Friday Five 5/13
Data privacy concerns on the rise, Costa Rica fights back against ransomware, and new cybersecurity legislation making its way through Congress - read about this and more in this week's Friday Five!
1. The Hidden Race to Protect the US Bioeconomy From Hacker Threats by Lily Hay Newman
A new partnership between the cybersecurity nonprofit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) and the Johns Hopkins University Applied Physics Laboratory (APL) has highlighted the need for more comprehensive cybersecurity within the industries that make up the emerging “bioeconomy.” The bioeconomy, which is said to be mainly comprised of smaller organizations in the biomedical, bioindustrial, and biomanufacturing industries, has experienced rapid growth in recent years sparked by the COVID-19 pandemic and is predictably struggling to keep up with the growing cyber threat landscape. Andrew Kilianski, senior director for emerging infectious diseases at the International AIDS Vaccine Initiative, said “the bioeconomy is an emerging sector of our economy if we really want to make meaningful change and impact, now is the time to get involved—not after it’s already this big thing and we try to go in reverse."
2. Costa Rica Declares National Emergency After Conti Ransomware Attacks by Ax Sharma
Costa Rica has been fighting back against a barrage of Conti Ransomware attacks since this past month, finally prompting Costa Rican President Rodrigo Chaves to declare a national emergency this past Sunday. Per BleepingComputer, as of May 9, Conti threat actor “UNC1756,” who has taken responsibility for the attacks, has published 97% of the 672 GB data breach that is said to include stolen government agency information. The affected agencies include:
- The Costa Rican Finance Minsitry, Ministerio de Hacienda
- The Ministry of Labor and Social Security, MTSS
- The Social Development and Family Allowances Fund, FODESAF
- The Interuniversity Headquarters of Alajuela, SIUA
3. Breaking Down the Strengthening American Cybersecurity Act by Charles Horton
The Strengthening American Cybersecurity Act of 2022, which passed the Senate this past March, aims to bolster the cybersecurity of critical infrastructure and the federal government. It will update current federal government cybersecurity laws to improve coordination between federal agencies, ensure the government takes a risk-based approach to cybersecurity, and require all civilian agencies to report all cyberattacks to CISA. Read the recent breakdown from Dark Reading written by Charles Horton, COO of NetSPI, to find out more about what prompted the need for this new legislation, what stands out to him about the bill, and some of its potential pitfalls.
4. ICE Surveillance Dragnet Scoops up Data on 3 Out of 4 Americans, Report Finds by Tonya Riley
A disturbing report published by researchers this past week at Georgetown Law’s Center for Privacy and Technology found that ICE’s annual spending on surveillance technology has skyrocketed by more than 500% since 2008. In a recent statement by Emily Tucker, Vice President of the Center for Privacy and Technology, she said “what this report shows is the way that the federal government has used the corrupt legal and policy framework around immigration enforcement as a means for expanding radical surveillance powers over immigrant communities in particular, but also over everyone indiscriminately.” Read this article from CyberScoop to find out more about just how much of your personal information ICE may have access to.
5. Google Is Failing To Enforce Its Own Ban on Ads for Stalkerware by Rhiannon Williams
In 2020, Google banned ads promoting stalkerware—a variant of spyware designed specifically to monitor another person—but recent research from Certo Software indicated that Google is failing to enforce the new policy. According to Jen Penfrat, senior policy advisor at European Digital Rights, Google’s ad screening is “often automated by algorithms, and they don’t work very well… They make lots and lots of mistakes, and research has shown over and over again that it’s pretty easy to circumvent them.” Read the full article from MIT Technology Review to learn more about stalkerware and how Google has responded.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business