InfoSecSherpa Newsletter — 15 June 2021
- First American Settles SEC Charges for Cybersecurity Disclosure Failures
(CFO, 15 June 2021)
Real-estate title insurer First American Financial reached a $487,616 settlement with the U.S. Securities and Exchange Commission for not maintaining cybersecurity disclosure controls and procedures that exposed sensitive customer information.
- Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign
(Threatpost, 15 June 2021)
Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.
- Vietnam: New Cyber Information Security Requirements Issued for IoT Devices
(Lexology / Baker McKenzie, 15 June 2021)
Summer 2021 is sweltering in Vietnam, but looks like things will be more hectic with important legislations are in the midst of being drafted and issued to govern the tech-related industries. Just to name a few — the Ministry of Information and Communications (“MIC”) issued Decision №736/QĐ-BTTTT on 31 May 2021 (“Decision”) Setting out Cyber Information Security Requirements for Internet of thing (“IoT”) devices.
- How one founder is bringing the global corporate security industry out of the dark ages.
(Tech Crunch, 14 June 2021)
Cory tells us all about how she came to the conclusion that Base Operations needed to be built to bring modern tech to bear on the capabilities gap she saw in how companies manage their global security footprint, and how she set out getting the skills needed to build her startup as a sole founder.
- ‘More motivation’: ANZ cyber security boss warns against paying ransoms
(The Sydney Morning Herald, 16 June 2021)
Big four bank ANZ’s chief information security officer Lynwen Connick has warned organisations against paying ransoms to hackers, saying the payments only lead to more attacks.
- MS-ISAC members get access to other industries’ cyber intel
(State Scoop, 14 June 2021)
State and local government agencies that belong to the Multi-State Information Sharing and Analysis Center, the federally backed organization that shares cybersecurity tools and intelligence, can now get insights from other industries, including the financial, health and utility sectors, through a new partnership between the MS-ISAC and the consulting firm Deloitte.
- DHS poised to remake federal hiring in September to confront cybersecurity gap
(FCW, 14 June 2021)
Now, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency are poised to advance a series of policy changes to cut the time it takes to hire cybersecurity professionals, redefine how the government evaluates cybersecurity skill sets and facilitate competitive pay rates.
- UMass Lowell Closed Tuesday Due To ‘Possible Cybersecurity Incident’
(CBS 4 Boston WBZ, 15 June 2021)
UMass Lowell was closed on Tuesday due to what the university called a “possible cybersecurity incident” that impacted technology services.
- Griswold rolls out grant program for cyber, physical security for counties
(Colorado Politics, 14 June 2021)
Democratic Secretary of State Jena Griswold on Monday unveiled a $100,000 grant program aimed at boosting cyber and physical security at the county level.
- Malware attack leads to computer system failure at Humber River Hospital, impacting patient care
(Toronto Star, 15 June 2021)
Staff at Humber River Hospital have been unable to access patient records as well as medical and diagnostic test results due to a digital computer system failure that has persisted for over 36 hours, sources told the Star.