CyberJudicata Weekly Debrief (12/30–1/3)
Happy New Year! The first Weekly Debrief of 2020 covers a number of interesting topics, such as the Ryuk ransomware that took down a maritime facility, ransomware at IT services provider, resuscitating cyber prevention, defending against APTs, and CCPA coverage.
"An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas. The agency did not reveal the name or the location of the port authority; however, it described the incident as recent."
"Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible."
"According to recent research by Kapersky 86% of CISOs now believe that data breaches are inevitable. This kind of thinking means that most security teams are focusing their efforts, and budgets, on palliative measures, damage limitations, risk offsets, and securing back-ups to restore areas that have been damaged. This unfortunate perspective was born out of the 2013-2015 “big breach era”, and has effectively constrained the strategic dialogue around reactive, after-the-fact focus."
"Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data and resources."
"The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant. New year, new privacy regulations: The California Consumer Privacy Act (CCPA) went into effect on January 1, marking the start of a widespread law that will likely have implications beyond state lines."
"Fittingly for the start to a new decade, California decided to go big with its 2020 New Year’s resolution. Today, the California Consumer Privacy Act goes into effect. Passed unanimously in June 2018, it’s the first law in the US to set up a comprehensive set of rules around consumer data, akin to the European Union’s General Data Protection Regulation, or GDPR. Industry and privacy advocates have been fighting over the fine print ever since."
"California’s much-debated privacy law officially takes effect today, a year and a half after it was passed and signed — but it’ll be six more months before you see the hammer drop on any scofflaw tech companies that sell your personal data without your permission. The California Consumer Privacy Act, or CCPA, is a state-level law that requires, among other things, that companies notify users of the intent to monetize their data, and give them a straightforward means of opting out of said monetization."
"Here’s a top-level summary of some of its basic tenets:
California authorities are empowered to fine companies for violations.
Businesses can, however, offer “financial incentives” for being allowed to collect data.
Businesses will be required to comply with official consumer requests to delete that data.
Consumers can opt out of their data being sold, and businesses can’t retaliate by changing the price or level of service.
Businesses must disclose what information they collect, what business purpose they do so for and any third parties with whom they share that data."
. . .