NCSA In The News

Security Boulevard, January 12, 2020
Data Privacy Day is Jan. 28, just like it is every year. But as with everything else, COVID-19 has forced us to reconsider a new normal for enforcing data privacy in the work-from-home (WFH) environment. Sponsored by the National Cyber Security Alliance (NCSA), Data Privacy Day is designed to “inspire dialogue and empower individuals and companies to take action” on the way personal information is collected, stored and used.

GCN, January 11, 2021
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.

SecurityWeek, January 11, 2021
Hundreds of protesters stormed the U.S. Capitol on Wednesday just as the House and Senate were certifying the election victory of Joe Biden. While much of the focus was on the physical destruction caused by the protesters, many people have pointed out that rioters gained access to computers in the Capitol, which in some cases were still turned on and logged in, as their users were forced to quickly evacuate.

WIRED, January 8, 2021
IN THE AFTERMATH of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the Capitol building itself, the congressional support staff is dealing with more immediate logistics, like cleanup and repairs. A crucial part of that: the process of securing the offices and digital systems after hundreds of people had unprecedented access to them.

Channel Futures, January 7, 2021
Kevin Coleman is executive director of the National Cyber Security Alliance. He said Capitol rioters stole U.S. Sen. Jeff Merkley’s laptop. And any rioters ransacking House Speaker Nancy Pelosi’s office could have seen or accessed sensitive information.

Data Center Knowledge , December 17, 2020
On Sunday, we learned that federal agencies and other organizations had been penetrated by nation-state attackers, identified as Russian by multiple sources.
Though the definitive attribution for the attacks won't come for a while, we do know how the attack occurred.

SDxCentral, December 16, 2020
As many as 18,000 SolarWinds customers installed the company’s Orion software updates containing malicious code likely inserted by Russian nation-state hackers, according to documents filed with the U.S. Securities and Exchange Commission on Monday.
The SolarWinds attack may have also hit Microsoft customers. In its SEC filing, SolarWinds said the hackers compromised its Office 365 email and office productivity accounts.

TechTarget, December 16, 2020
Cybersecurity training programs play a crucial role in keeping employees informed about the changing threat landscape and about their personal role in protecting the organization and its stakeholders. Unfortunately, these programs often suffer from a lack of attention, resulting in dull and potentially outdated content that doesn't effectively engage employees and, therefore, fails to achieve its cybersecurity objectives.

SC Mag, December 15, 2020
The U.S. Department of Homeland Security, Treasury Department and FireEye are among the most prominent victims affected by the supply chain attack on SolarWinds network monitoring software. But these data breaches are just scratching the surface of one of the most significant foreign hacking incidents in history – one that will have long-lasting repercussions.

The Hill, December 2, 2020
Older adults have faced a barrage of online scams during the COVID-19 pandemic, with the upcoming holiday season and increased consumer spending likely to intensify the problem.