At least they knew they were under attack. Would you?...: Mexico’s central bank said it thwarted a cyberattack on its website Tuesday, although its web page had intermittent service for half an hour. The central bank’s protection protocols kicked in, preventing disruption of its financial market processes and payment systems, according to a statement by the bank known as Banxico. The attempt comes two years after hackers hijacked Mexican finan...
TL;DR because they have to. I like this quote "The reality is, everybody is hacking everybody, and have been doing so for a long time. From North Korea to Russia to Vietnam to the USA and even Australia, they are all spying and being spied upon."...: [...] No-one has handled it very well and essentially the government is now throwing more money at the problem. Defence have won the battle, though, and are now setting the agenda for the future of cyber security. With the rise
Another example of regulatory pressure driving an industry, in this case Maritime, to take cyber security seriously...: ClassNK has become the first non-US and classification society partner to join the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) to help address cyber security risks. MTS-ISAC was formed as a non-profit body in February 2020 by a group of US-based maritime critical infrastructure stakeholders to promote cyberse...
I'd add cyber deception into this mix as an additional method of detecting and mitigating attacks on industrial control systems...: [...] Despite your efforts, there may come a time when your company is the victim of an actual cyberattack. If that happens, you want to be in a position to detect the threat as quickly as possible and respond in an effective manner. If you’re not sure of your company’s ability to quickly detect a threat, consider partnering with a company that
When politics, law, and technology intersect...India has already banned TikTok, will the US be next?...: [...] In 2019, the app's operators agreed to pay $5.7 million to settle FTC charges that it violated COPPA by failing to obtain parental consent before collecting personal info on kids under the age of 13. TikTok also failed to delete that personal information when it received complaints from parents and their children, according to the FTC. A TikTok spokeswoman said t
Doing business in Germany? Here's a useful comparative guide so you can see how your current controls would be interpreted and accepted (or not) in German law...: German law distinguishes between ‘cybersecurity', ‘data protection' and ‘cybercrime'. ‘Cybersecurity' can generally be equated with the term ‘security of information technology'. According to Section 2(2) of the Act on the Federal Office for Information Security, ‘security of information technology' refers to co
Until the pandemic hit, my nomination for the 2020 term of the year was going too be 'cyber resilience'. Judging by this survey, that wouldn't have been a valid winner...: IBM Security has announced the results of a global report examining businesses’ effectiveness in preparing for and responding to cyberattacks. While organizations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contai
Attribution is notoriously difficult. However, pointing at the DPRK gives any infosec firm a reasonable chance of being correct...: [...] Attacks on online stores have been going on since May 2019, said Dutch cyber-security firm SanSec in a report published today. The highest-profile victim in this series of hacks is accessories store chain Claire's, which was breached in April and June this year. These types of attacks are named "web skimming," "e-skimming," or "Magec
Worth reading as a backgrounder so you understand how we could move from cyber to kinetic war...: [...] At the NCSC’s annual CyberUK conference last year, PublicTechnology asked the organisation’s chief executive Ciaran Martin whether he thought an effective cyber Geneva Convention was necessary. “There are countries that, by and large, behave towards some form of internationally acceptable norms and behaviour – and countries that don’t,” he said. “I think that the prospe
I want to see vendors differentiating their products through security and privacy controls. This standard should be a baseline, entry-level requirement to sell anything...: The ETSI Technical Committee on Cybersecurity (TC CYBER) last week unveiled a new standard, ETSI EN 303 645 (EN) for cybersecurity in the Internet of Things (IoT). As more devices in the home connect to the internet, the cybersecurity of the IoT has become a growing concern. The EN is designed to preve