CISA advisory panel wants agency to act on election disinformation, multifactor authentication

CISA’s director has 90 days to respond to the suggestions.

The post CISA advisory panel wants agency to act on election disinformation, multifactor authentication appeared first on CyberScoop.

Continue reading CISA advisory panel wants agency to act on election disinformation, multifactor authentication

Multifactor authentication could be long haul for some federal agencies, CISA official says

Eric Goldstein said agencies are focusing hard on adopting MFA, but some are dealing with older IT.

The post Multifactor authentication could be long haul for some federal agencies, CISA official says appeared first on CyberScoop.

Continue reading Multifactor authentication could be long haul for some federal agencies, CISA official says

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

A winning streak of hitting deadlines under President Joe Biden’s ambitious May cybersecurity executive order is widely expected to end Monday, affecting changes that administration officials have touted most: implementing multifactor authentication and encryption at all civilian federal agencies. Multifactor authentication — which requires users to access websites and systems by entering a password and also using a second device to verify their identity — could prevent 80% to 90% of all successful cyberattacks, Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger said in September. Encryption is another of the handful of technologies the administration has emphasized that “dramatically reduce the risk of attack,” Neuberger has said. The executive order’s goal was to set “aggressive but achievable” deadlines, officials have repeatedly said, and “We’ve met each timeline along the way,” Neuberger said in October. As important as multifactor authentication (MFA) and encryption are, however, current and former […]

The post Feds likely to fall short of deadline for strengthening encryption, multifactor authentication appeared first on CyberScoop.

Continue reading Feds likely to fall short of deadline for strengthening encryption, multifactor authentication

US, allies pledge to combat money laundering as part of efforts to slow ransomware

Nations must better clamp down on money laundering in order to disrupt ransomware gangs’ illicit financial transactions, according to a statement Thursday from 32 countries that participated in two days of White House meetings focused on slowing hackers and digital extortion. The joint statement also included commitments to other methods of countering ransomware, such as encouraging cyber hygiene practices to the private sector, collaborating across law enforcement and national security agencies and using diplomatic pressure against nations that harbor cybercriminals. The initiative comes after a White House summit that included presentations and intelligence sharing between countries including Australia, Brazil, Bulgaria, Canada, the Czech Republic, Estonia, France and Germany, among others. The two days of meetings were the latest steps the Biden administration has taken to battle ransomware, a frequent focus of the White House since major attacks this summer on Colonial Pipeline, JBS and Kaseya. However, the meetings excluded Russia, […]

The post US, allies pledge to combat money laundering as part of efforts to slow ransomware appeared first on CyberScoop.

Continue reading US, allies pledge to combat money laundering as part of efforts to slow ransomware

SEC fines brokerage firms over email hacks, customer data exposure

The Securities and Exchange Commission has fined several brokerages a total of $750,000 for exposing the sensitive personal information of thousands of customers and clients after hackers took over employee email accounts. All of the companies settled the SEC charges, in three separate actions: Cetera Advisor Networks, Cetera Investment Services, Cetera Financial Specialists, Cetera Advisors, and Cetera Investment Advisers; Cambridge Investment Research and Cambridge Investment Research Advisors; and KMS Financial Services. The firms ran afoul of the SEC’s “Safeguards Rule,” which requires companies to write and adopt procedures for protecting customer records and information. “Investment advisers and broker dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, chief of the SEC Enforcement Division’s Cyber Unit. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.” […]

The post SEC fines brokerage firms over email hacks, customer data exposure appeared first on CyberScoop.

Continue reading SEC fines brokerage firms over email hacks, customer data exposure

White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

The White House summit Wednesday demonstrated positive momentum for both the Biden administration and private sector in terms of their approach to cybersecurity, but also laid bare what remains inadequate, cyber experts said. The high-profile meeting brought together CEOs from the education, energy, finance, insurance and tech sectors, featuring companies like Amazon, Bank of America and ConocoPhillips. Some pledged billions more in cyber investments, while others committed to providing training and smaller services in response to the administration’s “call to action.” While impressive, observers noted, those commitments will require considerable follow-up, from expansion to other sectors to policy changes that could emerge from closer-knit relationships between industry and government. Even as the nonprofit Global Cyber Alliance’s Megan Stifel commended the White House for holding the meeting and the broad commitments that the companies made, she said it illustrated the lengths to which the U.S. can improve national cybersecurity. “A couple […]

The post White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead appeared first on CyberScoop.

Continue reading White House cyber summit with private sector nets impressive gains, but points to considerable work needed ahead

White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending

The Biden administration on Wednesday announced initiatives to bolster supply chain and natural gas pipeline security, following a White House private sector cybersecurity summit where major companies pledged billions of dollars in cyber spending. The National Institute of Standards and Technology will collaborate with industry to develop guidelines for building secure technology, in the first of two administration initiatives. In the other, the administration formally expanded its industrial control systems cybersecurity initiative — under which 150 electric utilities agreed to deploy control system security tech — to natural gas pipelines. Tech giants, insurance companies and educational organizations exit the summit with cybersecurity commitments large and small. Among those vowing the biggest dedication of dollars: Microsoft announced $20 billion over five years to integrate “cybersecurity by design,” which means incorporating security into products as they’re being built, while Google announced $10 billion over the same period to expand “zero trust” programs, […]

The post White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending appeared first on CyberScoop.

Continue reading White House rolls out pipeline, supply chain security initiatives as companies pledge billions in cyber spending

What Is Step-Up Authentication and Where Does It Come Into Play?

Step-up authentication is the process of transitioning from a single authentication factor to multiple factors, but when should you use this? And why?
The post What Is Step-Up Authentication and Where Does It Come Into Play? appeared first on JumpCloud… Continue reading What Is Step-Up Authentication and Where Does It Come Into Play?

Choosing the Best MFA Approach: Device-Based vs Application-Level Multi-Factor Authentication

IT organizations need to consider two major types of Multi-factor Authentication: device-based MFA and application-level MFA.
The post Choosing the Best MFA Approach: Device-Based vs Application-Level Multi-Factor Authentication appeared first on JumpC… Continue reading Choosing the Best MFA Approach: Device-Based vs Application-Level Multi-Factor Authentication

Evaluating the Accessibility of Different MFA Factors

Explore the accessibility of different MFA factors, what they demand of users, and how to accommodate or provide alternatives to inaccessible factors.
The post Evaluating the Accessibility of Different MFA Factors appeared first on JumpCloud.
The post… Continue reading Evaluating the Accessibility of Different MFA Factors