Tel: +1-617-350-7550

Cybersecurity Recap May 2021

Cybersecurity Recap May 2021

May 26, 2021

Curated cybersecurity news

summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.


What is new in May, 2021 in Cybersecurity?

This is how long hackers will hide in your network before deploying ransomware or being spotted

Any time is too long, but hackers are finding ways to wander through networks unseen for longer than you might expectCyberattackers on average have 11 days after breaching a target network before they're being detected, according to UK security firm Sophos – and often when they are spotted it's because they've deployed ransomware. Read more

The Professional Services Council has called on Congress to provide funding for cybersecurity and information technology modernization efforts as it drafts an infrastructure package that would coincide with the Biden administration’s American Jobs Plan.

The SolarWinds breach and other recent cyberattacks and the new executive order on cybersecurity highlight the “need for resources to adapt and operate securely in the continuously changing threat environment,” David Broome, executive vice president for government relations at PSC, wrote in a letter to House and Senate leadershipLearn More

Executive Order on Improving the Nation’s Cybersecurity

As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade. Learn More

What Does the Biden Administration’s Cybersecurity Executive Order Mean for Your Organization?

On Wednesday May 12, President Biden signed an extensive executive order (EO) on improving the United States’ cybersecurity stature. The E.O. is directed at US federal departments and agencies, and federal contractors, but its impact and resultant standards will likely have a much broader impact across global critical infrastructure sectors and related technology suppliers.

And while the directives contemplated in the E.O. will technically apply only to US federal departments, agencies, and their technology suppliers, it’s likely that they will also be adopted by broader categories of buyers and suppliers across critical infrastructure to be used as a “north star” for security expectations. Learn More

The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms.

On January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers.

But Bitdefender wasn’t the first to identify this flaw. Two other researchers, Fabian Wosar and Michael Gillespie, had noticed it the month before and had begun discreetly looking for victims to help. By publicizing its tool, Bitdefender alerted DarkSide to the lapse, which involved reusing the same digital keys to lock and unlock multiple victims. The next day, DarkSide declared that it had repaired the problem, and that “new companies have nothing to hope for.”

“Special thanks to BitDefender for helping fix our issues,” DarkSide said. “This will make us even better.”

DarkSide soon proved it wasn’t bluffing, unleashing a string of attacks. Read More

NASA looks to change course on cybersecurity with new contract

British schools will be able to improve their defense against online attacks through new training created for teachers and staff by the U.K.’s cyber experts.

The National Cyber Security Centre (NCSC) – a part of GCHQ – has released free cyber security training for school staff, which sets out real-life incident case studies and four practical steps staff can take to protect themselves online. Read More

3 Ways Cybersecurity is Uniquely Positioned to Provide a Pathway Into the Tech Industry

Breaking into the tech sector remains phenomenally difficult for most of the world. While talent is equally distributed, the pathways to opportunities are most certainly not, evidenced by the lack of cultural, geographic, socioeconomic, gender and racial diversity in the industry.

One reason cybersecurity is uniquely well suited to democratizing access is that there are no barriers to getting started. Read More

4 of the fastest growing cybersecurity skills in-demand by businesses in 2021

The world is adopting technology more and more every day, and our digital security is also becoming more crucial than ever as a result. The protection of our data, programs, and digital information is becoming vital now that everything is stored online on the cloud. Cybersecurity professionals with specific skills play a chief role in keeping our security and security of our business and organization intact.

Security professionals in the IT industry with expertise in application development security, cloud computing, risk management will have the most employment opportunity in 2021 and beyond. The also predicts cloud security expertise grabs the prime salary boost of $15,025 in 2021. Read More

Leave a comment

Comments will be approved before showing up.

Also in Cimetrics News

May 2022 Newsletter
May 2022 Newsletter

June 02, 2022

SbC Local Network/Security Manager, Cimetrics CEO presents Smarter Buildings presentation at Realcomm and IT Industry Technologies and Best Practices at ASHRAE annual conference, July Analytika User forum and more...

Read More

Cybersecurity News May 2002
Cybersecurity News May 2002

May 31, 2022

Cybersecurity mesh, agribusiness cybersecurity, EU Network and Information systems directive and more...

Read More

April 2022 Newsletter
April 2022 Newsletter

May 03, 2022

What is new this month with cybersecurityNational Institute of Standards and Technology (NIST) revised cybersecurity supply-chain guidance, Tenet Health cybersecurity incident, Poisoned AI, U.S. Department of Energy (DOE) cybersecurity research projects and more...

Read More