Hub Weekly Digest: US Critical Infrastructure Bill, CISA Ransomware Tool, and Zero Trust Adoption
Hub Security’s weekly digest covers top stories happening around the world related to fintech, critical infrastructure, cloud, and blockchain security.
Join our webinars on the most relevant cybersecurity topics trending in 2021 — stay up to date via our LinkedIn and Twitter.
Hub Security’s upcoming webinar, Zero Trust Security Approach taking place on July 22nd will host Merritt Baer, Principal, AWS Office of the CISO, Samrah Kazmi, Chief Innovation Strategist at RESRG, Fabrizio Di Carlo, Information Security Architect at Deutsche Börse, Dr. Wendy Ng, Cloud Security Architect Lead at OneWeb, and Victoria Van Roosmalen, CISO & DPO at Coosto to discuss the threats and solutions behind a zero-trust security approach. Register here.
The Future of Digital Asset Custody: Adoption Rising Albeit Growing Regulatory Concerns
Late June, Deutsche Börse Group announced that it had agreed to buy a two-thirds stake in Swiss-based Crypto Finance AG for more than US$108.6 million. The move signals development in Germany’s nascent cryptocurrency asset class by offering custodial and other crypto-related services to institutional and enterprise clients.
The continued widespread adoption of digital currencies globally indicates a shift in the financial sector’s acceptance of blockchain technology. Since 2017, the crypto and blockchain sector has attracted nearly $19.4 billion globally according to Crunchbase — a big jump since 2015. (Continue Reading)
US Passes Executive Order to Bolster Cybersecurity for Critical Infrastructure
On May 12, President Joe Biden issued the “Executive Order on Improving the Nation’s Cybersecurity.” The directive aims to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by modernizing federal networks, enhancing the federal government’s software supply chain security, implementing enhanced cybersecurity practices and procedures in the federal government, and creating government-wide plans for incident response. (Source)
CISA Releases the Ransomware Readiness Assessment Tool
The Cybersecurity and Infrastructure Security Agency (CISA) released the Ransomware Readiness Assessment (RRA) tool to help organizations gauge their readiness and ability to defend and recover from a ransomware attack. The module, which is part of the Cyber Security Evaluation Tool (CSET), covers two areas, namely, information technology (IT) and industrial control system (ICS) assets. (Source)
New Study Shows Amateur Critical Infrastructure Attacks Growing in Frequency, Relative Severity
Low-sophistication operational technology (OT) attacks grew in frequency and relative severity over the previous few years, according to Mandiant. In doing so, they broadened the type of threat against which companies and governments need to defend their OT assets. Attackers in this area target critical infrastructure. Their attacks can have a physical effect on employees and other people around the affected area. (Source)
CISA Sees Zero Trust Adoption Coming into Focus Under Cyber Executive Order
CISA, under the cyber executive order Biden signed in May, put out a zero trust maturity model that focused on the five pillars critical for agencies — identity, device, network, application workload and data. Hartman said the transition toward zero trust will rely in part on agencies embracing automation solutions such as continuous validation and real-time machine learning analytics. But with more than 100 civilian agencies of varying size and maturity levels, Hartman said the executive order avoids a one-size-fits-all approach moving to zero trust. (Source)
Cloud Account Compromises Costs Organizations $6.2m Annually
The average cost of cloud account compromises reached $6.2 million (£4.5m) over a 12-month period according to more than 600 IT and IT security professionals in the US. This finding is the most revealing of many from a new report on ‘The Cost of Cloud Compromise and Shadow IT’ released by Proofpoint, a cybersecurity and compliance company, and the Ponemon Institute, an IT security research organisation. (Source)
