At a glance.
- Securing the World Cup.
- Australia's security regulator cautions boards on cybersecurity.
- CISA sends FEITs to help Federal network security.
The World Cup’s cyber-goalie.
Qatar is gearing up to host the World Cup, welcoming hoards of international football fans as well as the digital traffic that will accompany them. Experts are concerned that cybercriminals will take advantage of the influx of online ticketing and hotel reservations to prey on the personal data of those traveling to the Arab nation for the event. As well, they anticipate a rise in Cup-themed phishing and social engineering scams targeting football fans attending the games in person or viewing them online.
Mohammad Al-Kayed, director of cyber defense at Black Mountain Cybersecurity, told Computer Weekly, “If there is anything we have learned about cyber crime from past encounters, it would be that it thrives around major global events.” He advises viewers and attendees to be on the alert for online scams associated with the sale of tickets and sporting goods. As well, he predicts a surge in piracy of football matches through online platforms.
As part of Interpol’s Project Stadia, aimed at providing security arrangements for major world sporting events, global cybersecurity professionals gathered in March to discuss how best to support the Cup, and Morocco, Qatar’s security partner, has already agreed to send a team of cybersecurity experts. Qatar’s Supreme Committee for Delivery and Legacy has also issued a cybersecurity framework that will serve as a required benchmark for all parties involved in the games.
ASIC urges firms to focus on cybersecurity.
Greg Yanco, the Australian Securities & Investments Commission’s (ASIC) executive director for market, is asking local firms to ramp up their cyber resilience measures, the Mandarin reports. According to an ASIC report last year, firms had only improved their resilience by 1.4%, a far cry from the expected 13% that was targeted for that period. 2019 federal reports dictat that non-compliance with Yanco said ASIC would take action against firms to enforce cyber risk management obligations. Federal reforms that came into effect in 2019 mean that non-compliance with certain licensing obligations, including those related to cybersecurity, could result in a civil penalty, and Yanco says ASIC is ready to enforce such penalties if necessary.
ASIC already took action against RI Advice Group in May for several cyber incidents that resulted in employee data breaches between June 2014 and May 2020, and the Federal Court supported ASIC’s actions, imposing a $750,000 fine against the company. Yanco recommends firms conduct risk mitigation, improve their incident reporting processes, and focus not just on preventing attacks, but also on adapting and recovering after a breach has occurred. “We encourage regulated entities to reassess their cyber risks and ensure their detection, mitigation and response measures adequately address their risk appetite. They should also assess their preparedness to respond to cyber security incidents, and to review incident response and business continuity plans,” Yanco stated.
FEIT fights to defend US agency networks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has begun deploying its Federal Enterprise Improvement Team (or FEIT, pronounced “fight,” not "feet"), a team of advisors assigned to individual agencies to help them improve their specific network defenses. The Federal News Network explains that although CISA has provided shared cyber services in the past, FEIT is a new approach for the agency. Eric Goldstein, executive assistant director for cybersecurity at CISA explains that historically, “We really did very little bespoke hand holding of agencies to really figure out what’s their security program like today? What’s their environment like? What’s their infrastructure like? And then how can we help them progress on a journey to get in the place that they need to be.”
Funded by a portion of the $650 million CISA received under the American Rescue Plan Act of 2021, FEIT teams will work with agencies to identify their specific cybersecurity gaps and develop personalized improvement plans. The timing couldn’t be better, as both the House and Senate are moving to update to the Federal Information Security Modernization Act of 2014 with legislation that would codify CISA’s central role in federal civilian executive branch cybersecurity operations.