October 1st marks the beginning of National Cybersecurity Awareness Month (NCSAM). During October, government and industry work together to raise awareness of cybersecurity issues and help promote educational materials. This year, the Department of Homeland Security (DHS) is focusing on, “citizen privacy, consumer devices, and ecommerce security.” To assist with NCSAM efforts, the DHS has provided a NCSAM 2019 Toolkit with cybersecurity information and helpful tips. In honor of NCSAM, Password Protected will highlight cybersecurity developments throughout the month of October. See below for some of the most recent cyber headlines.
NY Attorney General Sues Dunkin’ Over Cyberattacks
Attorney General Letitia James recently brought suit against Dunkin’ over cyberattacks. Specifically, the lawsuit focuses on customer accounts created via the Dunkin’ website or mobile app. In 2015, these customer accounts were subjected to “brute force attacks,” during which there were repeated attempts to gain access to the accounts. AG James states, “Dunkin’ failed to protect the security of its customers…[a]nd instead of notifying the tens of thousands impacted by these cybersecurity breaches, Dunkin’ sat idly by, putting customers at risk.”
Senate Passes Cyber Hunt Bill To Help Combat Ransomware Attacks
This week, the Senate passed the DHS Cyber Hunt bill. Under the “DHS Cyber Hunt and Incident Response Teams Act,” DHS would develop “incident response teams” to combat ransomware attacks. These teams would help recover and restore infrastructure that was shut down or negatively affected by ransomware attacks.
PROTECT Act Meant to Increase Electric Grid Cybersecurity
Last week, the “Protecting Resources On The Electric grid with Cybersecurity Technology ” (PROTECT) Act, was introduced into the Senate. The bill is aimed at helping protect the security of our nation’s electric grid. The bill enables the Federal Energy Regulatory Commission (FERC) to incentivize cybersecurity investments by electric utilities. It also creates a program for advanced cybersecurity technology at the Department of Energy (DOE).