Mondays With Miranda: May 7, 2018
Happy Monday Everyone! I have lots of exciting news this week, including an upcoming event that a few of our NeQter Labs Team Members will be attending, but I will tell you about that in just a second. First, I want to touch upon an event that the women of NeQter Labs attended last Wednesday, May 2nd. The women here at NeQter Labs, including myself, were invited to the RI Women in Science & Engineering Networking event put on by SENEDIA. It was a great experience being able to connect with many of the women in the New England area that are also in the STEM field. Holly Ridgeway, who is the Executive VP and CSO for Citizen’s Bank, was the main speaker at the event and she was extremely inspiring. She told her story, which began with her working as a hairdresser, and then 10 years later she found herself working as Chief Security Officer at a bank. We are looking forward to the next event with the RI Women in Science & Engineering group, as it is always so inspiring to hear from successful women in the field. Getting back to the upcoming event that I wanted to talk about, the “DFARS Cybersecurity 2.0: The Year of Continuous Monitoring” is happening at Raytheon’s Freedom Theater, on Thursday, May 24th, from 7:30 AM until 5:00 PM. The event will address the DoD’s cybersecurity compliance requirements, as outlined in NIST SP 800-171. This full-day forum will feature experts from both government and industry and they will be addressing the compliance, as well as the enforcement of compliance, at all levels. Hope some of you can make it!
Breaches and More Breaches
I’ve got lots of news to share with all of you this week, so hang in there. First off, there is lots of talk about major breaches and supply chain attacks that happened long ago, that were never talked about. For example, the Target breach occurred back in 2013, but has not really been talked about, or dealt with, until now. Because of this breach, Target has to pay a $18.5 million settlement, due to the 41 million customers affected by the breach. Also, Yahoo has just been fined by the SEC, $35 million, for it’s breach back in 2014 that they never disclosed. This was a huge breach, as over 500 million accounts were affected and had data stolen. Investors were upset about this because of the financial impacts that occurred as a result of the data breach. Investors argued that they had a right to know, yet Yahoo chose to tell no one.
Fileless Malware on the Rise
Other news that I want to talk about is the rise of Fileless Malware attacks in 2018. The reason that these specific attacks are so popular is because they are extremely easy to execute. These attacks are carried out using PowerShell, due to the fact that leveraging scripting languages makes it less likely for the attack to be detected. In order to prevent this type of attack and/or minimize risk, PowerShell should be updated to version 5.0, which restricts unnecessary scripting languages.
New York Takes Action
The final news that I want to discuss today, is New York’s recent focus on cybersecurity regulations. In November 2017, New York released a proposal of the SHIELD Act, which would make important changes to NY’s cybersecurity provisions. “SHIELD” stands for “Stop Hacks and Improve Electronic Data Security Act.” There were almost 1,600 breaches that occurred in NY alone last year, where 9.2 million residents had their information exposed, which is why the proposal of this act came about. The lack of security has gotten out of hand and New York State has decided to take a more active approach to the issue. If the SHIELD act is passed, companies will become legally responsible to take on “reasonable” administrative, technical, and physical safeguards for sensitive data, and put strict reporting requirements in place.