Security and IT Events in August 2021
What’s occurring in cybersecurity? This article will break down major happenings which will potentially shape strategy and policy in the years to come.
NIST’s Updates to Cybersecurity Policy and Practices
The NIST, or National Institute of Standards and Technology, has renewed and developed a massive document of 200+ pages detailing contemporary methods for cybersecurity and IT policies. This draft is entitled “Draft NIST Special Publication 800-160” or “Developing Cyber-Resilient Systems.” A key takeaway from the early draft is its reference to ransomware, referring to them as inevitable. This will change how we perceive cyber threats for years to come.
In congruence with a big infrastructure bill, the US senate has also provided resources for the cybersecurity realm. The bill breaks down various categories, but the takeaway is financial aid is provided to various sectors in the IT ecosystem. For example, $550 million is distributed to assist in preventing cybersecurity vulnerabilities in federal agencies, private businesses, and organizations.
The US government wants to shore up weaknesses in cybersecurity by tapping the tech giants Google, Amazon, and Microsoft for support. The venture is referred to as the Joint Cyber Defense Collaborative, primarily managed by CISA. The first and primary goal is to “combat ransomware attacks,” specifically aimed at cloud computing infrastructure.
A malicious actor post-ransomware scheme ended up returning some of the amount paid via cryptocurrency.
PolyNetwork, a decentralized Chinese financial platform, was the target of a cyber-attack. Since then, however, roughly $250 million has been returned out of the stolen $600 million. The reasons for returning the stolen some aren’t entirely clear, though it’s likely because of a successful information backtrace. SlowMist, a security firm, managed to trace origin point emails and IP addresses.
Someone should, however, alert the cybercriminals a return of assets does not absolve them of the crime.
Despite the serious consequences and importance of decreasing cybersecurity risk at home, remote workers are still finding (and looking for workarounds). The research platform Axiad discovered about 52 percent of remote workers were not following protocol and/or seeking ways to circumvent at-home rules.
Primarily, MFA (multifactor authentication) was the primary policy workers were most resilient to.