Cyber Security Summit Blog

6.28.23 > Rohit Tandon We live in a world full of surprises. Sometimes events around us go unnoticed, and at other times similar events have the potential to disrupt. Smart folks will develop predictive models of how a specific event can impact our world and are forever tuning these models for that elusive accuracy. For example, the Old Farmer’s Almanac winter forecast has been predicting since 1792 and proudly claims 80% accuracy on their website. I cannot speak to the last 230 years that they were somewhat right, but for the 231 st year (Winter of 2022-23) they missed the ...
6.26.23 > Rebecca Duvick I regularly get asked whether the data on equipment we receive as part of our electronics recycling program is truly gone after it’s wiped.  The answer, based on the processes we use, is yes!  Electronics recycling is an important but often overlooked aspect of cyber security.   With cyber risk around every corner, it’s an important to know what to look for and ask of your provider. NIST, National Institute for Standards and Technology, is a government agency that provides guidance on cyber security topics and they have developed standards on erasing data from devices (also known ...
6.21.23 > Jerrod Montoya There are now 10 comprehensive privacy laws enacted in the United States. The new laws in 2023 include those in Montana, Indiana, Iowa, Tennessee, and Texas. These laws join already existing laws including California, Utah, Colorado, Virginia, and Connecticut. These laws all share commonalities that resemble the EU’s Global Data Protection Regulation (GDPR). However, the recently passed law in Tennessee stands out from all other laws in one significant way. What is Unique about Tennessee? The Tennessee law enacted on May 24, 2023 codifies an affirmative defense for companies that implement and maintain alignment with the ...
6.14.23 > Phil Schenkenberg Here in the United States, companies face a patchwork of legal obligations that address information security and data privacy. For example, federal laws target certain market segments (such as health care, financial services, and education), state laws target certain types of information (such as personal financial or biometric information), and both state and federal laws target unfair or unreasonable business practices. This patchwork—and the lack of comprehensive nationwide privacy and security standards—can make compliance challenging and frustrating. Security professionals and legal counsel must work hard to keep up. The Security and Exchange Commission (SEC) will soon ...
6.7.23 > Tim Herman It is no secret that there is an ever-growing challenge with finding good people for the now nearly 750,000 open Cyber Security jobs in our country.  Companies are scrambling to find new and different ways to tackle this mountain.  We are still seeing an impact from the Great Resignation across the entire workforce and HR leaders are being forced to revisit hiring criteria to find good talent. Information Security leaders are also having to tap their own networks to find people to join their team. In my role as President of InfraGard MN and serving on ...
6.1.23 > via InfraGard Cybersecurity Advisory - People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection Click this link to read the Cybersecurity Advisory > jca_actor_living_off_land ...
5.31.23 > Paul Hershberger I was recently engaged in a conversation with some colleagues in the cybersecurity industry and they posed a question along the lines of; 'how do you define best in class'? I was really eager to dive into this one and confident that I had the answer, and it was going to be nothing short of inspirational.  So I dove in and started putting all kinds of wonderful words on paper around the concept of multiple layers of defenses that are mutually supportive and continually adapting to input related to the evolving threat landscape; the need for ...
5.24.23 > Brian Kenyon Multi-factor authentication is — thankfully — a normal part of our digital experience. Whether at work, connecting with your bank, or logging in to social media, we’re used to the extra step of entering a short code or acknowledging a push notification during login. Attackers are on the hunt In recent years, attackers have grown an arsenal of capabilities — varying from sophisticated to straight-forward — to bypass the security MFA provides. Examples from recent incidents that included MFA bypasses are the SolarWinds breach, which was carried out by Russian state-actors the NOBELIUM APT; the Nvidia ...
5.17.23 > Kristine (Kristy) Livingston This year the Cyber Security Summit theme is “Resilience Unlocked”. As we discuss and plan cyber resiliency in our security programs, leaders must prepare for resilience on their teams, the careers of the people on their team, and their own lives. Resilience in our Teams: Resilience is the preparation for when things do not go as expected. Many time we are focused solely on the technology or the business process, but we should remember the people that perform the tasks as well. When we lose people due to layoff, injury, or illness our teams must ...
5.15.23 > Scott Singer The impact of a cybersecurity attack on a medical device can have negative effects on patient safety.  In addition, there are privacy concerns that can arise from the data gathered from such devices.  Whether it is patient safety or patient privacy, the FDA is now putting out specific guidance in a recently released policy. Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices and Related Systems Under Section 524B of the FD&C Act | FDA Beginning October 1, 2023, medical devices that are considered cyber devices (defined below) will be required to meet certain ...