The Securities and Exchange Commission (SEC) has adopted changes to Regulation S-P, requiring financial institutions to disclose security breaches within 30 days of learning about them. The amendments also expand safeguards and disposal rules, require written compliance records, and extend the rules to transfer agents. The new requirements aim to protect the privacy of customers’ financial data and ensure prompt notification in case of a breach.
The Environmental Protection Agency (EPA) has issued an enforcement alert warning about the increasing frequency and severity of cyberattacks against water utilities in the US. The agency found that about 70% of utilities inspected in the past year violated standards meant to prevent breaches. Recent attacks by groups affiliated with Russia and Iran have targeted smaller communities. The EPA urged water systems to improve protections against hacks, including changing default passwords and cutting off system access to former employees.
In a focus on SMB, Axios reports on how Defense contractors, including small businesses, are at risk of being targeted by nation-state hackers, particularly from China. Despite warnings, many defense contractors underestimate the importance of cybersecurity. The lack of technical expertise and financial resources further hinders their ability to defend against cyber threats. The NSA provides free cybersecurity tools to defense contractors, but these tools cannot fully eliminate the risks posed by sophisticated hacking groups.
Google has published new security recommendations and a white paper scrutinizing Microsoft’s cybersecurity practices in response to recent nation-state attacks. Google aims to poach government customers from Microsoft and offers a Google Workspace program as an alternative.
North Korean IT workers are posing as Americans to secure remote jobs and use the salaries to fund their country’s missile program. Remote hiring practices have made it easier for them to deceive hiring managers, and the advancement of AI technologies like deepfake videos adds to the challenge. Federal prosecutors have charged individuals involved in an elaborate scheme where North Korean workers landed jobs at over 300 U.S. companies, generating at least $6.8 million in revenue. The U.S. government has been warning about this threat for years, as it allows North Koreans to bypass sanctions.
Why do we care?
For those serving financial sectors, you have new regulations, and for those serving utilities, be warned. Whether you focus on defense or not, please take advantage of the resources available, be it the NSA or Google. Consider that companies struggle to verify identities and detect malicious activity in remote interviews for you and your customers. Generative AI tools make it easier for North Korean workers to create believable resumes. That process requires investment. And we care because everything here needs to be filled.