Cyber Connections News Roundup: Dec. 15

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 15

The Relationship Between Security Profile and Stock Performance

Is there a connection between a public company’s cybersecurity posture and its stock performance? A recent report by the Journal of Cyber Policy analyzes the relationship between a public company suffering a data breach and a decline in its share price. The paper also seeks to answer whether the converse is true. Does a company with a robust cybersecurity posture enjoy a strong stock performance? The report compares security ratings from SecurityScorecard with 52-week returns on shares for companies in the S&P 500 index, which comprises the shares of 500 large U.S. companies. Read more.

President Signs IoT Security Act

On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The legislation, H.R. 1668, passed the House in September and the Senate in November. According to a report on www.jdsupra.com, the act directs the National Institute of Standards and Technology (NIST) to issue standards for the “appropriate use and management” of IoT devices owned or controlled by federal agencies. NIST is directed to issue these guidelines by March 4, 2021. Read more.

CISA Reports Rise in K-12 Ransomware Attacks

According to a recent article on www.statescoop.com, more than half of all ransomware attacks against state and local government entities reported over the past few months have targeted K-12 school systems. This comes from a Dec. 10 alert from the Cybersecurity and Infrastructure Security Agency (CISA). According to the alert, 57% of ransomware incidents reported to in August and September — when new academic years began — affected school districts, compared to 28% in the first seven months of the year. And ransomware events against schools have continued to tick up since September, including an attack last month against the K-12 district in Baltimore County, Maryland, that caused classes to be canceled for several days around the Thanksgiving holiday. Read more.

Proposed Cybersecurity Agenda for Biden Includes Elevating Role of CISA

A recent article on www.fortune.com outlines a proposed cybersecurity agenda for the incoming Biden administration. The authors of the article, Samuel J. Palmisano, retired CEO of IBM and current chairman of the Center for Global Enterprise, and Kiersten E. Todt, managing director of the Cyber Readiness Institute, propose a set of priorities for Biden’s cybersecurity agenda that include, among other objectives, re-examining the organization of the Department of Homeland Security and consider making the Cybersecurity and Infrastructure Security Agency (CISA) a stand-alone agency with increased budget and personnel resources. Read more.

Foreign Governments Most Likely Behind Recent Vaccine Spearphishing Activity

A recent article on www.cyberscoop.com reports that while drug companies are turning their attention from development of a vaccine to deployment, hackers are doing the same. The article reports that IBM researchers recently revealed a global spearphishing campaign aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. IBM suspects the attackers are tied to a government but doesn’t have enough evidence to determine which one. The IBM findings illustrate how hackers have been targeting pharmaceutical companies involved in vaccines throughout their entire development lifecycle. Read more.