NTSC Technology Security Roundup

Weekly News Roundup: October 2, 2017

ISMG Security Report Interview with Ron Ross of NIST

ISMG Security Report recently interviewed Ron Ross, a computer scientist and NIST Fellow, about “revised guidance on how to get C-suite executives to help shape information risk management.” Listen to the full interview.

Three Reports Indicate Ransomware Getting Worse

Dark Reading summarized three recent reports that highlight how ransomware continues to grow in severity. The reports included the following insights:

  • “Ransomware attacks have eclipsed most other global cybercrime threats, with the first half of 2017 witnessing ransomware attacks on a scale previously unseen following the emergence of self-propagating 'ransomworms,' as observed in the WannaCry and Petya/NotPetya cases…” (IOCTA 2017 report quoted in Dark Reading)
  • “…new ransomware increased by 54% in the second quarter of this year, according to McAfee. The number of total new ransomware samples has increased by 47% in the past four quarters.” (McAfee)
  • “75% of organizations affected by ransomware have experienced up to five attacks in the last year, and 25% have been hit by six or more attacks.” (Cybersecurity Insiders and Crowd Research Partners)

SEC Announces Cyber Unit to Address Cybersecurity Risks

On Monday, the SEC announced the creation of a Cyber Unit in the wake of admitting a 2016 data breach. According to a press release, “The Cyber Unit will focus the Enforcement Division’s substantial cyber-related expertise on targeting cyber-related misconduct, such as:

  • Market manipulation schemes involving false information spread through electronic and social media
  • Hacking to obtain material nonpublic information
  • Violations involving distributed ledger technology and initial coin offerings
  • Misconduct perpetrated using the dark web
  • Intrusions into retail brokerage accounts
  • Cyber-related threats to trading platforms and other critical market infrastructure”

In addition, “The unit, which has been in the planning stages for months, complements the Chairman’s initiatives to implement an internal cybersecurity risk profile and create a cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.”

FBI Director Christopher Wray Offers Views on Cybersecurity at Senate Committee Hearing

Installed as FBI Director on Thursday, Christopher Wray spoke about the importance of cybersecurity during a Senate Homeland Security and Government Affairs Committee on Wednesday. Talking about cyber, Wray said “Virtually every national security and criminal threat the FBI faces is cyber-based or technologically facilitated.” He identified foreign intelligence agencies, hackers for hire, organized crime syndicates, and terrorists as major cyberthreats and pointed out that it’s incredibly challenging to investigate cybercrime.

Deputy Secretary of State John Sullivan Says Permanent State Department Cybersecurity Role Will Get Created

On Tuesday, Deputy Secretary of State John Sullivan told the House Foreign Affairs Committee that a new permanent State Department cybersecurity role will get created despite Secretary Rex Tillerson’s elimination of the Cyber Coordinator role. According to NextGov, Sullivan said, “I can commit to you that cybersecurity, our whole cyber effort, will be elevated at the department beyond what it is now…” NextGov goes on to say, “Tillerson hopes to have all reorganization plans finalized and briefed to Congress by the end of 2017, Sullivan said.” Many people in the cybersecurity community have been worried that the State Department is not making cybersecurity a priority.

Senate Passes Schatz-Risch Small Business Cybersecurity Legislation

According to a press release, the U.S. Senate unanimously passed the Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology (MAIN STREET) Cybersecurity Act. This legislation was introduced by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho), and the bipartisan bill will provide a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats. In addition, the MAIN STREET Cybersecurity Act will ensure that NIST considers the needs of small businesses as it updates the NIST Cybersecurity Framework.