Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: The importance of documentation
A key “lesson learned” from the evolving Log4j incident is the importance of documentation during patch management and incident response. As we are now on the third version of the patch in just over a week, it’s essential for your teams to understand what’s been patched and when; any issues encountered; and the current status of re-patching. Think of the Four Cs: Clear, consistent, continuous, and centralized documentation can help you stayed organized during a stressful time.
Log4j Update
ISA Cybersecurity has issued a special bulletin with all the latest news on the Log4j vulnerability. Read more here.
Independent report on Irish healthcare attack
Independent reviewers of the May 2021 cyber attack on the Irish health system have released a comprehensive report that is a must-read not just for healthcare providers, but for all digital organizations. Lightly redacted, the public version of the report presents an incident timeline, a series of strategic and tactical recommendations specifically for Ireland’s Health Service Executive (HSE), in addition to an extensive “Learnings” section that should cause any business to pause and reflect on their own operation’s preparedness and cyber maturity.
ICYMI: WordPress website attacks
Lost amid the recent news about the Log4j vulnerabilities is a massive cyber attack campaign launched against WordPress-based websites. A report by WordFence has the details of the attack, which targeted over 1.6 million websites around the world. The report provides details of the attack sources, a comprehensive list of potentially vulnerable plug-ins that should be patched as soon as possible, and an important list of indicators of compromise and response strategies.
The cost of insider threat: Desjardins settlement could exceed $200M
The theft of some 9.7 million Desjardins credit union accountholder records could cost the company just over $200 million (all figures CDN) for an out-of-court settlement of a class-action lawsuit from the victimized customers. No charges have yet been laid in the incident, but allegedly the data was copied onto USB drives over the course of over two years by an unnamed marketing employee, who then sold the information to a private lender. Private, personal data including first and last names, dates of birth, social insurance numbers, residential addresses, telephone numbers, email addresses, and transaction histories were disclosed. Some 4.2 million customers were affected.
The credit union, which reported the incident to the Office of the Privacy Commissioner of Canada (OPC) found to have been responsible for the breach: while Desjardins “invested a significant portion of its overall information security budget to fight against external threats,” according to the OPC, “in our view, the absence of a culture of vigilance against internal threats significantly contributed to the breach.”
Desjardins also spent tens of millions of dollars in the immediate wake of the announcement of the breach; the credit union estimated that it had spent $108 million through February 2020 in investigations, compensation packages, and credit monitoring services for its customers.
Details of the proposal are available on a Desjardins settlement portal. The agreement must be approved by a Québec Superior Court judge before it can go into effect.
New report: How to talk about ransomware to the C-Suite
Research organization (ISC)2 has released a new report entitled “What Cybersecurity Leaders Need to Know About What Executives Need to Hear”. Surveys conducted with some 750 U.K. and U.S. corporate executives provides security professionals with insights into what senior management is concerned about, along with “actionable insights into how they can more effectively communicate with executives about ransomware preparedness”.
“Knowing how our security function is working with IT to ensure our back-ups and restoration plans will not also be impacted by any ransomware attacks” heads the list of C-suite concerns. The report also delves into what to say – and how to say it – to truly be heard by leadership. The top five recommendations in the report were:
1. Communicate More Frequently with Leadership
2. Temper Overconfidence as Needed
3. Tailor Your Message to What Concerns Leadership the Most
4. Make a Strong Case for More Security Staff
5. Make Ransomware Defense Everyone’s Responsibility