Category Archives: News

Home Working Drives 44% Surge in Insider Threats

Read Time:1 Minute, 55 Second

Home Working Drives 44% Surge in Insider Threats

Insider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint.

The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.

It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.

The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.

Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.

Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively.

That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident.

However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.

Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, described people as the “new perimeter” in the fight against spiraling cyber-risk.

“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” he argued.

“In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cyber-criminals due to their far-reaching access to critical systems, data and infrastructure.”

Unfortunately, current efforts to detect insider risk appear to be failing: it now takes an average of 85 days to contain an insider incident, up from 77 days in 2020.

Read More

How to defend Windows networks against destructive cyberattacks

Read Time:47 Second

The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want to cause as much damage as possible. Both Microsoft and Mandiant recently released information about these destructive attacks and how to better protect against them.

Regardless of geographic location, all of us can learn from how these attacks occur and are mitigated. The attacks were extreme in their destruction. As Microsoft noted in its blog, “The malware in this case overwrites the MBR [master boot record] with no mechanism for recovery.” This leads the system to be unbootable and unrepairable without a full reinstall or recovery from a full backup of the system. Thus, the first lesson is to ensure that you have the tools and resources to either fully redeploy your workstation images or have a full ability to recover your platforms.

To read this article in full, please click here

Read More

How to defend Windows networks against destructive cyberattacks

Read Time:47 Second

The Russian cyberattacks on Ukrainian organizations reminds us that the attacker isn’t always looking to steal data or extort money. Sometimes they just want to cause as much damage as possible. Both Microsoft and Mandiant recently released information about these destructive attacks and how to better protect against them.

Regardless of geographic location, all of us can learn from how these attacks occur and are mitigated. The attacks were extreme in their destruction. As Microsoft noted in its blog, “The malware in this case overwrites the MBR [master boot record] with no mechanism for recovery.” This leads the system to be unbootable and unrepairable without a full reinstall or recovery from a full backup of the system. Thus, the first lesson is to ensure that you have the tools and resources to either fully redeploy your workstation images or have a full ability to recover your platforms.

To read this article in full, please click here

Read More

Data residency laws pushing companies toward residency as a service

Read Time:1 Minute, 43 Second

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have customers or employees in multiple countries, the regulatory requirements can be onerous and difficult to keep up with.

Previously, “safe harbor” laws or tokenization-based approaches helped companies address the issue, but recent regulatory changes have made both approaches less workable. Meanwhile, countries like China, Russia and Brazil have been making changes to their data residency requirements.

In 2020, European courts upended the previous data transfer mechanisms — the EU-U.S. Privacy Shield and standard contractual clauses. In summer 2021, new guidance was released, and companies now have until the end of 2022 to switch to new standard contractual clauses that comply with the new requirements.

In summer 2021, China passed a new data security law, which went into effect in September, with significant financial penalties for companies that violate its new cross-border data transfer rules. This was soon followed by a personal information protection law, China’s answer to the EU’s General Data Protection Regulation (GDPR), which took effect in November.

Brazil passed its own version of the GDPR in fall 2020 and began enforcing it in August 2021.

Russia adopted a data localization law in 2014, then upped the fines on violations significantly in 2019. Last summer, a new law required companies with significant numbers of Russian users to have not just servers but physical offices in Russia. That law went into effect at the start of 2022.

According to the United Nations Conference on Trade and Development, 133 countries have legislation in place to protect data and privacy and another 20 are working on draft legislation. As a result of these and other changes, companies now either set up local servers for the jurisdictions where they do business and residency laws apply, use cloud providers that offer residency support, or work with a newly emerging class of vendors called residency-as-a-service providers.

To read this article in full, please click here

Read More

Data residency laws pushing companies toward residency as a service

Read Time:1 Minute, 43 Second

Data residency laws require that companies operating in a country keep data about its citizens on servers located in that country. For companies that have customers or employees in multiple countries, the regulatory requirements can be onerous and difficult to keep up with.

Previously, “safe harbor” laws or tokenization-based approaches helped companies address the issue, but recent regulatory changes have made both approaches less workable. Meanwhile, countries like China, Russia and Brazil have been making changes to their data residency requirements.

In 2020, European courts upended the previous data transfer mechanisms — the EU-U.S. Privacy Shield and standard contractual clauses. In summer 2021, new guidance was released, and companies now have until the end of 2022 to switch to new standard contractual clauses that comply with the new requirements.

In summer 2021, China passed a new data security law, which went into effect in September, with significant financial penalties for companies that violate its new cross-border data transfer rules. This was soon followed by a personal information protection law, China’s answer to the EU’s General Data Protection Regulation (GDPR), which took effect in November.

Brazil passed its own version of the GDPR in fall 2020 and began enforcing it in August 2021.

Russia adopted a data localization law in 2014, then upped the fines on violations significantly in 2019. Last summer, a new law required companies with significant numbers of Russian users to have not just servers but physical offices in Russia. That law went into effect at the start of 2022.

According to the United Nations Conference on Trade and Development, 133 countries have legislation in place to protect data and privacy and another 20 are working on draft legislation. As a result of these and other changes, companies now either set up local servers for the jurisdictions where they do business and residency laws apply, use cloud providers that offer residency support, or work with a newly emerging class of vendors called residency-as-a-service providers.

To read this article in full, please click here

Read More

Scary Fraud Ensues When ID Theft & Usury Collide

Read Time:9 Minute, 9 Second

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. So we’ll just call him “Jim.” Last May, someone applied for some type of loan in Jim’s name. The request was likely sent to an online portal that takes the borrower’s loan application details and shares them with multiple prospective lenders, because Jim said over the next few days he received dozens of emails and calls from lenders wanting to approve him for a loan.

Many of these lenders were eager to give Jim money because they were charging exorbitant 500-900 percent interest rates for their loans. But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus, and none of the lenders seemed willing to proceed without at least a peek at his credit history.

Among the companies that checked to see if Jim still wanted that loan he never applied for last May was Mountain Summit Financial (MSF), a lending institution owned by a Native American tribe in California called the Habematelol Pomo of Upper Lake.

Jim told MSF and others who called or emailed that identity thieves had applied for the funds using his name and information; that he would never take out a payday loan; and would they please remove his information from their database? Jim says MSF assured him it would, and the loan was never issued.

Jim spent months sorting out that mess with MSF and other potential lenders, but after a while the inquiries died down. Then on Nov. 27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile.

Curiously, the fraudsters had taken out a loan in Jim’s name with MSF using his real email address — the same email address the fraudsters had used to impersonate him to MSF back in May 2021. Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. That worked, and once inside the account Jim could see more about the loan details:

The terms of the unauthorized loan in Jim’s name from MSF.

Take a look at that 546.56 percent interest rate and finance charges listed in this $1,000 loan. If you pay this loan off in a year at the suggested bi-weekly payment amounts, you will have paid $3,903.57 for that $1,000.

Jim contacted MSF as soon as they opened the following week and found out the money had already been dispersed to a Bank of America account Jim didn’t recognize. MSF had Jim fill out an affidavit claiming the loan was the result of identity theft, which necessitated filing a report with the local police and a number of other steps. Jim said numerous calls to Bank of America’s fraud team went nowhere because they refused to discuss an account that was not in his name.

Jim said MSF ultimately agreed that the loan wasn’t legitimate, but they couldn’t or wouldn’t tell him how his information got pushed through to a loan — even though MSF was never able to pull his credit file.

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach.

“We believe the outsider may have had an opportunity to access the accounts of certain customers, including your account, at which point they would be able to view personal information pertaining to that customer and potentially obtain an unauthorized loan using the customer’s credentials,” MSF said.

MSF said the personal information involved in this incident may have included name, date of birth, government-issued identification numbers (e.g., SSN or DLN), bank account number and routing number, home address, email address, phone number and other general loan information.

A portion of the Jan. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial.

Nevermind that his information was only in MSF’s system because of an earlier attempt by ID thieves: The intruders were able to update his existing (never-deleted) record with new banking information and then push the application through MSF’s systems.

“MSF was the target of a suspected third-party attack,” the company said, noting that it was working with the FBI, the California Sheriff’s Office, and the Tribal Commission for Lake County, Calif.  “Ultimately, MSF confirmed that these trends were part of an attack that originated outside of the company.”

MSF has not responded to questions about the aforementioned third party or parties that may be involved. But it is possible that other tribal lenders could have been affected: Jim said that not long after the phony MSF payday loan was pushed through, he received at least three inquiries in rapid succession from other lenders who were all of a sudden interested in offering him a loan.

In a statement sent to KrebsOnSecurity, MSF said it was “the victim of a malicious attack that originated outside of the company, by unknown perpetrators.”

“As soon as the issue was uncovered, the company initiated cybersecurity incident response measures to protect and secure its information; and notified law enforcement and regulators,” MSF wrote. “Additionally, the company has notified individuals whose personal identifiable information may have been impacted by this crime and is actively working with law enforcement in its investigation. As this is an ongoing criminal investigation, we can make no additional comment at this time.”

According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. representing tribal lenders, the short-term installment loan products offered by NAFSA members are not payday loans but rather “installment loans” — which are amortized, have a definite loan term, and require payments that go toward not just interest, but that also pay down the loan principal.

NAFSA did not respond to multiple requests for comment.

Nearly all U.S. states have usury laws that limit the amount of interest a company can charge on a loan, but those limits traditionally haven’t applied to tribal lenders.

Leslie Bailey is a staff attorney at Public Justice, a nonprofit legal advocacy organization in Oakland, Calif. Bailey says an increasing number of online payday lenders have sought affiliations with Native American tribes in an effort to take advantage of the tribes’ special legal status as sovereign nations.

“The reason is clear: Genuine tribal businesses are entitled to ‘tribal immunity,’ meaning they can’t be sued,” Bailey wrote in a blog post. “If a payday lender can shield itself with tribal immunity, it can keep making loans with illegally-high interest rates without being held accountable for breaking state usury laws.”

Bailey said in one common type of arrangement, the lender provides the necessary capital, expertise, staff, technology, and corporate structure to run the lending business and keeps most of the profits. In exchange for a small percent of the revenue (usually 1-2%), the tribe agrees to help draw up paperwork designating the tribe as the owner and operator of the lending business.

“Then, if the lender is sued in court by a state agency or a group of cheated borrowers, the lender relies on this paperwork to claim it is entitled to immunity as if it were itself a tribe,” Bailey wrote. “This type of arrangement — sometimes called ‘rent-a-tribe’ — worked well for lenders for a while, because many courts took the corporate documents at face value rather than peering behind the curtain at who’s really getting the money and how the business is actually run. But if recent events are any indication, legal landscape is shifting towards increased accountability and transparency.”

In 2017, the Consumer Financial Protection Bureau sued four tribal online payday lenders in federal court — including Mountain Summit Financial — for allegedly deceiving consumers and collecting debt that was not legally owed in many states. All four companies are owned by the Habematolel Pomo of Upper Lake.

The CFPB later dropped that inquiry. But a class action lawsuit (PDF) against those same four lenders is proceeding in Virginia, where a group of plaintiffs have alleged the defendants violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent.

According to Buckley LLP, a financial services law firm based in Washington, D.C., a district court dismissed the RICO claims but denied the defense’s motion to compel arbitration and dismiss the case, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.”

Buckley notes that on Nov. 16, 2021, the U.S. Court of Appeals for the Fourth Circuit upheld the district court ruling, concluding that the arbitration clauses in the loan agreements “impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent.”

Jim said he learned of the Thanksgiving weekend MSF loan only because the hackers apparently figured it was easier to push through loans using existing MSF customer account information than it was to alter anything in the records other than the bank account for receiving the funds.

But had the hackers changed the email address, Jim might have first found out about the loan when the collection agencies came calling. And by then, his exorbitant loan would be in default and racking up some wicked late charges.

Jim says he’s still hopping mad at MSF, and these days he’s just waiting for the other shoe to drop.

“They issued this loan in my name without verification and without even checking my credit at all, even though they were already on notice that they shouldn’t have been dealing with me from the May incident,” Jim said. “I still feel like I’m going to get that call at some point from a collection agency asking why I haven’t been making payments on some installment loan I never asked for.”

Read More

Scary Fraud Ensues When ID Theft & Usury Collide

Read Time:9 Minute, 9 Second

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader’s nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.

The reader who shared this story (and copious documentation to go with it) asked to have his real name omitted to avoid encouraging further attacks against his identity. So we’ll just call him “Jim.” Last May, someone applied for some type of loan in Jim’s name. The request was likely sent to an online portal that takes the borrower’s loan application details and shares them with multiple prospective lenders, because Jim said over the next few days he received dozens of emails and calls from lenders wanting to approve him for a loan.

Many of these lenders were eager to give Jim money because they were charging exorbitant 500-900 percent interest rates for their loans. But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus, and none of the lenders seemed willing to proceed without at least a peek at his credit history.

Among the companies that checked to see if Jim still wanted that loan he never applied for last May was Mountain Summit Financial (MSF), a lending institution owned by a Native American tribe in California called the Habematelol Pomo of Upper Lake.

Jim told MSF and others who called or emailed that identity thieves had applied for the funds using his name and information; that he would never take out a payday loan; and would they please remove his information from their database? Jim says MSF assured him it would, and the loan was never issued.

Jim spent months sorting out that mess with MSF and other potential lenders, but after a while the inquiries died down. Then on Nov. 27 — Thanksgiving Day weekend — Jim got a series of rapid-fire emails from MSF saying they’ve received his loan application, that they’d approved it, and that the funds requested were now available at the bank account specified in his MSF profile.

Curiously, the fraudsters had taken out a loan in Jim’s name with MSF using his real email address — the same email address the fraudsters had used to impersonate him to MSF back in May 2021. Although he didn’t technically have an account with MSF, their authentication system is based on email addresses, so Jim requested that a password reset link be sent to his email address. That worked, and once inside the account Jim could see more about the loan details:

The terms of the unauthorized loan in Jim’s name from MSF.

Take a look at that 546.56 percent interest rate and finance charges listed in this $1,000 loan. If you pay this loan off in a year at the suggested bi-weekly payment amounts, you will have paid $3,903.57 for that $1,000.

Jim contacted MSF as soon as they opened the following week and found out the money had already been dispersed to a Bank of America account Jim didn’t recognize. MSF had Jim fill out an affidavit claiming the loan was the result of identity theft, which necessitated filing a report with the local police and a number of other steps. Jim said numerous calls to Bank of America’s fraud team went nowhere because they refused to discuss an account that was not in his name.

Jim said MSF ultimately agreed that the loan wasn’t legitimate, but they couldn’t or wouldn’t tell him how his information got pushed through to a loan — even though MSF was never able to pull his credit file.

Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach.

“We believe the outsider may have had an opportunity to access the accounts of certain customers, including your account, at which point they would be able to view personal information pertaining to that customer and potentially obtain an unauthorized loan using the customer’s credentials,” MSF said.

MSF said the personal information involved in this incident may have included name, date of birth, government-issued identification numbers (e.g., SSN or DLN), bank account number and routing number, home address, email address, phone number and other general loan information.

A portion of the Jan. 14, 2022 breach notification letter from tribal lender Mountain Summit Financial.

Nevermind that his information was only in MSF’s system because of an earlier attempt by ID thieves: The intruders were able to update his existing (never-deleted) record with new banking information and then push the application through MSF’s systems.

“MSF was the target of a suspected third-party attack,” the company said, noting that it was working with the FBI, the California Sheriff’s Office, and the Tribal Commission for Lake County, Calif.  “Ultimately, MSF confirmed that these trends were part of an attack that originated outside of the company.”

MSF has not responded to questions about the aforementioned third party or parties that may be involved. But it is possible that other tribal lenders could have been affected: Jim said that not long after the phony MSF payday loan was pushed through, he received at least three inquiries in rapid succession from other lenders who were all of a sudden interested in offering him a loan.

In a statement sent to KrebsOnSecurity, MSF said it was “the victim of a malicious attack that originated outside of the company, by unknown perpetrators.”

“As soon as the issue was uncovered, the company initiated cybersecurity incident response measures to protect and secure its information; and notified law enforcement and regulators,” MSF wrote. “Additionally, the company has notified individuals whose personal identifiable information may have been impacted by this crime and is actively working with law enforcement in its investigation. As this is an ongoing criminal investigation, we can make no additional comment at this time.”

According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. representing tribal lenders, the short-term installment loan products offered by NAFSA members are not payday loans but rather “installment loans” — which are amortized, have a definite loan term, and require payments that go toward not just interest, but that also pay down the loan principal.

NAFSA did not respond to multiple requests for comment.

Nearly all U.S. states have usury laws that limit the amount of interest a company can charge on a loan, but those limits traditionally haven’t applied to tribal lenders.

Leslie Bailey is a staff attorney at Public Justice, a nonprofit legal advocacy organization in Oakland, Calif. Bailey says an increasing number of online payday lenders have sought affiliations with Native American tribes in an effort to take advantage of the tribes’ special legal status as sovereign nations.

“The reason is clear: Genuine tribal businesses are entitled to ‘tribal immunity,’ meaning they can’t be sued,” Bailey wrote in a blog post. “If a payday lender can shield itself with tribal immunity, it can keep making loans with illegally-high interest rates without being held accountable for breaking state usury laws.”

Bailey said in one common type of arrangement, the lender provides the necessary capital, expertise, staff, technology, and corporate structure to run the lending business and keeps most of the profits. In exchange for a small percent of the revenue (usually 1-2%), the tribe agrees to help draw up paperwork designating the tribe as the owner and operator of the lending business.

“Then, if the lender is sued in court by a state agency or a group of cheated borrowers, the lender relies on this paperwork to claim it is entitled to immunity as if it were itself a tribe,” Bailey wrote. “This type of arrangement — sometimes called ‘rent-a-tribe’ — worked well for lenders for a while, because many courts took the corporate documents at face value rather than peering behind the curtain at who’s really getting the money and how the business is actually run. But if recent events are any indication, legal landscape is shifting towards increased accountability and transparency.”

In 2017, the Consumer Financial Protection Bureau sued four tribal online payday lenders in federal court — including Mountain Summit Financial — for allegedly deceiving consumers and collecting debt that was not legally owed in many states. All four companies are owned by the Habematolel Pomo of Upper Lake.

The CFPB later dropped that inquiry. But a class action lawsuit (PDF) against those same four lenders is proceeding in Virginia, where a group of plaintiffs have alleged the defendants violated the Racketeer Influenced and Corrupt Organizations Act (RICO) and Virginia usury laws by charging interest rates between 544 and 920 percent.

According to Buckley LLP, a financial services law firm based in Washington, D.C., a district court dismissed the RICO claims but denied the defense’s motion to compel arbitration and dismiss the case, ruling that the arbitration provision was unenforceable as a prospective waiver of the borrowers’ federal rights and that the defendants could not claim tribal sovereign immunity. The district court also “held the loan agreements’ choice of tribal law unenforceable as a violation of Virginia’s strong public policy against unregulated lending of usurious loans.”

Buckley notes that on Nov. 16, 2021, the U.S. Court of Appeals for the Fourth Circuit upheld the district court ruling, concluding that the arbitration clauses in the loan agreements “impermissibly force borrowers to waive their federal substantive rights under federal consumer protection laws, and contained an unenforceable tribal choice-of-law provision because Virginia law caps general interest rates at 12 percent.”

Jim said he learned of the Thanksgiving weekend MSF loan only because the hackers apparently figured it was easier to push through loans using existing MSF customer account information than it was to alter anything in the records other than the bank account for receiving the funds.

But had the hackers changed the email address, Jim might have first found out about the loan when the collection agencies came calling. And by then, his exorbitant loan would be in default and racking up some wicked late charges.

Jim says he’s still hopping mad at MSF, and these days he’s just waiting for the other shoe to drop.

“They issued this loan in my name without verification and without even checking my credit at all, even though they were already on notice that they shouldn’t have been dealing with me from the May incident,” Jim said. “I still feel like I’m going to get that call at some point from a collection agency asking why I haven’t been making payments on some installment loan I never asked for.”

Read More

LA Launches Cyber Resilience Center

Read Time:1 Minute, 54 Second

LA Launches Cyber Resilience Center

The Port of Los Angeles has opened a new Cyber Resilience Center (CRC) that will detect and protect against cyber-threats that could potentially impact cargo flow.

In addition to providing the port with an early warning system, the center will enable CRC stakeholders – such as tenants and cargo handlers – to quickly share threat indicators and better coordinate defensive responses.

A $6.8m agreement for International Business Machines Corporation (IBM) to design, install, operate and maintain the center was approved by the Los Angeles Board of Harbor Commissioners in December 2020. 

“Now more than ever, there’s a critical need for global supply chains to operate securely and undisrupted. We’re honored to partner with the Port of Los Angeles to design and build its Cyber Resilience Center, further strengthening its cyber preparedness,” said Wendi Whitmore, vice president, IBM Security X-Force in 2020.

She added: “As the Port of Los Angeles takes these significant steps to strengthen the cyber resilience of its ecosystem, we’re proud it selected IBM’s premier capabilities in threat intelligence, AI and cloud security to help achieve this.”

The new center’s opening is not the first significant cybersecurity effort undertaken by the Port of Los Angeles. Since 2015, the port has maintained an ISO 27001 certification. In 2014, the port established the nation’s first port-based Cyber Security Operations Center to proactively monitor the port’s digital environment for vulnerabilities and cyber-threats. 

The new CRC builds on the port’s pre-existing technology infrastructure to improve cyber information sharing quality, quantity and speed.

Port of Los Angeles executive director Gene Seroka said: “We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo.”

Around 20 participating stakeholders are now using the new CRC system and accessing IBM X-force Threat Intelligence. More groups are expected to join the system every six months. 

Through the CRC, stakeholders will be offered annual cybersecurity training and have the chance to participate in tabletop exercises.

Christopher McCurdy, general manager of IBM Security Services, said: “The Port of Los Angeles is setting a new industry standard with its first-of-its-kind initiative to increase cyber readiness across the maritime community.”

Read More

LA Launches Cyber Resilience Center

Read Time:1 Minute, 54 Second

LA Launches Cyber Resilience Center

The Port of Los Angeles has opened a new Cyber Resilience Center (CRC) that will detect and protect against cyber-threats that could potentially impact cargo flow.

In addition to providing the port with an early warning system, the center will enable CRC stakeholders – such as tenants and cargo handlers – to quickly share threat indicators and better coordinate defensive responses.

A $6.8m agreement for International Business Machines Corporation (IBM) to design, install, operate and maintain the center was approved by the Los Angeles Board of Harbor Commissioners in December 2020. 

“Now more than ever, there’s a critical need for global supply chains to operate securely and undisrupted. We’re honored to partner with the Port of Los Angeles to design and build its Cyber Resilience Center, further strengthening its cyber preparedness,” said Wendi Whitmore, vice president, IBM Security X-Force in 2020.

She added: “As the Port of Los Angeles takes these significant steps to strengthen the cyber resilience of its ecosystem, we’re proud it selected IBM’s premier capabilities in threat intelligence, AI and cloud security to help achieve this.”

The new center’s opening is not the first significant cybersecurity effort undertaken by the Port of Los Angeles. Since 2015, the port has maintained an ISO 27001 certification. In 2014, the port established the nation’s first port-based Cyber Security Operations Center to proactively monitor the port’s digital environment for vulnerabilities and cyber-threats. 

The new CRC builds on the port’s pre-existing technology infrastructure to improve cyber information sharing quality, quantity and speed.

Port of Los Angeles executive director Gene Seroka said: “We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo.”

Around 20 participating stakeholders are now using the new CRC system and accessing IBM X-force Threat Intelligence. More groups are expected to join the system every six months. 

Through the CRC, stakeholders will be offered annual cybersecurity training and have the chance to participate in tabletop exercises.

Christopher McCurdy, general manager of IBM Security Services, said: “The Port of Los Angeles is setting a new industry standard with its first-of-its-kind initiative to increase cyber readiness across the maritime community.”

Read More

New Mexico Files Cybersecurity Bills

Read Time:1 Minute, 48 Second

New Mexico Files Cybersecurity Bills

Lawmakers in New Mexico from both sides of the aisle have introduced new legislation to defend the state against cyber-threats. 

In the past six days, Republican senator Rebecca Dow and Democratic senator Michael Padilla have each filed a cybersecurity bill in a bid to ensure additional attack prevention measures are implemented in the country.

Dow’s bill (HB122), which was filed to a House committee on January 21, is centered around increasing the cybersecurity of public schools.

“The last thing we need while students are learning remotely is a cybersecurity breach. This further disrupts learning,” said representative Dow. 

She added: “Dollars need to go to improving student outcomes, not to paying ransoms.”

Dow’s proposed legislation would require the introduction of a School Cybersecurity Program for the statewide education technology infrastructure network by the end of fiscal year 2026. 

“It will cost about 43 million dollars to address the needs of all 87 school districts, and that’s based on a cybersecurity task force that we requested them to investigate and report back to us,” said Dow, “Now it’s time for us to fund that.”

Representative Padilla’s proposed legislation (HB98), filed on January 19, would allocate $1m to create an Office of Cybersecurity within New Mexico that would include a team of cybersecurity experts led by a chief officer. 

Padilla said the office would act as “a repository for all best practices” and would “save districts money, time, and energy.”

“You have a place to better spend the dollars that are utilized and available to fight cybersecurity attacks,” said the senator. 

On or before September 1 2022, the cybersecurity office would be required to develop and present to the governor and the appropriate legislative interim committee a preliminary five-year statewide cybersecurity plan. 

“The preliminary plan shall include an assessment of cybersecurity services for governmental agencies and public educational institutions across the state compared to the standards established by various federal requirements for research grants or education or cybersecurity assistance programs,” states the bill.

Input for the plan would be requested from each local and tribal government within New Mexico.

Read More