Apple Says U.S. Data Breaches Up by More Than 20 Percent

Apple is emphasizing the importance of data encryption with a report that shows personal data breaches up 300 percent between 2013 and 2022. In the past two years, more than 2.6 billion personal records have been exposed, according to the newly released study “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase.” The report, created by Dr. Stuart Madnick, the founding director of Cybersecurity at MIT Sloan, cites increasing dependence on cloud computing as the main factor for the surge. U.S. data intrusions through Q3 of this year are 20 percent higher than all 12 months of 2022. Continue reading Apple Says U.S. Data Breaches Up by More Than 20 Percent

U.S. Impacted by Significant Increase in Ransomware Attacks

Ransomware attacks have surged in the 12 months ending in June 2023, with the United States accounting for 43 percent of the 1,900 attacks reported — 7x greater than that of the second most popular target, the United Kingdom, at 196. The period marked a 75 percent increase in U.S. ransomware attacks, which were perpetrated by 48 different groups including CL0P, a gang believed to have ties to Russia. U.S. companies, governmental organizations and individual consumers were targeted during the period, with healthcare and educational institutions disproportionately impacted, according to a study by cybersecurity firm Malwarebytes. Continue reading U.S. Impacted by Significant Increase in Ransomware Attacks

Companies Turn to Cyber Insurance as Global Threats Surge

The cost of a data breach can run as high as $4.54 million today, up from $3.86 million in 2020, according to an IBM study that says the fastest-growing — and costliest — type of cyberattack is ransomware. That’s why more companies are turning to cyber insurance to hedge their bets. Last year, the global market for such policies was estimated to be in the $13.33 billion range, and projected to reach $84.62 billion by 2030. Because the increased frequency of attacks has resulted in increased payouts, insurance providers now often require proof of adequate security measures. Continue reading Companies Turn to Cyber Insurance as Global Threats Surge

White House Releases Plan for Cybersecurity Implementation

The Biden administration has issued an implementation framework for its National Cybersecurity Strategy, detailing how the federal government plans to regulate digital security issues. The highly anticipated document lists more than 65 initiatives for executing the “five pillars” of the March 2023 U.S. National Cybersecurity Strategy, described as a “bold, affirmative vision for cyberspace.” The implementation takes a two-pronged approach: empowering capable actors who can bear more of the security responsibility, and the need for incentives that facilitate investment in long-term resilience. Continue reading White House Releases Plan for Cybersecurity Implementation

Biden Advocates Tougher Cybersecurity for Private Enterprise

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan. Continue reading Biden Advocates Tougher Cybersecurity for Private Enterprise

CES: Focus on People Component for Strong Cyber Strategy

Cybersecurity was a major topic at CES 2023, and one panel described strategies around one of the important and often ignored components: people. Moderated by Strategic Cyber Ventures chief executive Hank Thomas, panelists examined people’s personal relationship with cybersecurity, how they fall victim to cybercrime and how they could be incentivized to take more responsibility for their online activities. Terranet Ventures executive in residence Carole House, who was recently director of cybersecurity at the National Security Council in The White House, said that seeing individuals badly impacted “elevates cybercrime as a national imperative.” Continue reading CES: Focus on People Component for Strong Cyber Strategy

New Microsoft Security Suite Focuses on Cloud, Ransomware

Microsoft put the emphasis on security at Ignite 2022, launching Defender for DevOps and Defender Cloud Security Posture Management in public preview. The two offerings protect software development with runtime security across multicloud and multiple-pipeline environments. The company also touted improved protection tools for Windows and Office, beefing-up anti-ransomware capabilities for Microsoft 365 Defender, which now automatically repels attacks immediately on detection. To combat increasingly pervasive conditions like “tool sprawl” and “alert fatigue,” Microsoft combined six product lines into a single security portfolio. Continue reading New Microsoft Security Suite Focuses on Cloud, Ransomware

Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

Antitrust legislation pending in the U.S. and European Union is at odds with consumer privacy initiatives in those territories, Apple CEO Tim Cook told attendees of the IAPP Global Privacy Summit 2022 in Washington, D.C. on Tuesday. Speaking out against proposed “gatekeeper” rules, Cook warned that “when companies decide to leave the App Store because they want to exploit user data, it could put significant pressure on people to engage with alternate app stores — app stores where their privacy and security may not be protected.” Continue reading Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

CES: Members of Congress Discuss Cybersecurity Concerns

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

The Microsoft Digital Crimes Unit has seized 42 websites from China-based hacking group Nickel, in attempt to thwart the group’s intelligence-gathering operations. A Virginia federal court granted Microsoft’s request to take over the U.S.-based websites run by Nickel, also known as APT15. Microsoft had since 2016 been tracking the group’s activities, determining them “highly sophisticated,” with attacks designed to install malware that facilitated surveillance and data theft attacks. Nickel was used to attack organizations in the United States and 28 other countries around the world, DCU says. Continue reading Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

Treasury Issues Crypto Guidance for Sanctions Compliance

The U.S. Treasury Department has issued guidelines specifying how to ensure virtual currency transactions comply with the government’s sanctions policies, a move by the Biden administration to thwart ransomware attacks, money laundering and other abuses. The new rules emphasize using geolocation tools that block IP addresses from sanctioned countries, ongoing monitoring of sanctioned entities and individuals and periodic review of transactions involving blacklisted virtual currency addresses. Treasury’s Financial Crimes Enforcement Network has had virtual currency rules in place since at least 2011, but this update gives the directives new teeth. Continue reading Treasury Issues Crypto Guidance for Sanctions Compliance

U.S. Advances Cybersecurity Steps as Ransomware Doubles

Payments flagged by U.S. banks as suspected ransomware in 2021 are on pace to nearly double those of 2020, according to reports filed with the Treasury Department. Almost $600 million in potential ransomware payments have been filed with the federal government from January through June, which is more than 40 percent more than the tally for full-year 2020. Reflecting the fact that governments worldwide describe cybercrime as a critical national security threat, the first International Cybersecurity Challenge is scheduled for Greece in June 2022, where 25 Americans aged 18 to 26 are set to compete. Continue reading U.S. Advances Cybersecurity Steps as Ransomware Doubles

Department of Justice Launches a Cryptocurrency Crime Unit

The U.S. Department of Justice has formed the National Cryptocurrency Enforcement Team (NCET) to investigate the use of cryptocurrency for criminal purposes. The new unit will examine cases involving virtual currency exchanges and money laundering. Members will also investigate so-called “mixing and tumbling” services, which involve charging a fee to send cryptocurrency to an address while obscuring the source of funds. The group, which include experts from the offices of U.S. Attorneys, will also work on tracing and recovery of assets lost to fraud, hacking or ransomware extortion. Continue reading Department of Justice Launches a Cryptocurrency Crime Unit

White House Cybersecurity Summit Brings Leaders Together

At a White House summit, President Joe Biden asked leaders of Apple, Google, JPMorgan Chase and other major companies to step up their response to cybersecurity threats. The administration, which estimated that about half a million cybersecurity jobs remain unfilled, said it would assist in developing new guidelines for secure technology and assess the security of existing technology. Google, Microsoft, and insurance companies Travelers and Coalition have already signed on to the initiative. Microsoft plans to invest $20 billion over the next five years to integrate cybersecurity into its products and Google revealed its own $10 billion commitment. Continue reading White House Cybersecurity Summit Brings Leaders Together

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft