New Legislation and Warnings Arise with Cybersecurity Uncertainty [Weekly Cybersecurity Brief]

As we have been covering, Russia’s invasion of Ukraine is the latest catalyst to ignite our awareness of cybersecurity risk. It has reminded us that both big and small actions are needed to proactively protect our systems whether there are direct or indirect threats present. So, we continue our series of news roundups reporting on the latest developments to stem from the current geopolitical state.

We start with the legislative push for cyberattack reporting amid growing concerns. Last week, the Senate passed “The Strengthening American Cybersecurity Act,” which combines points from previous proposals to set up requirements for critical infrastructure information sharing. Based on the legislation, critical infrastructure owners would have 72 hours to tell the Cybersecurity and Infrastructure Security Agency if they have experienced a significant breach and 24 hours to report ransomware payments. According to Geneva Sands of CNN, it also dictates that the government “take a risk-based approach to cybersecurity,” including authorization for the Federal Risk and Authorization Management Program (FedRAMP) to progress agencies’ transitions to cloud technology use. Speaking of this passage, Democratic Sen. Gary Peters of Michigan stated, “As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government.”

Although not a legislative move, the U.S. Treasury Department is heading its own preparation warning. Amid banking sanctions placed on Russia, Reuters reports that the agency has contacted cryptocurrency organizations such as exchange and trade groups to discuss security measures. This outreach comes as the crypto industry continues to expand. The University of Chicago summarized that it surpassed $3 trillion last year and has seen an increase in investments, which has influenced its role as a target for cybercrimes. Although there is no evidence that there is a specific threat based on circumstances with Russia, the department’s initiative is aimed at protecting digital assets and circumventing any potential issues as more people and organizations turn to them.

While both stories address the large-scale cybersecurity actions being taken, there are also individual solutions that can be implemented. If such conversations, have you thinking about your own company’s approach, or even your personal approach, one of the foundational elements you can start with is email. As Attila Tomaschek writes for CNet, “Email is still one of the most widely used online communication technologies, but it’s also one of the least secure — which is why it requires extra care.” With that, he outlined some of the simple steps that you can follow. One of the most basic is making sure that you are using a unique password. Beyond that, tasks include applying tools like two-factor authentication and message encrypting. These will help in the incident that your password is for some reason compromised. Additionally, remain mindful. Make sure that as you are going through your messages to practice discernment to avoid falling victim to phishing scams. In times like these, a phishing scam may attempt to appeal to your eagerness to help those impacted by the situation in Ukraine. Before clicking links, be careful about verifying that they come from a familiar and reputable source.

Key Takeaways:

“Senate passes major cybersecurity legislation to force reporting of cyberattacks and ransomware” – Geneva Sands, CNN

https://www.cnn.com/2022/03/02/politics/senate-passes-major-cybersecurity-legislation/index.html

  • Last week, the Senate passed “The Strengthening American Cybersecurity Act,” which combines points from previous proposals to set up requirements for critical infrastructure information sharing.
  • Critical infrastructure owners would have 72 hours to tell the Cybersecurity and Infrastructure Security Agency if they have experienced a significant breach and 24 hours to report ransomware payments.
  • It also dictates that the government “take a risk-based approach to cybersecurity,” according to Geneva Sand’s CNN article.

“U.S. Treasury warns crypto firms on Russia cybersecurity threat – source” – Hannah Lang, Reuters

https://www.reuters.com/technology/us-treasury-warns-crypto-firms-russia-cybersecurity-threat-source-2022-03-03/

  • The U.S. Treasury Department has reached out to cryptocurrency organizations to ensure security measures.
  • This action comes after Western allies issued banking sanctions on Russia.
  • While there is no direct threat, experts warn that the growing crypto industry could serve as a potential target.

“5 Ways to Protect Your Email as Cybersecurity Concerns Grow” – Attila Tomaschek, CNet

https://www.cnet.com/tech/services-and-software/5-ways-to-protect-your-email-as-cybersecurity-concerns-grow/

  • Although smaller organizations are not likely targets for cybersecurity threats associated with Russia and Ukraine, there are individual tasks that can be implemented if you want to ensure personal security.
  • One of the first measures of defense is protecting your email.
  • Steps to do so include using a strong password, utilizing tools such as two-factor authentication, and remaining mindful of phishing scams.
Share