NTSC Blog

Weekly News Roundup: April 6, 2020

Legislative and Federal Cybersecurity News Update

Here, we’ve provided a roundup of cybersecurity legislation and federal cybersecurity news stories from last week.

• Cybersecurity State Coordinator Act to Cost $37M, CBO Says: According to MeriTalk, “In an estimate released March 31, the Congressional Budget Office (CBO) said that over the next five years the Cybersecurity State Coordinator Act would cost $37 million to enact. As part of the proposed program, which would be housed within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, each state would have a Federally funded Cybersecurity Coordinator tasked with helping to prevent and respond to cybersecurity threats. State Coordinators would facilitate coordination between Federal, state, and local governments as well as schools, hospitals, and other entities.”
• Washington State OKs Facial Recognition Law Seen as National Model: According to The Wall Street Journal, “Washington state adopted a Microsoft Corp.-backed law enshrining the most detailed regulations of facial recognition in the U.S., potentially serving as a model for other states as use of the technology grows. Gov. Jay Inslee signed the law [last] Tuesday allowing government agencies to use facial recognition, with restrictions designed to ensure it isn’t deployed for broad surveillance or tracking innocent people.”
• NIST releases draft cloud system access control guidance for public comment: According to Inside Cybersecurity, “A new NIST draft guidance on access controls for cloud systems is out for public comment, noting that ‘different service delivery models need to consider managing different types of access on offered service components,’ and that, so far, ‘primarily ad hoc solutions’ have addressed ‘specific cloud applications and do not provide comprehensive views of cloud [access control].’”

National Cyber Security News Update

Here, we’ve provided a roundup of cybersecurity news stories related to national security from last week.

• Cyber threats spike during coronavirus pandemic: According to The Hill, “Cyber threats to both the health care sector and average Americans have surged as hackers look to take advantage of the panic and chaos caused by the coronavirus crisis. Major agencies including the Department of Health and Human Services (HHS) and the World Health Organization (WHO) have been targeted by hackers in unsuccessful but ongoing attacks.”
• After-action report: Electric grid cyber exercise demonstrates need for shared inventory of critical supply-chain components: According to Inside Cybersecurity, “A new report from the North American Electric Reliability Corporation -- NERC -- finds the electricity sector would be better prepared to respond to cyber attacks if its vendors shared more information industry-wide on equipment and hardware through a ‘trusted channel.’”
• Health Data Breach Tally Spikes in Recent Weeks: According to GovInfoSecurity, “The total number of health data breaches - and individuals affected - on the 2020 tally has more than doubled in recent weeks. A snapshot [last] Monday of the Department of Health and Human Services' HIPAA Breach Reporting Tool website shows a total of 105 breaches affecting more than 2.5 million individuals have been reported and added to the tally so far in 2020.”
• Governments experience surge in cyberattacks: According to ITProPortal, “According to a new report from Imperva, the global pandemic has not hindered cybercriminal activity - certain countries have in fact experienced a large spike in recent months. The firm's February 2020 Cyber Threat Index shows a 10 percent increase in the average number of attacks per site in US government and legal sectors, which Imperva believes is linked with the ongoing Democratic primary elections. The US was attacked most frequently by actors from Russia (22 percent), Ukraine (12 percent) and China (9 percent), and almost all attacks (99 per cent) were carried out by bots.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

• Cybersecurity Cloud Transition Likely to Accelerate: Reported in Security Boulevard, “Over half of respondents (52%) began migrating to cloud-based security tools during or before 2018, while nearly one-fifth (18%) waited until 2019. Another 3% started in 2020, while 13% have not started. The rest of the respondents said they don’t know if they will migrate.”
• Insurance giant Marsh sees growth in U.S. cyber coverage as manufacturers, other sectors obtain policies: Reported in Inside Cybersecurity, “Purchases of standalone cybersecurity policies grew in 2019 in the United States, according to an annual trends report from global insurance broker Marsh, with growth in cyber coverage among the firm’s manufacturing clients and the highest growth rate coming from the hospitality and gaming sector.”
• Coronavirus update: In the cyber world, the graph has yet to flatten: According to Check Point, “From January to March, we witnessed a drop of 17% monthly in the overall number of cyber threat activities in organizational networks worldwide. However, since mid-February, we have seen an escalation in the number of coronavirus-related cyber-attacks, and in the past 2 weeks alone, the numbers have increased dramatically from a few hundred daily to as high as over 5,000 on March 28. On average, there have been over 2,600 attacks daily.”
• Ransomware Payments on the Rise: Reported in Infosecurity Magazine, “New research published March 31 by CyberEdge shows that both the number of ransomware attacks and the percentage of attacks that result in payment have increased every year since 2017. The CyberEdge 2020 Cyberthreat Defense Report states 62% of organizations were victimized by ransomware in 2019, up from 56% in 2018 and 55% in 2017.”
• Growing Complexity of Managing Enterprise Cybersecurity is Increasing CISO Fatigue and Burnout: Reported in Security Week, “42% of respondents defined cybersecurity fatigue as virtually giving up on proactively defending against malicious actors. Ninety-six percent said that the complexity of managing a multi-vendor environment is a major contributor to this fatigue.”
• Global E-Commerce Fraud to Top $25bn by 2024: Reported in Infosecurity Magazine, “Global online payment fraud losses are set to soar by more than 50% over the coming four years to exceed $25bn per year, according to a new report from Juniper Research. The market analyst’s report, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2020-2024, predicted a 52% growth in merchant losses to scams over the period.”

Cybersecurity Acquisitions

News about two major cybersecurity company acquisitions was reported last week:

• Palo Alto Networks to Buy CloudGenix for $420M: Reported in Dark Reading, “Palo Alto Networks has agreed to acquire cloud-based SD-WAN provider CloudGenix for about $420 million in cash. Its goal is to build out the capabilities of its Prisma Access SASE platform. […] Palo Alto Networks plans to integrate CloudGenix's cloud-based SD-WAN products to improve onboarding for remote branches and stores into Prisma Access.”
• McAfee Completes Light Point Security Acquisition: According to a press release, “McAfee announced it has completed its acquisition of Light Point Security, LLC, an award-winning pioneer of browser isolation. The Baltimore-based Light Point Security team is now part of McAfee and will begin integrating its innovative technology into the cloud-native McAfee Secure Web Gateway and McAfee’s MVISION Unified Cloud Edge (UCE) offerings.”