The landscape of security – a new study from HP says more than 30% of workers under the age of 24 entirely bypass cybersecurity measures that they believe “get in the way” of their deadlines. Almost half of the office workers of all ages believe cybersecurity measures waste their time, and the figure increases to 64% among those under the age of 24. The survey found that 54% of 18-24-year-olds cared more about their deadlines than causing a data breach.
In our “hackers are people too” category, CRN is reporting that REvil accidentally released that universal decryptor key. The quote – one of the coders misclicked and generated a universal key”. We also learned that payments totalled over $10 million dollars – although potentially unclear if that is directly from the Kaseya breach.
NBC News is reporting on the impact of ransomware on student’s information, such as social security numbers, birthdays, immigrant status, and if the they are homeless, economically disadvantaged, or dyslexic. Some schools aren’t even aware of the extent of data loss.
CISA has released their Cloud Security Technical Reference Architecture. This is guidance on deploying in a shared risk model (authored by FedRAMP), with guidance on building cloud environments (authored by US Digital Service) and monitoring that environment (authored by CISA). It’s also in public comment period until October 1.
Ready for a new ransomware model? The Groove gang is not setting up the traditional ransomware-as-a-service hierarchy. Instead, they’ll work with anyone who can help make money. This group is an offshoot of the Babuk gang, and appears to be collaborating with other groups too. Last week, they suggested on their website that they would soon “demonstrate its capabilities”.
And just in time, National Cyber Director Chris Inglis has warned that while some of the summer’s groups have gone more quiet, and “It’s too soon to say we’re out of the woods on this,”, although a new report from LexisNexis Risk solutions found that bot attacks are already up significantly in 2021, growing by 41% in the first half of the year. Nuspire reports an increase of 55,240 percent in Q2 of ransomware. Yes, that is not a typo.
Why do we care?
Let’s focus on the news that’s actionable – that reference architecture. CISA is looking for input on Cloud Migration and Cloud Security posture, both of which should be areas of input for IT providers to be considering now. This is your chance to get input into the proper design of networks of the future.
Think this isn’t for you? The document even contains Service Model definitions that look just like ones I’ve seen used by MSPs. There’s specific guidance on how to do cloud migrations, including phase breakdown.
Leverage the resources here – and input now. We care because this is the chance to input.
Everything else is important and mostly an update.