It’s rarely boring in the cybersecurity industry. From new breaches to developing regulations, there is always something to keep up with, and the past week was no different. Uber proved that even if you take care of one vulnerability, there is always another attack around the corner. Meanwhile, both the EU and U.S. took further steps to upgrade their regulatory action and support for cybersecurity protection. Let’s dive in.
Following a hacker revealing they had accessed Uber’s computer systems, the ride-share company announced last week that it was looking into the incident. In a statement posted to Twitter, a representative explained that their team was “in touch with law enforcement and will post additional updates here as they become available.” Fortunately, Uber does not believe that sensitive customer data was compromised. However, this is not the first time that it has run into a cybersecurity issue. As CNN pointed out, the company previously paid to cover up a 2016 breach that impacted 57 million driver and rider accounts.
As cyberattacks like this continue to unfold, regulators remain on their mission to find ways to enhance protective measures. In its latest initiative, the EU has set its sights on smart and connected devices. From mobile apps to refrigerators, a draft of new rules outlines that developers of these products must undergo risk assessments. During these reviews, manufacturers must fix any vulnerabilities that are discovered and notify EU cybersecurity agency ENISA of their plans to do so within 24 hours. Reuters reports that companies that do not comply could face up to 15 million euros in fines.
Back in the U.S., the Biden administration continues to build on its cross-agency cybersecurity plan. After passing its $1.2 trillion infrastructure spending law just shy of a year ago, the administration just launched a $1 billion grant program that aims to assist state and local cybersecurity. According to State Scoop, states and territories have a 60-day period to submit applications detailing their plans. Once the recipients are selected, the Cybersecurity and Infrastructure Security Agency as well as the Federal Emergency Management Agency will help to oversee the distribution of the funds. Representatives shared that a separate grant program will be introduced to help tribal governments.
Key Takeaways:
“Uber investigating ‘cybersecurity incident’ after hacker claims to access internal systems” – Sean Lyngaas, CNN
https://www.cnn.com/2022/09/15/tech/uber-cybersecurity-incident/index.html
- Following a hacker revealing they had accessed Uber’s computer systems, the ride-share company announced last week that it was looking into the incident.
- In a statement posted to Twitter, a representative explained that their team was “in touch with law enforcement and will post additional updates here as they become available.”
- Fortunately, Uber does not believe that sensitive customer data was compromised.
“EU proposes rules targeting cybersecurity risks of smart devices” – Foo Yun Chee, Reuters
- A draft of new rules introduced in the EU outlines that developers of smart and connected devices must undergo risk assessments.
- During these reviews, manufacturers must fix any vulnerabilities that are discovered and notify EU cybersecurity agency ENISA of their plans to do so within 24 hours.
- Companies that do not comply could face up to 15 million euros in fines.
“Cybersecurity grant program kicks off with long-awaited guidelines” – Benjamin Freed, State Scoop
https://statescoop.com/cybersecurity-grant-program-cisa-fema-dhs/
- After passing its $1.2 trillion infrastructure spending law just shy of a year ago, the Biden administration just launched a $1 billion grant program that aims to assist state and local cybersecurity.
- States and territories have a 60-day period to submit applications detailing their plans.
- The Cybersecurity and Infrastructure Security Agency as well as the Federal Emergency Management Agency will help to oversee the distribution of the funds.