NordVPN has published a report (full report may be downloaded from the link) with some interesting findings about how we do (or don't) secure our Internet of Things (IoT) devices. We live in a time when nearly 90% of people have at least one IoT device. The younger you are, the more likely you are to have multiple devices. Unsurprisingly, the number of IoT devices goes up with income, particularly with devices that provide home security, heating and lighting. 63.7% of people have wireless routers and 57.1% have Internet-connected TVs. Less than 50% have other kinds of IoT devices. Curiously, m ..read more

ZDNet reported on August 10th that a new report from cybersecurity company IntSights has published a study on the market for network access on the dark web. Paul Prudhomme, cyber threat intelligence advisor at IntSights, examined network access sales on underground Russian and English-language forums and then compiled a study on why criminals sell their network access and how criminals transfer their network access to buyers. More than 37% of all victims in a sample of the data were based in North America where there was an average price of $9,640 and a median price of $3,000. Network access i ..read more

No, I couldn't think up a sexier title, sorry. But it is important news. Thanks to Dark Reading for its July 27 post highlighting how CIS Controls version 8 affects small and mid-sized businesses (SMBs). CNBC reported that threat actors were targeting SMBs almost half (43%) of the time. These attacks became security incidents for two-thirds of SMBs globally that year, according to TechRepublic. A lack of preparedness was a contributing factor for those attacks. The CIS Controls consist of fundamental security measures that get to the core of an organization's security posture. As such, organiz ..read more

KrebsonSecurity carried a post on August 5 called "Ransomware Gangs and the Name Game Distraction." Good post and it illuminates the whack-a-mole game that is driving law enforcement and governments crazy. Every so often, we hear that a ransomware gang has had its bitcoin confiscated, servers shut down – or the entire gang "retiring." Sadly, ransomware gangs do not really retire – they reinvent themselves with a new name instead. With luck, this impedes any ongoing investigations or turns attention in another direction. Krebs calls this maneuver an "organizational reboot." It gives the leaders ..read more

On July 29, the ABA released the 2021 ABA Profile of the Legal Profession. A summary of the report by the ABA Journal indicates that COVID caused one-third of older lawyers to alter their retirement plans. 53% said the pandemic caused them to delay their retirement and 47% said the pandemic spurred them to hasten their retirement. 36% said they made less money during the pandemic and only 18% made more money. The findings are from a survey of more than 4,000 ABA members last fall and a follow-up survey of nearly 1,400 senior lawyers in March. The third annual report, produced by the ABA Media ..read more

Remember when data breach legislation was all the rage and we ended up with laws being passed in every state/territory? The same thing may be happening with data privacy legislation. There is now a U.S. State Privacy Legislation Tracker resource from IAPP, the largest and most comprehensive global information privacy community and resource. After the California Consumer Privacy Act passed in 2018, multiple states proposed similar legislation to protect consumers in their states. The IAPP Westin Research Center compiled a list of proposed and enacted comprehensive privacy bills from across the ..read more

Coveware's Q2 report on ransomware, published on July 23, offers encouragement in the battle against ransomware. Most notably, ransom payments have declined. Overall, CEOs have woken up to the dangers of ransomware and taken measures to protect their organizations. Ransomware has the full attention of governments around the globe. Law enforcement has begun to really focus on ransomware. Cyberinsurance underwriting standards are hardening. Several states have drafted proposed legislation that ranges from a complete prohibition on ransom payments to mandatory reporting. Federal mandatory reporti ..read more

Law firms, like every other vertical, are reading tea leaves to figure out whether to mandate full time return to work, permitting work from home if desired or offering some kind of hybrid model. So it caught my attention with Silocon.co.uk published a story on July 27 noting that Microsoft is warning employers that 40 percent of people may quit their jobs this year for better work, life balance, etc. We're on the brink of a disruption as great as last year's sudden shift to remote work: the move to hybrid work – a blended model where some employees return to the workplace and others continue ..read more

Dark Reading reported on July 19 that Campbell Conroy & O'Neil (Campbell), a law firm representing hundreds of major organizations, confirmed a data privacy incident related to a ransomware attack detected earlier this year. Campbell's client list includes prominent companies across industries including automotive, aviation, chemical, construction, energy, hospitality, insurance, medical devices, pharmaceutical, retail, and transportation. Past and current clients include Ford Motor Company, General Motors, Boeing, Johnson & Johnson, Pfizer, Home Depot, and Exxon. Campbell discovered u ..read more

Dark Reading reported on July 19 that Campbell Conroy & O'Neill (Campbell), a law firm representing hundreds of major organizations, confirmed a data privacy incident related to a ransomware attack detected earlier this year. Campbell's client list includes prominent companies across industries including automotive, aviation, chemical, construction, energy, hospitality, insurance, medical devices, pharmaceutical, retail, and transportation. Past and current clients include Ford Motor Company, General Motors, Boeing, Johnson & Johnson, Pfizer, Home Depot, and Exxon. Campbell discovered ..read more