InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which is the largest attack Cloudflare has seen to date.
The attack was launched by a Mirai botnet variant composed of 15,000 bots, it combined DNS amplification attacks and UDP floods. The botnet included Internet of Things (IoT) devices and GitLab instances.
“This was a multi-vector attack combining DNS amplification attacks and UDP floods. The entire attack lasted just one minute. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices and unpatched GitLab instances.” reads the post published by Cloudflare.
Experts warn that terabit-strong attacks are becoming common confirming the trend in the overall increase of the intensity of distributed denial-of-service attacks.
Cloudflare Q3 DDoS Trends report also revealed that network-layer DDoS attacks increased by 44% quarter-over-quarter.
In August, the company announced that it has mitigated the largest ever volumetric distributed denial of service attack to date. The malicious traffic reached a record high of 17.2 million requests-per-second (rps), a volume three times bigger than previously reported HTTP DDoS attacks.
In October, Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim. This is the largest DDoS attack that hit Azure customers prior to August 2020 when experts observed a 1 Tbps attack.
The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive.
An attack against a hospital can lead to physical damages and put the lives of patients at risk. The Agency remarks the need to set up solid Incident Response Capabilities (IRC) in the health sector. The document aims at offering insights on current incident response (IR) trends and providing recommendations about the development of IR capabilities in the health sector.
In 2020, the number of reports sent to ENISA about cybersecurity incidents saw an increase of 47% compared to the previous year.
The level of exposure to cyber threats is increasing to the adoption of emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), big data, and cloud computing.
Computer Security Incident Response Teams (CSIRTs) are tasked to develop the capabilities needed to address cyber threats and implement the provisions of the Directive on security of network and information systems (NIS Directive).
“Although dedicated health sector CSIRTs are still the exception in the Member States, sector specific CSIRT cooperation is developing.” reads the report. “The lack of sector-specific knowledge or capacity of national CSIRTs, lessons learned from past incidents and the implementation of the NIS Directive appear to be the main drivers of the creation of sector-specific incident response capabilities in the health sector.”
While the lifetime of healthcare equipment is about 15 years on average, the pace of updates that are released by the vendors but in many cases, the healthcare devices remain unpatched for long periods. Another challenge the healthcare sector is faced with is the complexity of systems due to the increased number of connected devices is enlarging the attack surface.
Below is the list of recommendations included in the report:
Enhance and facilitate the creation of health sector CISRTs by allowing easy access to funding, promoting capacity building activities, etc.
Capitalise on the expertise of the health CSIRTs for helping Operators of Essential Services (OES) develop their incident response capabilities by establishing sector-specific regulations, cooperation agreements, communication channels with OES, public-private partnerships, etc.
Empower health CSIRTs to develop information sharing activities using threat intelligence, exchange of good practices and lessons learned, etc.
“The key force driving the development of incident response capabilities of CSIRTs is the information related to security requirements and responsibilities of organisations for each sector.” concludes the report. “Shared frameworks for incident classification and threat modelling, education activities and a network allowing communication between incident response actors constitute the main resources and tools currently supporting the development of incident response capabilities.”
If you want to understand ISO 27001, this handbook is all you need. It not only explains in a clear way what to do, but also the reasons why.
This book helps you to bring the information security of your organization to the right level by using the ISO/IEC 27001 standard.
An organization often provides services or products for years before the decision is taken to obtain an ISO/IEC 27001 certificate. Usually, a lot has already been done in the field of information security, but after reading the requirements of the standard, it seems that something more needs to be done: an ‘information security management system’ must be set up. A what?
This handbook is intended to help small and medium-sized businesses establish, implement, maintain and continually improve an information security management system in accordance with the requirements of the international standard ISO/IEC 27001. At the same time, this handbook is also intended to provide information to auditors who must investigate whether an information security management system meets all requirements and has been effectively implemented.
This handbook assumes that you ultimately want your information security management system to be certified by an accredited certification body. The moment you invite a certification body to perform a certification audit, you must be ready to demonstrate that your management system meets all the requirements of the Standard. In this book, you will find detailed explanations, more than a hundred examples, and sixty-one common pitfalls. It also contains information about the rules of the game and the course of a certification audit.
Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina
The watering hole campaign targeted websites of a media outlet and important pro-democracy labor and political group. The researchers discovered that attackers deployed on the sites hosted two iframes that were used to serve iOS and macOS exploits to the visitors.
The experts believe that the attack was orchestrated by a nation-state actor, but did not attribute the campaign to a specific APT group.
The attack was discovered in late August, the nature of the targets and the level of sophistication of the attack suggests the involvement of a China-linked threat actor.
“To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.” reads the analysis published by Google. “As is our policy, we quickly reported this 0-day to the vendor (Apple) and a patch was released to protect users from these attacks.”
“Not only do enterprises rely on OT, the public at large relies on this technology for vital services including energy and water. Unfortunately, cybercriminals are all too aware that critical infrastructure security is generally weak. As a result, threat actors believe ransomware attacks on OT are highly likely to pay off,” said Skybox Security CEO Gidi Cohen. “Just as evil thrives on apathy, ransomware attacks will continue to exploit OT vulnerabilities as long as inaction persists.”
The research unearths the uphill battle that OT security faces – comprised of network complexity, functional silos, supply chain risk, and limited vulnerability remediation options. Threat actors take advantage of these OT weaknesses in ways that don’t just imperil individual companies – but threaten public health, safety, and the economy.
Key takeaways
Organizations underestimate the risk of a cyberattack
Fifty-six percent of all respondents were “highly confident” their organization will not experience an OT breach in the next year. Yet, 83% also said they had at least one OT security breach in the prior 36 months. Despite the criticality of these facilities, the security practices in place are often weak or nonexistent.
CISO disconnect between perception and reality
Seventy-three percent of CIOs and CISOs are highly confident their OT security system will not be breached in the next year. Compared to only 37% of plant managers, who have more firsthand experiences with the repercussion of attacks. While some refuse to believe their OT systems are vulnerable, others say the next breach is around the corner.
Compliance does not equal security
To date, compliance standards have proven insufficient in preventing security incidents. Maintaining compliance with regulations and requirements was the most common top concern of all respondents. Regulatory compliance requirements will continue to increase in light of recent attacks on critical infrastructure.
Complexity increases security risk
Seventy-eight percent said complexity due to multivendor technologies is a challenge in securing their OT environment. In addition, 39% of all respondents said that a top barrier to improving security programs is decisions are made in individual business units with no central oversight.
Cyber liability insurance is considered sufficient by some
Thirty-four percent of respondents said that cyber liability insurance is considered a sufficient solution. However, cyber liability insurance does not cover costly “lost business” that results from a ransomware attack, which is one of the top three concerns of the survey respondents.
Exposure and path analysis are top cybersecurity priorities
Forty-five percent of CISOs and CIOs say the inability to conduct path analysis across the environment to understand actual exposure is one of their top three security concerns. Further, CISOs and CIOs said disjointed architecture across OT and IT environments (48%) and the convergence of IT technologies (40%) are two of their top three greatest security risks.
Functional silos lead to process gaps and technology complexity
CIOs, CISOs, Architects, Engineers, and Plant Managers all list functional silos among their top challenges in securing OT infrastructure. Managing OT security is a team sport. If the team members are using different playbooks, they are unlikely to win together.
Supply chain and third-party risk is a major threat
Forty percent of respondents said that supply chain/third-party access to the network is one of the top three highest security risks. Yet, only 46% said their organization as a third-party access policy that applied to OT.
CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers
With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely valuable. Our PHI is engrained within us; medical history cannot get changed. As such, this information can sell for three times as much as Personally Identifiable Information (PII) on the dark web and can get used in much more nefarious ways. Identity theft takes on a whole new meaning when a bad actor gets ahold of your PHI.
A Silent Sickness
Cybercriminals are turning to hardware-based attacks to carry out their harmful activities. What makes such attacks so perilous is their clandestine nature; Rogue Devices can inject malware, cause data breaches, and more, all while operating covertly. Traditional security software, such as NAC, EPS, IDS, or IoT Network Security, fails to provide the Layer 1 visibility required to detect and accurately identify all hardware assets. As a result of this blind spot, Rogue Devices, which operate on Layer 1, go undetected. By hiding or spoofing their identity through Layer 1 manipulation, Rogue Devices bypass existing security efforts, even those as stringent as Zero Trust. All it takes is a few seconds to attach the Rogue Device to an endpoint, and the attack is underway.
An Open Wound
In addition to visibility challenges, there are several vulnerabilities within the healthcare industry that enable hardware-based attacks. Malicious insiders pose a significant threat to healthcare providers thanks to their physical access to the organization – a requirement for hardware-based attacks. However, gaining physical access to a healthcare facility is fairly easy; many healthcare entities, such as hospitals, are open to the public, with hundreds of people walking in and out each day. A malicious actor can walk in freely, disguised as a visitor or even acting as a patient, and carry out a hardware attack. Further, the interconnected environment typically found within healthcare facilities only makes life easier for these external perpetrators. Interconnectedness creates a larger attack surface as there are more entry points to the organization; outside attackers only need access to just one device to infiltrate their target’s network.
Worryingly, the large number of devices used within medical facilities proliferates the hardware threat. The industry is undergoing a digital transformation and is becoming increasingly reliant on technology and, more importantly, Internet of Medical Things (IoMT) devices. Not only do IoMTs act as an entry point, but the devices themselves are often the target of an attack. Firstly, IoMTs collect significant amounts of valuable data, and the ease with which they can get accessed makes them appealing targets. Additionally, an attack on IoMTs can have a physical impact, which could have dire consequences; some IoMTs perform life-saving operations, such as heart-rate monitors and insulin pumps. Should malicious actors gain control over such devices, the outcome can be fatal.
Cyberattacks on healthcare providers are a very serious matter as patients’ lives are at risk, as is the country’s national security. To protect against dangerous hardware-based attacks – and strengthen existing security measures – healthcare entities should invest in hardware security. With Layer 1 visibility, there is protection on the first line of defense.
About the author:
Jessica Amado – Head of Cyber Research – Sepio Systems
According to the Verizon 2021 Data Breach Investigations Report, insiders are responsible for around 22% of security incidents. That is clearly a significant number and insider threats are quickly becoming one of the most common cybersecurity threats organizations face today. The challenge that continues to remain high with insider threats is that it is difficult to differentiate between normal and abnormal user behavior for any user since they already have access to the environment compared to external threats. Therefore, it makes a very important case to correlate content, threat and behavior to make an accurate prediction for an insider threat.
The significance of insider threats can be seen in the last update by MITRE where the version of ATT&CK for Enterprise contains 14 Tactics, 185 Techniques, and 367 Sub-techniques, among which are those used in insider threat attacks. In this analysis, we’ll look at a selection of the techniques published in the update and examine how they are used, the motivations and the types of attacks they are used for.
What is Considered an Insider Threat?
An insider threat is a security threat that originates internally from within an organization. It’s usually someone who uses their authorized access—intentionally or unintentionally—to compromise an organization’s network, data or devices. Due to the authorized access, the attacker doesn’t need to raise a request or hack some credentials to gain access. There are three most common categories of an inside attacker.
Malicious Insider – As the name suggests, the malicious insider is an employee or contractor who conducts nefarious activities that may or may not be financially motivated to gain or steal information.
Compromised Insider – This is a scenario where user credentials are compromised with the attacker using the compromised account to gain or steal information. In most cases the main target of these attacks are employees who are easily targeted via phishing.
Negligent Insider – Negligent insiders are people who make errors and disregard policies, which place their organizations at risk. There is a huge uptick in this type of attacks as we see more and more configuration errors, which results in exposing internal data of the organization to the public.
The Pakistan Ministry of Information Technology has announced that a new cybersecurity policy and accompanying cybersecurity agency has been approved for the South Asian nation.
The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.
It comes at a delicate time for Pakistan, which recently accused India of using the Israeli spyware Pegasus to spy on Prime Minister Imran Khan – and designates cyber-attacks on any Pakistani institution as an attack on national sovereignty.
“The IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity,” said IT minister Syed Aminul Haq, as quoted in localpress.
US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits.
“On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.” reads CISA’s advisory.
“CISA encourages manufacturers, vendors, and developers to review BRAKTOOTH: Causing Havoc on Bluetooth Link Manager and update vulnerable Bluetooth System-on-a-Chip (SoC) applications or apply appropriate workarounds.”
BrakTooth is a set of 16 security flaws in commercial Bluetooth stacks that can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.
Security Threats and Countermeasures in Bluetooth-Enabled Systems
As if disruption to the global supply chain post-pandemic isn’t bad enough, cybercriminals are selling access, sometimes in the form of credentials, to shipping and logistics companies in underground markets.
That’s a worrisome, if not unexpected, development; a cybersecurity incident at a company that operates air, ground and maritime cargo transport on multiple continents and moves billions of dollars worth of goods could prove devastating to the global economy.
“At the moment, the global supply chain is extremely fragile. This makes the industry a top target from cybercriminals who will look to take advantage of today’s current situation,” said Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify. “The global chip shortage is resulting in major delays, with some stock unavailable or backlogged for more than six months, making it a prime attraction for cybercriminals to attempt to expose and monetize this via various scams. This includes redirecting shipments by changing logistic details or causing disruptions via ransomware.”
The actors, ranging from newcomers to prolific network access brokers, are selling credentials they obtained by leveraging known vulnerabilities in remote desktop protocol (RDP), VPN, Citrix and SonicWall and other remote access solutions, according to the Intel 471 researchers tracking them.
“No business or IT security team would willingly allow bad actors to exploit known vulnerabilities in remote access technologies, but this is exactly what is happening,” said Yaniv Bar-Dayan, CEO and co-founder of Vulcan Cyber, who believes much of the problem is a result of poor cybersecurity hygiene.
In one instance last August, an actor that has worked with groups deploying Conti ransomware said they had accessed “corporate networks belonging to a U.S.-based transportation management and trucking software supplier and a U.S.-based commodity transportation services company,” the researchers wrote in a blog post. “The actor gave the group access to an undisclosed botnet powered by malware that included a virtual network computing (VNC) function.” The group then used the botnet “to download and execute a Cobalt Strike beacon on infected machines, so group members in charge of breaching computer networks received access directly via a Cobalt Strike beacon session,” they said.
The dilemmas organizations must deal with are dizzying:
To pay a ransom or not?
Will cyber insurance provide adequate shelter?
What’s the role of government?
Are new mandates and penalties on the horizon?
How are adversaries evolving their tactics?
To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber criminals have a well-developed business model and carefully contemplated financial calculus of ransomware. They have determined whether they will launch a direct attack to maximize profits or offer Ransomware-as-a-Service, complete with a help desk and other support services, to supplement their income while enabling malicious actors with less technical skill.
They have researched their victims and targeted organizations based on their ability to pay. All these tactics are developed and executed in concert to make paying the ransom the path of least resistance – financially and logically.
Every aspect of a ransomware campaign is calculated to elicit an emotional response from the target such that it is easier to pay the ransom than to bear the costs and delays of trying to recover on their own.
Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global supply chains.
Researchers from threat intelligence firm Intel 471 published an analysis of current cybercrime underground trends online, warning that initial access brokers are offering credentials or other forms of access to shipping and logistics organizations.
These organizations provide essential services to the global supply chain in multiple industries, they operate air, ground and maritime cargo transport on several continents.
Experts believe threat actors selling initial access to the organizations have obtained these credentials by expliting well-known vulnerabilities in remote access solutions, including Remote Desktop Protocol (RDP), VPN, Citrix, and SonicWall.
Intel 471 experts monitored the activities on the Dark Web over the past few months and observed a prevalence in the listing of offers for initial access to organizations operating in the global supply chain are.
Disrupting Logistics: Startups, Technologies, and Investors Building Future Supply Chains – “This book presents readers with a straightforward and comprehensive assessment of supply chain innovation and trends and their impact on the industry. With contributions from several industry leaders, it provides critical knowledge and insight that supply chain and logistics managers need to implement disruptive technologies strategically.”
Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205, in GitLab’s web interface that has been actively exploited in the wild.
The vulnerability is an improper validation issue of user-provided images the can lead to arbitrary code execution. The vulnerability affects all versions starting from 11.9.
“An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that is passed to a file parser which resulted in a remote command execution. This is a critical severity issue (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, 9.9). It is now mitigated in the latest release and is assigned CVE-2021-22205.” reads the advisory published by GitLab.
GitLab addressed the vulnerability on April 14, 2021, with the release of 13.8.8, 13.9.6, and 13.10.3 versions.
The vulnerability was reported by the expert vakzz through the bug bounty program of the company operated through the HackerOne platform.
The vulnerability was actively exploited in the wild, researchers from HN Security described an attack one of its customers. Threat actors created two user accounts with admin privileges on a publicly-accessible GitLab server belonging to this organization. The attackers exploited the flaw to upload a malicious payload that leads to remote execution of arbitrary commands.
“Meanwhile, we noticed that a recently released exploit for CVE-2021-22205 abuses the upload functionality in order to remotely execute arbitrary OS commands. The vulnerability resides in ExifTool, an open source tool used to remove metadata from images, which fails in parsing certain metadata embedded in the uploaded image, resulting in code execution as described here.” reads the analysis published by HN Security.
The flaw was initially rated with a CVSS score of 9.9, but the score was later changed to 10.0 because the issue could be triggered by an unauthenticated attackers.
Researchers from Rapid7 reported that of the 60,000 internet-facing GitLab installations:
A security strategy that doesn’t offer the flexibility for innovation undermines the key competitive driver in a modern environment. So how do organizations bake trust into their security posture to provide the confidence to innovate and grow?
To achieve a balance between trust and innovation, businesses must rethink their approach by weaving security into every part of their digital fabric. Instead of creating a steel fortress around their digital ecosystem, they must have the flexibility to respond to market opportunities, confident that they can intercept and respond to risks in real-time.
Complexity undermines security ROI
The security market has never garnered more interest, with Gartner estimating spending on cybersecurity to exceed $150 billion by the end of 2021. However, according to a recent IBM study, despite more significant enterprise investment, enterprise security effectiveness has declined by 13%.
Businesses often fail to consider that their increased investment in security technology often creates toolset sprawl, which introduces complexity that degrades their ability to detect and manage threat vectors.
More layers of security seem, in theory, like a good thing – in fact, the average enterprise deploys over 45 unique pieces of security-related technology across its networks. Yet, according to IBM, organizations that deploy over 50 tools are 8% less effective in detecting threats than companies employing fewer toolsets or one provider managing the entire ecosystem.
Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together. Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities.
To bridge vulnerability management and threat management, the Center for Threat-Informed Defense, with support from participants including AttackIQ and JP Morgan Chase, developed a methodology to use the adversary behaviors described in MITRE ATT&CK® to characterize the impact of vulnerabilities from CVE®. Vulnerability reporters and researchers can use the methodology to describe the impact of vulnerabilities more clearly and consistently. When used in a vulnerability report, ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them, helping defenders integrate vulnerability information into their risk models and identify appropriate compensating security controls.
This methodology aims to establish a critical connection between vulnerability management, threat modeling, and compensating controls. CVEs linked to ATT&CK techniques can empower defenders to better assess the true risk posed by specific vulnerabilities in their environment. We have applied the methodology and mapped several hundred CVEs to ATT&CK to validate the model and demonstrated its value. To fully realize our goal, we need community support to apply the methodology at scale.
When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once they’ve taken that crucial first step, they can build the next steps around that risk assessment.
Cybersecurity is an ongoing strategic project. The initial goal shouldn’t be perfection. Instead, the goal can simply be to be better than yesterday.
Just start with a risk assessment
IT and security specialists can begin by pinpointing their organizations’ most critical risk areas and then taking the steps to secure them. IT specialists should conduct a full data and asset inventory and assess where the greatest risk lies.
Your internet service provider snoops on your browsing habits, records them and sells you—the product—to the highest bidder. So says the Federal Trade Commission (FTC) in a new report.
Are you surprised? Did you really think your ISP has your best interests at heart? This is the same company that overcharges you for a slow, unreliable service. And it barely competes for your business, because there’s no alternative in your market.
Privacy is dead. In today’s SB Blogwatch, we mourn its passing.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Animated postcards.
Difficult for consumers to opt out” Internet service providers fail to disclose to consumers how they use sensitive data, obscure privacy practices and make it difficult to opt-out of collection, according to … the Federal Trade Commission. [It] comes as the agency weighs pursuing a privacy rule-making process as Congress dithers on passing a federal privacy law. … The key takeaways offer a scathing view of the industry’s privacy practices as a whole. … Common collection practices across many of the ISPs included gathering data that wasn’t necessary to provide internet services, as well as using web browsing data to serve up specific advertisements. … Numerous ISPs also shared real-time location data with third parties, allowing third parties to garner sensitive details about an individual’s life, such as if they visit a rehab or where their children go to daycare. … Crucially, FTC staff found that ISPs made it both difficult for consumers to opt out of data collection [and] to find out what ISPs had collected on them. FTC Chair Lina Khan said that the report raised the need to consider “a new paradigm” when it comes to how consumers can consent to data collection.
![Ransomware's Silver Bullet - The Virtual CISO Publication Series: Cybersecurity: Publication #1 Ransomware by [Virtual CISO]](https://m.media-amazon.com/images/I/51I3jaKKPDL.jpg)
