Tel: +1-617-350-7550

Cybersecurity Recap May 2021

Cybersecurity Recap May 2021

May 26, 2021

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.


What is new in May, 2021 in Cybersecurity?

This is how long hackers will hide in your network before deploying ransomware or being spotted

Any time is too long, but hackers are finding ways to wander through networks unseen for longer than you might expectCyberattackers on average have 11 days after breaching a target network before they're being detected, according to UK security firm Sophos – and often when they are spotted it's because they've deployed ransomware. Read more

The Professional Services Council has called on Congress to provide funding for cybersecurity and information technology modernization efforts as it drafts an infrastructure package that would coincide with the Biden administration’s American Jobs Plan.

The SolarWinds breach and other recent cyberattacks and the new executive order on cybersecurity highlight the “need for resources to adapt and operate securely in the continuously changing threat environment,” David Broome, executive vice president for government relations at PSC, wrote in a letter to House and Senate leadershipLearn More

Executive Order on Improving the Nation’s Cybersecurity

As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade. Learn More

What Does the Biden Administration’s Cybersecurity Executive Order Mean for Your Organization?

On Wednesday May 12, President Biden signed an extensive executive order (EO) on improving the United States’ cybersecurity stature. The E.O. is directed at US federal departments and agencies, and federal contractors, but its impact and resultant standards will likely have a much broader impact across global critical infrastructure sectors and related technology suppliers.

And while the directives contemplated in the E.O. will technically apply only to US federal departments, agencies, and their technology suppliers, it’s likely that they will also be adopted by broader categories of buyers and suppliers across critical infrastructure to be used as a “north star” for security expectations. Learn More

The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms.

On January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.

But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”

“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”

DarkSide soon proved it wasn’t bluffing, unleashing a string of attacks. Read More

NASA looks to change course on cybersecurity with new contract

British schools will be able to improve their defense against online attacks through new training created for teachers and staff by the U.K.’s cyber experts.

The National Cyber Security Centre (NCSC) – a part of GCHQ – has released free cyber security training for school staff, which sets out real-life incident case studies and four practical steps staff can take to protect themselves online. Read More

3 Ways Cybersecurity is Uniquely Positioned to Provide a Pathway Into the Tech Industry

Breaking into the tech sector remains phenomenally difficult for most of the world. While talent is equally distributed, the pathways to opportunities are most certainly not, evidenced by the lack of cultural, geographic, socioeconomic, gender and racial diversity in the industry.

One reason cybersecurity is uniquely well suited to democratizing access is that there are no barriers to getting started. Read More

4 of the fastest growing cybersecurity skills in-demand by businesses in 2021

The world is adopting technology more and more every day, and our digital security is also becoming more crucial than ever as a result. The protection of our data, programs, and digital information is becoming vital now that everything is stored online on the cloud. Cybersecurity professionals with specific skills play a chief role in keeping our security and security of our business and organization intact.

Security professionals in the IT industry with expertise in application development security, cloud computing, risk management will have the most employment opportunity in 2021 and beyond. The also predicts cloud security expertise grabs the prime salary boost of $15,025 in 2021. Read More

Leave a comment

Comments will be approved before showing up.

Also in Cimetrics News

November Cybersecurity News 2022
November Cybersecurity News 2022

November 17, 2022

Electricity/Energy Cybersecurity: Trends & Survey Response, Secret Service Making Progress Toward Zero Trust Architecture,  Cybersecurity issues in retail and smart cities, CISA wants to change how organizations prioritize vulnerabilities and more...

Read More

October Cybersecurity news 2022
October Cybersecurity news 2022

October 16, 2022

October is Cybersecurity Awareness month, Manufacturers' Guide to BAS Cybersecurity for BACnet System, Cybersecurity matters for utilities and more...

Read More

August/September 2022 Cybersecurity news
August/September 2022 Cybersecurity news

September 15, 2022

White House releases post-SolarWinds federal software security requirements, CISA to develop ‘self-attestation’ cybersecurity standards for federal software vendors, Building A Cybersecurity Culture In Your Organization

Read More