Article Title– Companies Grapple with Expanding Cyber Rules
Article Summary: The article analyzes the procedural complexities faced by United States (US) companies when reporting confirmed cyber-attacks to US regulators. It discusses the significance of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which is the most comprehensive federal law regulating US critical infrastructures. The law identifies 16 sectors crucial to the US, whose incapacitation could have devastating effects on national security. CIRCIA mandates covered entities to report cyber incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within specific timeframes. The law applies to all federal government agencies and publicly traded companies and is punitive, with severe penalties for making false statements within a CIRCIA report.
A US company’s noncompliance with the regulations outlined in the act could result in the entity being suspended or debarred from conducting business with the US federal government.
Article Highlight(s): This article raises concerns voiced by cybersecurity leaders regarding the implementation of CIRCIA’s regulations, noting that they often fail to align with existing rules and create additional bureaucracy. For example, suppose a publicly traded financial company experiences a cyberattack and decides to pay a ransom. In that case, it must report the incident to multiple federal government agencies by the specified deadline. If the company is a mortgage lender, it must also report the incident to other relevant federal government agencies. This reporting burden extends to companies in various critical infrastructure sectors. Apart from federal requirements, most companies must also report incidents to state organizations and regulators, as well as those in other states and host nations, if applicable. Ultimately, these requirements are viewed as an excessive burden on incident-response teams within publicly traded companies. The article highlights that each layer of regulation adds complexity to the process of reporting incidents.
Recommendation(s) Identified: To pass laws that require US companies to streamline the reporting process to as few state and federal agencies as possible.
Opinion(s): The scope of CIRCIA is insufficient, and its demands on publicly traded companies may be unreasonably high. CIRCIA is essential as it enhances protection for potentially hundreds of millions, if not billions, of consumer and privacy data, even if this protection is only fully realized during the reporting process. However, it does not apply to privately owned companies. With over 25 million companies registered in the US at the end of 2023 and less than 4,000 being publicly traded, it’s highly likely that most companies conduct business over the Internet and are vulnerable to cyber-attacks that they are not obligated to disclose. Without new laws addressing this gap, the true impact of cyber-attacks on US companies remains unknown.
It is reasonable for publicly traded companies to recommend a more efficient approach to protect what the article did not address: their reputation and credibility. The suggestions in the article imply that it would be more effective to minimize reporting to a select few agencies, potentially streamlining processes and reducing bureaucratic burdens on companies. Furthermore, limiting the number of agencies with access to proprietary company data would likely enhance controls over the dissemination of information that could damage the company’s image.
Schools Face Million-Dollar Bills as Ransomware Rises
This article talked about the increase in ransomware attacks on colleges and universities. The State of Ransomware in Education 2024 report found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more. In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m. The most common root causes for ransomware in the sector included vulnerability exploits, malicious emails, and compromised credentials. The education sector is interesting for attackers because they hold large swathes of sensitive information regarding students, parents, and staff. Schools and universities have undergone tremendous modernization programs, with all aspects of the learning experience for students, dependent on IT systems. These modernization programs have not always been accompanied by an appropriate focus on security. Education institutions also faced longer recovery times, in part because ransomware groups increasingly target backups as well as primary data. Of the organizations reporting ransomware attacks, 95% said cybercriminals attempted to compromise backups, and 71% succeeded in doing so. https://www.infosecurity-magazine.com/news/schools-ransomware-rises/?utm_source=dlvr.it&utm_medium=linkedin
Avis Car Rental Suffers a Data Breach Impacting Nearly 300,000 Customers
Avis Car Rental experienced a data breach affecting nearly 300,000 customers between August 3 and August 6, 2024. The breach was detected on August 5, and Avis quickly responded by cutting off the attacker’s access, launching an investigation, and notifying the appropriate authorities. The breach exposed personally identifiable information (PII), though it appears that sensitive data such as credit card numbers or Social Security numbers were not compromised. Avis offered affected customers 12 months of free credit monitoring and identity protection services.
The company reported that the breach stemmed from insider wrongdoing and is working with cybersecurity experts to strengthen its security measures. The incident highlights the growing trend of cyberattacks on car rental companies, with other firms such as Sixt and Enterprise Holdings also falling victim to cyber threats in recent years. Avis has since implemented additional safeguards and is actively reviewing its security protocols to prevent future breaches.
Article Title: 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
A 17-year-old teenager in London was arrested for disrupting Transport for London on September 1st, 2024. The cyber attack compromised the bank details of approximately 5000 customers. The suspect who was released on bail is being investigated by the National Crime Agency. Transport for London now requires 30,000 staff members to complete IT identity checks as a precaution. This incident then raised concerns about cyber attacks on public transportation and infrastructure as a consequence.
I chose this article because it highlights the process and effects of a breach. The attack lead to the Transport for London to raise concerns regarding their data security and privacy.
On September 12, 2024, Fortinet announced that they had suffered a security incident after a hacker leaked 440 GB of data allegedly stolen from an Azure SharePoint instance. The hacker claimed the release was due to Fortinet’s refusal to pay a ransom. Fortinet mentioned that only a small portion of files was breached affecting less than 0.3% of its customer base, and stated that its business operations, products, and services were not affected. An investigation, supported by external experts, found no evidence of malicious activity or further unauthorized access, and the company does not anticipate any significant impact on its financial status. Law enforcement and cybersecurity agencies have been notified about the breach.
National Public Data confirms massive data breach included Social Security numbers
What could be more appropriate to talk about when we are talking about the Target breach then the even larger breach that just happened that also contains data that can never be changed for each US Citizen? While the Target breach was bad and exposed many of the problems that exist within the retail industry at this point steps have been taken in order to mitigate that risk. The social security breach exposes an, in my opinion, even greater risk. One that is baked into the fabric of American society. We use our social security numbers, a nine digit number that can never be changed, for everything. Loans, employment, banking, applying for school. With the sheer amount of databases that our SSNs are stored in it is only a matter of time until our identities are stolen via this method. Because of this I would argue that the federal government needs to come up with a better solution in order to protect its citizens, possibly rotating SSNs or a version of two factor authentication that can be managed via a centralized system.
Article Title: Home Depot Confirms Data Breach After Employee Info Appears on Hacker Forum
Home Depot confirmed the data of around 10,000 employees was exposed and published online by a well-known offender. The data includes corporate IDs, names, and email addresses, which could be used for targeted phishing attempts to gain access into Home Depot’s network. Like in the Target Case, the breach occurred through a third-party Software-as-a-service (SaaS) vendor, where they inadvertently made public a small sample of Home Depot associates’ data during testing of their systems. The attack demonstrates the vulnerabilities that occur when sensitive data is handled between large organizations and third-party vendors.
The growing threat of cyber-attacks has led to the creation of cybersecurity programs across colleges and universities, with a focus on filling over 500,000 open cybersecurity jobs in the U.S. National Cyber Director Harry Coker highlights the constant, invisible dangers posed by both nation-state actors, such as China, Russia, North Korea, and Iran, and cybercriminals targeting vulnerable sectors like schools and hospitals. The Pennsylvania Cybersecurity Center (PCC) is addressing this gap by connecting individuals with cybersecurity jobs and partnering with high schools to offer dual enrollment programs, allowing students to earn college credits toward cybersecurity careers. Funded by a $1.1 million grant, the program aims to train a new generation of professionals, with Coker emphasizing the importance of creativity, agility, and commitment in combating cyber threats.
Class Is Back In Session: Time To Study Up On Data Privacy And Security – Forbes
Data breaches can lead to legal liability and the theft of intellectual property assets and can open students up to identity theft, fraud and extortion. Furthermore, a 2023 report from IBM found that the average breach in higher education cost $3.65 million.
As a result of these realities, we are beginning to see an influx of new data privacy legislation specifically focused on how colleges and universities manage and secure their data
Maryland has new state privacy laws requiring high education institutions to adopt a privacy governance program, develop and adopt an information security and risk management program, publish privacy notices and more.
The article notes that higher education institutions should do the following:
– Establish comprehensive data privacy governance programs
– Identify, catalog, and encrypt sensitive data
– Develop response and recovery plans
– Utilize platforms to automate data privacy, security and governance to help manage compliance.
1,000+ ServiceNow Instances Leaking Corporate Data Via Knowledge Bases
The article is question revealed that more than a 1000+ ServiceNow instances were leaking proprietary information because of misconfigurations access control.
ServiceNow is an industry leading Enterprise Resource Planning (ERP) system that is well known for its IT Service Management functions (ITSM). It was revealed that some Knowledge Bases (KB) Articles were at risk of divulging proprietary and internal information about systems to the public. KB Articles are knowledge sharing forums that teach personnel how to perform tasks (raise requests, store information, start up instances, etc) and provide understanding of internal processes. Some of these KB Articles did not have security controls in place to restrict the access to internal users, this could be a huge impact to the Confidentiality of information systems if a threat actor was to come across some of these KB Articles). Any skilled threat actor or crime organization could use this vulnerability to understand an organization’s network and the weak points that would fall victim to attacks.
This threat is an example of how miniscule details could pose huge security risk and impact to an organization.
Earlier this week AT&T has to pay $13 million to settle an Federal Communications Commission investigation into the cloud data leak. Its data leak last year raised the largest issue of whether it protected customer data. AT&T revealed in July 2024 that hackers stole virtually all current and previous customers’ call and text histories in April 2024. This incident affected AT&T subscribers and anybody who corresponded with them between May 2022 and January 2023. Call records, text message logs, and mobile tower location data for certain consumers were hacked. Although the conversations and sensitive personal information like social security numbers and credit card numbers were not compromised, the breach of privacy concerns.
Hackers stole phone records from April 14 – 25, 2024. AT&T became aware of the breach on April 19, 2024, when hackers claimed to have stolen the call logs. However, the U.S. DOJ advised delaying public disclosure of the breach on May 9, 2024…… On May 17, a hacker associated with the “ShinyHunters group” claimed that AT&T paid a ransom of $373,646 in connection with this breach. The Department of Justice suggested another delay in public announcement on June 5, 2024. It wasn’t until July 12, 2024, that AT&T publicly disclosed the data breach in a press release. AT&T’s poor third-party cloud storage technology allowed the compromise, similar to Target’s. Both attacks used weak security protections in external systems to obtain sensitive data. AT&T’s incident had poor cloud security, whereas Target’s featured a compromised vendor. Both of these article examples show how serious third-party vulnerabilities and the neeed for robust security
Uk Data Center to get new ‘Critical National Infrastructure’ Label
This article focuses on the new label that will give the United Kingdoms data and infrastructure systems more protection from cyberattacks. The importance of the UK’s data and infrastructure systems is that they are responsible for the country’s communications. The UK is putting there data centers on an equal level as water and energy. The new label is coming as several recent incidents have led to IT blackouts and shown how important it is to protect data and infrastructure systems. Furthermore the UK has seen an increasing number of disruptions that have affected health services across the country. Personally I found it interesting to read about how much cyberattacks have affected other country’s in recent years. In the US and now the UK, cyberattacks have made it essential to protect data and infrastructure as they are now just as important as water and energy. https://cybernews.com/news/uk-data-centers-critical-national-infrastructure-classification/
Posted by James N Nyamokoh
Title: Dark Web Researcher Warns Columbus, Ohio Residents About Ransomware Attack Bigger Than City Revealed
Published: September 15, 2024
In July 2024, the city of Columbus, Ohio, was hit by a ransomware attack led by a group called Rhysida. Local IT researcher Connor Goodwolf, who tracks cybercrime on the dark web, discovered over three terabytes of sensitive city data had been breached, including police records, personal details, and information on domestic violence victims. Goodwolf warned that the hack was far worse than the city publicly acknowledged, but when the city didn’t respond, he went to the media. In a surprising move, the city sued Goodwolf, citing concerns over public safety, which raised alarm among cybersecurity experts. They worry this legal action could discourage future whistleblowers and hurt transparency during cybersecurity incidents.
Jocque Sims says
Article Title– Companies Grapple with Expanding Cyber Rules
Article Summary: The article analyzes the procedural complexities faced by United States (US) companies when reporting confirmed cyber-attacks to US regulators. It discusses the significance of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which is the most comprehensive federal law regulating US critical infrastructures. The law identifies 16 sectors crucial to the US, whose incapacitation could have devastating effects on national security. CIRCIA mandates covered entities to report cyber incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within specific timeframes. The law applies to all federal government agencies and publicly traded companies and is punitive, with severe penalties for making false statements within a CIRCIA report.
A US company’s noncompliance with the regulations outlined in the act could result in the entity being suspended or debarred from conducting business with the US federal government.
Article Highlight(s): This article raises concerns voiced by cybersecurity leaders regarding the implementation of CIRCIA’s regulations, noting that they often fail to align with existing rules and create additional bureaucracy. For example, suppose a publicly traded financial company experiences a cyberattack and decides to pay a ransom. In that case, it must report the incident to multiple federal government agencies by the specified deadline. If the company is a mortgage lender, it must also report the incident to other relevant federal government agencies. This reporting burden extends to companies in various critical infrastructure sectors. Apart from federal requirements, most companies must also report incidents to state organizations and regulators, as well as those in other states and host nations, if applicable. Ultimately, these requirements are viewed as an excessive burden on incident-response teams within publicly traded companies. The article highlights that each layer of regulation adds complexity to the process of reporting incidents.
Recommendation(s) Identified: To pass laws that require US companies to streamline the reporting process to as few state and federal agencies as possible.
Opinion(s): The scope of CIRCIA is insufficient, and its demands on publicly traded companies may be unreasonably high. CIRCIA is essential as it enhances protection for potentially hundreds of millions, if not billions, of consumer and privacy data, even if this protection is only fully realized during the reporting process. However, it does not apply to privately owned companies. With over 25 million companies registered in the US at the end of 2023 and less than 4,000 being publicly traded, it’s highly likely that most companies conduct business over the Internet and are vulnerable to cyber-attacks that they are not obligated to disclose. Without new laws addressing this gap, the true impact of cyber-attacks on US companies remains unknown.
It is reasonable for publicly traded companies to recommend a more efficient approach to protect what the article did not address: their reputation and credibility. The suggestions in the article imply that it would be more effective to minimize reporting to a select few agencies, potentially streamlining processes and reducing bureaucratic burdens on companies. Furthermore, limiting the number of agencies with access to proprietary company data would likely enhance controls over the dissemination of information that could damage the company’s image.
Works Cited
Rundle, J. (2024, August 30). Companies Grapple With Expanding Cyber Rules. Retrieved from The Wall Street Journal: https://www.wsj.com/articles/companies-grapple-with-expanding-cyber-rules-19f8a4de?st=4sy87b00ubatxc0&reflink=article_email_share
Nelson Ezeatuegwu says
Schools Face Million-Dollar Bills as Ransomware Rises
This article talked about the increase in ransomware attacks on colleges and universities. The State of Ransomware in Education 2024 report found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more. In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m. The most common root causes for ransomware in the sector included vulnerability exploits, malicious emails, and compromised credentials. The education sector is interesting for attackers because they hold large swathes of sensitive information regarding students, parents, and staff. Schools and universities have undergone tremendous modernization programs, with all aspects of the learning experience for students, dependent on IT systems. These modernization programs have not always been accompanied by an appropriate focus on security. Education institutions also faced longer recovery times, in part because ransomware groups increasingly target backups as well as primary data. Of the organizations reporting ransomware attacks, 95% said cybercriminals attempted to compromise backups, and 71% succeeded in doing so.
https://www.infosecurity-magazine.com/news/schools-ransomware-rises/?utm_source=dlvr.it&utm_medium=linkedin
Christopher Williams says
Avis Car Rental Suffers a Data Breach Impacting Nearly 300,000 Customers
Avis Car Rental experienced a data breach affecting nearly 300,000 customers between August 3 and August 6, 2024. The breach was detected on August 5, and Avis quickly responded by cutting off the attacker’s access, launching an investigation, and notifying the appropriate authorities. The breach exposed personally identifiable information (PII), though it appears that sensitive data such as credit card numbers or Social Security numbers were not compromised. Avis offered affected customers 12 months of free credit monitoring and identity protection services.
The company reported that the breach stemmed from insider wrongdoing and is working with cybersecurity experts to strengthen its security measures. The incident highlights the growing trend of cyberattacks on car rental companies, with other firms such as Sixt and Enterprise Holdings also falling victim to cyber threats in recent years. Avis has since implemented additional safeguards and is actively reviewing its security protocols to prevent future breaches.
https://www.cpomagazine.com/cyber-security/avis-car-rental-suffers-a-data-breach-impacting-nearly-300000-customers/
Neel Patel says
Article Title: 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
A 17-year-old teenager in London was arrested for disrupting Transport for London on September 1st, 2024. The cyber attack compromised the bank details of approximately 5000 customers. The suspect who was released on bail is being investigated by the National Crime Agency. Transport for London now requires 30,000 staff members to complete IT identity checks as a precaution. This incident then raised concerns about cyber attacks on public transportation and infrastructure as a consequence.
I chose this article because it highlights the process and effects of a breach. The attack lead to the Transport for London to raise concerns regarding their data security and privacy.
Link: https://thehackernews.com/2024/09/17-year-old-arrested-in-connection-with.html
Aisha Ings says
Fortinet Data Breach Impacts Customer Information
On September 12, 2024, Fortinet announced that they had suffered a security incident after a hacker leaked 440 GB of data allegedly stolen from an Azure SharePoint instance. The hacker claimed the release was due to Fortinet’s refusal to pay a ransom. Fortinet mentioned that only a small portion of files was breached affecting less than 0.3% of its customer base, and stated that its business operations, products, and services were not affected. An investigation, supported by external experts, found no evidence of malicious activity or further unauthorized access, and the company does not anticipate any significant impact on its financial status. Law enforcement and cybersecurity agencies have been notified about the breach.
Source: https://www.securityweek.com/fortinet-data-breach-impacts-customer-information/
Benjamin Rooks says
National Public Data confirms massive data breach included Social Security numbers
What could be more appropriate to talk about when we are talking about the Target breach then the even larger breach that just happened that also contains data that can never be changed for each US Citizen? While the Target breach was bad and exposed many of the problems that exist within the retail industry at this point steps have been taken in order to mitigate that risk. The social security breach exposes an, in my opinion, even greater risk. One that is baked into the fabric of American society. We use our social security numbers, a nine digit number that can never be changed, for everything. Loans, employment, banking, applying for school. With the sheer amount of databases that our SSNs are stored in it is only a matter of time until our identities are stolen via this method. Because of this I would argue that the federal government needs to come up with a better solution in order to protect its citizens, possibly rotating SSNs or a version of two factor authentication that can be managed via a centralized system.
Source: https://www.usatoday.com/story/tech/2024/08/17/social-security-hack-national-public-data-confirms/74843810007/
Ericberto Mariscal says
Article Title: Home Depot Confirms Data Breach After Employee Info Appears on Hacker Forum
Home Depot confirmed the data of around 10,000 employees was exposed and published online by a well-known offender. The data includes corporate IDs, names, and email addresses, which could be used for targeted phishing attempts to gain access into Home Depot’s network. Like in the Target Case, the breach occurred through a third-party Software-as-a-service (SaaS) vendor, where they inadvertently made public a small sample of Home Depot associates’ data during testing of their systems. The attack demonstrates the vulnerabilities that occur when sensitive data is handled between large organizations and third-party vendors.
https://www.pcmag.com/news/home-depot-confirms-data-breach-after-employee-info-appears-on-hacker-forum
Andrea Baum says
Colleges Spearheading Cybersecurity Programs
https://www.wkbn.com/news/local-news/hermitage-news/colleges-spearheading-cybersecurity-programs/
The growing threat of cyber-attacks has led to the creation of cybersecurity programs across colleges and universities, with a focus on filling over 500,000 open cybersecurity jobs in the U.S. National Cyber Director Harry Coker highlights the constant, invisible dangers posed by both nation-state actors, such as China, Russia, North Korea, and Iran, and cybercriminals targeting vulnerable sectors like schools and hospitals. The Pennsylvania Cybersecurity Center (PCC) is addressing this gap by connecting individuals with cybersecurity jobs and partnering with high schools to offer dual enrollment programs, allowing students to earn college credits toward cybersecurity careers. Funded by a $1.1 million grant, the program aims to train a new generation of professionals, with Coker emphasizing the importance of creativity, agility, and commitment in combating cyber threats.
Brittany Pomish says
Class Is Back In Session: Time To Study Up On Data Privacy And Security – Forbes
Data breaches can lead to legal liability and the theft of intellectual property assets and can open students up to identity theft, fraud and extortion. Furthermore, a 2023 report from IBM found that the average breach in higher education cost $3.65 million.
As a result of these realities, we are beginning to see an influx of new data privacy legislation specifically focused on how colleges and universities manage and secure their data
Maryland has new state privacy laws requiring high education institutions to adopt a privacy governance program, develop and adopt an information security and risk management program, publish privacy notices and more.
The article notes that higher education institutions should do the following:
– Establish comprehensive data privacy governance programs
– Identify, catalog, and encrypt sensitive data
– Develop response and recovery plans
– Utilize platforms to automate data privacy, security and governance to help manage compliance.
Link: https://www.forbes.com/councils/forbestechcouncil/2024/09/13/class-is-back-in-session-time-to-study-up-on-data-privacy-and-security/
Gbolahan Afolabi says
1,000+ ServiceNow Instances Leaking Corporate Data Via Knowledge Bases
The article is question revealed that more than a 1000+ ServiceNow instances were leaking proprietary information because of misconfigurations access control.
ServiceNow is an industry leading Enterprise Resource Planning (ERP) system that is well known for its IT Service Management functions (ITSM). It was revealed that some Knowledge Bases (KB) Articles were at risk of divulging proprietary and internal information about systems to the public. KB Articles are knowledge sharing forums that teach personnel how to perform tasks (raise requests, store information, start up instances, etc) and provide understanding of internal processes. Some of these KB Articles did not have security controls in place to restrict the access to internal users, this could be a huge impact to the Confidentiality of information systems if a threat actor was to come across some of these KB Articles). Any skilled threat actor or crime organization could use this vulnerability to understand an organization’s network and the weak points that would fall victim to attacks.
This threat is an example of how miniscule details could pose huge security risk and impact to an organization.
Source: https://cybersecuritynews.com/servicenow-instances-leaking-corporate-data/
Tache Johnson says
Earlier this week AT&T has to pay $13 million to settle an Federal Communications Commission investigation into the cloud data leak. Its data leak last year raised the largest issue of whether it protected customer data. AT&T revealed in July 2024 that hackers stole virtually all current and previous customers’ call and text histories in April 2024. This incident affected AT&T subscribers and anybody who corresponded with them between May 2022 and January 2023. Call records, text message logs, and mobile tower location data for certain consumers were hacked. Although the conversations and sensitive personal information like social security numbers and credit card numbers were not compromised, the breach of privacy concerns.
Hackers stole phone records from April 14 – 25, 2024. AT&T became aware of the breach on April 19, 2024, when hackers claimed to have stolen the call logs. However, the U.S. DOJ advised delaying public disclosure of the breach on May 9, 2024…… On May 17, a hacker associated with the “ShinyHunters group” claimed that AT&T paid a ransom of $373,646 in connection with this breach. The Department of Justice suggested another delay in public announcement on June 5, 2024. It wasn’t until July 12, 2024, that AT&T publicly disclosed the data breach in a press release. AT&T’s poor third-party cloud storage technology allowed the compromise, similar to Target’s. Both attacks used weak security protections in external systems to obtain sensitive data. AT&T’s incident had poor cloud security, whereas Target’s featured a compromised vendor. Both of these article examples show how serious third-party vulnerabilities and the neeed for robust security
Article link
https://foundation.mozilla.org/en/privacynotincluded/articles/att-had-a-huge-data-breach-heres-what-you-need-to-know/
https://www.cbsnews.com/news/att-to-pay-13-million-customer-data-breach/
Vincenzo Macolino says
Uk Data Center to get new ‘Critical National Infrastructure’ Label
This article focuses on the new label that will give the United Kingdoms data and infrastructure systems more protection from cyberattacks. The importance of the UK’s data and infrastructure systems is that they are responsible for the country’s communications. The UK is putting there data centers on an equal level as water and energy. The new label is coming as several recent incidents have led to IT blackouts and shown how important it is to protect data and infrastructure systems. Furthermore the UK has seen an increasing number of disruptions that have affected health services across the country. Personally I found it interesting to read about how much cyberattacks have affected other country’s in recent years. In the US and now the UK, cyberattacks have made it essential to protect data and infrastructure as they are now just as important as water and energy.
https://cybernews.com/news/uk-data-centers-critical-national-infrastructure-classification/
David Lanter says
Posted by James N Nyamokoh
Title: Dark Web Researcher Warns Columbus, Ohio Residents About Ransomware Attack Bigger Than City Revealed
Published: September 15, 2024
In July 2024, the city of Columbus, Ohio, was hit by a ransomware attack led by a group called Rhysida. Local IT researcher Connor Goodwolf, who tracks cybercrime on the dark web, discovered over three terabytes of sensitive city data had been breached, including police records, personal details, and information on domestic violence victims. Goodwolf warned that the hack was far worse than the city publicly acknowledged, but when the city didn’t respond, he went to the media. In a surprising move, the city sued Goodwolf, citing concerns over public safety, which raised alarm among cybersecurity experts. They worry this legal action could discourage future whistleblowers and hurt transparency during cybersecurity incidents.
Source: CNBC
Link: https://www.cnbc.com/2024/09/15/dark-web-expert-warned-us-hometown-about-big-hack-the-city-is-suing.html