Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Catch ISA live on September 26!
ISA Cybersecurity is proud to have two of our experts speak at presentations on September 26:
- Cybersecurity Offering Leader Kevin Pietersma will be presenting at a MISA Industry Insight webinar at 11:00 a.m. ET, discussing his “10 Key Insights from Managing Cyber Incidents”.
- Meanwhile, Nick Jaldevi, Protection Service Lead, will be speaking at the BSides Edmonton conference at 1:50 p.m. MT. Nick will be presenting his insights regarding his “Top 15 things to consider when implementing an EDR solution”.
Limited personal information involved in Air Canada data access incident
According to a September 20 announcement on its website, Air Canada recently encountered a data access incident involving “limited personal information of some employees and certain records”. The terse statement explains that an “unauthorized group briefly obtained limited access to an internal Air Canada system,” but that no customer information was accessed. The airline carrier has already notified all individuals affected by the incident.
Air Canada stated that their flight operations systems and customer-facing systems were not compromised in the incident, and that all of their systems are fully operational. No further details were provided on the nature of the incident, and Air Canada advised that they would be providing “no further public comment on this matter”.
City of Dallas issues post mortem report on May cyber incident
On September 20, the City of Dallas, Texas released a detailed report on a cyber incident that affected numerous city systems in May 2023. The after-action report summarizes remediation and resolution efforts surrounding the ransomware attack, which is budgeted to cost the city at least $8.5M (all figures USD) and has involved some 39,590 hours of effort to manage thus far.
The city concluded that the Royal ransomware gang was behind the attack, and that the gang had access to municipal systems for almost a month, downloading an estimated 1.169TB of data before launching a ransomware attack on May 3.
The report provides a detailed timeline of events, systems and services affected, a reflection on the city’s own defenses, and a seven-point series of recommendations for enhancements to strengthen the city’s cybersecurity posture.
Cisco to acquire Splunk
In a September 21 announcement, Cisco confirmed their intention to acquire Splunk for approximately $28B (all figures USD). Splunk also announced the proposed deal on their website on the same day. The planned purchase of Splunk reflects Cisco’s current strategy to expand its business from primarily hardware-centric to a broader base of offerings. “The acquisition builds on Splunk’s heritage of helping organizations enhance their digital resilience and will accelerate Cisco’s strategy to securely connect everything to make anything possible. The combination of these two established leaders in AI, security and observability will help make organizations more secure and resilient,” according to the press releases.
Having already been approved by the boards of directors of both Cisco and Splunk, the deal is expected to close by Q3/2024, “subject to regulatory approval and other customary closing conditions including approval by Splunk shareholders,” explained the announcement.
OPC releases annual report
On September 19, the Office of the Privacy Commissioner of Canada (OPC) released its annual report, entitled “Protecting and promoting privacy in a digital world 2022-2023 – Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act”
The report provides insights into PIPEDA and the world of Canadian privacy, updates on high-profile data breach incidents, and highlights of the OPC’s work. The report also includes statistics regarding privacy breach reports, featuring a breakdown of the sectors with the greatest number of privacy breaches reported – last year, the financial sector, followed by telecom – even while acknowledging that many breaches likely still go unreported.
U.S. DHS releases report on streamlining cyber reporting requirements
On September 19, the U.S. Department of Homeland Security (DHS) released a report urging governments and agencies to work together to streamline the patchwork of literally dozens of different cyber reporting requirements for critical infrastructure, thereby easing the regulatory burden on hacking victims.
Today, there are about 45 existing reporting requirement frameworks administered by 22 federal agencies in the United States. The reporting requirements range from national and economic security concerns to consumer and privacy protections. Seven more reporting frameworks are close to release, with five additional requirements under consideration – a potential total of 57 reporting regimes. The confusing and overlapping sets of requirements make reporting onerous and costly, particularly at a time of crisis when organizations are understandably anxious to focus on resolving the cyber incident.
The report lays out a set of eight recommendations and three legislative changes that the DHS hopes will “reduce complexity, diminish regulatory overlap, and eliminate unnecessary duplication with respect to cyber incident reporting.”
