The Impact of SVB on Cybersecurity, CISA's Ransomware Vulnerability Pilot, New TSA Measures for Aviation
In this episode of GRXcerpts:
The Impact of SVB on Cybersecurity
New TSA measures for Aviation
The US National Cybersecurity Strategy
CISA’s Ransomware Vulnerability Warning Pilot Program
Silicon Valley Bank and Signature Bank: the Impact on Cybersecurity
As businesses pick up the pieces following the collapse of Signature and Silicon Valley Banks, cyber criminals are busy scheming and planning their next malicious campaign. CISOs beware– fast change at scale and general market turbulence make perfect conditions for bad actors. They prey on confusion, fear, and high-stress situations and count on your employees to let their guard down, becoming more susceptible to their ploys. As Frank Price, Chief Product Officer at CyberGRX, explains, “There is significant risk in establishing credentials and then rapidly coordinating across several individuals. It’s a minefield for social engineering. An organization's risk grows exponentially between the worldwide financial dealings, the potential for human error resulting in exposed accounts, and a previously compromised person becoming a sought-after target. Password theft, phishing attacks, and previously infected networks with malware-enabled privileges are all paths to compromised accounts and wire fraud.” Multiple security researchers are already reporting that threat actors are registering suspicious domains, phishing pages, and conducting business email compromise attacks.
But the bank closures have other ramifications, too. SVB’s customers were primarily start-ups and tech-centric companies. With capital now on hold, cybersecurity and data protection may take a back seat to basic business operations. CyberGRX CEO Fred Kneip cautions organizations, “When significant events occur, there is always a consequence. If a company was well equipped to defend against security threats a year ago, it might not be as well equipped now with reduced capital or fewer security staff. This will have a ripple effect across the ecosystem of vendors. CISOs can no longer assume that an organization is in good standing regarding risk and will need to reassess the security posture of some of these third parties,” he advises. The message in all of this? Know how you interact with your vendors and the risks associated with them so that when something disastrous happens, you can respond appropriately vs. react in the moment.
When significant events occur, there is always a consequence. If a company was well equipped to defend against security threats a year ago, it might not be as well equipped now.
New TSA Cybersecurity Measures
And the TSA has rolled out new cybersecurity measures as part of the Department of Homeland Security’s efforts to increase the resilience of critical infrastructure with its aviation partners. Like many sectors, the aviation industry experienced increasing and persistent cyber threats, including attacks on major airports last fall. The new amendment requires TSA-regulated entities to develop an approved implementation plan that describes the steps they are taking to improve their cyber resilience and prevent disruption and degradation to their infrastructure. Additionally, they must proactively assess the effectiveness of these measures, including the following actions:
Develop network segmentation policies and controls to ensure that operational technology systems can operate safely if an IT system has been compromised and vice versa.
Create access control measures to secure and prevent unauthorized access to critical cyber systems.
Implement continuous monitoring and detection procedures to defend against, detect and respond to cybersecurity threats and anomalies that affect critical cyber system operations.
Implement timely and systematic security patches and updates for operating systems, applications, drivers, and firmware on critical cyber systems, to reduce the risk of exploitation.
New US National Cybersecurity Strategy
And earlier this month, the Biden-Harris administration announced the National Cybersecurity Strategy, which outlines steps to secure cyberspace and build a resilient digital ecosystem that is easier to defend than attack. The strategy impacts both private and public sectors, making it clear that:
Minimum cybersecurity requirements will cascade across industries.
Technology is a critical infrastructure.
Protecting technology is a national security imperative.
And private enterprises are a critical dependency for national security.
The strategy is centered around five pillars, including:
Defending critical infrastructure
Disrupting and dismantling threat actors
Shaping market forces to drive security and resilience, including promoting privacy and the safety of personal data
Investing in a resilient future
And forging International partnerships to pursue shared goals
Although many of the proposed changes in the Strategy will hinge on congressional action, if implemented, they will have significant consequences for certain businesses, including critical infrastructure, software developers, cloud providers, government contractors, and companies that handle personal information.
CISA Ransomware Vulnerability Warning Pilot Program
CISA recently announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks, which have increased over the last two years. The program is called the Ransomware Vulnerability Warning Pilot and began in January of this year. The program has two goals:
Scan the networks for internet-exposed vulnerabilities that attackers often exploit
Fix the flaws before they get hacked
According to Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, “Ransomware attacks continue to cause untenable levels of harm to organizations across the country, targeting rich and resource-poor entities like school districts and hospitals. This program will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.” The initial round of warning notifications demonstrated the effectiveness of this model, and CISA hopes to include additional vulnerabilities and organizations as the program continues to scale.
All information is current as of March 14, 2023. Subscribe to receive future episodes as they are released.
Get Cyber Risk Intel delivered to your inbox each week: