June 8, 2022      SUBSCRIBE
To be where little cable cars climb halfway to the stars..."
-Tony Bennett, I left my heart in San Francisco  
The RSA Conference is back in in San Francisco, live and in person for the first time since February 2020 (back when the coronavirus was maybe the reason some of us spent a chunk of RSAC 2020 in their hotel rooms).  

This year’s RSAC theme is Transform, referring to the digital transformation of work and life over the past two years. As expected, we’re hearing that the world is scarier than ever, and that we should trust in zero trust. Attack surfaces are expanding, threats should be monitored. Products are being launched (check out ours!). The word “unprecedented” has been repeated. There are acronyms.  

But most importantly, cybersecurity is human work as much as it is technology work, so we’re reveling in the opportunity to greet old friends and make new ones. Come by and see us at Moscone Center, soaking in the conferences and shaking hands (or bumping fists) at North Hall, booth 5445. 
News matters

Cyber insurance rates are surging  

The Wall Street Journal reported that cyber insurers are raising rates due to rising ransomware attacks and concerns about the impact of the Russia-Ukraine war on cybersecurity.  

Direct-written premiums jumped 92% in 2021, according to research from the National Association of Insurance Commissioners. The increase is in the premiums and not tied to an increase in the amount of coverage. In fact, it’s harder to get coverage now because insurers are being stricter on qualification guidelines.  

Cyber insurance tends to require customers to focus on security standard compliance, as well as finding and responding to security incidents, rather than focusing on preventing them with methods like stronger authentication or encrypted data management. Expect headlines of breaches to continue to push spending on those categories to increase along with premiums. 

Cyberattack in Central America   

Costa Rica recently declared a state of emergency over a ransomware attack after ransomware hackers targeted its finance ministry, including its tax collection and customs. The Conti group claimed responsibility for the attack, which began in April. The U.S. State Department is offering a $10 million reward for information that helps ID the Conti leaders.  

Lesson in fake phishing  

A fake phishing email test recently backfired in Oregon. News reports of the incident said employees of Oregon Health & Science University felt scorned after they clicked on a phishing test offering them $7,500 in aid if they were struggling financially due to the pandemic.  

After an employee union complained it was an insensitive email because so many employees are struggling, the school apologized for sending the test, but explained that it had copied the text verbatim from a real scam some of its employees received. 

Cyber defense matters 

Ukraine war threatens security for all enterprises 

Russia’s war on Ukraine has created so many potential cyber risks around the world it’s hard to know where to start to prepare. Entrust CISO Mark Ruchie has some suggestions. Read his blog post here.  
Standards matters 

Potential NIST changes generate reactions

In late April, the National Institute of Standards and Technology (NIST) wrapped up a request for information regarding potential updates to its Cybersecurity Framework (CSF) standards, last updated in 2018.  

According to CSO Magazine, NIST received 67 responses from companies, governments, and nonprofits and even individuals who shared a wide variety of recommendations that ranged from doing nothing to creating better metrics, providing more guidance for implementation and creating better alignment with other standards.  
NIST CSF is already quite popular, so any changes will be closely scrutinized by the cybersecurity industry. The National Association of Corporate Directors even recently lobbied the SEC to align its proposed cybersecurity rules with current NIST standards, which would simplify the complex and time-consuming responsibility of following so many compliance requirements.     
Statistical matters
Percentage of IT pros who say their organization has an enterprise encryption strategy, a 12% leap from the previous year, per the 17th annual Ponemon Institute Global Encryption Trends Study (sponsored by Entrust). Get the report here. 
The number of ransomware complaints filed with the FBI in 2021, with the largest share of those coming from healthcare and public health providers, according to the FBI Internet Crime Report.   
Megawatts of the peak demand for power recorded on the U.S. West Coast in August 2020 during a heatwave that caused rolling blackouts in that part of the country. The summer of 2022 also has an “elevated risk of energy emergencies” for the same area based on a power demand forecast and some energy supply constraints, according to an analysis from the North American Electric Reliability Corp.  
Faculty matters
Anudeep Parhar
Chief Information Officer (CIO)
Podcasts I enjoy:

Books on my nightstand...
  • The Future Is Faster Than You Think, by Diamandis/Kotler (Amazon)
  • Build: An Unorthodox Guide to Making Things Worth Making, by Tony Fadell (Amazon)

In my spare time: I listen to music and hang with the fam.

What gets me out of bed in the morning for work?
That I get to hang with wicked smart people and see the vast amount of amazing change we can make to secure businesses and people. 
About the Entrust Cybersecurity Institute
The Entrust Cybersecurity Institute offers insights and education for senior IT and business leaders charged with securely accelerating business growth. Our goal is to bring insights from the people behind the scenes, the ones doing the work – InfoSec and IT leaders, developers and researchers, pioneers and innovators in all areas of cybersecurity including in cryptography, PKI, and identity. These experts will share insights into the dynamic threats and opportunities in this ever-evolving space. 
The Cybersecurity Institute leverages insights from Entrust, a global leader in protecting identities, payments, data, and infrastructure. Learn more at www.entrust.com/cybersecurityinstitute.