Cyber Risk Governance Insights | August 5, 2024

WEEK IN HEADLINES

GOVERNMENT - Monoculture Increasing Cyber-Risk

The US State and Local Cybersecurity Grant Program (SLCGP) aims to improve cybersecurity by funding eligible entities. However, this initiative may inadvertently create a monoculture environment, where reliance on a single vendor could lead to widespread disruption if that vendor is compromised.

INSIGHT: “Don’t put all your eggs in one basket.”  A diverse, layered defense strategy in cybersecurity. Relying solely on a single vendor could potentially lead to widespread disruption if that vendor is compromised.  CrowdStrike illustrated the potential risk as a single vendor affected so many for so long.

SERVICES - Hackers Compromise ISP to Poison Software Updates

A Chinese hacking group, StormBamboo, has compromised an ISP to poison software updates with malware. By exploiting insecure HTTP update mechanisms, they delivered malware to Windows and macOS devices, installing malicious extensions to steal data. The attack targeted multiple software vendors and was halted after the ISP took key network components offline.

INSIGHT: The group exploited insecure HTTP update portals to deliver malware. You should verify that your software vendors use secure protocols to update software and for users to only download updates from trusted, secure sources.  These are Governance Controls around Third-Party Vendor Risk assessments and Procedures related to software updates.  Cyber is not just technical, it's policies and procedures as well.

RESEARCH - Taiwanese Institute Exploited in Major Cyber Attack

APT41, a Chinese state-sponsored hacking group, breached a Taiwanese government-affiliated research institute using ShadowPad and Cobalt Strike malware. The attack, detected by Cisco Talos, involved exploiting outdated software and deploying sophisticated tools to exfiltrate sensitive data, highlighting the ongoing cyber espionage threats from nation-state actors.

INSIGHT: The attackers exploited an outdated version of Microsoft Office IME binary, highlighting the importance of regular updates and an effective patch management to close security vulnerabilities.  This is a KPI for the effectiveness of your IT staff.

MARITIME - Maritime Facilities in Multiple Countries Targeted

The nation-state threat actor SideWinder has launched a new cyber espionage campaign targeting maritime facilities in the Indian Ocean and Mediterranean Sea. Using spear-phishing techniques, the group exploits vulnerabilities in Microsoft Office to deliver malicious payloads to gather intelligence in countries like Pakistan, Egypt, and Sri Lanka.

INSIGHT: Effective email filtering software and Security Awareness Education for your staff are of great value for a comparatively low investment.  Educating your staff about phishing and spear phishing can reduce your financial loss.  A pause to evaluate the legitimacy of an out of norm email can save your business.

GOVERNMENT - 6TB Costs $2M Ransom Payment

A hacker group named Rhysida claims to have stolen 6.5 terabytes of sensitive data from the city of Columbus, OH and demanding nearly $2 million in ransom. The group has released screen captures to prove their possession of the data, which includes security footage and employee information. Columbus police officers are particularly affected, with reports of attempted bank fraud and dark web alerts.

INSIGHT: On the surface this appears to be yet another American city that did not allocate a budget to implement appropriate cybersecurity measures.  The city also appears to not have properly established a cyber resilient posture and did not have citizen data secured by encryption and data backed up to just restore city operations to the last backup.  It's not news that cities are vulnerable and an attractive target of cyber attackers.

HOME USERS - Your Toaster Might Be More Secure Than Your Computer

A massive Magniber ransomware campaign is encrypting home users’ devices globally, demanding thousand-dollar ransoms for decryption. Initially launched in 2017, Magniber has resurfaced, targeting individuals who download malicious software. Victims face escalating ransom demands, starting at $1,000 and increasing to $5,000 if unpaid within three days.

INSIGHT: Legit software is required for a reason, even if you have to pay for it.  Avoid downloading and installing cracked software, because Magniber exposes those who download suspect software. By downloading cracked software, you significantly raise your chance of compromise.

INSIGHTS & EXPERT PERSPECTIVES

OPINION - The Cybersecurity Industry’s House of Cards

In the wake of the recent CrowdStrike incident and the subsequent commentary from Sentinel ONE’s CEO, it’s time we take an honest look (or controversial stand) on an issue that has long been ignored.

The cybersecurity industry is in shambles, and the root cause is our past reliance on venture capital (VC) funding.

We in the industry have allowed ourselves to be influenced by venture capital money, leading us to build our industry on shaky foundations of risky architectures and shortcuts. The fallout of these decisions is now being exposed, and the consequences are dire. For those VCs still looking to exit their investments, they might find themselves holding a ticket to “integration” or, in VC parlance, liquidation.

The impending fallout in the CS portfolio is a stark reminder of the risks we face. But amidst this crisis, there’s a beacon of hope - SARA.

This is why Netswitch offers services as a third-party risk assessor, and SARA (Security And Risk Assessment) helps companies navigate these troubled waters by determining their cyber risk and potential compliance liabilities and delivers a strategic roadmap.

But the real punchline is this – companies need to scrutinize their past spending.

Are their investments still cost-justifiable?

Do they contribute any value to resilience indices or key performance indicators (KPIs)?

This is why we assess the alignment of these investments with compliance requirements to ensure operational effectiveness. More importantly, companies need to leverage appropriate KPIs to engage with stakeholders and monitor the ROI on cyber investments.

The cybersecurity industry needs a radical overhaul.

We need to move away from the profit-driven mindset and towards a model that prioritizes long-term security and sustainability.

Only then can we hope to rebuild customer trust in our industry on a solid foundation.

LinkedIn Live Event - Cyber Resilience

The Cyber Risk Governance Community recently hosted our latest LinkedIn Live Event - 5 Critical Questions Boards Must Ask with CRG Community member Alex Sharpe was our guest for the conversation.

We underscored the criticality of cyber resilience and adaptive strategies for businesses; and stressed the need for a holistic approach encompassing technology, people, processes, and organizational alignment to fortify against cyber threats.

Key takeaways:

• Human Factor: Most cyber incidents involve human error, often as a result of phishing or social engineering, emphasizing the importance of Security Awareness Education.

• Impact of Digital Transformation: The shift to digital operations during COVID exposed vulnerabilities, underscoring the need for adaptive cybersecurity strategies.

• Cyber-Aware Culture: Creating this culture through investment in awareness and training programs is one of the most cost-effective ways to enhance organizational resilience.

• Supply Chains: these risks have increased due to the interconnected nature of modern businesses, as evidenced by recent high-profile incidents.

As cyber threats evolve, so must your approach to cybersecurity, cyber risks, and cyber governance.

Are you ready to adapt? Watch the conversation HERE to understand where to begin.

Netswitch Sharpen Your Cyber Edge with Netswitch

Master Compliance & Minimize Risks:

1. Independent Security Audit: Identify network risks with our automated Security And Risk Assessment (SARA). Get a clear picture, prioritize improvements, and optimize resource allocation. Contact Netswitch.

2. Free "Quick Start" Program: Gain a free cyber risk and governance health check. Enroll now and start building resilience.

Deepen Your Knowledge:

• Join Our LinkedIn Group: Collaborate with industry leaders in the CyberRisk Governance Group on LinkedIn. Share insights and stay ahead of the curve.

• Live Events: Participate in interactive LinkedIn Live sessions. Explore cyber risk topics with executives, technologists, and governance professionals.

Don't wait.

Contact Netswitch today to take control of your cyber risk.

Disclaimer: The information and links provided in this newsletter are for informational purposes only. Netswitch does not warrant the accuracy or completeness of such information and is not liable for any damages arising from its use.