I. State sponsored attacks on the rise?
https://www.theregister.com/2021/03/01/statesponsored_chinese_group_attacked_india/
Outage of Mumbai’s power supply in October 2020 was a targeted attack on Indian critical infrastructure, according to Recorded Future. Indian government officials denied that there was a cyber attack.
As the threat of state sponsored attacks rises, critical infrastructure organisations should prepare for advanced attacks. A cyber war between two governments will impact commercial organisations and individuals alike. It is not restricted to government websites and services alone.
CISO Check:
Establish a system of proactive disclosure of cyber attacks faced by organisations.
The CISO community should actively share threat intelligence on a regular, formal basis.
II. National Security vs. Data Privacy…
Does implementing a system that allows message tracing break the encryption of chat apps? Internet Freedom Foundation thinks so. The technicalities of mobile phone traceability while keeping the message private leads to many additional attack vectors as submitted by Prof. Manoj M Prabhakaran of IIT Mumbai.
With the new social media guidelines in India, the implications for businesses that are publishing content online are high. Organisations and individuals should evaluate the applicability of the guidelines and incorporate the requirements into their social media strategy.
CISO Check:
Include chat apps in your social media security strategy. Analyse the risks and inform the board of the risks to your organisation on the usage of chat apps and chat groups for business communication.
III. Quote of the week
Our future world will have to find equilibrium in the technology pendulum swing. - Stephane Nappo