In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.
Cybersecurity
Ransomware Awareness for Holidays and Weekends
In a White House press briefing yesterday Deputy National Security Advisor Anne Neuberger stressed that while there is no specific threat information or information regarding cyber attacks this weekend, in the past, over holiday weekends, attackers have sometimes focused on security operation centers that may be understaffed or a sense that there are fewer key personnel on duty as they may be on vacation. A long weekend can make attackers feel they have extra time to navigate in a network before they are detected. As part of the administration’s ongoing efforts to secure our — America’s defenses against cybercrime and ransomware, on Tuesday, the FBI and DHS’s CISA released an advisory outlining specific steps that organizations and individuals can take to really increase their defenses and be safe online.
The administration is calling on executives to bring together their leadership teams and run through this set of activities to ensure that your organizations are as secure as they need to be before the holiday weekend:
- Update and patch all software. We continuously see attackers compromising organizations based on vulnerabilities that are known, for which patches are available.
- Ensure that individuals have strong passwords in place. And indeed, for key personnel, encourage them to change their passwords now.
- Implement multifactor authentication, particularly for key personnel and IT staff. Multifactor authentication is something more than a password. It could be a biometric, like a fingerprint. It could be a code that comes off software.
Cyber attacks are now commonplace. Ransomware attacks, in particular, have skyrocketed in frequency and size. High-profile data breaches have cost businesses in the United States millions of dollars in losses and incalculable reputational harm. Just like those in any other industry, cannabis cyber attack risks pose a clear and present danger of financial consequences. There is no “standard” cyber insurance policy. Dozens of insurers sell such a product, with each insurer constantly adapting its policy terms to market changes and challenges. As a result, cannabis businesses must carefully review policies offered to them and negotiate the terms in order to address their individual cyber risks. Those that fail to do so may leave some of their biggest risks uncovered.
This article focuses on three risks.
-
Retailers face acute reputational risks associated with data breaches.
-
Growers and producers may suffer damage to or loss of property that is not easily insured.
-
Businesses struggle with contradictions created by conflicting state and federal laws.
Physical Security
AP Sources: Intel Shows Extremists to Attend Capitol Rally
Information continues to develop and be published related to various protests and demonstrations upcoming, including the Justice for J6 activity on 18 September. As such, RE-ISAC will continue to monitor events and activities and provide updates as necessary. One such update, far right extremist groups like the Proud Boys and Oath Keepers are planning to attend a rally later this month at the U.S. Capitol that is designed to demand “justice” for the hundreds of people who have been charged in connection with January’s insurrection, according to three people familiar with intelligence gathered by federal officials. As a result, U.S. Capitol Police have been discussing in recent weeks whether the large perimeter fence that was erected outside the Capitol after January’s riot will need to be put back up, the people said. The officials have been discussing security plans that involve reconstructing the fence as well as another plan that does not involve a fence, the people said. They were not authorized to speak publicly and spoke to The Associated Press on condition of anonymity. The Cannabis ISAO encourages organizations in the DC, Maryland, and Virginia area to monitor this situation and report suspicious activity to authorities.
Education on Hostile Event Preparedness: Fire as a Weapon
Join Cannabis ISAO partner Gate 15 for a free educational webinar on Wednesday, 15 September from 2:00 PM EDT – 3:30 PM EDT. You can register for the event here. In this presentation, You will learn how to:
- Recognize Fire as a Weapon hostile events
- Better prevent, prepare for, and react to an event
- Identify safeguards to prevent Fire as a Weapon attacks
- Identify preparations to mitigate the harm of a Fire as a Weapon attack if it occurs
- Take proper actions during a Fire as a Weapon hostile event, to increase the chance of survival if an event occurs
- Identify resources available, to take the next steps in Fire as a Weapon preparedness
Natural Threats
More than 45 dead after Ida’s remnants blindside Northeast
A stunned U.S. East Coast faced a rising death toll, surging rivers and tornado damage Thursday after the remnants of Hurricane Ida walloped the region with record-breaking rain, drowning more than 40 people in their homes and cars. In a region that had been warned about potentially deadly flash flooding but hadn’t braced for such a blow from the no-longer-hurricane, the storm killed at least 46 people from Maryland to Connecticut on Wednesday night and Thursday morning.
As much of the east coast continues to recover from the impacts of Hurricane ida, the UN has indicated that weather disasters will become more frequent and costly. The number of disasters, such as floods and heatwaves, driven by climate change have increased fivefold over the past 50 years, killing more than 2 million people and costing $3.64 trillion in total losses, a U.N. agency said on Wednesday. The World Meteorological Organization (WMO) says its “Atlas” is the most comprehensive review of mortality and economic losses from weather, water and climate extremes ever produced. It surveys some 11,000 disasters occurring between 1970-2019, including major catastrophes such as Ethiopia’s 1983 drought, which was the single most fatal event with 300,000 deaths, and Hurricane Katrina in 2005 that was the most costly, with losses of $163.6 billion.
The WMO, whose report was issued days after Category 4 hurricane Ida hammered southern Louisiana, attributed the growing frequency to both climate change and improved disaster reporting. “Thanks to our early warning service improvement we have been able to have a decrease of the casualties at these kind of events, but the bad news is that the economic losses have been growing very rapidly and this growth is supposed to continue,” WMO Secretary-General Petteri Taalas told a press conference.
Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!
Check out the latest blog highlighting issues important to cannabis security!
Tweet