In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.


Apple Now Allows Marijuana Businesses On Its App Store, While Google Maintains Ban

Apple will no longer prohibit marijuana delivery services from being hosted on its App Store—one of the latest pro-cannabis developments to come out of the tech industry. “We don’t allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality,” it says, adding that some examples of violations would be “allowing users to order marijuana through an in-app shopping cart feature” or “assisting users in arranging delivery or pick up of marijuana.” While this move represents a small step towards normalizing the legalized cannabis industry, any advancement within the tech industry will bring along its own set of challenges. As cannabis organizations venture into more online arenas where the potential for data collection and exposure exist, executives would be wise to review materials like the Cybersecurity & Infrastructure Security Agency’s (CISA) Questions Every CEO Should Ask About Cyber Risks resource.

Ransomware Threat and Cybersecurity Regulation: What’s Next?

The recent spate of publicly disclosed ransomware attacks has caused a groundswell of debate among policy makers in Washington, D.C., regarding the most effective way to deal with the threat. The perceived need for federal action on a number of fronts is growing so strong that it is worth pondering several ideas that may continue to gain traction. Certain sectors are expecting some sort of federal regulation to come down. While Cannabis may currently sidestep any federal measures, they may start seeing regulations from state. The New York State Department of Financial Services has released ransomware guidance for all New York State regulated entities.

The guidance indicates that regulated companies should report the deployment of ransomware on their internal networks “as promptly as possible and within 72 hours at the latest.” The department expects regulated companies to implement the following controls:

  • Email filtering and anti-phishing training
  • Vulnerability/Patch Management
  • Multi-Factor Authentication
  • Disable RDP Access
  • Password Management
  • Privileged Access Management
  • Monitoring and Response
  • Tested and Segregated Backups
  • Incident Response Plan

All Cannabis organizations are encouraged to review the Cybersecurity and Information Security Agency (CISA) Ransomware Postcard for additional references.

Physical Security

The Acceleration of Cannabis Legalization is Creating Jobs for Veterans as Armed Security Guards

The spread of legalization to new states, particularly on the East Coast, is providing new opportunities for security companies that provide armed guards to cannabis businesses, and for veterans with firearms training. Physical security measures, whether they be gates, guards, or cameras are all important factors. But so too are security plans, and regularly testing those plans for vulnerability against the latest threat intelligence. The Cannabis ISAO provides a community where cannabis organizations can both receive the latest threat intelligence, and collaborate on best practices to mitigate those threats and create a more resilient industry. 

‘Perfect storm’: Bulletin warns of extremist violence as pandemic restrictions lift

Earlier this week the Department of Homeland Security (DHS) Office of Intelligence & Analysis released an Intelligence In Brief report about the increasing opportunities for violent extremist attacks this summer. The report was cited today by ABC News who were told by a senior law enforcement official “In a sense, we have the perfect storm. It’s a very volatile moment and it’s about to be a more target-rich environment.” While Cannabis ISAO can’t release the actual For Official Use Only (FOUO) document via public format, it does represent the type of document that will be shared through our secure, member only threat reporting portal. More membership details will be released shortly, and in the meantime please feel free to email us if you have any questions.

Natural Threats

Hurricane Elsa Strengthens as it nears Lesser Antilles

At 5am AST, Tropical Storm Elsa was located 70 miles east-southeast of Barbados with maximum sustained winds of 60 mph and a minimum central pressure of 1001 mb. Elsa is moving quickly toward the west-northwest near 28 mph, and this motion is expected to continue during the next couple of days. On the forecast track, Elsa will move across the eastern Caribbean Sea late today and tonight, and move near the southern coast of Hispaniola on Saturday. By Sunday, Elsa is forecast to move near Jamaica and portions of eastern Cuba. Some additional strengthening is forecast over the next 12 to 24 hours. There is a risk of storm surge, wind, and rainfall impacts in the Florida Keys and portions of the Florida Peninsula early next week. However, the forecast uncertainty remains larger than usual due to Elsa’s potential interaction with the Greater Antilles this weekend. Over Puerto Rico, rainfall of 1 to 3 inches with localized amounts of 5 inches is expected late today into Saturday. This rain may lead to isolated flash flooding and minor river flooding, along with the potential for mudslides. Before breaking for the holiday weekend, cannabis business in Florida and the Gulf Coast may want to review our Library Card Series blog about Hurricane Preparedness.

Hurricane Elsa Path

Below are Tropical Storm Wind Probabilities:

  • Jacksonville, FL- 14%
  • Daytona Beach, FL- 16%
  • Orlando, FL- 16%
  • Lauderdale, FL- 22%
  • Miami, FL- 17%
  • Key West, FL- 37%
  • Naples, FL- 33%
  • Tampa, FL- 27%
  • Tallahassee, FL- 13%
  • Ponce, PR- 5%
  • Aguadilla, PR- 16%
  • San Juan, PR- 4%
  • Vieques, PR- 13%
  • Saint Thomas, VI- 9%
  • Saint Croix, VI- 14%

Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!

Check out the latest blog!