October is cybersecurity awareness month and has been filled with various cyber events befitting it of the title. Here is a consolidation of stories covering various developments, like a prominent NJ water supplier’s recent cyber breach, to comments made from CISCO’s chief AI officer on the state of human participation in AI tools. Paying attention to the news can be a significant advantage when preventing cybercrime, so read ahead to stay informed.
Some Simple Steps to Protect Your Data from Hackers
Massive data breaches continue to expose billions of records, as seen in recent incidents involving National Public Data, Medicare, and MC2 Data. These breaches significantly increase the risk of fraud, identity theft, and account takeovers for the public. To mitigate these risks, it is crucial to strengthen your login methods by using strong, unique passwords or more secure alternatives like passkeys. Implementing either two-factor authentication (2FA) or multi-factor authentication (MFA) through apps or hardware (such as a keychain displaying a series of random numbers), adds an extra layer of protection and ensures your accounts remain secure even if passwords are compromised. Passkeys are another solution you can utilize, which can be tied to your device or as an extension to your browser, offering an in-browser alternative to 2FA. However, there is nothing preventing you from using both solutions.
Protecting your financial life is also a critical part of protecting your data from hackers— so if you notice anything suspicious, freeze your credit and banking reports, regularly check your credit for suspicious activity, and set up an IRS identity protection PIN. Always screen communication carefully, as scammers use leaked personal identifiable information (PII) to craft personalized scams. Finally, make sure you stay informed about breaches by following the news or utilizing Dark Web Monitoring services. By securing your accounts and staying vigilant, you can better protect your identity and financial well-being.
New Jersey Water Supplier Hit by Cyber Attack
Earlier this month, a NJ-based water supplier American Water, which is the largest water utility company in the U.S., experienced a cyberattack that successfully compromised its network. The company responded by taking its customer portal, MyWater, offline, halting billing temporarily while they work to restore systems securely. Although the portal remains down, American Water has assured customers that water and wastewater facilities have not been negatively affected and that the water is safe to drink.
Serving over 14 million people across 14 states and 18 military installations, the company is still assessing the full impact of the hack. While law enforcement is still investigating, the identity of the hackers remains unknown. The nature of the attack is unsurprising as water utilities are considered particularly vulnerable to cyberattacks, and FBI Director Chris Wray has highlighted foreign threats, specifically from China, are no stranger to targeting critical U.S. infrastructure.
Catastrophic Internet Archive Security Breach
An online repository of a variety of information called Internet Archive has faced significant cybersecurity challenges this month, including a series of DDoS attacks that rendered the site largely unusable. Amid these attacks, attackers claimed to have executed a “catastrophic security breach” affecting 31 million emails and passwords, warning users via a pop-up message that their data had been compromised.
Archive founder Brewster Kale acknowledged that usernames, emails, and encrypted passwords were indeed breached, prompting urgent advice for users to change their Archive passwords and any other accounts using the same credentials. In response, the Archive has disabled the JavaScript library implicated in the breach and is actively upgrading its security systems. Despite these measures, DDoS attacks continue to impact both Archive.org and Openlibrary.org, prioritizing data safety over service availability. The attackers behind the breach have claimed political motivations.
CISA Official Comments on AI Tools
Lisa Einstein, CISA’s chief AI officer, recently stressed the importance of “strong human processes” when using AI technology at two events in our nation’s capital. CISA’s initiatives include a dozen use cases and two AI security tabletop exercises. Since her August appointment, Einstein has remained optimistic about AI’s potential for cyber defenses but emphasizes the need for caution, noting that AI tools require human oversight within established cybersecurity processes. At the Predict 2024 event, she warned that the current “AI gold rush” might overshadow significant security issues, as AI learns from data and humans have historically struggled to embed security into their code. CISA’s tabletop exercises, led by the Joint Cyber Defense Collaborative (JCDC), highlight the necessity for collaboration in addressing potential incidents. Following two recent exercises, CISA plans to publish an AI security incident collaboration playbook this fall. Einstein also advocates for a strong collaborative culture and is deep into a second round of risk assessments required by the White House’s AI executive order, aiming for completion by January. She advises cyber officials to focus on specific problems rather than applying AI indiscriminately, stressing that having an AI tool does not mean it should be a universal solution.
Stay in the Loop with SWK
In the constant struggle against hackers and cyber-attacks, staying informed can be the most important line of defense to protect your data and network. However, not everyone can afford to take the time to keep up with every new development, as you are focused on the core aspects of your business. Fortunately, SWK is here to help you stay in the know. Contact us today to gain access to a team of cybersecurity professionals who make it their mission to keep you safe from whatever the dark corners of the internet throw your way.