reporting - X-Industry - Red Sky Alliance2024-03-29T01:43:03Zhttps://redskyalliance.org/xindustry/feed/tag/reporting8-K a Need for Cyber Threat Intelhttps://redskyalliance.org/xindustry/8-k-a-need-for-cyber-threat-intel2023-08-19T11:20:00.000Z2023-08-19T11:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12163861074,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12163861074,RESIZE_400x{{/staticFileLink}}" alt="12163861074?profile=RESIZE_400x" width="250" /></a>According to IBM’s Cost of a Data Breach Report 2022, the global average total cost of a data breach increased by USD 0.11 million to USD 4.35 million in 2022, the highest it's been in the history of this report. The increase from USD 4.24 million in the 2021 report to USD 4.35 million in the 2022 report represents a 2.6% increase.</p>
<p>See: <a href="https://www.ibm.com/reports/data-breach">https://www.ibm.com/reports/data-breach</a></p>
<p>In addition to the financial costs the US Government has additional timed reporting planned for all publicly held companies. The US Securities and Exchange Commission (SEC) announced on 26 July 2023 that it has adopted new cybersecurity incident disclosure rules for public companies, but there is some concern that the new rules might actually be helping hackers. The goal of the new rules is “to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents”.</p>
<p>Publicly traded companies will be required to disclose, through a Form 8-K filing, any material cybersecurity breach within four business days, unless otherwise instructed by the US attorney general due to substantial risk to national security or public safety.</p>
<p>Would it not make more sense to prevent a cyber breach from happening in the first place? There is a service named RedXray that can notify any organization in the world of cyber threats that have not yet breached the entity’s network. US publicly held companies could save time and embarrassment by not having to report on cyber breaches that could have been prevented.</p>
<p>The SEC filing must describe the incident’s nature, timing, scope and material impact (or likely material impact). It’s worth noting that the timer for the four (4) days starts the moment the victim determines that an incident is material. Companies will also have to regularly provide information on their processes for identifying, assessing and managing risks associated with cyber threats, as well as on material impact from threats and previous incidents.</p>
<p>Information on the board of directors’ oversight of cybersecurity risks and management’s expertise and role in managing cybersecurity-related material risks will also need to be provided.</p>
<p>The Form 8-K disclosures will be required starting 90 days after the publication of the rules in the Federal Register or 18 December 2023. Smaller companies have been given an additional 180 days. “Whether a company loses a factory in a fire or millions of files in a cybersecurity incident it may be material to investors,” said SEC Chair Gary Gensler. “Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way.”</p>
<p>While some have applauded the SEC’s efforts to ramp up expectations for companies, others are not happy with the new rules. The rules passed by a 3-2 vote and one of those who voted against it is SEC commissioner Hester Peirce, who raised concerns that the requirements will harm investors due to the additional costs associated with the disclosure process. In addition, Peirce pointed out that the disclosure requirements could actually help cybercriminals. “The strategy and governance disclosures risk handing them a roadmap on which companies to target and how to attack them. The 8-K disclosures, which are unprecedented in nature, could then tell successful attackers when the company finds out about the attack, what the company knows about it, and what the financial fallout is likely to be (i.e., how much ransom the attacker can get),” Peirce said.</p>
<p>“The requirement to file an amended 8-K when new information comes in will provide the attacker regular updates on the company’s progress. The 8-K disclosures also will signal to other would-be attackers an opportune time to attack. The careful drafting necessary to avert some of these problems will be difficult in the four-day filing timeframe,” Peirce added.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.<br /> Source: </em><a href="https://www.securityweek.com/companies-required-by-sec-to-disclose-cybersecurity-incidents-in-4-days/">https://www.securityweek.com/companies-required-by-sec-to-disclose-cybersecurity-incidents-in-4-days/</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p> </p></div>What Ransomware Needs - Transparencyhttps://redskyalliance.org/xindustry/what-ransomware-needs-transparency2022-09-18T17:39:40.000Z2022-09-18T17:39:40.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10815591865,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10815591865,RESIZE_400x{{/staticFileLink}}" width="250" alt="10815591865?profile=RESIZE_400x" /></a>Ransomware is currently one of the most significant cybersecurity issues facing all business and government sectors, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more so as to encrypt files and demand a ransom payment for the decryption key. Despite warnings, many victims pay these ransoms, under the impression that it is the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data. But all this means is that the attack cycle continues, with ransomware groups using their ill-gotten gains to finance more ambitious attacks.</p>
<p>Many of ransomware incidents are simply kept private, so it is hard to get a good picture of what is really happening to many organizations. Even when companies do admit to a cyber-attack, they are very often vague about what has happened, and seem most reluctant to describe any incident as a ransomware attack.<a href="#_ftn1">[1]</a> </p>
<p>A serious cyber-attack, a cyber incident that has caused some disruption and data being encrypted by a third-party are just some of the statements put out by victims of ransomware attacks to describe what happened, but never mentioning ransomware. Some victims eventually become more open about what happened, but only months or years after the incident and some never publicly acknowledge it was ransomware at all. </p>
<p>It is frustrating for investigators who are not able to get a comprehensive and clear picture about the current ransomware situation. Researchers are trying to read between the lines of the vague statements about a sophisticated cyber incident that has disrupted services, and they are determining that it was in fact, a ransomware attack. This lack of transparency about ransomware attacks and other cyber incidents may be damaging to everyone.</p>
<p>Some victims disclose that it is ransomware attack, through their CISO’s or senior management. The common thread among these cybersecurity leaders who choose to speak about their organizations being hit by ransomware, is that they want to help prevent others from becoming the next victim by detailing the lessons they learned about increasing their cyber threat notifications and cyber defenses to prevent future incidents. The best time to take action is always before the attack takes place.</p>
<p>Who do you call for help to support Transparency? In a recent talk by the FBI, they urge they be called even if the company does not want to prosecute. Why? Because the valuable information derived from that ransomware attack can be used to connect other tactics and criminal or state sponsored hacking organizations. This is very important. In the case of the Colonial Pipeline cyber-attack, the FBI was immediately called and they set-up a e-dye pack to follow the e-commerce ransom money and were able to identify the culprits and retrieve the ransom. The e-dye pack is no different than the dye packs used in banks, where the robbers grab the money packet and when they leave the bank, the money pack activate and spreads blue dye on the criminals so the responding police can identify them. </p>
<p>In some cases, it looks like this situation may already changing; recently, Los Angeles Unified (LAUSD), the second biggest school district in the US, was hit by a ransomware attack, immediately disclosing the incident to the authorities, as well as keeping the wider general public up to date about the situation. Red Sky Alliance reported on this last week. Their approach was praised by director of the Cybersecurity & Infrastructure Security Agency (CISA), who said LAUSD "clearly knows the value of transparency when responding to a cyber incident their speed, clarity and focus on partnership is commendable" and described them as a "Great example of how to keep stakeholders informed, including potential impacts & what to expect next."</p>
<p>Dealing with a ransomware attack is a challenge, but the way organizations frame the experience is just as important as the technical response. By detailing what has happened and how the incident is resolved, they can generate positive feedback and show that the ransomware gangs do not always have to be feared. It might prevent others from suffering the same fate. In the fight against ransomware, it is going to be better for everyone if there is more transparency around attacks. </p>
<p>It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. No government can stop these attacks except for the counties that are sponsoring or benefitting from the ransom payments.</p>
<p>The following is what Red Sky Alliance recommends:</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication-company wide.</li>
<li>For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on ten (10) cyber threat categories including Keyloggers, with having to connect to your network.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.zdnet.com/article/the-ransomware-problem-wont-get-better-until-we-change-one-thing/">https://www.zdnet.com/article/the-ransomware-problem-wont-get-better-until-we-change-one-thing/</a></p></div>