Cyber Security Summit Blog

Click the link to access > joint_csa_preventing_web_application_access_control_abuse ...
7.26.23 > Lee Ann Villella Protecting people and defending data in the face of cyber threats is crucial based on trends and patterns that have emerged in the cybercriminal landscape. Several key factors include: Evolution of Cybercriminal Business Models: Cybercriminals have honed their strategies and now primarily focus on three profitable business models: ransomware, data extortion, and business email compromise (BEC). These models have proven to be highly lucrative, outcompeting other illicit activities. Prevalence of Ransomware and Data Extortion: Ransomware attacks have become increasingly common, where cybercriminals encrypt victims' data and demand ransom payments to release it. Data extortion is ...
7.24.23 > Mark Ritchie I was sworn-in as Minnesota’s elected Secretary of State in January of 2007. During my first year in office, when I was still “learning the ropes,” I faced a challenge never considered in all my years of preparing to lead this office – a cyber-attack. Early one Monday morning I received an urgent message from our information technology department informing me that hackers, most likely from overseas, had exploited a vulnerability in our on-line, digital records system to disable our entire business services division, a critical component to Minnesota’s entire commercial infrastructure. Thus began one of ...
6.28.23 > Rohit Tandon We live in a world full of surprises. Sometimes events around us go unnoticed, and at other times similar events have the potential to disrupt. Smart folks will develop predictive models of how a specific event can impact our world and are forever tuning these models for that elusive accuracy. For example, the Old Farmer’s Almanac winter forecast has been predicting since 1792 and proudly claims 80% accuracy on their website. I cannot speak to the last 230 years that they were somewhat right, but for the 231 st year (Winter of 2022-23) they missed the ...
6.26.23 > Rebecca Duvick I regularly get asked whether the data on equipment we receive as part of our electronics recycling program is truly gone after it’s wiped.  The answer, based on the processes we use, is yes!  Electronics recycling is an important but often overlooked aspect of cyber security.   With cyber risk around every corner, it’s an important to know what to look for and ask of your provider. NIST, National Institute for Standards and Technology, is a government agency that provides guidance on cyber security topics and they have developed standards on erasing data from devices (also known ...
6.21.23 > Jerrod Montoya There are now 10 comprehensive privacy laws enacted in the United States. The new laws in 2023 include those in Montana, Indiana, Iowa, Tennessee, and Texas. These laws join already existing laws including California, Utah, Colorado, Virginia, and Connecticut. These laws all share commonalities that resemble the EU’s Global Data Protection Regulation (GDPR). However, the recently passed law in Tennessee stands out from all other laws in one significant way. What is Unique about Tennessee? The Tennessee law enacted on May 24, 2023 codifies an affirmative defense for companies that implement and maintain alignment with the ...
6.14.23 > Phil Schenkenberg Here in the United States, companies face a patchwork of legal obligations that address information security and data privacy. For example, federal laws target certain market segments (such as health care, financial services, and education), state laws target certain types of information (such as personal financial or biometric information), and both state and federal laws target unfair or unreasonable business practices. This patchwork—and the lack of comprehensive nationwide privacy and security standards—can make compliance challenging and frustrating. Security professionals and legal counsel must work hard to keep up. The Security and Exchange Commission (SEC) will soon ...
6.7.23 > Tim Herman It is no secret that there is an ever-growing challenge with finding good people for the now nearly 750,000 open Cyber Security jobs in our country.  Companies are scrambling to find new and different ways to tackle this mountain.  We are still seeing an impact from the Great Resignation across the entire workforce and HR leaders are being forced to revisit hiring criteria to find good talent. Information Security leaders are also having to tap their own networks to find people to join their team. In my role as President of InfraGard MN and serving on ...
6.1.23 > via InfraGard Cybersecurity Advisory - People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection Click this link to read the Cybersecurity Advisory > jca_actor_living_off_land ...
5.31.23 > Paul Hershberger I was recently engaged in a conversation with some colleagues in the cybersecurity industry and they posed a question along the lines of; 'how do you define best in class'? I was really eager to dive into this one and confident that I had the answer, and it was going to be nothing short of inspirational.  So I dove in and started putting all kinds of wonderful words on paper around the concept of multiple layers of defenses that are mutually supportive and continually adapting to input related to the evolving threat landscape; the need for ...