In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.

Cybersecurity

How Hackers Used Slack to Break into EA Games

A representative from the hacker group explained to Motherboard that the group utilized a social engineering technique to break into game publishing giant Electronic Arts by tricking an employee over Slack to provide a login token. The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. As Slack is a common business collaboration tool, this is a perfect example to help reenforce to employees how identities need to be verified within any information sharing system.  All Cannabis organizations are encouraged to adopt a Zero Trust Security mindset. Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. A great explanation of Zero Trust can be found on this blog from Crowdstrike.

To learn more about social engineering attacks, make sure you check out our next Library Card Series blog which will be published on Tuesday June 22.

Report: Ransomware Attacks and the True Cost to Business

Ransomware attacks have continued to make headlines, and for good reason: on average, there is a new ransomware attack every 11 seconds, and the losses to organizations from ransomware attacks is projected to reach $20 billion over the course of 2021 following a record increase in losses of more than 225% in 2020. Ransomware continues to be significant threat to small businesses and large enterprises alike. A couple key findings from a recent Cyberreason report include:

  • Loss of Business Revenue: 66 percent of organizations reported significant loss of revenue following a ransomware attack
  • Ransom Demands Increasing: 35 percent of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7 percent paid ransoms exceeding $1.4 million
  • Brand and Reputation Damage: 53 percent of organizations indicated that their brand and reputation were damaged as a result of a successful attack
  • C-Level Talent Loss:32 percent of organizations reported losing C-Level talent as a direct result of ransomware attacks
  • Employee Layoffs:29 percent reported being forced to layoff employees due to financial pressures following a ransomware attack
  • Business Closures:A startling 26 percent of organizations reported that a ransomware attack forced the business to close down operations entirely

Ransomware was a major point of discussion for both U.S. President Joe Biden and Russian President Vladimir Putin during their first in-person summit on Wednesday. After the three-hour meeting in Geneva, Switzerland, both leaders held separate press conferences where they hinted at key points of discussions and potential compromise. The White House transcript noted Biden as saying “Another area we spent a great deal of time on was cyber and cybersecurity. I talked about the proposition that certain critical infrastructure should be off limits to attack — period — by cyber or any other means. I gave them a list, if I’m not mistaken — I don’t have it in front of me — 16 specific entities; 16 defined as critical infrastructure under U.S. policy, from the energy sector to our water systems.” 

Physical Security

Suspect Killed, Security Guard Wounded After Gun Battle Outside Los Angeles Dispensary

An argument between a security guard and two suspects led to a shooting outside the Green Earth Collective on Thursday afternoon. One suspect was killed in the shooting while the second was unharmed and taken into custody. The security guard was transported to a hospital with critical injuries. It is unclear at this time what sparked the initial argument. This incident continues a national trend of gun violence. National law enforcement commentators have already expressed concern that the U.S. could be heading into a summer period filled with increasing violence. In light of this, it can be useful to review de-escalation techniques with security guards. Additionally, empowering frontline employees to identify risks and suspicious behavior can be key to preventing dangerous situation. The Cybersecurity & Infrastructure Security Agency has encouraged the OHNO technique which stands for Observe, Initiate a Hello, Navigate the Risk, and Obtain Help.

Thief Steals Garbage Bag Full of Items from San Francisco Walgreens with Security Filming in Plain Sight

A man in a San Francisco Walgreens filled a large garbage bag with merchandise, while being filmed by multiple customers and the security guard on cell phone cameras, before riding out of the store on a bike. The ongoing theft throughout the city has led to an increase in closure for businesses. Over the past five years, 17 Walgreens have closed and CVS has referred to the city as “one of the epicenters of organized retail crime.” San Francisco Supervisor Ahsha Safai held a hearing on organized retail theft in May and said that “It might even involve a more aggressive effort when it comes to surveillance cameras, because you see the same individual hitting multiple locations, then you can begin to have deeper conversation about bringing multiple charges, or aggregate charges against that individual and really start to break this up.” The Supervisor has reported a Walgreens in his district has seen success with utilizing uniformed off-duty police officers to help monitor the store.

While cannabis dispensaries are more fortified than most retail establishments, there are still elements to this story that the cannabis industry will want to follow and be aware of. As this type of activity continues to go unchecked, as was evident in this incident, organized retail crime operations will continue to become bolder and could turn their attention to more high value targets than a local pharmacy. Cannabis businesses are encouraged to connect with their local law enforcement to understand crime trends and take necessary measures to build further resiliency.  

Natural Threats

COVID-19 Vaccine Hesitancy Within the Workforce

As economies reopen businesses across sectors are grappling with how to welcome employees back to the workplace safely. Some have made vaccinations a requirement, and there is ongoing litigation in Houston, Texas surrounding that decision at one hospital. As employers make finalize their policies, keeping an eye on the legal battle in Texas will be key. In order to reduce the risks of low vaccination rates within your own organization, it is important employers become messengers of accurate and reliable information within their workplaces. According to the CDC, employing some or all these measures may help to increase vaccine acceptance:

  • Have workplace leadership take the COVID-19 vaccine, capture their experience using video or photo, and share the experience with their staff.
  • Train interested staff to become COVID-19 vaccination ambassadors who will speak confidently and honestly, relaying personal stories about the vaccine to fellow coworkers and answer any of their concerns
  • Employ all available communication tools when promoting the COVID-19 vaccine to staff including social media, internal communication channels, and posters or signs around the workplace.
  • Set a virtual townhall where leadership, respected local medical experts, and staff share about their COVID19 vaccine experience, other vaccine facts, and answer audience questions. Use experts to communicate to your staff and constituents when talking about the COVID-19 vaccine. Ensure that these experts present factual information about the vaccine, including risks.
  • Some employers give employees paid time off to get the vaccine and offer paid sick leave for employees who have significant reactions to the vaccine.
  • While waiting to become vaccine-eligible, continue using all non-medical intervention methods to protect against the COVID-19 virus and all variants by social distancing, frequent hand washing, and the use of masks. Encourage these practices within your staff and implement policies where needed.

Daily Security Newsletter

Gate 15 Situational Update Notifications

Our friends at Gate 15 publish a daily newsletter that looks at the biggest security headlines. We highly recommend subscribing  for an excellently curated list of open source stories. 

Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!

Check out the latest blog!

Header Image: CHESNOT/GETTY IMAGES

On