Carl H.

Listening to a great talk on single point of failure supply chain by Tarah Wheeler at the IANS Boston security forum. Great talk and a great introduction to the discussion led later today on this issue. If you are here and want to continue this massively important issue join my session on supply chain at 1:05 PM. I believe this is one of the biggest problems in cybersecurity today. What can you do about it? What are you doing about it? Tarah is bringing up some great points. Have you implemented her suggestions? What have been your challenges? Have you considered the wide variety of sources of supply chain attacks? Software updates are not the only thing you need to worry about. What tools exist to help you defend against these attacks? This was a great introduction to today’s discussion and I hope it helps people consider the severity of this issue. Come to learn and share how you are dealing with supply chain attacks with your peers.

8

Join us on Wednesday, May 29th at 8:30 AM to discover how CERT Ukraine and CISA work together to combat cyber threats! Limited tickets available - act fast! Link in bio for more details and to get tickets. #CERTUkraine #CISA #CyberDefense #Collaboration #CyberSecurity.

12

Why Security Matters: A Lesson from the Golf Course https://lnkd.in/duCjZ4s5

1

EFT fraud can happen to any business, no matter what the size or industry. The financial and operational risks are too significant to ignore. From dual verification processes to secure payment portals and cybercrime insurance, there are key measures every business leader should adopt. Proactively safeguarding your financial transactions is not just about preventing losses—it's about maintaining trust with your vendors and customers. Learn more about strategies to protect your business from EFT fraud and secure your operations in today's digital landscape. CMIT Solutions is ready to help. #CyberSecurity #EFTFraud #BusinessProtection https://lnkd.in/eprBEUnN

3

Cybersecurity assessments your business can rely on for real answers and real results. Contact Dox at doxnet.com or call (585) 473-7766. #Cybersecurity #Assessments #Dox

1

looking forward to this Conference and having great conversations about Cybersecurity and Compliance.

6

Getting ready to lead discussions in Boston this week. Come join to talk about supply chain attacks - think about all your devices, not just software - and better security testing in your software development lifecycle.

4

The Hidden Costs of Going Back to Paper and Pencil After a Cyber Attack: Suffolk County, New York, has spent over $25 million on response and recovery efforts. But beyond the financial burden of remediation, there's another, often overlooked cost: the return to manual, paper-based processes. For months after the attack, Suffolk County was forced to revert to paper and pencil to keep essential services running, causing significant disruptions. This not only slowed down operations but also created additional administrative burdens and inefficiencies. Imagine the long lines, delayed public services, and the manual labor required to process records that once flowed effortlessly through digital systems. The cost of lost time, inefficiency, and error rates skyrocketed as the county scrambled to maintain essential services. The Suffolk County cyberattack is a stark reminder of the hidden operational costs of insufficient cyber defenses. Going back to paper may seem like a temporary fix, but it’s expensive. Now more than ever, municipalities must invest in expanding and maturing cybersecurity measures to protect their digital infrastructure and avoid the costly consequences of a breach. Let’s talk about how we can help your locality fortify its defenses. Contact us today to learn more about how TANDMM can assist. #CyberSecurity #MunicipalGovernment #DigitalTransformation #PublicSector #CyberResilience #Ransomware Sources: Suffolk County Ransomware Investigation - The Record Suffolk County Cyber Attack Report

9

Payments System Disruption - Free All-Sector TTX - Dec 11, 12-4PM ET Join us and hundreds of your peers for a complementary, all-sector virtual tabletop exercise. Are you prepared to respond to the unexpected? In today’s interconnected landscape, resilience isn’t just about preparation—it’s about collaboration and adaptability across all sectors. Our All-Sector Virtual TTX is designed to help leaders and teams strengthen their response strategies, share insights, and navigate complex challenges together. 🔹 Who should attend? cyber, resilience, risk, payments system, and response professionals 🔹 What to expect? Realistic injects, expert-led discussions, and an interactive, collaborative environment that fosters learning and actionable takeaways. Tackle disruptions across business, technology, and third-party ecosystems in a challenging scenario that tests your organization’s resilience and strategy. Don’t miss this opportunity to connect with others, test your strategies, and build resilience across the board. Secure your spot now and take a proactive step toward safeguarding your organization’s future! Register here: https://lnkd.in/dhSbUPyh #Resilience #RiskManagement #TabletopExercise #AllSectorTTX #OperationalResilience #CISO

23

The Consumer Financial Protection Bureau has proposed a new rule (https://lnkd.in/giuxe2n9) to limit the hugely grey area that Data Brokers operate within. Glad this is getting news coverage, it's long overdue. #CFPB #DataPrivacy #ConsumerProtection #DataSecurity #PrivacyLaw #Cybersecurity

6

Regulatory compliance? 🙄 I know right? But ensuring that you enforce geographic specific access to certain systems doesn't need to be hard... one simple policy...

2

NJ12 Kane In Your Corner recently shared an insightful article on what to do if you've been a victim of identity theft. Cybersecurity expert Scott Schober provides valuable tips on how to protect yourself from scammers and cybercrime. Check out the article here: https://lnkd.in/e5hhvxNf #ID #Scammer #cybersecurity #cybercrime

7

NIST Releases the C-SCRM Due Diligence Assessment Quick-Start Guide for Public Comment https://lnkd.in/dYxE3Uu6

12

Update from ISSA-LA: Drew Martin speaking on the importance of Board Communication. Ostrich Cyber-Risk gives CISOs the ability to effectively communicate the financial impact of risk in terms they understand-$$$. #issa #cyberriskmanagement #ciso

8

3 Comments

Special thanks to the Long Island NY ISC2 Chapter for hosting me to speak at their Chapter Event. Another great opportunity to talk about Cyber Risk Quantification. Ask me about the Open Education Resources that are now available for download from CyberRiskModels.com. #ISC2, #cybersecurity, #CRQ, #CIO, #CISO, #Training, #riskquantification

5

Exciting to analyze the latest insights from the Boeing Ransomware incident. We're seeing notable trends emerge that underscore the evolving landscape of cybersecurity threats for manufacturers. Firstly, the myth that manufacturers are immune to cyberattacks is crumbling. Many have believed they aren't prime targets due to limited personal data holdings, but recent events prove otherwise. Ransomware isn't solely about PII—it's about halting operations until demands are met, hitting manufacturers hard. Secondly, the ransom amounts demanded are soaring. The ransomware industry has matured, with negotiations becoming more complex and costly. A $200 million demand might seem steep, but for Boeing—a company with a substantial market cap (157 Billion in 2023) —it's a calculated fraction, albeit a painful one. Thirdly, Boeing's resolute stance against paying the ransom is commendable. Companies are increasingly refusing to yield to extortion, despite facing fallout like data leaks and disruptions to relationships with customers and partners. These trends underscore the urgent need for heightened cybersecurity measures and resilience strategies across industries. Let's stay vigilant and adaptive in the face of evolving threats. #Cybersecurity #RansomwareProtection #Boeing #Drip7 #Cybersecuritytraining

12

1 Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 25-01, mandating federal civilian agencies to enhance cloud security by 2025. This directive requires agencies to identify all cloud tenants by February 21, 2025, deploy CISA's automated configuration assessment tools by April 25, 2025, and implement Secure Cloud Business Applications (SCuBA) policies by June 20, 2025. These measures aim to mitigate risks from misconfigurations and weak security controls, reducing the federal government's attack surface. CISA also recommends that all organizations adopt these practices to bolster cybersecurity resilience. #ZeroTrustAdvocate

2