Photo: Taken via Pixabay/CC

Biden's Cybersecurity Executive Order: 4 Key Takeaways

Scott Ferguson • May 13, 2021

By issuing a sweeping cybersecurity executive order on Wednesday, the Biden administration is attempting to take a critical step to address security issues that have come to light after recent cyberattacks. Here's an analysis of the order's key elements.

►

3rd Party Risk Management

Civilian Cyber Reserve Program Proposed

Latest

Fraud Management & Cybercrime

DarkSide Ransomware Gang Says It Has Shut Down

Doug Olenick • May 14, 2021

The gang behind DarkSide ransomware, which U.S. authorities say was used in the attack against Colonial Pipeline Co., says it's closed its ransomware-as-a-service operation after losing access to part of its infrastructure.

Business Continuity Management / Disaster Recovery

Ransomware Attack Leads to IT Shutdown for Irish Hospitals

Tony Morbin • May 14, 2021

After Health Service Executive, Ireland’s state health services provider, shut down all its IT systems serving hospitals in the wake of a ransomware attack early Friday, some security experts praised its decisive action and refusal to pay a ransom.

Business Continuity Management / Disaster Recovery

Paying a Ransom: Does It Really Encourage More Attacks?

Doug Olenick • May 14, 2021

Some cybersecurity experts question the contentions of Speaker of the House Nancy Pelosi and another member of Congress, who say a $5 million ransom reportedly paid by Colonial Pipeline Co. after being hit by DarkSide ransomware would serve as a catalyst for attacks on other critical infrastructure providers.

Cybercrime

ISMG Editors’ Panel: Analysis of Colonial Pipeline Attack

Anna Delaney • May 14, 2021

Four editors at Information Security Media Group discuss the Colonial Pipeline attack, providing insights on the DarkSide ransomware gang and securing critical infrastructure.

Endpoint Security

Patched Wi-Fi Vulnerabilities Posed Risks to All Users

Prajeet Nair • May 14, 2021

A Belgian security researcher says he uncovered vulnerabilities that affect all modern Wi-Fi security protocols and most wirelessly connected devices, including smartphones, routers and IoT devices. Many tech companies have fixed the flaws to avoid leaks of user data.

Governance & Risk Management

How to 'Demystify' Cybersecurity

Jeremy Kirk • May 14, 2021

To defend against cyberattacks, it's important to "demystify" cybersecurity and break it into risks that can be managed by any organization, says Ciaran Martin, the former director of the U.K. National Cyber Security Center.

Critical Infrastructure Security

Teardown: Inside the Colonial Pipeline Ransomware Attack

Anna Delaney • May 14, 2021

Diving into the Colonial Pipeline ransomware attack - culprits, impact, recovery, and the increasing political firestorm it’s triggered - is the focus of the latest edition of the ISMG Security Report. Security leaders weigh in on the attack's significance and potential long-term ramifications.

3rd Party Risk Management

Scrutinizing Cloud Vendor Security

Marianne Kolbasuk McGee • May 14, 2021

With cyber incidents involving vendors - including cloud services providers - surging, healthcare entities must step up scrutiny of their business associates as well as those companies' subcontractors, says Thad Phillips, CISO at Baptist Health Care in Pensacola, Florida.

Fraud Management & Cybercrime

Biden: Russian Government Not Behind Colonial Pipeline Attack

Doug Olenick • May 13, 2021

President Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. May 7, but he said attackers living in Russia were involved.

Governance & Risk Management

Why a Lab Launched a Vulnerability Disclosure Program

Marianne Kolbasuk McGee • May 13, 2021

A recently launched vulnerability disclosure program is a critical component of Toronto-based LifeLabs' efforts to bolster the security of its medical diagnostic laboratory services and online technologies used by healthcare providers across Canada, says the company's CISO, Mike Melo.

3rd Party Risk Management

Biden Signs Sweeping Executive Order on Cybersecurity

Doug Olenick • May 12, 2021

President Joe Biden signed an extensive executive order Wednesday that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.

Critical Infrastructure Security

Colonial Pipeline Restarts Operations Following Attack

Scott Ferguson • May 12, 2021

Colonial Pipeline Co. announced Wednesday that it had restarted its operations following a ransomware attack last Friday. The company says it will take several days to restore all of its supply chain operations.