Dr. Chase Cunningham - Defend & Conquer Weekly Review September 27, 2023

Top Cybersecurity News This Week: College Cybersecurity Breach, Zero Trust at DIA, and Cybersecurity Expertise on Boards

In this week's edition of CybersecurityHQ, we delve into the top cybersecurity news stories you need to know. From a college forced to invest millions in cybersecurity after a breach to the importance of Zero Trust implementation at the Defense Intelligence Agency (DIA), there is much to discuss. Additionally, we explore the lack of cybersecurity expertise on company boards and the repercussions faced by a nursing home for a cybersecurity breach. Lastly, we touch on the recent cybersecurity incident at the International Criminal Court and the vulnerabilities of self-driving cars.

1. College Forced to Invest in Cybersecurity After Breach

New York College finds itself in hot water after suffering a data breach affecting 200,000 students. The New York State Attorney General is requiring the college to invest $3.5 million in cybersecurity, holding them accountable for the breach. While it may seem harsh, this incident serves as a cautionary tale for organizations to invest wisely in cybersecurity measures before experiencing a breach. By proactively securing data and systems, companies can avoid the hefty fines and reputation damage that result from a data breach.

2. Zero Trust Implementation at the Defense Intelligence Agency (DIA)

The Defense Intelligence Agency's (DIA) Chief Information Officer (CIO) sheds light on the importance of Zero Trust implementation. The CIO explains that when strict Zero Trust protocols are put in place, some applications and devices may stop working. While this may cause initial frustrations, it is ultimately a positive outcome as it indicates that only applications meeting the DIA's stringent security measures can access their network. This demonstrates that a strategic approach to Zero Trust can potentially enhance an organization's security posture by highlighting vulnerabilities that can be addressed and fixed.

3. Lack of Cybersecurity Expertise on Company Boards

A recent study reveals that just 12% of S&P 500 companies have board directors with relevant cybersecurity credentials. This lack of cybersecurity expertise poses a significant risk to organizations as they navigate an increasingly complex and ever-evolving threat landscape. It is crucial for companies to have board members who understand the intricacies of cybersecurity to effectively address and mitigate risks. If your organization lacks cybersecurity professionals on the board, it is essential to rectify this gap to better protect your business assets.

4. Nursing Home Penalized for Cybersecurity Breach

The Broomfield Nursing Home and Rehab Center in Colorado faces penalties and a requirement to upgrade its information security systems following a data breach that exposed sensitive personal data of patients and employees. While this breach is not uncommon, it is notable that during a quick investigation, several vulnerabilities were found in the state of Colorado's systems, including an internet-exposed FTP server. Organizations tasked with enforcing cybersecurity requirements should lead by example and ensure their own cybersecurity measures are robust.

5. Cybersecurity Incident at the International Criminal Court

In a surprising turn of events, the International Criminal Court's information systems were breached shortly after announcing their intentions to enforce international cybersecurity laws. The incident raises concerns about the court's ability to effectively address cybersecurity matters if they cannot secure their own systems. It is essential for organizations advocating for cybersecurity to prioritize their own security to maintain credibility and trust within the industry.

6. John Kindervag Joins Illumio

Renowned Zero Trust expert, John Kindervag, renowned as the ZT godfather, has recently joined Illumio—an intriguing development in the cybersecurity market. John's previous experience at Palo Alto adds to the anticipation surrounding Illumio's future direction. As the industry continues to adopt Zero Trust principles, Kindervag's involvement with Illumio may pave the way for innovative advancements in their Zero Trust offerings.

7. Hacking Self-Driving Cars

Self-driving cars have been a topic of fascination and concern for years. A recent article from Northeastern.edu highlights the vulnerabilities of these vehicles to hacking and manipulation. With the potential for self-driving 18-wheelers and trains in the near future, it becomes imperative to bolster the security of autonomous vehicles. Misconfigurations or malicious modifications can have severe consequences, endangering lives on the road. As the development and adoption of self-driving technology progresses, addressing these security concerns becomes paramount.

In conclusion, this week's CybersecurityHQ provides significant insights into the state of cybersecurity across various sectors. From the repercussions faced by a college after a breach to the importance of Zero Trust implementation, these stories emphasize the need for proactive cybersecurity measures. Furthermore, the lack of cybersecurity expertise on company boards, penalties faced by organizations for breaches, and vulnerabilities in critical institutions highlight the ongoing need for robust cybersecurity practices. At a time when cybersecurity threats are growing in complexity, it is crucial for organizations and individuals to remain vigilant and adapt their security strategies to mitigate risks effectively. Stay informed, stay safe, and stay secure.