The new National Cybersecurity Strategy reiterates the government’s focus on resilient infrastructure and taking the offensive against hackers. But it also brings a fresh approach to the private sector.
The federal joint advisory details indicators of compromise and tactics, techniques and procedures associated with the disruptive ransomware variant, as well as advising on improving cyber defenses.
The new law requires public schools, local and state government and government contractors to report cyber incidents within 72 hours. The state hopes this will give it better insights and enable faster response and mitigations.
Secure government requires a cyber-aware workforce. Doing it well means helping employees stay safe even outside of work, motivating them around the importance of security and fostering a culture where they feel safe reporting incidents.
The strategy says local and state government and other end users shouldn’t have to shoulder so much cyber risk — and will hold software companies more responsible for secure products.
Following the discovery of unusual activity on police department computers, officials called in a cybersecurity firm to identify the source of the issue. Town officials do not believe any data was breached in the incident.
More attackers are stealing data and threatening to leak it without the complicated work of locking up files first, finds CrowdStrike’s Global Threat Report. Plus, attackers are getting around patches to re-exploit vulnerabilities.
Los Angeles Unified School District officials report that as many as 2,000 student records were posted on the dark web as a result of a recent cyber attack. Some of the exposed records were more than three decades old.
A new report and toolkit aims to help K-12 schools and school districts identify funding and low-cost resources, identify high-priority risk reduction steps and stay informed about emerging cyber threats and risks.
The proposed center would provide public entities with cyber solutions, develop the cyber workforce and deliver training and awareness across sectors. Efforts to pass this measure in 2022 ran out of time; a new House bill revives the question.