Wrap up - Looking back on Cybersecurity Awareness Month 2021
The Data Connectors Cybersecurity Community’s resource guide to #BeCyberSmart
At the start of October, the FBI Cybercrime division IC3 received over 2,700 ransomware reports with losses of over $30 million. This is a 66% increase from the $18 million reported in the same time frame in 2020.* With hackers becoming more organized and sophisticated it is important to stay informed, up to date, and prepared for whatever comes next.
2021 was the 18th year October had been recognized as Cybersecurity Awareness Month. The National Cybersecurity Alliance, who established the commemoration in 2004 with the U.S. Department of Homeland Security (DHS). What began as a collaborative effort between government and industry to ensure safety online, is now recognized across the globe by professional organizations, cybersecurity companies, and organizations of every type to educate and protect their people and assets.
CISA along with DHS had reported that this year’s theme would remain “Do Your Part. #BeCyberSmart.” This calls upon individuals and organizations to each take active measures to ensure that their company and personal cyberspace are protected. On September 30th, the White House issued an official proclamation dawning the start of the nationally recognized month. It stated:
“Our Nation is under a constant and ever-increasing threat from malicious cyber actors. Ransomware attacks have disrupted hospitals, schools, police departments, fuel pipelines, food suppliers, and small businesses — delaying essential services and putting the lives and livelihoods of Americans at risk. Any disruption, corruption, or dysfunction of our vital infrastructure can have a debilitating effect on national and economic security, public health, and our everyday safety.”
The Data Connectors Community News Team has rounded up some of the most important articles, interviews, and resources our Community Members have found particularly useful:
Over the past year and a half, companies all over the world have had to adjust to the work-from-home mandate and new hybrid working environment while ensuring cybersecurity protection of both the organization’s endpoints and their employees. Local governments have had to adapt to the necessary new regulations for cybersecurity as well.
While headline-grabbing attacks like Colonial Pipeline and SolarWinds grab headlines, state and local governments, as well as municipalities and public education facilities have long been the target of debilitating ransomware attacks.
For more on cybersecurity within government, you can hear from Florida state’s CIO, Jamie Grant at the Miami Cybersecurity Conference on November 09-10. Register today for a chance to hear the experiences that will benefit cybersecurity leaders – be they in the public or private sectors. Grant will discuss cutting bureaucracy, budgeting, staffing, working with solution providers, and motivating teams to strive for a meaningful mission.
Several members of the Data Connectors community, including companies like SecurityScorecard, Rapid7, and Cybereason, have teamed up with industry leaders across government, academia, non-profit organizations, and other private-sector organizations to form a Ransomware Task Force.
Ransomware is now a threat equal to terrorism. Cryptocurrencies have proven to be a lucrative modus operandi for criminal groups and state actors looking to launder funds and evade sanctions. It is vital for organizations such as CipherTrace to utilize support to prevent sophisticated attacks. Pamela Clegg, VP of Financial Investigations at CipherTrace, presented on this at the Dallas Cybersecurity Conference with “Ransomware Investigations and Actionable Intelligence from DarkSide and REvil.”
This task force was organized by the Institute for Security and Technology (IST), who convened the task force and began work in January 2021. At that point, the organization launched a website highlighting the leadership roles and a complete list of members.
This task force will continue to aid in the fight against cybercrime; see who else is included, and how they can help your organization.
Gartner has predicted that by 2025, cyber attackers will weaponize operational technology environments to harm or kill humans.
Data Connectors Community Members know that this has already happened. In Menny Barzilay’s New England Virtual Cybersecurity Summit Keynote this past August, his “Cyber Kills” talk demonstrated numerous cases where cyber-attacks have led to the loss of life over the recent past.
In coming after OT, hardware and software that monitors and controls equipment, attackers gain the ability to impede upon cyber-physical systems (CPS), according to Gartner. This is the evolution from attacks like that on the Colonial Pipeline – disruption is one thing, but with enough access, bad actors can impact the health and welfare of private individuals.
To prevent this horrible prediction from coming true, see what Gartner recommends to protect you and your enterprise.
DHS – CISA released an alert regarding an observed increase in highly impactful ransomware attacks over the holidays and on weekends; strategically when businesses are closed and at their most vulnerable. The exponential rise of ransomware in the last few years continues to be a consistent threat. Protect yourself and your business by reading the Ransomware Awareness for Holidays and Weekends
It had the makings of a typical ransomware attack — likely set off through a phishing scam, resulting in the wrong people getting their hands where it didn’t belong. But the outcome of the Colonial Pipeline ransomware attack was beyond typical.
In a LinkedIn Live session with former CISA Assistant Director John Felker, the Data Connectors Community gained a unique insight into what was likely happening behind the scenes, both in the Colonial boardroom and in the government offices.
The session, titled “Reflections on the Colonial Pipeline Ransomware Attack,” took a comprehensive look at the timeline of events surrounding the attack, as well as a deep-dive in the actions of the perpetrators, the DarkSide hacking group.
In another example of this kind of broadband attack, Atlanta Infragard Board Member Derek Johnson led a Keynote discussion at the Atlanta Cybersecurity Conference on October 27 – 28. Attendees discovered how organizations today can no longer engage in digital transactions or eCommerce serving their employees, customers, or partners without understanding the global cybersecurity landscape or the state of their internal security program.
Looking for further discussion on these topics? Check out all upcoming summits and conferences.
For more information and to stay connected to experts in the industry, join our community!