarters (72%) of technology/security executives report spending three or more hours per week on work-related learning, and more than one-third (36%) devote more than seven hours per week to learning. Taking courses toward certification and taking online classes are top ways that executives say they keep pace with fast-evolving developments in tech and cyber, after networking with peers nationally. Access talent through managed services models Other organizations may not have the resources to compete for cyber talent in this tough market. In such cases, using a reputable managed security services model can help provide companies with a diverse, readily available, highly skilled workforce. The best managed services providers continually invest in hiring, credentialing, and upskilling. They may also have apprenticeship programs that provide their staff with a range of experiences in different industries. Managed services platforms — networks, the cloud, data, analytical tools, visualization, machine learning — are constantly evolving. By moving to a managed services model, an organization can avoid not only technology investment costs but also the risks that legacy technology poses, including the need for 26

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Building Resilience - Invest in every advantage to level the playing field with attackers New technologies turning the tables on cybercrime Innovation is changing the cybersecurity game, giving new advantages to defenders and leveling the playing field with attackers. Cyber startups are hot: in the past decade, some two dozen have attained IPO or M&A values of $1 billion, 10 of them in the last two years, according to CB Insights. And the existing array of cyber solutions has matured, enabling a shift to Zero Trust architectures, real-time threat intelligence, security orchestration and automation, advanced endpoint protection, identity and access management and other advanced technologies—prompted in large part by a threefold growth in cloud services. Those at the front of the pack have taken advantage of these developments. But, more important, they’re investing in the classic digital transformation trifecta—people, processes and technologies—to close the wide lead that attackers have long held. In PwC’s Global Digital Trust Insights (DTI) 2021 survey, we looked at 25 new cybersecurity approaches and practices (see chart) and tracked the measures on which organizations say they’ve made significant progress.

New approaches and mindsets of the early switchers A minority—between 15% and 19%—of executives say they’re already benefiting from some of these new practices. This is the group we call “early switchers.” Executives from large organizations ($1B+) are more likely to report benefits from making a strategic shift (their “cybersecurity team collaborates more with the business side in delivering business outcomes”), switching to advanced technologies (“investing in advanced technologies to improve the effectiveness of my organization’s cyber defense and security detection capabilities”) and restructuring operations (“reducing the cost of cyber operations via automation, rationalization and/ or other solutions.”) Executives from the largest organizations ($10B+) are more likely to report gains from using security models and technologies such as Zero Trust, managed services, virtualization and accelerated cloud adoption. The greater the transformation, the higher the odds of significant progress Overall, the 3,249 survey respondents reported making “significant progress” over the past three years on an average of six measures, signaling better risk management, greater resilience, increased stakeholder trust or faster digital transformation. The top outcomes— reported by 43% of executives—are improved customer experiences, quicker responses to incidents and disruptions and better prevention of successful attacks. But an elite group of early switchers—who are realizing benefits from 20 or more of the 25 new practices—say they have made significant progress on at least 12 outcomes.

These findings suggest that investing in every advantage in technologies, processes and the capabilities of your people is critical to making meaningful headway against attackers. And it underscores the importance of having a CISO who can serve as transformational leader or operational leader and master tactician. Cloud security is the next big switch Companies are rapidly moving their operations (75%) and security (76%) to the cloud. They’re doing away with static, inherently insecure legacy systems in favor of more dynamic, nimble and integrated cloud and network systems that are secure by design. CISOs who transition their organization to the cloud are able to build in hygiene mechanisms from the beginning—in automated ways. They’re also able to eliminate friction from the system and simplify service delivery to their customers. More than a third (35%) of executives strongly agree that moving to the cloud is foundational for the next generation of business solutions for their organization. And 36% strongly agree that new solutions exist to secure cloud infrastructures better than they have ever been in the past. Small and medium-size organizations can also modernize Larger organizations with more resources are applying new technologies and mindsets to turn the tables on attackers. But as the technologies become more affordable and the models refined, small and medium-sized enterprises can benefit as well.

On the other hand, those who haven’t yet shifted to new practices report significant progress on only two or three outcomes. Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

STRATEGIC VIRTUAL CISO-ON-DEMAND SERVICES DataSecure CISO Advisory Services Help Executives & Security Teams Safeguard Information Assets While Supporting Business Operations DataSecure’s Virtual CISOs: Augmented Cyber Expertise Reduces Business Risk, Signals Commitment to Data Security Irrespective of regulatory scrutiny in your industry or your organization, too much is at stake to not have a CISO on your team. A full-time cybersecurity leader has the specialized technical knowledge and corporate governance experience to help build not only a strong cyber security foundation, but also the agility to prevent, detect and mitigate evolving threats. DataSecure’s team of experts include former CISOs from a variety of industries including the financial sector which we all know to be heavily regulated can strengthen your existing staff, set strategic objectives to support business-critical technology demands, and balance IT administration, as well as establish clear communication with the board of directors, investors, and government agencies. Whether you are looking for an interim CISO or a longer-term arrangement, DataSecure’s Virtual CISO Advisory Services provide the leadership you need, when you need it 28

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

You can rely on a virtual CISO from DataSecure to have the technical expertise and business acumen to make an immediate difference. Our experts have served a broad range of industries, including serving on Fortune 500 Boards — they will know how to align information and cybersecurity strategies with your company’s unique needs and challenges

DataSecure’s Virtua; CISO Advisory Services help you prepare, protect and strengthen defenses Our CISO Advisory Services are tailored to your specific situation and information security needs. While you have a number of options when it comes to the scope and length of services, there are five areas where most organizations benefit from the experience of a virtual CISO: Strategy Definition Assessment Oversight Training IT Environment Security Design

DataSecure Global Cyber Team Expertise With offices in 10 countries and more than 30 cities, DataSecure experts speak over 12 languages and have hands-on experience with regulations such as current European data protection laws, US HIPAA, PCI DSS, CASL, Hong Kong's DPO Principle 4, South Africa’s ECTA No. 25 (2002), Popi Act No. 4 (2013), and GDPR measures. Our cybersecurity professionals bring years of unique-hands-on experience in a variety of industries as well as from their former service with law enforcement and regulatory agencies.

Virtual CISOs Bring Experience, Expertise, Leadership

Finding an experienced, well-qualified CISO in today’s competitive cybersecurity job market can be challenging, time-consuming and expensive. If you need a CISO now, then this is the perfect time to consider DataSecure’s Virtual CISO Advisory Services.

Strengthen Your Cybersecurity Program

Don't wait for a data breach to analyze your security and protect your organization. Talk to a DataSecure cybersecurity expert and learn more about ways to help anticipate, detect, mitigate, and respond to cyber risks. DataSecure is capable of being a one-stop-shop for multiple services relating to breach response, from forensics investigations to support for clients in litigation issues.

Talk To A DataSecure Cyber Expert Today! Johannesburg: +27(11) 083-7086 New York: +1(917) 725-4164 Harare: +263 (242) 254-550 London: +44 (20) 3286-0766 info@datasecc.com I www.datasecc.com Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Rethink your cyber budget to get more out of it Confidence in current cyber budgets and processes is low today (Percentage of respondents who are not ‘very confident’) Photo Credit Envato

Most executives lack confidence in the budgeting process More than half (55%) of business and tech/ security executives lack confidence that cyber spending is aligned to the most significant risks. Or that their budget funds remediation, risk mitigation and/or response techniques that will provide the best ROI (55%). Or that budgets provide the resources needed for a severe cyber event (55%). Or that the process monitors the cyber program’s effectiveness compared to expenditures (54%). Cyber budgets could — and should — link to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way, but 53% lack confidence that their current process does this.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

And with regard to preparedness for future risks, executives are not confident that cyber budgets provide adequate controls over emerging technologies (58%). With confidence lagging in the process used to fund cybersecurity, executives say it’s time for an overhaul. Forty-four percent say they’re trying new budgeting processes, and considering how best to convince the CEO and board to assign needed funds. Nevertheless, more than one-third strongly agree that organizations can strengthen their cyber posture while containing costs — thanks to automation and rationalization of tech. Confidence in current cyber budgets and processes is low today (Percentage of respondents who are not ‘very confident’) Our cyber budget/process is:

53.2%

Linked to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way

54.4%

Includes process monitoring the effectiveness of our cyber program against the spending on cyber

54.8%

55%

Allocated towards the most significant risks to the organization Focused on remediation, risk mitigation, and/or response techniques that will provide the best return on cyber spending

55.4%

Integrated with decisions on capital requirements needed in the event of a severe cyber event

58%

Adequate digital trust controls over emerging technologies for security, privacy, and data ethics

Putting a dollar amount on cyber risk is a must Cyber managers can do more with less, but to do so they need to quantify cyber risk and use the information to make smart choices that protect the business’s security, privacy, and cash flow. Seventeen percent of the executives in our Global DTI survey have quantified cyber risks, and are realizing benefits from doing so. For instance, a highly acquisitive company that quantifies cyber risks can evaluate deal opportunities faster and more systematically. A financial institution that handles millions of transactions a day can do daily and weekly threat and vulnerability assessments — staying alert to the performance of underlying controls and any need to reallocate resources. Cyber risk quantification is not for the fainthearted, with many obstacles in the way: lack of a widely accepted model, lack of people who understand cyber and risks from a business lens, and lack of scalability. Nevertheless, nearly 60% are beginning to quantify risks or have implemented at scale. And nearly everyone else (17%) plans to begin risk quantification within the next two years. Raising confidence in budget decisions The economics of cybersecurity has long focused on the cost side (compliance, updating capabilities, and so on). This must change. The cyber strategy reset — considering cybersecurity in every business decision — means connecting cyber budgets to overall enterprise or business unit budgets in a strategic, risk-aligned, and data-driven way. Putting a dollar amount on the value of a cyber project, in terms of risk reduction or less costly compliance, allows comparison of the costs and value of cyber investments so they can be prioritized. Quantification also makes it easier to measure the value of the overall portfolio of Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

cyber investments against business objectives. This kind of rigor and sophistication will be increasingly demanded — especially as the markets and regulators hold CEOs and board members more accountable for cybersecurity and privacy.

to increase their cybersecurity budgets, with 51% adding full-time cyber staff in 2021 — even as most (64%) executives expect business revenues to decline. Clearly, cybersecurity is more business-critical than ever before.

“The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure that the investments we’re making are efficient and high-value.

Still, 26% will need to do more with less, and 13% will have to make do with static budgets. “The circumstances we find ourselves in with the economy are putting a lot of pressure on security organizations to make sure that the investments we’re making are efficient and high-value.

Cyber budgets will rise for half of the businesses surveyed Fifty-five percent of technology and security executives in our Global DTI 2021 survey plan

Getting the most value for every cybersecurity dollar spent becomes more critical as entities digitize: every new digital process and asset becomes a new vulnerability for cyber-attack.

More are increasing cyber budgets than decreasing them in 2021

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

HOW TO CREATE AN EFFECTIVE CYBERSECURITY ORGANIZATION Cybersecurity, IT Modernization & Leadership Photo Credit Envato

sually, the first task on a new Chief Information Security Officer’s (CISO) 30-, 60- or 90-day plan is to develop an effective team and/or organization. An effective and aligned organization will help the CISO improve its cybersecurity posture and reduce the risk to its business operations. There is no standard toolbox to approach these items, but this article will provide some guard rails to assist in this critical task by using the organization’s basic cybersecurity requirements and then providing a model. The model can be adjusted to meet your organization’s unique needs and can be justified based on its size, revenue and employee count.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cyber Security Domain

Small

Medium

Large

1. Assert Security 2. Cyber Governance 3. Risk Assessment & Management 4. Third Party Risk Management 5. Identity and Access Management 6. Awareness and Training 7. Data Security 8. Application Security 9. Continuous Monitoring 10. Vulnerability/ Patch Management 11. Threat detection and Response 12. Threat Analysis 13. Forensics 14. Incidence Response 15. Endpoint and Insider Threat Monitoring 16. Physical and Personal Security

Table 1: Cybersecurity Domain vs. Organization size matrix (guidance only) The above table displays a matrix of key cybersecurity domains vs. organization size. Please note that this is a high-level matrix and should only be used for guidance. Each organization has unique cybersecurity requirements, and this guidance will assist in designing and developing a baseline framework to meet their needs. The dots may move across to address unique needs. Please note for small organizations, there is usually one FTE (Full Time Equivalent) who manages all cybersecurity assignments, or it is staffed by an existing IT staff. Irrespective of the size, there are a few critical roles that should be prioritized for maintaining a basic cybersecurity posture. Critical Roles: • Risk Assessment & Management – Risk assessment and management are the key

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

aspects of the cybersecurity organization. It can vary from using a simple assessment tools (CSAT from the Center of Internet Security) to utilizing a Governance Risk and Compliance (GRC) platform. This is a baseline and critical role within the cyber organization. • Security Operations – This important role has multiple assignments varying based on the size of an organization and also the revenue. These include incidence management, data security, threat monitoring, and infrastructure and network security. These assignments are displayed in Table 1. • Cyber Security Architect/Analyst – Regardless of the size of the organization, a security reference architecture can be easily established by this role. The role also maintains awareness and training which is a critical requirement when working from home is the new normal. This role can act as a liaison to other departments to improve the cybersecurity posture. Please refer to the organizational models

illustrated in Figure 1 for expanded version of these roles. Partnerships: There is a constant demand to “do more with less,” especially during the COVID-19 pandemic, which has impacted the revenue streams for all industry verticals. To counter this challenge, partnerships to leverage skills and experience within the ecosystem are very important. The ecosystem includes internal partners (infrastructure, application development, shared services, etc.) and external partners (vendors, managed service providers, etc.). There are visible advantages in establishing pipelines with local higher educational institutions offering cybersecurity education by offering internships and starting analyst positions.

challenged. I also recommend that the leaders use concepts from high-performance team building to nurture and grow the cybersecurity organization. The figure below displays sample organizational structures for a mediumto- large cybersecurity organization. Please note that these illustrations are for guidance only based on the domains listed in Table 1. Individual organizational needs may impact the actual organizational structure. The figure also displays relationships with managed service providers providing essential cyber operations support based on the hybrid model

Sustainability: Sustainability is equally important due to attrition and lack of talented resources in cybersecurity. Rotating assignments and roles will keep the employee motivated and

Director

Deputy Director

General Planning Section

Strategy Analysis Section

Incident Report and Response Section

Data Analytics Section

System Security Section

Testing and Evaluation Section

Comprehensive Affairs

Strategic Planning

Incident Management Team

Cyber Threat

Software Security

Penetration Testing

Project Management Assessment

Legal and Regulatory Affairs

Monitoring and Defense

Endpoint Security

Education and Promotion

Security Service

Computer Security Investigation

Applied Intelligence

Research and Development Management Information System

Cyber Security Diagnostic Proactive Defense

Information Exchange and Cooperation

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Implement cybersecurity programs (e.g., change control, identity management) to comply with security policies. Implement auditing and monitoring for each program. Establish goals and metrics for each program. Operate and maintain: Follow cybersecurity program procedures and tasks

Top Level Leadership Prioritize security and give the team the resources they need to be successful

Information Risk Council Cross functional committee charged with security program initiatives

Engineering/Dev Ops Primarily responsible for product development and support

Information Technology IT support - this may be shared responsibility at a start-up

Security Champion

Operations Roles like HR and Finance. Many roles will be shared

Security Champion

Key Takeaways: 1. Start small and recruit qualified candidates. Use local educational institutions for a pipeline to the starter roles. 2. Train, train and train! Keeping the skills up to date and job rotation ensures that the employees are challenged and motivated. 3. Leverage partnerships with vendors and peer organizations to meet your organizational needs.

being effectively and efficiently used.

How to organize an enterprise cybersecurity team effectively

Charters Senior management support of the cybersecurity team is critical. Ensure that your organization’s cybersecurity team has a formal, documented charter that is annually approved by senior management.

The structure of an enterprise’s cybersecurity team is important for ensuring it’s as effective as possible. Expert Steven Weil outlines strategies for setting up a security group As cybersecurity becomes ever more important, organizations are increasingly trying to determine how to best organize their cybersecurity teams. They want to be sure that their teams are managing and performing the right functions, and that the teams’ staff is 36

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

There is no one size fits all method for organizing a cybersecurity team. Each organization must have a team that’s appropriate for its particular culture and priorities. However, there are some core principles that all organizations should consider when organizing their cybersecurity team.

The charter should describe the primary responsibilities and objectives of the team, how it will make decisions and its typical deliverables. A charter provides clarity for team members and shows the rest of the organization that the team is supported by

senior management. Function mapping An organization’s cybersecurity team needs to manage and perform the right functions. So what’s the best way to determine those functions? Carnegie Mellon University’s well-respected Software Engineering Institute has created a framework that proposes structuring a cybersecurity team around four key functions. • Protect, shield, defend and prevent: Proactively protect, shield and defend an organization from cyber threats and prevent cybersecurity incidents. • Monitor, detect and hunt: Monitor ongoing operations and actively hunt for and detect adversaries. • Respond, recover and sustain: Minimize the impact of cybersecurity incidents and return assets to normal operations as quickly as possible. • Govern, manage, comply, educate and manage risk: Provide oversight, management, performance measurement and improvement for all the cybersecurity activities. Ensure compliance with all the external and internal requirements and appropriately mitigate risk. This ambitious framework sounds great in theory, but is likely only realistic at larger organizations that have mature cybersecurity practices. A framework that is based on an approach developed by security expert Mike Rothman is likely more realistic and pragmatic for many organizations. In this framework, an organization’s cybersecurity team has an individual (e.g., a CSO) who has overall responsibility for implementing an organization’s cybersecurity program, and who is the team’s coordination point. This person is responsible for ensuring compliance with security policies and communicating

cybersecurity program results to senior management. At a minimum, the following four separate functions should report to the CSO: • Infrastructure security: Responsible for ensuring the security of the organization’s technical infrastructure (e.g., servers, networks). This person or team may or may not directly control the staff that performs the work (e.g., firewall administrators may report to a network team), but, regardless of who performs the work, infrastructure security should coordinate all the appropriate staff to ensure the work is done correctly and promptly. • Data security: Responsible for ensuring the security of the organization’s data and applications. As with infrastructure security, this person or team may or may not control the staff that performs the work; data security needs to coordinate all the appropriate staff. In particular, this person or team must work closely with application developers to ensure new applications are secure before they are put into production. • Security testing: Responsible for regularly testing an organization’s security controls (e.g., penetration tests, vulnerability assessments). This person or team is responsible for working with the appropriate staff to mitigate all the discovered significant vulnerabilities. • Security architecture: Responsible for verifying that the appropriate security controls are in place to protect an organization’s sensitive data and information systems. From a big picture perspective, this person or team focuses on ensuring that all the security controls are complementary. There should also be a cybersecurity advisory group, composed of senior executives, that is responsible for advising the CSO about the organization’s risk tolerance and ensuring that key cybersecurity program objectives are met. Organizations should map their current cybersecurity staff to the above framework and Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

identify where they have full, partial or no staff. For areas with partial or no staff, determine if the skills exist elsewhere in the organization (e.g., a developer with cybersecurity skills could move to the data security team) or consider outsourcing options. Continuous improvement cycle An organization’s cybersecurity team should have a continuous improvement cycle. It’s not enough to just set up a cybersecurity team; the team needs to regularly adjust and improve to meet your organization’s needs. Your organization’s cybersecurity team should be based on the following continuous improvement principles: • Plan and organize: Perform a risk assessment, develop security architectures and obtain management approval.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

• Implement: Develop and implement security policies, standards and procedures. Implement cybersecurity programs (e.g., change control, identity management) to comply with security policies. Implement auditing and monitoring for each program. Establish goals and metrics for each program. • Operate and maintain: Follow cybersecurity program procedures and tasks. Perform internal and external audits. As appropriate, manage program service-level agreements. • Monitor and evaluate: Review logs and audit results and metrics for each program. Assess the accomplishment of program goals. Use a maturity model such as COBIT to regularly define process maturity levels and to identify areas where improvement is needed. Develop improvement steps and integrate them into the plan and organize phases.

The Future Use Cases of Blockchain for Cybersecurity A successful cyberattack can be the downfall of any wellpositioned business.

Data breaches not only cause significant financial losses but are also the leading cause of a bad reputation for victim companies.

Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

lockchain started out as the technology behind Bitcoin but has popularly grown into a promising mitigation technology for cybersecurity. It is quite a tough and challenging time for businesses that operate on digital network platforms. Cyber-attacks and breaches continue to haunt online activities at even more sophisticated and damaging levels. As this nightmare continues to escalate, it is not only small businesses that fall prey to the attacks but also large IT companies like Siemens, Facebook, Yahoo, Microsoft, and LG, just to mention a few. Ransomware attacks and other forms of data breaches have now become a day to day challenge for companies. Recent analysis and statistics indicate that even sacrosanct state procedures like Presidential elections are not safe from these attacks. This shows that cybersecurity is no longer an issue to companies alone, but also to governments and other agencies. For the development of viable cybersecurity protection strategies, it would be prudent to analyze the recent cyber-attack trends and statistics. According to Juniper Research, the damages caused by cyber-attacks in 2019 amounted to $2 trillion. With such tremendous financial impacts, companies continue to increase their investment in cybersecurity. It is estimated that by 2030, the global cybersecurity spending will be $2 billion in a bid to mitigate these malicious attacks. Attention-catching Cybersecurity Trends & Stats: • Bitcoin involved in Almost $76 Billion of Illegal Activities: Unlike other currencies, Bitcoin offers a fantastic form of quick transactions with anonymity and safety. The 40

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

cryptocurrency is unregularized by legacy government currency rates. This has quickly transformed it into the most preferred mode of anonymous operation in illegal activities like the cyber-crime and drug trade. According to a study by the University of Sydney in Australia, bitcoin facilitated $76 billion of illegal business transactions around the world. • Ransomware Attack Every 14 Seconds: It is estimated that after every 14 seconds, an individual or company falls prey to a ransomware attack. This is according to the 2019 Official Annual Cybercrime Report (ACR) that also indicated that most of these attacks go unreported. With a new person joining social media platforms every 15 seconds, the ransomware vulnerability scope continues to widen. Small Businesses are the primary targets of Cyber-attacks: Most small businesses consider themselves ‘unlikely’ to suffer from cyber-attacks. According to reports by Cybint, two-thirds of companies have experienced attacks such as social engineering incidents, phishing, and DDoS attacks in the last three years. Small businesses continue being the smallest investors in cybersecurity despite making up 13% of the cybercrime market. • Cyber threat Costs: As per the Security Intelligence Report, the average cost of a cyber-attack data breach as of 2019 was $3.92 million. On the contrary, the cost of hacking is almost insignificant, with cyber-attack tools now available on the Dark Web for as low as one dollar, with other complementary services being offered for free. It becomes more alarming that it takes an average of 5 minutes to hack an IoT device. The Future of these Cyber-attacks & Malware The current fast-paced advancement in technology also offers an incubating effect to cyber-attacks to continue becoming more

sophisticated and executable. With the rolling out of the game-changing fifth-generation (5G) networks that offer ten times faster download speeds, this will inevitably create more opportunities for hackers. Faster speeds will increase the chances of more devices being hacked and the execution of larger cyberattacks. There is a huge commercial appetite for the Internet of Things (IoT). Almost everything, ranging from furniture to utility equipment, is being fitted with internet-connected sensors. According to Gartner, by 2021, there will be an increase in the number of things connected to the internet, from 14 billion to 25 billion. Most of these new technologies have patchy security features that tend to attract hackers. Also, home automation features could lead to more homes being vulnerable to cyber-attacks by

criminals. What is Blockchain? Blockchain technology is a distributed and decentralized ledger system that can record transactions between multiple computers. Blockchain started as the technology behind bitcoin but has popularly grown into a promising mitigation technology for cybersecurity. Notably, human error remains to be the leading cause of data breaches. Blockchain fully automates data storage hence reducing the human element in these data storage systems. Blockchain can be utilized in any sector or industry. This is because any kind of digital asset or transaction can be inserted in blockchain, from any industry. The new technology is considered a reliable

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

cybersecurity protocol due to its capabilities of indicating any foul play and providing certainty in the integrity of transactions. Blockchain technology was designed to be transparent. Therefore, opposing the famous misconception, blockchain offers no privacy or confidentiality of any transactions made through it. When termed as secure, it is meant to describe the integrity of the transactions, not its privacy. Blockchain Use Cases for Cybersecurity Although not unbreakable, blockchain has evolved to become one of the most foolproof forms of transacting in the digital network realm. As designed and intended, the technology has been credited for its information integrity assurance. If well-utilized, many sectors can benefit from it. With the potential of being practical to many utilizations, blockchain can be implemented into many uses. One of the best uses would be utilizing its integrity assurance for building cybersecurity solutions for many other technologies. Below are some use cases of future beneficial use of blockchain to strengthen cybersecurity: 1. Securing Private Messaging: With the internet shrinking the world into a global village, more and more people are joining social media. The number of social media platforms is also on the rise. More social apps are being launched with each dawn as conversational commerce gains popularity. Huge amounts of metadata are collected during these interactions. Most social media platform users protect the services and their data with weak, unreliable passwords. Most messaging companies are warming up to blockchain for securing user data as a superior option to the end-to-end encryption which they currently use. Blockchain can be used to create a standard security protocol. For enabling cross-messenger communication capabilities, 42

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

blockchain can be used to form a unified API framework. In the recent past, numerous attacks have been executed against social platforms like Twitter and Facebook. These attacks resulted in data breaches with millions of accounts being breached and user information landing into the wrong hands. Blockchain technologies, if well implemented in these messaging systems, may prevent such future cyberattacks. 2. IoT Security: Hackers have increasingly used edge devices, such as thermostats and routers, to gain access to overall systems. With the current obsession for Artificial Intelligence (AI), it has become easier for hackers to access overall systems like home automation through edge devices like ‘smart’ switches. In most cases, a large number of these IoT devices have sketchy security features. In this case, blockchain can be used to secure such overall systems or devices by decentralizing their administration. The approach will give the capabilities of the device to make security decisions on their own. Not depending on the central admin or authority makes the edge devices more secure by detecting and acting on suspicious commands from unknown networks. Normally, hackers penetrate the central administration of a device and automatically gain full control of the devices and systems. By decentralizing such device authority systems, blockchain ensures such attacks are harder to execute (if even possible). 3. Securing DNS and DDoS: A Distributed Denial of Service (DDoS) attack occurs when users of a target resource, such as a network resource, server, or website, are denied access or service to the target resource. These attacks shut down or slow down the resource systems. On the other hand, an intact Domain Name

System (DNS) is very centralised, making it a perfect target for hackers who infiltrate the connection between the IP address and the name of a website. This attack renders a website inaccessible, cashable, and even redirectable to other scam websites. Fortunately, blockchain can be used to diminish such kinds of attacks by decentralizing the DNS entries. By applying decentralized solutions, blockchain would have removed the vulnerable single points exploited by hackers.

available on the provider’s platform may already be compromised.

4. Decentralizing Medium Storage: Business data hacks and theft are becoming a primary evident cause of concern to organizations. Most companies still use the centralized form of the storage medium. To access the entire data stored in these systems, a hacker simply exploits but a single vulnerable point. Such an attack leaves sensitive and confidential data, such as business financial records, in the possession of a criminal.

6. Verification of Cyber-Physical Infrastructures: Data tampering, systems misconfiguration together with component failure have marred the integrity of information generated from cyber-physical systems. However, the capabilities of blockchain technology in information integrity and verification may be utilized to authenticate the status of any cyber-physical infrastructures. Information generated on the infrastructure’s components through blockchain can be more assuring to the complete chain of custody.

By using blockchain, sensitive data may be protected by ensuring a decentralized form of data storage. This mitigation method would make it harder and even impossible for hackers to penetrate data storage systems. Many storage service companies are assessing ways blockchain can protect data from hackers. Apollo Currency Team is a good example of an organization that has already embraced the blockchain technology in their systems (The Apollo Data Cloud). 5. The Provenance of Computer Software: Blockchain can be used to ensure the integrity of software downloads to prevent foreign intrusion. Just as the MD5 hashes are utilized, blockchain can be applied to verify activities, such as firmware updates, installers, and patches, to prevent the entry of malicious software in computers. In the MD5 scenario, new software identity is compared to hashes available on the vendor websites. This method is not completely foolproof as the hashes

However, in the case of blockchain technology, the hashes are permanently recorded in the blockchain. The information recorded in the technology is not mutable or changeable; hence blockchain may be more efficient in verifying the integrity of software by comparing it to the hashes against the ones on the blockchain.

7. Protecting Data Transmission: Blockchain can be used in the future to prevent unauthorized access to data while in transit. By utilising the complete encryption feature of the technology, data transmission can be secured to prevent malicious actors from accessing it, be it an individual or an organization. This approach would lead to a general increase in the confidence and integrity of data transmitted through blockchain. Hackers with malicious intent tap into data amid transit to either alter it or completely delete its existence. This leaves a huge gap in inefficient communication channels, such as emails. 8. Diminish Human Safety Adversity caused by Cyber-attacks: Thanks to innovative technological advancements, we have recently seen the roll-out of unmanned military equipment and public transportation. These automated vehicles and weapons are Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

possible thanks to the Internet that facilitates the transfer of data from the sensors to the remote-control databases. However, hackers have been on the job to break and gain access to networks, such as Car Area Network (CAN). When tapped into, these networks offer complete control access to vital automotive functions to the hackers. Such occurrences would have a direct impact on the safety of humans. But through data verification conducted on blockchain for any data that goes in and through such systems, many adversities would be prevented. Conclusion No matter how it is utilized, the key component of blockchain technology is its ability to decentralize. This feature removes the single target point that can be compromised. As 44

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

a result, it becomes utterly impossible to infiltrate systems or sites whose access control, data storage, and network traffic are no longer in a single location. Therefore, blockchain may be one of the most efficient mitigation strategies for cyber threats in the coming days. Nevertheless, blockchain, just as with any other new technologies, faces many startup challenges as it undergoes the painful process of growth.

Verizon Data Breach Report 2021 Pandemic Has Caused Major Surge in Phishing, Ransomware and Web App Attacks Photo Credit Envato

erizon’s data breach report for 2021 frames the degree to which the pandemic has influenced cyber-criminal activity, with the focus shifting strongly toward work-at-home infrastructure. 39% of all data breaches in 2020 stemmed from web application compromise, and both phishing and ransomware incidents jumped significantly from 2019. One thing has not changed, however—human negligence continues to be the leading cause of security breaches.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO of Verizon Business. “As the number of companies switching businesscritical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.” Verizon data breach report illuminates pandemic patterns The 2021 Verizon Data Breach Investigations Report (DBIR) draws on 29,207 incidents investigated in 2020, over 5,200 of which were confirmed breaches. Denial of service (DDoS) were the most common type of attack, but social engineering and basic web application attacks caused the majority of data breaches. Among these breaches, a whopping 85% were attributed to a “human element.” 61% additionally involved the use of unauthorized credentials. Over 10% of data breaches involved ransomware, double the number seen in 2019. In addition to the spike in ransomware attempts, the count of data breaches that involved phishing rose to 36% (from 25% the previous year). But in all the incidents that involved hacking, attacks on web applications were overwhelmingly frequent (80%). An increase in ransomware and phishing was to be expected given the pandemic conditions, with work-from-home schemes creating scores of new vulnerable endpoints for attackers to exploit. However, the Verizon data breach report actually found an overall decrease in end user compromised devices in 2020. Attackers are moving with the times and the circumstances, but they appear to be focusing more on obtaining credentials for external cloud assets and email systems rather 46

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

than the computers of remote workers. Verizon’s data breach report for 2021 frames the degree to which the pandemic has influenced cyber-criminal activity, with the focus shifting strongly toward work-at-home infrastructure. 39% of all data breaches in 2020 stemmed from web application compromise, and both phishing and ransomware incidents jumped significantly from 2019. One thing has not changed, however—human negligence continues to be the leading cause of security breaches. “The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO of Verizon Business. “As the number of companies switching businesscritical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.” Verizon data breach report illuminates pandemic patterns The 2021 Verizon Data Breach Investigations Report (DBIR) draws on 29,207 incidents investigated in 2020, over 5,200 of which were confirmed breaches. Denial of service (DDoS) were the most common type of attack, but social engineering and basic web application attacks caused the majority of data breaches. Among these breaches, a whopping 85% were attributed to a “human element.” 61% additionally involved the use of unauthorized credentials. Over 10% of data breaches involved ransomware, double the number seen in 2019. In addition to the spike in ransomware attempts, the count of data breaches that involved phishing rose to 36% (from 25% the

previous year). But in all the incidents that involved hacking, attacks on web applications were overwhelmingly frequent (80%). An increase in ransomware and phishing was to be expected given the pandemic conditions, with work-from-home schemes creating scores of new vulnerable endpoints for attackers to exploit. However, the Verizon data breach report actually found an overall decrease in end user compromised devices in 2020. Attackers are moving with the times and the circumstances, but they appear to be focusing more on obtaining credentials for external cloud assets and email systems rather than the computers of remote workers. Key data breach report findings Data breaches are also becoming more costly. The Verizon data breach report finds that the median breach cost is $21,659, but that most

organizations can expect their costs to rise as high as about $650,000. Social engineering attempts have been steadily on the rise since 2017, with the fastest-growing subset of these attacks being “business email compromise” (BEC) attempts. BEC breaches doubled in 2020, with the majority of them traced back to a web-based email account compromise. The 2021 Verizon data breach report also notes a rise in the use of phishing templates as a component of social engineering attacks, with the success rates of these templates being all over the map; some templates ensnared no victims at all, but the best of them had a click rate of around 50%. A random sampling of 1,148 people that received phishing emails found that 2.5% clicked on them.

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

The Verizon data breach report specifically defines the “basic” web application attacks that dominate hacking attempts as those that use a small and fairly simple series of steps. Most of these attacks were directed against cloudbased servers, and most tried using stolen credentials obtained from other breaches or “brute force” password guessing aided by automated scripts. These attacks are generally driven by botnets, and organizations can expect anywhere from hundreds to billions of these sorts of attempts each year depending on how interesting of a target they are to criminals. James McQuiggan, Security Awareness Advocate for KnowBe4, observes that even the basic phishing templates that unsophisticated operators use have increased substantially in quality in recent years: “For the past several years, this report has repeatedly shown that phishing or other social engineering is the initial attack vector for the breach. Cybercriminals are evolving their social engineering attacks through creative means. Whether it’s a password reset to a social media account, or having kits that can automatically insert the logo of the target company, or even misinformation about the gas shortage and where to find gas have caused people to fall for the phishing lures of curiosity, fear, or greed.” Though unsophisticated script-driven attacks remain the most common threat by far, there is also a rise in targeted attacks. This is particularly true in the ransomware category. 99% of ransomware attacks observed by the report were classified as “complex” by the DBIR team, primarily meaning that they involved passing malware or hands-on hacking attempts. This is a major change from the original patterns of ransomware, where a more botnet-driven indiscriminate “spray and pray” approach was used. Ransomware gangs now more carefully focus in on targets that they believe have the ability and willingness to make big payments. 48

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cerberus Sentinel, sees ransomware as only being in the initial stages of its explosive growth: “Ransomware continues to be a pervasive scourge on organizations of all verticals. The meteoric rise of cryptocurrency has effectively, if inadvertently, monetized every network in the world for cybercriminals. Their continued success in extorting victims across the globe has provided these criminal operations with budgets that are larger than most of the organizations they target. These budgets allow them to acquire talented hackers as well as custom zero-day exploits that make them incredibly successful in quickly compromising entire computer networks. With these resources, often all that is necessary for these attackers to succeed is for a single successful phishing email to land or acquiring one compromised account password.” The Verizon data breach report also notes that different industries are seeing different patterns of attempts. For example, the education sector is disproportionately targeted by social engineering scams that have fraudulent funds transfers as their end goal. Public administration also sees a disproportionate amount of social engineering attempts, but most of these involve a direct phishing email. And, as the Colonial Pipeline incident illustrated, mining and utilities are quickly becoming a leading target for ransomware groups. The types of data that attackers focus on also varies by industry: for example, 83% of the data compromised in the financial and insurance industries was personal information while the majority in professional/technical/scientific services was research or confidential business information. All of this suggests that attackers are becoming much more discriminating and focused in on particular objectives.

GRADUATE CYBERSECURITY PROGRAM FOR BEGINNERS

Are you considering a career in cybersecurity? With an estimated 2.5 million job openings and growing demand, our training program will help you best position yourself as a top candidate. Our 12-week Cybersecurity Program is a great fit if you are: • Wishing to build your career in the cybersecurity sector. • Have a knack for problem solving. • Set on rising to the task in a challenging work environment that requires diligence while handling of sensitive information.

Students undertaking this program gain a strong understanding of computer technology as well as the skills and discipline required to protect these systems and data from malicious manipulation and attacks. With the acquired knowledge they can effectively address the rising need for cybersecurity in the corporate setting as technology continues to advance and get increasingly adapted in various processes.

DURATION 12 Weeks Online 5 - 6 hours per week

Get in touch today.

For more information get in contact now Email: info@itgcsi.com

Johannesburg: +27(11) 083-7086 | New York: +1(917) 725-4164 Harare: +263 (242) 254-550 | London: +44 (20) 3286-0766

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

10 Major Cyber Attacks Witnessed Globally in Q1 2021 Cyber-crime has been on the rise for years now and it is not showing any signs of slowing down Photo Credit Envato

o make it worse, the arrival of the COVID-19 pandemic in 2020 just fueled the situation. Those who were expecting relief from the increasing terror of cyber-crimes in 2021 are to be disappointed as the number of attacks is only increasing day after day. We have barely crossed the first quarter of 2021 and already several huge cyber-attacks have made the headlines. Here is a list of some of the major cyber-attacks that took place in Q1 2021:

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

1 Channel Nine Australian broadcaster Channel Nine was hit by a cyber-attack on 28th March 2021, which rendered the channel unable to air its Sunday news bulletin and several other shows. With the unavailability of internet access at its Sydney headquarters, the attack also interrupted operations at the network’s publishing business as some of the publishing tools were also down. Although the channel first claimed that the inconvenience was just due to “technical difficulties”, it later confirmed the cyber-attack. 2 Harris Federation In March 2021, the London-based Harris Federation suffered a ransomware attack and was forced to “temporarily” disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence. 3 CNA Financial One of the biggest cyber insurance firms in the US CNA Financial suffered a ransomware attack on 21st March 2021. The cyber-attack disrupted the organization’s customer and employee services for three days as CNA was forced to shut down to prevent further compromise. The cyber-attack utilized a new version of the Phoenix CryptoLocker malware, which is a form of ransomware 4 Florida Water System A cyber-criminal attempted to poison the water supply in Florida and managed by increasing the amount of sodium hydroxide to a potentially dangerous level. The cyber-criminal was able to breach Oldsmar’s computer system and briefly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million. 5 Microsoft Exchange Mass Cyber Attack A mass cyber-attack affected millions of

Microsoft clients around the globe, wherein threat actors actively exploited four zero-day vulnerabilities in Microsoft’s Exchange Server. It is believed that nine government agencies, as well as over 60,000 private companies in the US alone, were affected by the attack. 6 Airplane Manufacturer Bombardier A popular Canadian plane manufacturer, Bombardier, suffered a data breach in February 2021. The breach resulted in the compromise of the confidential data of suppliers, customers and around 130 employees located in Costa Rica. The investigation revealed that an unauthorized party had gained access to the data by exploiting a vulnerability in a third-party file-transfer application. Also, the stolen data was leaked on the site operated by the Clop ransomware gang. 7 Computer Maker Acer The globally renowned computer giant Acer suffered a ransomware attack and was asked to pay a ransom of $50 million, which made the record of the largest known ransom to date. It is believed that a cyber-criminal group called REvil is responsible for the attack. The threat actors also announced the breach on their site and leaked some images of the stolen data. 8 University of the Highlands and Islands A cyber-attack targeted the University of the Highlands and Islands (UHI), forcing the university to close all its 13 colleges and research institutions to students for a day. Security professionals uncovered that the attack was launched using Cobalt Strike, a penetration testing toolkit commonly used by security researchers for legitimate purposes. This incident is just another in a series of cyber-attacks targeting the education sector. 9 Sierra Wireless On 20th March 2021, the multinational IoT device manufacturer Sierra Wireless was hit

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

by a ransomware attack against its internal IT systems and had to halt production at its manufacturing sites. Its customer-facing products weren’t affected and the company was able to resume production in less than a week. “This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. It’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks.” 10 Accellion Supply Chain Attack Security software provider Accellion fell victim to a breach targeting its file transfer system FTA. Many of its clients were affected by the breach. Some high-profile organizations that got caught in the crossfire include grocery 52

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

giant Kroger, telecom industry leader Singtel, the University of Colorado, cyber security firm Qualys and the Australian Securities and Investments Commission (ASIC). A lot of confidential and sensitive data stolen from various companies by exploiting the vulnerabilities in Accellion’s FTA tool was leaked online. How to Protect Your Organization Against Cyber Attacks? Witnessing the extent of damage cyber-attacks can cause should be reason enough to take the necessary preventive measures right away. So, here are some steps you can take to reinforce your organization’s cyber security framework and keep it shielded from cyber-attacks. • Generate Cybersecurity Awareness: Unaware employees can prove to be an organization’s biggest weakness when it comes to cyber security. Generating

awareness among your employees about the prevalent and emerging cyber threats is one of the most effective ways of protecting your business against cyber-attacks. DataSecure can help your organization develop customized security awareness training, both onsite or online simulated scenarios to educate your employees. • Implement a Phishing Incident Response Tool: Educating your employees will only take you so far if you don’t equip them with the means of dealing with cyber threats. A phishing incident response tool can empower your employees to detect and report suspicious emails right away, significantly reducing cyber risks, get in touch with DataSecure for a complimentary advisory. • Carry Out VAPT: Conduct periodic Vulnerability Assessment and Penetration Testing (VAPT) to detect any exploitable vulnerabilities in your organization’s IT infrastructure including applications,

servers and networks. Make sure to fix the detected weaknesses on priority. • Keep the Systems Updated: Keep all your hardware and software up-to-date with the latest security updates and patches. Failing to do so can create weaknesses in your security infrastructure and lead to cyberattacks. • Implement MFA: Enable Multi-Factor Authentication (MFA) across all the applicable endpoints of your organization’s networks. This will not only add an extra layer of security but also protect you in case your employees’ user credentials are stolen. So, don’t wait for your company’s name to be on the list of cyber-attack victims and take the necessary precautions immediately. Make your employees proactive against prevailing cyber-attacks with DataSecure

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cyber Security Awareness Email To Employees (Plus 6 Templates)

A recent IBM report revealed that in 2020 the average cost to the business for a cyber attack was $3.86 million – and it took more than 200 days for breaches to be detected. Photo Credit Envato

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

The most important security awareness email to employees templates you can have include:

suspiciously. (We’ve created a whaling awareness email sample for you.)

1. Ransomware awareness email Ransomware attacks have been increasing every year and can be devastating for organizations that find themselves targeted. Not only can it mean you are frozen out of your systems until you pay a “ransom” to restore them (costing loss of revenue and productivity), but fixing any damage can also be expensive. And there’s also the damage to corporate reputation and potential for lawsuits if customer data is compromised.

4. Spam awareness email to employees Junk email that gets past the spam filter can clog up inboxes and cause legitimate company email communications to get lost in the clutter. These are unsolicited emails usually written in a way designed to trick the employee into thinking it is worth reading but just wastes time… and potentially money if they decide to purchase whatever is being advertised.

Make sure your employees know what to look for when it comes to ransomware – particularly not clicking on links or attachments from unknown recipients. (We have provided a ransomware awareness email sample.) 2. Phishing awareness email Phishing emails are a common way that cyber criminals gain access to systems. The goal of a phishing email is to dupe the recipient into believing it has been sent by a legitimate source so that they will divulge sensitive data or information like passwords, user names, credit card or bank account details, and more. Teach your employees to be vigilant and not enter any details into a website via a link sent to them from an unexpected source. (You can save time by using our phishing awareness email template.) 3. Whaling awareness email Whaling takes phishing one step further – this is where a cyber criminal will email employees within a company pretending to be a company executive who has lost access to his/her email or bank account or needs an urgent credit card payment etc. Help employees to understand that these types of requests should always be treated

A lot of malicious content can also arrive via spam – a general spam awareness email can help to cover this off. (Look at our spam specific security awareness email to employees sample for guidance.) 5. Password tips email Passwords are ultimately one of the biggest risks to company data: when an employee sets a weak one or inadvertently gives the password to a third party, the system can be breached easily. A password tips email is a great way to provide advice on the best practices around setting a strong password, as well as what to do to keep it safe. (Find above a sample of a password tips email for employees. We’ve created a password specific security awareness email to employees template.) 6. Email security training for employees This general email can be sent to raise overall awareness of the different types of threats and risks posed by suspicious emails, including some of the threats mentioned above. It can also give tips on using spam filters, the importance of antivirus and firewalls, and even how these sorts of attacks are not just limited to email itself – scammers will call or SMS people as well! Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Subscription CyberSecurity Focus Magazine Distribution: Airlines, Corporate Organizations, Hotels, Universities, Retail( South Africa, Zimbabwe, Kenya, USA)

Print Run: 200.000( print & online) Pages: 92 Full Color Frequency: Bi-monthly Distribution: Airlines, Corporate Organizations, Hotels, Universities, Retail (South Africa, Zimbabwe, Kenya, USA)

Individual

$50/6 Issues (access to both print and online version) $30/6 Issues (online version only)

Corporate Subscription

A corporate subscription is a service for companies that require multiple print and/or digital subscriptions- helping you to save time , hassle and money by combining them into one company wide subscription. This is available for those companies with existing subscribers or new customers. $100/10 bi-monthly copies plus online access $250/20 bi-monthly copies plus unlimited online access

Digital Service

We can setup a PDF digital subscription for your organization as well as a company wide internet access service. This will allow your staff unlimited access to our website from your office location(s) for a set period as well as access to magazine ( including archived copies) in PDF format. Contact us on the details below to discuss further.

Cybersecurity Focus Magazine

Cybersecurity FOCUS magazine is a bi-monthly print and online magazine dedicated to the strategy cyber economic market data, insights and ground breaking predictions to a global audience of CIOs and IT executives, CSOs and CISOs, information security practitioners. Cybersecurity FOCUS magazine publishes annual and quarterly reports covering Africa and Global cybercrime, cyberwarfare, hacks, data breaches, cybersecurity market forecasts and spending predictions and more.

Key corporate subscription benefits Individual service- you will have a dedicated account manager who will support and help resolve all your requirements. Save time and hassle - If you currently have multiple copies going to your organization that have been paid for separately and expire at different dates , by becoming a corporate subscriber your new and current subscriptions will be synced so that they expire on one date. Share training and best practice - all your administrative staff will have access to the magazine and the training it offers which encourages discussion and learning across all departments. Articles of a particular intrests can be highlighted and shared. Easily manageable - you have the option to request only one invoice Competitive rates - as a corporate client you will receive more competitive rates than as individual subscribers. Maximum value - our account managers will ensure that each subscription is utilized by your staff fully, for example instructing them howthe can make the most of their online access alongside their print subscription

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

ITGCSI Cybersecurity Training Programs Are you and executive business leader, manager or looking to start a career in cybersecurity? ITGCSI has got you covered with training offerings just for you.

Executive Business Leaders Cybersecurity Program Designed for C-suite and board members, this program developed with industry experts and leading educational institutions, will help today’s leader navigate the cybersecurity and equip them with the right tools for rapid changes. Non- technical business leaders will be able to have the necessary conversations with their technical counterparts.

Business Managers Cybersecurity Program Due to their unique position between top and lower management, business managers will be able to direct the necessary cybersecurity activities for the organization. They will also learn how to be champions for cybersecurity initiatives from lower management to the executive level.

Graduate Cybersecurity Program Our graduate cybersecurity leadership training will equip individuals starting out in cybersecurity to be able to hit the ground running after completion. Collaboration with industry practitioners ensures that we train for the skills industry and nothing less. It is more than just an introductory course, it’s empowerment to succeed in the industry.

DURATION 4, 8 and 12 week class sessions available 6-8 hours per week | Online

Get in touch today.

For more information get in contact now Email: info@itgcsi.com

Johannesburg: +27(11) 083-7086 | New York: +1(917) 725-4164 Harare: +263 (242) 254-550 | London: +44 (20) 3286-0766

Cybersecurity & Trends Magazine June 2021 Issue – Vol. 6

Cybersecurity FOCUS JUNE 2021 ISSUE VOL. 6

Articles inside

3 million South Africa Facebook users hit by data leak

Templates