ELTENI’S CYBER SCOOP

Latest News

In this newsletter, we highlight the impact and benefits of Single Sign-On (SSO) as well as the importance of effective internal controls including documentation and reporting. Also, several companies had their operations impacted when software or service providers were impacted by cyber-attacks.

REGULATORY CORNER

CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses (SMBs)

CISA’s Secure by Design whitepaper urged software manufacturers to consider how their business practices may inadvertently reduce the security posture of their customers. They recommend that essential security features should be available as part of the basic service offering. Consumers should not need to pay premium pricing, hidden surcharges, or additional fees for basic security hygiene. In particular, they mention that single sign-on capability should be available by default as part of the base offering—consumers should not need to bear an onerous “SSO tax” to get this necessary security measure. 

But the SSO tax is not the only barrier to adoption of SSO by small and medium sized businesses (SMBs). Customers have differing perspectives about SSO.  Some SMBs see it as adding value that improves their security posture, while others do not believe the expense of SSO delivers significant operational improvement and commensurate returns. This latter view reflects the need for clear messaging on the advantages of SSO

Notes

Single Sign-On (SSO) allows users to utilize a single set of login credentials for multiple software systems. Implementing SSO offers numerous benefits for both organizations and users. For organizations, SSO enhances security by simplifying the management of user access and permissions across different systems, thereby reducing the risk of password-related vulnerabilities. It also helps ensure compliance with various regulatory requirements and decreases the volume of password-related support calls. For users, SSO reduces password fatigue by eliminating the need to remember multiple passwords, and streamlines the login process, thus preventing the frustration of forgotten passwords and login delays.

Small or medium-sized businesses can improve their security posture and increase productivity by exploring the potential benefits of implementing SSO in their organization.

Why SMBs Don’t Deploy Single Sign On (SSO) | CISA

ENFORCEMENT NEWS

SEC Charges R.R. Donnelley & Sons Co. with Cybersecurity- Related Controls Violations

The Securities and Exchange Commission today announced that R.R. Donnelley & Sons Company (RRD), a global provider of business communication and marketing services, agreed to pay over $2.1 million to settle disclosure and internal control failure charges relating to cybersecurity incidents and alerts in late 2021.

 According to the order, RRD failed to design effective disclosure controls and procedures to report relevant cybersecurity information to management with the responsibility for making disclosure decisions and failed to carefully assess and respond to alerts of unusual activity in a timely manner. The order further finds that RRD failed to devise and maintain a system of cybersecurity-related internal accounting controls sufficient to provide reasonable assurances that access to RRD’s assets – its information technology systems and networks – was permitted only with management’s authorization.

Notes

This incident underscores the critical need for businesses to prioritize robust cybersecurity measures, effective internal controls, and comprehensive documentation and reporting practices. Ensuring data integrity and confidentiality is crucial for safeguarding sensitive information, maintaining regulatory compliance, preserving stakeholder trust, and mitigating financial and legal risks. Additionally, the incident highlights the consequences of inadequate disclosure controls and procedures, emphasizing the importance of proper documentation and timely reporting to stakeholders and regulatory bodies. Clear documentation of cybersecurity incidents and response actions is essential for demonstrating diligence in monitoring and addressing threats, enabling swift and informed responses to mitigate risks effectively. This serves as a reminder to all businesses about the importance of proactive cybersecurity practices, vigilant internal controls, and robust documentation and reporting mechanisms in today’s digital landscape.

SEC.gov | SEC Charges R.R. Donnelley & Sons Co. with Cybersecurity-Related Controls Violations

CYBER NEWS

Snowflake Data Breach Impacts Ticketmaster, Other Organizations | SecurityWeek

Ticketmaster and multiple other organizations have had significant amounts of information stolen in a data breach at cloud storage company Snowflake, security researchers report. The theft of Ticketmaster data came to light last week, when a notorious hacking group claimed to have exfiltrated the information of 560 million users, asking $500,000 for the data.

Patch Tuesday, June 2024 “Recall” Edition | Krebs on Security

Last month, Microsoft debuted Copilot+ PCs, an AI-enabled version of Windows. Copilot+ ships with a feature nobody asked for that Redmond has aptly dubbed Recall, which constantly takes screenshots of what the user is doing on their PC. Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware. A former Microsoft threat analyst Kevin Beaumont detailed on his blog how any user on the system (even a non-administrator) can export Recall data, which is just stored in an SQLite database locally. Microsoft released updates to fix more than 50 security vulnerabilities in Windows and related software, saying Recall would no longer be enabled by default.

Car dealerships in North America revert to pens, paper after cyberattacks | AP News

Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector. CDK Global, a company that provides software for thousands of auto dealers in the U.S. and Canada, was hit by back-to-back cyberattacks Wednesday. That led to an outage that has continued to impact operations. For prospective car buyers, that’s meant delays at dealerships or vehicle orders written up by hand. There’s no immediate end in sight, but CDK says it expects the restoration process to take “several days” to complete.

Hackers Derail Amtrak Guest Rewards Accounts in Breach | Darkreading

Amtrak has disclosed a data breach affecting train travelers’ Guest Rewards accounts. In a breach-disclosure notice filed with the state of Massachusetts, the national passenger rail service noted that an unknown third party gained unauthorized access to users’ account information during the time period of May 15-18.

DECODE THE TERMS

Vulnerability – a weakness in a system or process that could be exploited by malicious actors.

HTTP/S – HTTP (Hypertext Transfer Protocol) is the standard protocol for transferring web pages from web servers to user browsers. HTTPS (Hypertext Transfer Protocol Secure) is its secure version, which encrypts data to protect sensitive information during transmission between browsers and web servers.

DLP – (Data Loss Prevention) is a security tool that stops unauthorized access, sharing, or loss of sensitive information. It monitors and controls data movement to ensure it stays within the organization, protecting personal data, financial records, and intellectual property. DLP helps keep important information safe and secure.

Data Classification – The process of categorizing data assets based on their information sensitivity, so those assets can be managed properly.