Rich DeMuro talks to cybersecurity expert Chris Pierson of BlackCloak to get the tips that can best help protect our digital lives.
Link to video: https://www.youtube.com/watch?v=9fC5z8G6luk
No matter how deeply the FBI penetrated the ALPHV ransomware gang’s dark web infrastructure, the cartel may struggle to prove to its team of racketeers that it can continue operating.
FBI’s notice of domain seizure on the ALPHV – also known as BlackCat – dark web blog may have been the nudge to send the cybercrime group responsible for a public hack of MGM Casinos tumbling down a proverbial cliff.
Read the full article here: https://cybernews.com/news/alphv-blackcat-seizure-reputation-explained/
New federal rules will require public companies to disclose cybersecurity incidents as well as material risks from threats. Experts say the rules could be tricky to navigate and leave openings for exploitation by threat actors.
The Security and Exchange Commission’s rules policing disclosure and documentation of cyberattack incidents were adopted in July and started going into effect on December 15. Today, the remaining rules will apply to all public companies.
The rules will require businesses to disclose any cybersecurity incident they determine to be material and to disclose the incident’s scope, nature, and timing along with material impact. The rules also require organizations to describe processes for assessing, identifying, and managing material risks from those threats as well as the board of directors’ and management’s role in assessing and managing risk. The written disclosures must be filed within four business days of the event’s discovery.
We are honored to meet many phenomenal cybersecurity founding teams throughout the year. In the fall, we hosted the DataTribe Challenge, inviting pre-seed founders to compete for recognition and potentially an investment by DataTribe. As a result of the Challenge, we have a surge in the already large volume of opportunities we review in the fall. This flow of cybersecurity opportunities provides clues as to what founders believe will be a big deal in the coming years. And given that these founders put their time, reputations, and money on the line, it is a pure data signal.
This report explores the top themes we saw this year and throughout the 2023 Challenge. We add to our perspective with forward-looking predictions from members of the DataTribe CISO Network and CEOs of our portfolio companies: all experts, all with different lenses on the vast domain that is cybersecurity.
Undoubtedly, 2023 was the year of AI in cybersecurity (and in everything else). Forty percent of the submissions to the DataTribe Challenge were AI-centered. That’s a massive increase and points toward a future in the next five years where AI-powered defenses will become the mainstream default.
Another interesting observation jumps out from the analysis. One theme that is on the minds of CISOs much more than cyber founders this year is the implications of new SEC rules. The new rules promote cyber risk to the level of other key investment risks that require disclosure. This is a significant development. As you’ll see below, the new SEC rules loom large for CISOs leading into 2024 — potentially changing how CISOs think about their roles. Of course, given the central role of CISOs in the cyber ecosystem, this is worth paying attention to as we look ahead to 2024.
Read the article to find out Chris Pierson’s contribution to the article and his prediction for 2024: https://datatribe.com/cyber-trends-predictions-report-2023/
The ransomware group AlphV reported a victim to the SEC for failing to report a cybersecurity incident, placing government regulators in a precarious position and possibly prompting organizations to step up their compliance game and become more transparent.
On Nov. 15, the ransomware threat actor AlphV, also known as BlackCat, added and removed publicly traded financial institution MeridianLink from its leak site. But, in a twist for ransomware attackers, AlphV also reported its victim to the U.S. Securities Exchange Commission (SEC) via an anonymous tip form.
AlphV told the regulator that MeridianLink failed to report a cybersecurity incident within four days, as required under new SEC rules that don’t technically go into effect until Dec. 15. AlphV said the incident occurred on Nov. 7, but Meridian Link indicated it happened on Nov. 10. Either way, under the upcoming new rules, publicly traded companies such as MeridianLink must report cybersecurity incidents to the Commission within four business days after they determine the incident is “material.”
Read the res of the article here: https://readme.synack.com/alphvs-bid-to-report-its-victim-to-the-sec-could-backfire
Some cyberattacks targeting executives begin with a look around social media.
Small pieces of personal life shared publicly on social media can sometimes lead to big breaches, and executives in particular need to be careful about what they post.
Pen testers and ethical hackers told IT Brew that the tiniest bits of online info can lead to system access.
Rachel Tobac, co-founder and CEO of SocialProof Security—whom you might recall from her hacking demo on 60 Minutes—often sees execs leaving a trail of valuable data on Instagram, Twitter, and other social media sites.
Say, an exec posting a LinkedIn photo of a quarterly retreat, with a whiteboard of notes in the background.
Read the full article here: https://www.itbrew.com/stories/2023/12/08/how-an-exec-s-digital-life-offer-clues-for-hunting-hackers
Cybercriminals have evolved into organized and highly adaptive networks, collaborating globally to exploit weaknesses in cybersecurity defenses. Their motivations range from financial gain and information theft to political espionage and ideological warfare.
Cybercriminals, now more than ever, are exploiting vulnerabilities in cybersecurity defenses and constantly shaping their strategies in response to technological advancements.
In this Help Net Security round-up, we present segments from previously recorded videos in which cybersecurity experts discuss the tactics and techniques employed by cybercriminals.
Our CEO and Founder, Chris Pierson, shares on these issues and emerging areas of risk for executives.
Watch the video here: https://www.helpnetsecurity.com/2023/11/20/cybercriminals-techniques-video/
The Palo Alto Networks (PANW) earnings report was a positive sign for the industry, notes Dr. Chris Pierson. He and Ahmed Khan discuss cybersecurity stocks, highlighting PANW as the stock falls on disappointing billings. PANW’s adjusted EPS came in at $1.38 versus an estimated $1.16 and revenue came in at $1.88B versus an estimated $1.84B. They also talk about which cyber security companies could outperform. Tune in to find out more about the stock market today.
Watch the full interview here: https://schwabnetwork.com/video/panw-earnings-report-was-a-positive-sign-for-cybersecurity
US president Joe Biden’s sweeping executive order to set guidelines for artificial intelligence has been widely applauded by the industry, while 68% of Americans approve of the initiative, according to AI Policy Institute’s latest survey.
The order directs several government agencies to establish rules and guidelines, report on their progress, and create funding for AI research. It also pushes tech companies to test and evaluate their AI systems and report their findings to the government before making them public, to mitigate AI bias, and to watermark AI-generated content.
Read the full article here: https://qz.com/does-anyone-not-like-bidens-new-guidelines-on-ai-1850974346
The U.S. Federal Trade Commission (FTC) has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days.
Such entities include mortgage brokers, motor vehicle dealers, payday lenders, investment firms, insurance companies, peer-to-peer lenders, and asset management firms.
Link to original link: https://www.bleepingcomputer.com/news/security/ftc-orders-non-bank-financial-firms-to-report-breaches-in-30-days/
