This is a research paper from Stanford university that looks into what causes human error in the workforce. While there are a lot of interesting conclusions in this study, such as the reasons why employees fall for phishing emails, the one part of this that I really wanted to outline is the fact that 88% of breaches are caused by human error. As we saw with last week’s case study, that human error does not necessarily need to even come from within the organization itself. This study and that case illustrates the importance of having comprehensive cybersecurity training programs within companies.
Title: Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats
Firewalls are a cornerstone of network security, having a firewall may be the first step towards securing your network but they must be augmented by the intelligence powered security solutions that work proactively to protect organizations from threats. This isn’t really a news article, but I found it relating to the second question about our readings discussing cost-effective training and I found that infosec magazine often hosts training webinars for anyone that is registered to their website. This session will include the following:
• Explore insights into firewall capabilities, including challenges, pain points and future trends.
• Discover actionable strategies to protect your organization from advanced cyber threats.
• Learn about the economic and security benefits of threat intelligence powered solutions like CleanINTERNET.
This is one of the many IS resources that can help us stay current and informed.
In The News Article – Beyond the Code: Modern Cybersecurity Training for 2024
Brief Summary: The article discusses the shortcomings of the current security awareness training provided by cybersecurity leaders. It emphasizes that in 2023, 74 percent of all breaches involved human error, such as employees falling victim to social engineering attacks. These attacks involve information gathering, establishing relationships, exploitation, and execution, allowing cybercriminals to gain access or exploit vulnerabilities within the organization. The article suggests that the minimum compliance training requirements are enabling these attacks. It concludes that using experiential learning, such as role-play, interactive games, and simulations, to help employees better understand the psychology behind cybercriminal tactics can prepare them to detect manipulative tactics in various security situations.
The Article recommended a popular role-playing game called Piece of Cake – the Social Engineering Security Awareness Tabletop Game. It allows the participants to play with manipulative tactics in different scenarios that address security challenges in a play way. It can be tailored to specific job functions; it claims that teams will understand through experiential learning why security training is relevant to them.
CISA Releases Plan to Align Cybersecurity Across Federal Agencies
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a plan to improve cybersecurity across federal agencies by aligning their defense strategies. Right now, agencies handle their own cybersecurity, leading to inconsistencies and gaps in protection. CISA’s plan, called the FOCAL plan, aims to create more coordinated defenses, better communication, and improved resilience.
The plan focuses on key areas like managing assets, addressing vulnerabilities, securing architecture, managing supply chain risks, and improving incident response. While the plan sets important guidelines, implementing it will be challenging due to staffing shortages, resource limitations, and the complexity of coordinating across many different agencies. Despite these hurdles, the plan provides a strong foundation for improving federal cybersecurity.
Title: 23andMe Agrees to $30M Settlement That Could Pay $10,000 to Data Breach Victims
23andMe agreed to a $30 million settlement for a 2023 data breach. Around half of the company’s 14 million users saw their personal information exposed in the leak, which first began in April 2023.
The lawsuit accusing the company of not doing enough to protect its customers was filed in January of this year. The suit also accused 23andMe of not notifying certain customers with Chinese or Ashkenazi Jewish ancestry that their data was targeted specifically and spread on the dark web. As part of the proposed settlement, which still requires preliminary court approval, the company will provide as much as $10,000 to qualifying customers, depending on the hardships they incurred, as well as other security services. 23andMe will also provide identity monitoring services for three years to affected users.
One Million US Kaspersky Customers Transferred to Pango’s UltraAV
The department of commerce ban Kaspersky from sale of its antivirus software in the United States. Us customers has been given until September 29 to migrate to other products because kaspersky’s network will have to stop operating and software updates will no longer be provided. Now, it has been announced that Kaspersky customers in the United States will be transferred to UltraAV, a little-known antivirus brand based in the US. In addition to UltraAV, other Pango brands include VPN360, OVPN, UltraVPN, Betternet, AnchorVPN, and Hotspot Shield.
Tite: FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
In September 2024, the FBI took down the WWH Club, a dark web marketplace run by Russian and Kazakh nationals, involved in selling stolen personal and financial data. The site, operational since 2014, also offered cybercrime training to aspiring hackers, teaching methods like fraud and hacking. The two administrators, Alex Khodyrev and Pavel Kublitskii, were arrested for their roles in running the marketplace.
This event connects to the week’s topic, Creating a Security Aware Organization, as it underscores the value of training and awareness in both detecting and preventing cybercrime activities. Organizations must educate employees and foster a culture of vigilance to stay ahead of evolving cyber threats.
Title: Combating phishing attacks through awareness and simulation
The article states how phishing is a simple but very effective tool for hackers. Even though security standards have improved with multi-factor authentication, HTTPS encryption, and more, many users can fall victim due to poor security habits. Organizations must implement comprehensive security policies. Educating employees on identifying phishing attempts and updating security measures regularly is imperative. Simulating phishing attacks is a great step to test employee awareness and adherence to policy. These two practices will contribute to a security-aware organization that can defend against threats like phishing.
I chose this article because it ties into last week’s Case Study. A phishing attack compromised a large quantity of Target’s customers’ data. Simulating phishing attacks with Target employees and partners can improve employee awareness of threats like that.
One-third of the US population’s background info is now public
A major data breach at MC2 Data, a background check company, exposed over 2 TB of sensitive personal information on over 100 million U.S. citizens. Due to human error, the data was left exposed online without any password protection, making it easily accessible. The leaked data included names, addresses, emails, birthdates, legal and propertyrecords, and employment histories, putting individuals at risk of identity theft and cybercriminal misuse. Additionally, data from 2.3 million subscribers, including employers and law enforcement, was compromised. MC2 faces potential legal consequences and reputational damage, raising serious concerns about the security practices of background check firms.
Why ‘Never Expire’ Passwords Can Be a Risky Decision
This Articles explains the importance of removing the mandates for forcing users to frequently reset their passwords. Institutions such as the UK government have stated that quarterly password resets are ineffective because they encourage some users to reuse the same type of passwords with little variations and could even prompt some users to write them down since they change so frequently. This defeats the purpose of introducing strong passwords frequently to lower the duration of access threat actors might have to a system.
The article reiterates the importance of password changes by explaining the impact of brute force attacks and other types of security attacks. If an employee sticks to one strong password, they are likely to use the same password for their personal accounts such as Netflix and other social media sites. This creates a risk for advance persistent threats where attackers gain access to systems without being detected. Guidelines such as NIST have recommendations against never expiring passwords unless organizations have effective ways of identifying compromised accounts.
MoneyGram International is working to restore its global money transfer service after taking it offline due to a cybersecurity issue. The company has provided updates via social media, assuring customers that pending transactions will be completed once systems are fully operational. MoneyGram is collaborating with cybersecurity experts and law enforcement to resolve the issue. The outage, heavily reported over the weekend and tracked by Downdetector, has affected customers who rely on the service for cross-border payments, with Mexico and India being the largest receivers of these transfers. MoneyGram processes over $200 billion annually, serving more than 50 million people across 200 countries.
“Companies Face Risk of Huge Fines and Suspensions Under Tough New Cyber Rules in the EU,” published in September 2024, discusses the introduction of the Network and Information Security Directive 2 (NIS 2 Directive) in the European Union, which is set to enforced on October 17, 2024. I thought this was interesting, especially as someone who is currently working at an international company; all major international tech companies will have to ablige by this new regulation. This new directive aims to significantly enhance cybersecurity standards across the EU by requiring companies to adopt stricter internal cybersecurity strategies, improve their cyber resilience, and take more accountability for reporting and managing cyber threats.
Under the new NIS 2 regulations, companies that provide essential services, such as banks, healthcare institutions, energy suppliers, and transportation firms, will face fines up to €10 million euros or 2% of global annual revenue for noncompliance. The directive expands its scope to include more sectors, imposes faster breach reporting requirements (24 hours), and stresses the importance of monitoring supply chain risks.
Link to the article: https://www.cnbc.com/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html
Columbus, Ohio Ransomware Attack
There was a ransomware attack on the city of Columbus. City officials released a statement days after the attack describing it as, “an abnormality in its system on July 18,” and took all city systems offline. It is speculated that the city initially downplayed the gravity of the situation and advised residents that personal data was not stolen. The city released a statement about 2 weeks alter that they found out personal information was hacked at the same time the public did. A local whistleblower speculated that personal data was obtained and not just employee data but resident data as well. The cyberattack group demanded about $2million in Bitcoin for the 6.5terabytes of data stolen. They posted sample of the data online. The intersting part occurs around this time becasuse the mayor office claims the data was encrypted and not readable while the whistle blower claimed the sample data leaked shows easily readable data from a huge population of peop;e (basically anyone who swiped an ID in the past 10 years at City Hall or anyone that interacted withe the citys prosecutors office. In attempts to rectify the situation while the city investigates, they offer free credit monitoring to all residents. They have spent $4million dollars to date cleaning up and investigating the issue, employees are filing a class action law suits, residents are filing law suits, and there is a legal battle going on between the city and the whistleblower. At this time much information is unknown, there is no information on how the data was accessed, and 21% of city systems are still down.
Timeline: https://www.csoonline.com/article/3523971/ransomware-whistleblower-columbus-could-have-avoided-its-mistakes.html https://www.csoonline.com/article/3523971/ransomware-whistleblower-columbus-could-have-avoided-its-mistakes.html https://news.yahoo.com/news/columbus-data-breach-21-city-103718513.html
Disney to stop using Salesforce-owned Slack after hack exposed company data, report says
Walt Disney plans to stop using Slack as its company-wide collaboration tool after more than a terabyte of data was leaked by a hacking group. Disney’s CFO, Hugh Johnston, said most of the company’s businesses would discontinue using Slack later this year, with many teams already transitioning to other enterprise collaboration tools. The hacking group NullBulge had previously leaked data from Disney’s Slack channels, including sensitive information such as computer code and details of unreleased projects. NullBulge is known for compromising software supply chains through malicious files on coding platforms like GitHub and Hugging Face.
MoneyGram confirms a cyberattack is behind dayslong outage
MoneyGram is the second largest peer-to-peer payment and money transfer firm and recently had to shut down some of the services due to a cyberattack. Since MoneyGram is so large and deals with hundreds of millions of transfers a day its safe to assume that they face cyberattacks on a daily bases. The company shut down some of their servers on Friday last week and over the weekend customers began to complain which forced MoneyGram to announce they were experiencing network outages as a result of a cyberattack. In the article they state that MoneyGram never said what type of attack they suffered but based on the extended outage and loss of connectivity to systems its leaning towards a ransomware attack. The firm has done a decent job in protecting its customers, even though they were attacked it does not seam that there has been a data breach. MoneyGram may have caused an inconvenience for their customers by shutting down some servers for a few days, but other than that they have been able to protect their customers and themselves from a potentially catastrophic data breach.
Benjamin Rooks says
Title: Psychology of Human Error
This is a research paper from Stanford university that looks into what causes human error in the workforce. While there are a lot of interesting conclusions in this study, such as the reasons why employees fall for phishing emails, the one part of this that I really wanted to outline is the fact that 88% of breaches are caused by human error. As we saw with last week’s case study, that human error does not necessarily need to even come from within the organization itself. This study and that case illustrates the importance of having comprehensive cybersecurity training programs within companies.
Source: https://www.tessian.com/resources/psychology-of-human-error-2022/
Ericberto Mariscal says
Title: Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber Threats
Firewalls are a cornerstone of network security, having a firewall may be the first step towards securing your network but they must be augmented by the intelligence powered security solutions that work proactively to protect organizations from threats. This isn’t really a news article, but I found it relating to the second question about our readings discussing cost-effective training and I found that infosec magazine often hosts training webinars for anyone that is registered to their website. This session will include the following:
• Explore insights into firewall capabilities, including challenges, pain points and future trends.
• Discover actionable strategies to protect your organization from advanced cyber threats.
• Learn about the economic and security benefits of threat intelligence powered solutions like CleanINTERNET.
This is one of the many IS resources that can help us stay current and informed.
Link: https://www.infosecurity-magazine.com/webinars/reinforcing-firewall-security/
Jocque Sims says
In The News Article – Beyond the Code: Modern Cybersecurity Training for 2024
Brief Summary: The article discusses the shortcomings of the current security awareness training provided by cybersecurity leaders. It emphasizes that in 2023, 74 percent of all breaches involved human error, such as employees falling victim to social engineering attacks. These attacks involve information gathering, establishing relationships, exploitation, and execution, allowing cybercriminals to gain access or exploit vulnerabilities within the organization. The article suggests that the minimum compliance training requirements are enabling these attacks. It concludes that using experiential learning, such as role-play, interactive games, and simulations, to help employees better understand the psychology behind cybercriminal tactics can prepare them to detect manipulative tactics in various security situations.
The Article recommended a popular role-playing game called Piece of Cake – the Social Engineering Security Awareness Tabletop Game. It allows the participants to play with manipulative tactics in different scenarios that address security challenges in a play way. It can be tailored to specific job functions; it claims that teams will understand through experiential learning why security training is relevant to them.
Works Cited
Puhze, C. (2024, May 30). Beyond the Code: Modern Cybersecurity Training for 2024.
Retrieved from Information Week: https://www.informationweek.com/cyber-resilience/beyond-the-code-modern-cybersecurity-training-for-2024#close-modal
Christopher Williams says
CISA Releases Plan to Align Cybersecurity Across Federal Agencies
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a plan to improve cybersecurity across federal agencies by aligning their defense strategies. Right now, agencies handle their own cybersecurity, leading to inconsistencies and gaps in protection. CISA’s plan, called the FOCAL plan, aims to create more coordinated defenses, better communication, and improved resilience.
The plan focuses on key areas like managing assets, addressing vulnerabilities, securing architecture, managing supply chain risks, and improving incident response. While the plan sets important guidelines, implementing it will be challenging due to staffing shortages, resource limitations, and the complexity of coordinating across many different agencies. Despite these hurdles, the plan provides a strong foundation for improving federal cybersecurity.
https://www.darkreading.com/cybersecurity-operations/cisa-releases-plan-to-align-cybersecurity-across-federal-agencies
Brittany Pomish says
Title: 23andMe Agrees to $30M Settlement That Could Pay $10,000 to Data Breach Victims
23andMe agreed to a $30 million settlement for a 2023 data breach. Around half of the company’s 14 million users saw their personal information exposed in the leak, which first began in April 2023.
The lawsuit accusing the company of not doing enough to protect its customers was filed in January of this year. The suit also accused 23andMe of not notifying certain customers with Chinese or Ashkenazi Jewish ancestry that their data was targeted specifically and spread on the dark web. As part of the proposed settlement, which still requires preliminary court approval, the company will provide as much as $10,000 to qualifying customers, depending on the hardships they incurred, as well as other security services. 23andMe will also provide identity monitoring services for three years to affected users.
https://www.msn.com/en-us/news/technology/23andme-agrees-to-30m-settlement-that-could-pay-10000-to-data-breach-victims/ar-AA1qQfLe?ocid=BingNewsSerp
Nelson Ezeatuegwu says
One Million US Kaspersky Customers Transferred to Pango’s UltraAV
The department of commerce ban Kaspersky from sale of its antivirus software in the United States. Us customers has been given until September 29 to migrate to other products because kaspersky’s network will have to stop operating and software updates will no longer be provided. Now, it has been announced that Kaspersky customers in the United States will be transferred to UltraAV, a little-known antivirus brand based in the US. In addition to UltraAV, other Pango brands include VPN360, OVPN, UltraVPN, Betternet, AnchorVPN, and Hotspot Shield.
https://www.securityweek.com/one-million-us-kaspersky-customers-transferred-to-pangos-ultraav/
James Nyamokoh says
Tite: FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
In September 2024, the FBI took down the WWH Club, a dark web marketplace run by Russian and Kazakh nationals, involved in selling stolen personal and financial data. The site, operational since 2014, also offered cybercrime training to aspiring hackers, teaching methods like fraud and hacking. The two administrators, Alex Khodyrev and Pavel Kublitskii, were arrested for their roles in running the marketplace.
This event connects to the week’s topic, Creating a Security Aware Organization, as it underscores the value of training and awareness in both detecting and preventing cybercrime activities. Organizations must educate employees and foster a culture of vigilance to stay ahead of evolving cyber threats.
Link: https://thehackernews.com/2024/09/fbi-cracks-down-on-dark-web-marketplace.html
Neel Patel says
Title: Combating phishing attacks through awareness and simulation
The article states how phishing is a simple but very effective tool for hackers. Even though security standards have improved with multi-factor authentication, HTTPS encryption, and more, many users can fall victim due to poor security habits. Organizations must implement comprehensive security policies. Educating employees on identifying phishing attempts and updating security measures regularly is imperative. Simulating phishing attacks is a great step to test employee awareness and adherence to policy. These two practices will contribute to a security-aware organization that can defend against threats like phishing.
I chose this article because it ties into last week’s Case Study. A phishing attack compromised a large quantity of Target’s customers’ data. Simulating phishing attacks with Target employees and partners can improve employee awareness of threats like that.
Link: https://cybernews.com/security/combating-phishing-attacks/
Aisha Ings says
One-third of the US population’s background info is now public
A major data breach at MC2 Data, a background check company, exposed over 2 TB of sensitive personal information on over 100 million U.S. citizens. Due to human error, the data was left exposed online without any password protection, making it easily accessible. The leaked data included names, addresses, emails, birthdates, legal and propertyrecords, and employment histories, putting individuals at risk of identity theft and cybercriminal misuse. Additionally, data from 2.3 million subscribers, including employers and law enforcement, was compromised. MC2 faces potential legal consequences and reputational damage, raising serious concerns about the security practices of background check firms.
https://cybernews.com/security/us-mc2-background-check-data-leak/
Gbolahan Afolabi says
Why ‘Never Expire’ Passwords Can Be a Risky Decision
This Articles explains the importance of removing the mandates for forcing users to frequently reset their passwords. Institutions such as the UK government have stated that quarterly password resets are ineffective because they encourage some users to reuse the same type of passwords with little variations and could even prompt some users to write them down since they change so frequently. This defeats the purpose of introducing strong passwords frequently to lower the duration of access threat actors might have to a system.
The article reiterates the importance of password changes by explaining the impact of brute force attacks and other types of security attacks. If an employee sticks to one strong password, they are likely to use the same password for their personal accounts such as Netflix and other social media sites. This creates a risk for advance persistent threats where attackers gain access to systems without being detected. Guidelines such as NIST have recommendations against never expiring passwords unless organizations have effective ways of identifying compromised accounts.
Source: https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html
Andrea Baum says
MoneyGram goes offline as it investigates cybersecurity problem
https://www.cbsnews.com/news/moneygram-outage-cybersecurity/
MoneyGram International is working to restore its global money transfer service after taking it offline due to a cybersecurity issue. The company has provided updates via social media, assuring customers that pending transactions will be completed once systems are fully operational. MoneyGram is collaborating with cybersecurity experts and law enforcement to resolve the issue. The outage, heavily reported over the weekend and tracked by Downdetector, has affected customers who rely on the service for cross-border payments, with Mexico and India being the largest receivers of these transfers. MoneyGram processes over $200 billion annually, serving more than 50 million people across 200 countries.
Tache Johnson says
Test
Tache Johnson says
“Companies Face Risk of Huge Fines and Suspensions Under Tough New Cyber Rules in the EU,” published in September 2024, discusses the introduction of the Network and Information Security Directive 2 (NIS 2 Directive) in the European Union, which is set to enforced on October 17, 2024. I thought this was interesting, especially as someone who is currently working at an international company; all major international tech companies will have to ablige by this new regulation. This new directive aims to significantly enhance cybersecurity standards across the EU by requiring companies to adopt stricter internal cybersecurity strategies, improve their cyber resilience, and take more accountability for reporting and managing cyber threats.
Under the new NIS 2 regulations, companies that provide essential services, such as banks, healthcare institutions, energy suppliers, and transportation firms, will face fines up to €10 million euros or 2% of global annual revenue for noncompliance. The directive expands its scope to include more sectors, imposes faster breach reporting requirements (24 hours), and stresses the importance of monitoring supply chain risks.
Link to the article:
https://www.cnbc.com/2024/09/20/eu-nis-2-what-tough-new-cyber-regulations-mean-for-big-business.html
Dawn Foreman says
Columbus, Ohio Ransomware Attack
There was a ransomware attack on the city of Columbus. City officials released a statement days after the attack describing it as, “an abnormality in its system on July 18,” and took all city systems offline. It is speculated that the city initially downplayed the gravity of the situation and advised residents that personal data was not stolen. The city released a statement about 2 weeks alter that they found out personal information was hacked at the same time the public did. A local whistleblower speculated that personal data was obtained and not just employee data but resident data as well. The cyberattack group demanded about $2million in Bitcoin for the 6.5terabytes of data stolen. They posted sample of the data online. The intersting part occurs around this time becasuse the mayor office claims the data was encrypted and not readable while the whistle blower claimed the sample data leaked shows easily readable data from a huge population of peop;e (basically anyone who swiped an ID in the past 10 years at City Hall or anyone that interacted withe the citys prosecutors office. In attempts to rectify the situation while the city investigates, they offer free credit monitoring to all residents. They have spent $4million dollars to date cleaning up and investigating the issue, employees are filing a class action law suits, residents are filing law suits, and there is a legal battle going on between the city and the whistleblower. At this time much information is unknown, there is no information on how the data was accessed, and 21% of city systems are still down.
Timeline: https://www.csoonline.com/article/3523971/ransomware-whistleblower-columbus-could-have-avoided-its-mistakes.html
https://www.csoonline.com/article/3523971/ransomware-whistleblower-columbus-could-have-avoided-its-mistakes.html
https://news.yahoo.com/news/columbus-data-breach-21-city-103718513.html
Cyrena Haynes says
Disney to stop using Salesforce-owned Slack after hack exposed company data, report says
Walt Disney plans to stop using Slack as its company-wide collaboration tool after more than a terabyte of data was leaked by a hacking group. Disney’s CFO, Hugh Johnston, said most of the company’s businesses would discontinue using Slack later this year, with many teams already transitioning to other enterprise collaboration tools. The hacking group NullBulge had previously leaked data from Disney’s Slack channels, including sensitive information such as computer code and details of unreleased projects. NullBulge is known for compromising software supply chains through malicious files on coding platforms like GitHub and Hugging Face.
Source: https://www.reuters.com/business/media-telecom/disney-stop-using-salesforce-owned-slack-after-hack-exposed-company-data-wsj-2024-09-19/
Vincenzo Macolino says
MoneyGram confirms a cyberattack is behind dayslong outage
MoneyGram is the second largest peer-to-peer payment and money transfer firm and recently had to shut down some of the services due to a cyberattack. Since MoneyGram is so large and deals with hundreds of millions of transfers a day its safe to assume that they face cyberattacks on a daily bases. The company shut down some of their servers on Friday last week and over the weekend customers began to complain which forced MoneyGram to announce they were experiencing network outages as a result of a cyberattack. In the article they state that MoneyGram never said what type of attack they suffered but based on the extended outage and loss of connectivity to systems its leaning towards a ransomware attack. The firm has done a decent job in protecting its customers, even though they were attacked it does not seam that there has been a data breach. MoneyGram may have caused an inconvenience for their customers by shutting down some servers for a few days, but other than that they have been able to protect their customers and themselves from a potentially catastrophic data breach.
https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage/