Tag Archive for: Governance

Decoding Cuba Ransomware: An opportunity for next-gen data governance


BlackBerry’s recent post on the Cuba ransomware group paints a vivid picture of the cybersecurity scene, replete with challenges, yet ripe with opportunities. While threat actors such as Cuba demonstrate remarkable adaptability, they unwittingly underscore the indispensable need for robust data governance.

Modern cyber threat actors, as evident from the operations of the Cuba ransomware group, have refined their strategies into an art form that seamlessly melds the old with the new, the tried with the avant-garde. When dissecting the potency of tools like BUGHATCH and BURNTCIGAR in tandem with their more contemporary brethren, we see the duality that characterizes contemporary cyberattacks.

The synthesis of established techniques with nascent tactics is not haphazard: it results from meticulous orchestration. These hackers create a dangerous combination by taking advantage of known software problems, like the one in Veeam. They seek to cripple organizations both in terms of data access and operational functionality. The outcome? Enterprises caught off-guard, struggling to retrieve their data, and grappling with downtime, often find themselves in a cyber quagmire, battling both loss of trust and financial repercussions.

But the narrative doesn’t end there. With every move the threat actors make, they also unintentionally expose facets of their operational psyche. For instance, the decision to circumvent Russian-configured systems isn’t just a mere tactical choice. It’s a window into their risk calculus, possibly hinting at geographical affiliations or a deliberate bid to avoid specific geopolitical entanglements. Similarly, linguistic missteps aren’t just errors, they’re breadcrumbs that when pieced together can lead us to just what these threat actors are trying to do.

For astute organizations, these are more than just isolated incidents: they’re invaluable insights, fragments of a larger puzzle. By harnessing the power of digital forensics, companies can trace the lineage of an attack, dissect its trajectory, understand its origin, and predict potential future vectors. Coupled with robust threat intelligence, this twin-pronged strategy transforms seemingly innocuous clues into…

Source…

Central Pattana Public : Notification of the changes of the Company’s Directors, Members of Audit and Corporate Governance Committee and Members of Sub-committees








Lead Independent Director and Chairman of the Risk Policy Committee

Chairman of Audit and Corporate Governance Committee Chairman of the Nomination and Remuneration Committee Member of Audit and Corporate Governance Committee and Member of the Nomination and Remuneration Committee

(Translation)

9 August 2022

Notification of the changes of the Company’s Directors, Members of Audit and Corporate

Governance Committee and Members of Sub-committees

No. 51/2022/035

To

President

The Stock Exchange of Thailand

Enclosure List of Members of the Board of Directors and Form to Report on Names of Members and Scope of Work of the Audit Committee (F24-1)

Central Pattana Public Company Limited ( “the Company“) hereby informs that, on 9 August 2022, its Board of Directors Meeting No.6/2022 has passed significant resolutions as follows:

  1. Acknowledged the resignation from the directorship of Mr. Karun Kittisataporn and Mr. Paitoon Taveebhol. Such directors will perform their duties till end of 31 August 2022.
  2. Appointed Mrs. Parnsiree Amatayakul and Mr. Winid Silamongkol to be directors replacing Mr. Karun Kittisataporn and Mr. Paitoon Taveebhol respectively.
  3. Appointed the following persons to take positions in sub-committees to fulfill the

vacated position.

1) Mr. Veravat Chutichetpong

2)…

Source…

Europe will push to work with the US on tech governance, post-Trump – TechCrunch


The European Union said today that it wants to work with US counterparts on a common approach to tech governance — including pushing to standardize rules for applications of technologies like AI and pushing big tech to be more responsible for what their platforms amplify.

EU lawmakers are anticipating rebooted transatlantic relations under the incoming administration of president-elect Joe Biden.

The Commission has published a new EU-US agenda with the aim of encouraging what it bills as “global cooperation — based on our common values, interests and global influence” in a number of areas, from tackling the coronavirus pandemic to addressing climate change and furthering a Western geopolitical agenda.

Trade and tech policy is another major priority for the hoped for reboot of transatlantic relations, starting with an EU-US Summit in the first half of 2021.

Relations have of course been strained during the Trump era as the sitting US president has threatened the bloc with trade tariffs, berated European nations for not spending enough on defence to fulfil their Nato commitments and heavily implied he’d be a lot happier if the EU didn’t exist at all (including loudly supporting brexit).

The Commission agenda conveys a clear message that the bloc’s lawmakers are hopeful of a lot more joint working — toward common goals and interests — once the Biden administration takes office early next year.

Global AI standards?

On the tech front the Commission’s push is for alignment on governance.

“The EU and the US need to join forces as tech-allies to shape technologies, their use and their regulatory environment,” the Commission writes in the agenda. “Using our combined influence, a transatlantic technology space should form the backbone of a wider coalition of like-minded democracies with a shared vision on tech governance and a shared commitment to defend it.”

Among the proposals it’s floating is a “Transatlantic AI Agreement” — which it envisages as setting “a blueprint for regional and global standards aligned with our values”.

While the EU is working on a pan-EU framework to set rules for the use of “high risk” AIs, some US cities and…

Source…

How to make an effective data security governance strategy


Read Article

By Sonit Jain, CEO of GajShield Infotech

An effective data security governance strategy should include features like custom cybersecurity policies, complete visibility over data, data encryption methodologies, among others.

Context-based data leak prevention
A context-based data leak prevention firewall creates context around data to enhance inspection and authentication. It helps to get granular details like sender/receiver address and email text patterns in an email to increase security. The contextual intelligence engine identifies the context to break and classify data into multiple data points. This helps to analyze all granular data points pertaining to these emails as well as other communications and prevent any policy violation.

Context-based data leak prevention firewalls also help to build the foundation for an effective data security governance. Data security governance requires building custom cybersecurity policies, which is among the many things that a context-based data leak prevention firewall allows you to do. A context-based data leak prevention firewall creates context around data and compares it with the custom security policies you created to prevent any data leakage. Hence, you can create policies according to your specific needs for enhanced data governance.

Complete visibility over data
Visibility over data is of utmost importance for monitoring and governance. Complete data visibility allows you to get complete knowledge of what is being downloaded, uploaded, or transmitted over your organization network. You will have complete control over your data.

Contextual data leak prevention firewalls and complete visibility are often interconnected. A firewall backed up by a contextual intelligence engine generates deeper visibility by identifying context around data points. This combination of context-based data leak prevention and complete visibility allows users to create custom cybersecurity policies based on their needs. For instance, you can restrict specific keywords in ‘from,’ ’to,’ ‘subject,’ and ‘email content’ of an email.

Secure data transmission with VPN
A VPN service is a must for effective data governance, especially in…

Source…