InfoSecSherpa Newsletter — 17 May 2021
3 min readMay 17, 2021
- Cybersecurity spending to hit $150 billion this year
(TechRepublic, 17 May 2021)
The 12% bump in spending will be driven by ongoing demand for remote workers and cloud security, says Gartner. - NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules
(Mondaq / Alston + Bird, 17 May 2021)
On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). - NIST seeks public comment to inform updates to HIPAA Security Rule guidance
(JD Supra / Hogan Lovells, 17 May 2021)
The National Institute of Standards and Technology (NIST) is seeking public comment as it prepares to update its Introductory Resource Guide on implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule for the first time in over a decade. - DISA Establishes Zero Trust Cybersecurity Reference Architecture
(MeriTalk, 17 May 2021)
The Defense Information Systems Agency (DISA) on May 13 released the initial Defense Department (DoD) Zero Trust Reference Architecture that aims to boost cybersecurity and “maintain information superiority on the digital battlefield.” - UK govt seeks advice on defending against supply-chain cyberattacks
(Bleeping Computer, 17 May 2021)
Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country. - Cyberattackers are new ‘mafiosa’ and must be treated like ‘bank robbers, drug cartels’
(The Irish Times, 17 May 2021)
Data must be considered like ‘gold’ as 30 per cent of EU’s information stored in Ireland. - When Regulations Don’t Apply, Data Security Use Cases Do
(Security Intelligence, 17 May 2021)
Often decision-makers are concerned over the cost, resources and essentially the heft of typical data security solutions in proportion to the problems in need of solving. Many leaders outside of highly regulated segments elect to implement low-visibility native logging tools, or worse, the ‘do-nothing’ approach. - Pandemic or not, cyber risk still a big threat for breweries
(Craft Brewing Business, 17 May 2021)
From the initial shutdowns, to limited capacity and sanitation requirements, COVID-19 has created challenges for breweries nationwide. While managing these new risks has been the priority in recent months, brewery owners must be careful to keep behind-the-scenes risks — particularly cyber security risks — top of mind. - Colonial Pipeline hack: How a cyber policy may have responded
(Property Casualty 360, 17 May 2021)
New reports indicate that Colonial did have cyber insurance, but how does a cyber policy work in the event of a cyberattack? - Hardening the physical security supply chain to mitigate the cyber risk
(IFSEC Global, 17 May 2021)
Nick Smith, Regional Manager at Genetec, details how physical security professionals can improve their resilience to cyber-attacks by reviewing the cyber security policies of those they work with in the supply chain. This includes everyone from component vendors to installers and engineers.
