In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.
Information Sharing Update
National Council of ISACs Provides a Congressional Update on Information Sharing Successes & Opportunities
On 23 Sep, the National Council of ISACs (NCI) “hosted a Congressional briefing on to highlight the critical role Information Sharing and Analysis Centers (ISACs) play in our nation’s cybersecurity. The briefing covered how the 27 members of the NCI support national areas of critical infrastructure and how Congress can help them be even more successful. The press release can be accessed here and includes a number of quotes from leadership across the ISAC community including Ms. Erin Miller, Space ISAC, Mr. Scott Algeier, IT-ISAC, and Mr. Josh Poster, Auto-ISAC, among others, as well as background on ISACs and reference to some recent publications developed by the ISAC community.
“I firmly believe ISACs play a key role in defending critical infrastructure, the Federal Government, and private and public sector networks.” (ISACs are a) “cornerstone for our nation’s multi-pronged approach to sharing information on cyber and physical security threats.”- Congressman John Katko (R- New York’s 24th District)
Supply chain vulnerabilities are a major concern for any business. Whether it is ensuring there is an adequate amount of product on hand to meet consumer needs, or protecting business sensitive partner data from a breach, there are many areas that require attention. “Supply chain, specifically the regulation and compliance, is a gigantic source of risk for this industry. But it’s not the only risk. Our modern-day supply chains are a mess. We’ve got port congestion, staffing shortages, trucking delays, and COVID-related challenges,” said Ashley Metcalf, Associate Professor of Operations at Ohio University. “You can never eliminate risk, especially in this industry, but the best way to manage it is to use technology and automation.”
“Preventing ransomware attacks needs to be taken seriously. The average cost of an attack is $440,000, according to research from the Ponemon Institute — but only 10 percent of that cost is related to preventing an attack, meaning prevention could save a company nearly $400,000.” While not every organization can afford to hire top of the line cybersecurity companies to help develop and implement security plans, no company can afford to completely ignore cybersecurity. Here are a few cost-effective tips to consider:
- Capitalize on nonprofit cybersecurity tools like the Global Cyber Alliance’s Cybersecurity toolkit for small businesses.
- Tap into free training and industry trade groups like those offered by NCIA and NACB.
- Build a cyber response strategy. CDW’s incident response program offers no-fee retainer agreements that make incident response available immediately in the event of an attack.
Now in its 18th year, Cybersecurity Awareness Month—previously known as National Cybersecurity Awareness Month—continues to raise awareness about the importance of cybersecurity across our Nation, ensuring that all Americans have the resources they need to be safer and more secure online. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) are using the overarching theme:
“Do Your Part. #BeCyberSmart.”
This evergreen theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.
In 2021, CISA and NCSA will focus on the following areas in our promotions and outreach:
- Week of October 4 (Week 1): Be Cyber Smart.
- Week of October 11 (Week 2): Phight the Phish!
- Week of October 18 (Week 3): Explore. Experience. Share. – Cybersecurity Career Awareness Week
- Week of October 25 (Week 4): Cybersecurity First
For more on how to raise your organization’s cybersecurity awareness, check out this blog from Gate 15 with some Tips from the Pros!
This latest Insuring Cannabis podcast offers some intriguing claims data and anecdotes from a top cannabis insurance underwriter, and some security advice for brokers and their cannabis clients from a former police officer. The podcast features Jim McErlean, director of business development for Cannasure, as well as Chris Eggers, owner of CC security solutions, a cannabis security consulting firm.
On the podcast McErlean mentioned that security cameras and other evidence point to some dispensary crimes being perpetrated with the help of employees. Many criminals are getting in and out with large amounts of loot – with reported losses sometimes above $100,000 – in minutes. Insider threats impact all industries, but it is becoming an increasing concern within cannabis. Check back in on Tuesday for our Library Card blog series when we will be highlighting a new resource from the CISA which is a self-assessment tool to help mitigate insider threats.
According to Denver Police Department data, burglaries associated with legal marijuana rose from 122 in 2019 to 175 in 2020, while other violent offenses — crimes including robbery, aggravated assault, homicide and rape — stayed flat. Violent offenses related to legal marijuana also increased by 64 percent between 2014 and 2020.
This rise in crime has led to an increase in security regulations for legal cannabis businesses which are outlined in this article. Dispensaries continue to be targeted heavily due to the fact they are cash-based. All eyes are now on the SAFE Banking Act to hopefully address this ongoing issue in a more substantial way than additional regulations and businesses costs for cannabis organizations.
Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!
Check out the latest blog highlighting issues important to cannabis security!Tweet