April 2022 Cyber Recap The ever-changing cybersecurity landscape can be hard to keep up with. The introduction of new technologies such as cryptocurrency and the ever-changing nature of threats from hackers require constant attention. Below are some "quick hits” from April, including some noteworthy updates and developments that might be helpful [...]
Did you know? Ransomware attack costs can be seven times higher than ransom Did you know? Collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors, according to a recent analysis conducted by researchers at Check Point. This [...]
Recent Cyber Attacks Prove that MFAs are not All Created Equal WHAT HAPPENED? Within the past few months, two hacker groups, a data extortion gang known as Lapsu$ and elite Russian-state threat actors known as Cozy Bear, have successfully bypassed multifactor authentications (“MFA”). MFA is a defense mechanism companies and [...]
March 2022 Cyber Recap WHAT HAPPENED? Significant changes are on the horizon for cybersecurity requirements for investment advisers and other companies in critical infrastructure. March 9th, 2022: On March 9th, 2022, the SEC proposed rules and amendments surrounding cybersecurity for RIAs and public companies to enhance disclosures regarding cybersecurity risks management, strategy, [...]
CISA Issues “Shields Up” Advisory WHAT HAPPENED? The Cybersecurity & Infrastructure Security Agency’s (“CISA”) issued a “Shields Up” message to every U.S. organization in response to Russia’s unprovoked attack on Ukraine, which included cyber attacks on the Ukrainian government and critical infrastructure. According to CISA, there are no specific or [...]
Cybersecurity Risk Management WHAT HAPPENED? On February 9th, 2022, the SEC announced its proposed rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act (collectively, the “proposed cybersecurity risk management rules”). The proposed cybersecurity risk management rules codify the requirement for advisers to maintain comprehensive cybersecurity [...]
SEC Commissioner Signals Regulatory Changes are underway for Cybersecurity WHAT HAPPENED? SEC Chair Gensler spoke at Northwestern Pritzker School of Law’s Annual Securities Regulation Institute yesterday, where he focused on the Commission’s cybersecurity initiatives and a potential cybersecurity regulatory overhaul. Cybersecurity has been a long-standing priority for the SEC and the recent [...]
Phishing Via Gmail Accounts WHAT HAPPENED? A survey conducted by Barracuda surveyed 10,500 organizations and found that 35% of them had at least one bait attack email in September 2021 alone. Bait attacks are becoming more frequent, and it appears that bad actors who distribute this special kind of phishing email prefer [...]
Advisory on Russian Threats to Infrastructure WHAT HAPPENED? CISA, the FBI, and the NSA have released a joint cybersecurity advisory that gives oversight on Russian cyber operations including their observations on tactics, techniques, and procedures. WHAT DOES THIS MEAN FOR ME? These organizations are working together to help the [...]
Importance of Patching Log4j Flaw WHAT HAPPENED? The Federal Trade Commission (FTC) has warned U.S. organizations failing to secure customer data against Log4Shell zero-day vulnerability could face legal repercussions. The week of January 3rd, the consumer protection agency warned that the serious flaw in the Log4j logging library is being exploited [...]