Ransomware attack leads to shutdown of major U.S. pipeline system

By: David E. Sanger

A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York.

The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack.

Read more here.

The Cybersecurity Job Gap and How Getting Women in STEM can Help [Video]

As the number of cyber-attacks continues to grow each year, the importance of cybersecurity and the need for cybersecurity practitioners will also continue to increase.

As previously stated, Researchers at Cybersecurity Ventures detailed in a 2019 post there would be 3.5 million unfilled cybersecurity positions globally in 2021, but with the addition of 700,000 additional skilled practitioners according to a Cybersecurity Workforce Study that entered the field this year, the projected number has dropped to approximately 3,21 million.

This is encouraging data and it seems we are moving in a position direction as the numbers have actually fallen for the first time since data on this matter has been collected.

To continue to effectively reduce the cybersecurity job gap, we should look towards STEM and the underrepresented group of young women and girls.

Women make up only 28% of the workforce in science, technology, engineering and math (STEM), and men vastly outnumber women majoring in most STEM fields in college.

Key factors perpetuating the women STEM gap:

  • Gender Stereotypes: STEM fields are often viewed as masculine.
  • Male-Dominated Cultures: Because fewer women study and work in STEM, these fields tend to perpetuate inflexible, exclusionary, male-dominated cultures that are not supportive of or attractive to women and minorities.
  • Fewer Role Models: girls have fewer role models to inspire their interest in these fields, seeing limited examples of female scientists and engineers in books, media and popular culture. There are even fewer role models of Black women in math and science.

Some ways of closing the STEM Gap for women are:

    • Raise awareness that girls and women are as capable as boys — when given encouragement and educational opportunities.
    • Promote public awareness to parents about how they can encourage daughters as much as sons in math and science
    • Supporting learning opportunities and positive messages about their abilities.
    • Provide professional education to teachers — addressing implicit and systemic biases.
    • Encourage girls and women to take math and science classes — including advanced classes.
    • Design courses and change environments and practices in STEM studies to be more welcoming for women.
    • Prioritize diverse, inclusive and respectful environments, and strong, diverse leadership.
    • Recruit female employees and work to retain and promote women throughout their careers with strong advancement pipelines and continued professional development and leadership training.

 

 

Social Media Safety Awareness Tips

Social media provides a way to stay connected and share with others, but did you know that the cyber criminals will also use social media as another technique to conduct their attacks.  It is important to protect yourself as well as know the common signs of someone trying to trick or scam you.

Over social media one common method is that cyber criminals will take over someone’s social media account.  Once they control the account a criminal will pretend to be the accounts owner and post an urgent message to everyone connected to that account.  This message will say they are traveling internationally, and that they were just mugged and desperately need you to send them money.

If you send money, you are not helping your friend you are actually sending money to the criminal.  Another common method is similar to phishing email attacks.  Cyber criminals post messages attempting to trick you into clicking on a link that takes you to a malicious website.

Watch out for messages that seem urgent suspicious or try to make you feel rushed or afraid.  If you receive an odd message from a friend and are not sure if it was really then that sent it call them on the phone to confirm.

Finally, attackers may use software to try and guess your password, if they gain access, they can then use your account to launch attacks on your contacts and friends.  Always try protecting each of your social media accounts with a unique strong password and enable two factor authentication whenever possible.

Internet Safety Tips for Parent and Kids [Video]

In a recent interview on the BNC network, I provided a few tips to keep kids safe while online on the Internet.  We feel having a set of rules that guides both a child and parent on online usage and expectations makes a lot of sense.  It also allows an opportunity for both the parent and child to talk about the components that are in the contract as a way to dialog about the importance of being in the digital world.

You can view a copy of our online agreement here.

Supply Chain Risk Management (SCRM) Explained

Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of IT products and service supply chain.

Supply chain risks may include insertions of counterfeits, unauthorized production, tampering, theft insertion of malicious software and hardware, as well as poor manufacturing and development practices in the supply chain.

These may lead to loss of sensitive information or cause unsafe situations that could compromise an organization’s mission, personnel or reputation.

The Supply Chain Risk Management Life Cycle

Risk Identification

The only way to address risk is to make sure you’re identifying it in the first place. The first phase of the risk management lifecycle is to establish a risk profile and then enact active monitoring to keep it up to date.

Risk Assessment

Understand what impact a risk event could have on your business. Be aware of those partners who have a significant impact on sales, margins or profit.

Risk Mitigation

Define both preventive action plans and reactive action plans. These are what provide the basis for addressing risk using appropriate measures to secure supply and protect brand.

Types of Supply Chain Risk Management

Cyber Risk

The possibility that your business is harmed by your suppliers’ use of technology.

Financial Risk

The possibility that suppliers will encounter a business scenario that threatens their financial health.

Reputational Risk

The possibility that a supplier will engage in activity that negatively affects your brand perception.

Natural Disaster Risk

The possibility that your supply chain is disrupted by a hurricane, earthquake or other natural hazard.

Man-Made Risk

Man-made risk is the possibility that your supply chain is disrupted by events like fires or explosions.

While there are many SCRM sources of best practices, the NIST makes many publications freely available.

Non-sensitive PII + Sensitive PII = Sensitive PII

Non-sensitive PII refers to any information that is publicly available.  If any of the information is combined with sensitive PII, then it would become sensitive PII.  Some Examples of Non-sensitive PII are:

  • Work phone #
  • Work fax #
  • Work email address
  • Work location

Sensitive PII is personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.  A person’s name in combination with any one of the following:

  • Email Address
  • Home telephone number
  • Place of birth
  • Date of birth
  • Driver’s license number
  • Mother’s maiden name
  • Passport number
  • Financial, medical, or criminal records
  • Biometrics (such as DNA, iris scan, fingerprints)
  • Financial/bank account numbers
  • Personal or government account credit or debit card number
  • Employment information to include ratings, disciplinary actions, performance elements and standards.

Non-Sensitive PII together combined with Sensitive PII = Sensitive PII

Tips for handling PII:

Protect:

Everyone has the responsibility to protect “PII in any form (physical or electronic, sensitive or non-sensitive) from unauthorized disclosure, modification, or destruction in order to ensure its confidentiality, integrity, and availability.”

Destroy:

PII that is no longer needed should be destroyed in order to reduce risk to your organization (follow record retention schedules).

Disclosure:

You should only share sensitive personal information to authorized individuals. If you have doubts about sharing sensitive data, consult with your supervisor or Privacy Manager.