In one look.
- Securing the World Cup.
- Australia’s security regulator warns corporate boards about cybersecurity.
- CISA sends FEITs to help with federal network security.
The cyber-keeper of the World Cup.
Qatar is gearing up to host the World Cup, welcoming hordes of international football fans and the digital traffic that will accompany them. Experts fear that cybercriminals are taking advantage of the influx of online tickets and hotel reservations to attack the personal data of those traveling to the Arab nation for the event. Additionally, they anticipate an increase in Cup-themed phishing and social engineering scams targeting football fans attending matches in person or watching them online.
Mohammad Al-Kayed, Director of Cyber Defense at Black Mountain Cybersecurity, Told Computer Weekly, “If there’s anything we’ve learned about cybercrime from past encounters, it’s that it thrives around major world events.” He advises viewers and attendees to be on the lookout for online scams associated with the sale of tickets and sporting goods. Moreover, he predicts an upsurge in the piracy of football matches via online platforms.
As part of Interpol’s Stadia project, aimed at providing security devices for major global sporting events, global cybersecurity professionals met in March to discuss how best to support the Cup, and Morocco, Qatar’s security partner, has already agreed to send a team of cybersecurity experts. Qatar’s Supreme Committee for Delivery and Legacy has also released a cybersecurity framework that will serve as a mandatory benchmark for all parties involved in gaming.
ASIC urges companies to focus on cybersecurity.
Greg Yanco, market executive director of the Australian Securities & Investments Commission (ASIC), is calling on local businesses to step up their cyber resilience measures, the Mandarin said. reports. According to an ASIC report last year, companies had improved their resilience by only 1.4%, far from the 13% expected for this period. The 2019 federal reports dictate that the non-compliance with Yanco said ASIC would take action against the companies to enforce cyber risk management obligations. Federal reforms that took effect in 2019 mean failure to meet certain licensing requirements, including those related to cybersecurity, could result in a civil penalty, and Yanco says ASIC is prepared to apply such penalties if necessary. .
ASIC already took action against RI Advice Group in May for several cyber incidents that resulted in employee data breaches between June 2014 and May 2020, and the Federal Court upheld ASIC’s actions, imposing a fine of $750,000 to the company. Yanco recommends that organizations mitigate risk, improve their incident reporting processes, and focus not only on preventing attacks, but also on adapting and recovering after a breach has occurred. “We encourage regulated entities to reassess their cyber risks and ensure that their detection, mitigation and response measures adequately meet their risk appetite. They should also assess their readiness to respond to cybersecurity incidents and review incident response and business continuity plans,” Yanco said.
FEIT fights to defend US agency networks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has begun deploying its Federal Business Improvement Team (or FEIT, pronounced “combat,” not “feet”), a team of advisers assigned to individual agencies to help them improve their specific network defenses. The Federal Information Network Explain that although CISA has provided shared cyber services in the past, FEIT is a new approach for the agency. Eric Goldstein, executive assistant director for cybersecurity at CISA, explains that historically, “We really did very little to help bespoke agencies really understand what their security program looked like today? How is their environment? What is their infrastructure? And then how can we help them progress on a journey to get where they need to be. »
Funded by a portion of the $650 million CISA received under the American Rescue Plan Act of 2021, FEIT teams will work with agencies to identify their specific cybersecurity gaps and develop customized improvement plans. The timing couldn’t be better, as the House and Senate prepare to update the federal Information Security Modernization Act of 2014 with legislation that would codify CISA’s central role in operations. federal civilian executive cybersecurity.