Cyber Security in the Context of International Security

 Cyber security is everyone’s responsibility.

What are the current trends in threats, risks, and vulnerabilities? How do threat actors exploit vulnerabilities to conduct ransomware attacks? Participate to understand Cyberspace as an operational environment and what to do about threats, risks, and vulnerabilities.

Cyberspace: hardware, and software which are used to create, process, store, retrieve and disseminate information in different types of interconnected networks that build a large, global network, built, and used by people, has transformed all aspects of human life. It enables information flows at speeds that never existed before; it creates value through e-commerce; it streamlines processes generating value to businesses, and it enables command and control of capabilities for crisis management or to conduct joint operations. However, threat actors identify and exploit vulnerabilities to conduct cyber attacks targeting organisations in academia, and the public and private sectors. The motive can be to steal intellectual property (knowledge), espionage, destruction, or for cybercriminal reasons. Many cases supporting this notion exist: WannaCry, NotPetya, and REvil. Therefore, with an understanding of Cyberspace as the operational environment, participants will get an understanding of threats, risks, vulnerabilities, and what to do about them.

Cyber attacks can shut down critical infrastructure. It’s time to make cyber security compulsory

On May 7, a pipeline system carrying almost half the fuel used on the east coast of the United States was crippled by a major cyber attack. The five-day shutdown of the Colonial Pipeline resulted in widespread fuel shortages and panic-buying as Virginia, North Carolina and Florida declared a state of emergency.

The attack highlights how vulnerable critical infrastructure such as fuel pipelines are in an era of growing cyber security threats. In Australia, we believe the time has come to make it compulsory for critical infrastructure companies to implement serious cyber security measures.

The risk of cyber attacks on critical infrastructure is not new. In the wake of the events of September 11, 2001, research demonstrated the need to address global security risks as we analysed issues of vulnerability and critical infrastructure protection. We also proposed systems to ensure security in critical supply chain infrastructure such as seaports and practices including container shipping management.

Cyber attacks can shut down critical infrastructure. It’s time to make cyber security compulsory

Increasing cyber-attacks show why stringent cyber-security laws are need of the hour

 Dr Reddy's, BigBasket and now JusPay, there are just a handful of data breach instances that have been reported over the last quarter, and not to mention the ones that we aren't aware of yet.  Surprising it may sound but in 2019, India was amongst world's top 5 cyber-targeted nations along with US, UK, Singapore and Ukraine wherein it held the top position for three months. A growing economy and also an outsourcing hub, India is on the radar of cybercriminals.

"India is among the most cyber-attacked countries in the world and hence it is imperative to have stricter cybersecurity and data protection laws to mitigate data thefts and cybercrimes. With over half a billion internet users and over 1.2 billion mobile accounts, India as a country is a breeding ground for cybercriminals. Several reports have registered that in the first 9 months of 2020 alone, organisations and individuals estimated losses of about $6 trillion due to cyber thefts with organisations deploying the highest level of security also falling susceptible to cyber-attacks. Researches have further predicted that by 2027, over 900 million Indians will have a digital presence and coupling it with the unscrupulous use of personal data and information by service providers, it is vital to implement stringent cybersecurity laws," says Ram Seethepalli, CEO, Cyberior by Europ Assistance India.

While large companies and organisations have the capital and the resources to deploy various technologies and solutions, on an individual level, the threat looms large. "According to a recent survey by Sophos, Indian organisations have incurred costs of around Rs 8.02 crore to rectify the impact of each ransomware attack, hinting at the seriousness of the cyber-attack. It also highlighted that only 8 per cent of victims were able to stop the attack before their data could be encrypted, compared with a global average of 24 per cent," adds Tony Velleca, Chief Executive Officer, CyberProof and CISO, UST Global.

North Korean hackers suspected of targeting vaccine maker AstraZeneca in cyberattack, Reuters reports

North Korean hackers are suspected to have carried out a cyberattack against British coronavirus vaccine developer AstraZeneca in recent weeks, Reuters revealed Friday, citing two unnamed sources with knowledge of the matter.

According to Reuters, North Korean hackers posed as recruiters on networking site LinkedIn and WhatsApp in order to approach AstraZeneca staff, including those working on coronavirus research, with fake job offers.

The suspected hackers then sent documents -- some using Russian email addresses -- purporting to be job descriptions that were in fact laced with malicious code designed to give the hackers access to the victim's computers, Reuters reported.

According to Reuters' sources, the hackers are not thought to have been successful.

Canadian Centre for Cyber Security warns infrastructure at risk from cyber attacks

A new report from the Canadian Centre for Cyber Security warns state-sponsored actors are likely developing the ability to launch cyberattacks against the country’s infrastructure and that hacked systems presents the most pressing threat to Canadians’ physical health.

The report, which is called the “National Cyber Threat Assessment 2020,” states that “(s)tate-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals.”

Canadian Centre for Cyber Security warns infrastructure at risk from cyber attacks

Red Wing Shoes: No data breach in cyber attack

RED WING, Minn. — Red Wing Shoes shut down its e-commerce website on Halloween in response to a cyber threat, the company said on Friday, Nov. 13, but nothing indicates that a data breach occurred.

“We are currently investigating a cybersecurity incident we discovered on Oct. 31. Upon discovering the incident, our response team took immediate action to understand and contain the threat, including taking systems offline to limit potential damage," the statement said. "As a result, we were temporarily unable to receive calls or process orders. At this time, we have been able to restore service to some systems and services, and are continuing to work on restoring the remaining systems. "

"We take security seriously, we are continuing the investigation with the assistance of external forensics firms, and we have notified law enforcement. We are grateful for the patience and understanding of our customers, dealers and vendors during this time," the company said.

At this point in the security review, investigators have found nothing that suggests that the cyber attack accessed or acquired any business data or credit card information.

Red Wing Shoe Co.'s North American retail operations include about 330 dealer-owned and 170 company-owned stores. Of those, 20-some are in Minnesota. The flagship store is in Red Wing.

Three critical cyber security actions companies should take as employees continue remote work long-term

 For years it was common for employees to check in on work from home by logging into their email occasionally on the weekend or attend meetings via videoconference if they had to stay home to care for a sick child. Now, remote work is pervasive. Many companies are choosing to let their employees work remote into 2021. And Human Resource Executive reports that when the world moves to a “post-pandemic” state, the vast majority of company leaders plan to allow employees to continue to work remotely at least part of the time.

With remote work as a norm for the foreseeable future, the work-from-home crowd is a prime business opportunity for cyber criminals. Employees who work remotely are connecting to their employer’s networks from their home networks, which are more vulnerable than an office network that’s protected by sophisticated hardware, software and network infrastructure. Your employees home networks may also be connected to smart-refrigerators, kids’ video game systems and smart TVs that access the internet.

“Companies that want to protect themselves from ransomware, malware, data breaches and phishing attacks need to extend their network security protocols into the remote environment”, said Doug Goodall, managing director of Emtec Inc., a Jacksonville-based information technology consulting firm.

A mitigation plan should consider that not all employees are the same in terms of access requirements or security. For example, a human resources professional would need access to employee records but wouldn’t need access to an entire sales database that resides in the cloud.

“Cyber criminals will be targeting remote workforces. We advise companies to not take anything for granted. They should identify what their new cyber risks are and take steps to mitigate them.”

Security experts at Emtec recommend three critical actions companies can take so employees can work safely and effectively off-site for the long-term.