The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.
DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.
NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab). nra.org, nracarryguard.com, and nrafoundation.org join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.
As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.
It’s vital to take precautionary measures
Criminal hackers are becoming more malicious and less predictable in terms of their attack methods plus who they target. It’s vital that organizations take proactive steps to protect their private, consumer data and the IT systems that house it.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework was originally created to guide federal agencies that are required to set minimum cybersecurity policies, processes, and procedures. It is a voluntary framework, which helps businesses manage their cybersecurity risks.
The framework provides a data security infrastructure that organizations can use to organize their cybersecurity activities, ensure they remain up-to-date, and manage cost-effectiveness. As NIST references existing functional data security standards, ISO 27001 can play a big part in your information security management system (ISMS) implementation.
ISO 27001 is the international standard that describes best practice for an ISMS. Achieving ISO 27001-accredited certification sends a strong message to clients, peers, and industries that your company is taking adequate measures to protect consumer data and effectively manage data breach events.
Achieving ISO 27001 certification can be a big challenge depending on your organization’s size and scope. To help, IT Governance is offering its ISO 27001 Foundation (CIS F) and Lead Implementer (CIS LI) courses as a combined course. You will gain a comprehensive understanding of the activities needed to plan, implement, and maintain an ISO 27001-compliant ISMS.
Book a place on our ISO27001 Foundation and Lead Implementer Combination Course for a 15% saving on the cost of the two separate courses.