Cyber Intelligence Weekly (November 6, 2022): Our Take on Three Things You Need to Know
Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let us know!
Before we get started on this week’s CIW, I’d like to highlight our Third-Party Risk Management professional services. With the number of third-party related breaches on the rise, organizations are turning their attention to implementing effective Third-Party Risk Management (TPRM) programs, but many do not know where to begin. Effective TPRM must be far more than a “check the box” compliance exercise. It requires a proactive and comprehensive approach to ensure that third-party risks are adequately managed. At Echelon, we partner with you to understand your unique third-party ecosystem and risk appetite to customize the right approach and reduce the complexity caused by outsourcing services.
Away we go!
1. United States Exploring Review of Twitter Deal, Ties to Foreign Investments
As many of us have seen, Elon Musk has commandeered Twitter in the past week. It has been a wild ride since with mass layoffs and Elon taking to Twitter with regular updates.
All the takeover hysteria aside, there have been concerns swirling amongst U.S. officials about the structure of the new ownership and potential foreign equity holdings of Twitter, per a recent Washington Post report. Per the WaPo report, U.S. officials are seriously considering launching a formal investigation into the purchase of Twitter.
The main concern is whether or not certain overseas investors will be able to access the data of Twitter users and what type of access they have to do that. Per the report, there are several overseas investors of note that make this a concern, including a holding company of a Saudi prince, a subsidiary of the Qatari sovereign wealth fund and Binance, to name a few. U.S. officials definitely see foreign investors having access to U.S. citizen data at scale as a large national security threat, and rightfully so. The biggest question at this point will be how they can legally look into the deal and what changes, if any, they will be able to make.
2. Snack Maker Mondelez Settles NotPetya 'Act of War' Insurance Suit with Zurich
As we have written about before, the cyber insurance landscape has been changing steadily over the years. Most recently, in August we wrote about how Lloyd’s of London was changing course to ensure all state-backed cyber attacks are excluded from coverage.
In the Mondelez case, the insurer (Zurich), originally denied the claims from Mondelez to cover the losses from the destructive NotPetya attacks back in 2017, claiming an “act of war” exemption, based on the belief that NotPetya was spread by Russian military hackers. The terms of the settlement were not fully disclosed, but there must have been enough reasons to believe that Mondelez had a compelling enough argument to be willing to settle rather than drag it out in court and potentially lose a case that could set a bad precedent and lead to further losses.
3. NSA Watchdog Concluded One Analyst’s Surveillance Project Went Too Far
A recent report from Bloomberg highlights potential on-going privacy violations of American communications through one analyst’s abuse at the National Security Agency (NSA). The Inspector General (IG) of the NSA found that the analyst “acted with reckless disregard” and violated numerous rules and possibly the law, according to the IG’s report from 2016. The full heavily redacted report can be found here.
There was no indication that these events were related or not to the Snowden revelations, but the internal complaints and whistleblower’s remarks to the NSA Inspector General certainly came at a time when the NSA was under intense scrutiny for the Snowden leaks. What is most alarming is that there could still be failings of this type, even with the intense oversight that is occurring under the new rules and regulations the NSA must follow for surveillance within the U.S. borders
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about