The Australian Government just released its Ransomware Action Plan to confront the increasing threat posed by ransomware threat actors. The plan describes the capabilities and authorities that Australia will employ to tackle the ransomware menace and provides information for ransomware victim’s seeking help. Specifically, the plan calls for legislation mandating ransomware incident reporting, creating specific stand-alone offense for all forms of cyber extortion, and creating a stand-alone aggravated offence for cybercriminals who target critical infrastructure. For more, visit ZDNet or access the full plan at Australian Government.
Additionally, the UK’s National Cyber Security Center (NCSC) just published a guidance report identifying best security practices for organizations that allow employees to use personal devices for work. The drive towards using personal devices for work was greatly accelerated by the COVID-19 pandemic. While the use of these devices has eased business operations, it has expectedly also created additional cybersecurity risks for organizations. The guidance provides five action steps for allowing employees to use their own devices, including: determining your organization’s objectives, developing policy, understanding additional costs and implications, deployment approaches, and instituting technical controls. Additionally, utilities can find similar guidance in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities under #14 Address All Smart Devices. Reference the full guidance at NCSC.