Cyber 3-2-1: CISA launches ‘Secure Our World’, 730 job losses after a ransomware attack, and an Apple flaw is a good news story.

Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: CISA launches ‘Secure Our World’, a UK logistics firm closes with 730 job losses after suffering a ransomware attack, and why a recently-discovered flaw with Apple devices is actually a good news story.

 

3 – CISA launches ‘Secure Our World’ campaign to make cyber hygiene as easy as brushing your teeth

“The technology that we all rely on day-to-day has flaws – it has vulnerabilities. [..] We want to make cyber hygiene as easy as buckling your seatbelt and brushing your teeth”.

This a quote from Jen Easterly, Director of CISA (Cybersecurity and Infrastructure Security Agency), in a recent interview on CBS News (accessible on LinkedIn here). The focus of the interview was on CISA’s new ‘Secure Our World’ campaign that aims to make Americans more cyber aware and cyber secure. The guide for businesses is available here, and I’m delighted (but not surprised) to see Multi-Factor Authentication made it onto the recommendations list.

Jen also had a message for CEOs and business leaders: “CEOs need to embrace and own cyber risk. It can’t be delegated in the hope that the IT team is taking care of it. They really need to look at cyber risk as a business risk because ultimately it can take down their entire business. [..] We [at CISA] talk about Corporate Cyber Responsibility [and business leaders need to] recognise that this is not something they can delegate.”

So what? If you’re a business leader, you are accountable for cyber security. Do you know what ‘good’ looks like? This CISA guide is a good place to start. And my free “How to Establish a Secure Foundation” online guide ain’t bad either.

 

2 – Ransomware attack contributes to failure of firm and the loss of 730 jobs

A UK logistics firm has entered administration after being the victim of a “ransomware attack in June that affected key systems, processes and financial information”.

According to a report by the BBC, the joint administrators are quoted as saying that “despite being one of the UK’s largest privately owned logistics group, [the firm] fell victim to a ransomware attack earlier this year that caused significant disruption [which in turn damaged its] financial position and its ability to secure additional investment and funding”.

So what? Maybe you think all of this talk about cyber attacks is just hype. But sad stories like this one should force you to realise that there’s real risk behind all this ‘hype’.

 

1 – A flaw in Apple’s devices is actually a good news story.

The mobile phone of a senior member of Egypt’s democratic opposition party was compromised through the use of specialist spyware tools and malicious SMS and WhatsApp messages.

This is according to a recent report by Citizen Lab (and shared by Colm Healy of Corrata). When Apple became aware of the issue, it released updates to all of its operating systems to address the underlying vulnerability.

So what? I call this a good news story because the attacker(s) needed to invest a lot of time and money to get this set up – It is common for such zero-day exploits to be sold for millions of dollars. Most cyber attackers don’t want to invest that much time or money – We’re just not that valuable to them. The higher the cost to launch an attack, the better this is for most of us. Focus on the attacks that are more likely to come your way – And for the love of God*, enable Multi-Factor Authentication!

* Other gods are available.