Snowflake has implemented a new security policy requiring multifactor authentication (MFA) for all users or specific roles within its platform, following a series of attacks targeting over 100 customer environments lacking this security measure. MFA will now be the default setting for newly created customer accounts, as stated by CISO Brad Jones. The decision comes after an investigation by CrowdStrike and Mandiant confirmed no vulnerabilities in Snowflake's platform led to the incidents. These breaches involved demo accounts accessed with stolen credentials from a former employee. While existing customer accounts can opt-out of MFA, Snowflake is encouraging adoption through frequent prompts and introducing the Snowflake Trust Center and security scanners to enhance overall compliance and mitigate risks.

Snowflake allows admins to enforce MFA as breach investigations conclude Cybersecurity Dive

Cybersecurity jobs, particularly for Chief Information Security Officers (CISOs), offer lucrative salaries ranging from $400,000 to $1 million annually. Despite the financial incentives, job satisfaction remains low, with three-quarters of CISOs considering a job change in 2023. This dissatisfaction stems from high-pressure responsibilities, personal liability, and insufficient support and understanding from organizational leadership regarding cybersecurity risks. The lack of direct engagement with company boards exacerbates the issue, leading to decreased effectiveness, higher turnover, and weakened security cultures within companies. To improve satisfaction and security outcomes, organizations must integrate CISOs into leadership discussions and adequately invest in proactive cybersecurity measures.

As CISOs grapple with the C-suite, job satisfaction takes a hit Cybersecurity Dive

The debate over banning ransomware payments was a key topic at a recent Oxford Cyber Forum, where CISA Director Jen Easterly expressed skepticism about such a ban being implemented in the U.S. Although some experts, like former UK National Cyber Security Centre head Ciaran Martin, have advocated for a ban, current consensus suggests that it could do more harm than good. A federal ban may drive companies to pay ransoms secretly, undermining accurate threat intelligence and risk management efforts. Furthermore, fake "data recovery" firms could exploit such a ban, increasing fraudulent activities. Instead, the U.S. is focusing on initiatives like improved incident reporting, shared intelligence, law enforcement action, and promoting secure-by-design principles to tackle ransomware threats more effectively.

CISA director says banning ransomware payments is off the table securityintelligence.com

Healthcare organizations are urging that a proposed federal cybersecurity reporting rule should explicitly include insurers and third-party vendors due to their significant impact on the industry, as highlighted by a major cyberattack on Change Healthcare. The rule, proposed by the Cybersecurity and Infrastructure Security Agency (CISA), requires critical infrastructure companies to report cyber incidents within 72 hours and ransom payments within 24 hours. While CISA did not initially include sector-specific criteria for insurers or labs, industry groups argue that these entities are interconnected with the healthcare sector and that excluding them could result in unreported significant cyber incidents. Organizations like the American Hospital Association and the College of Healthcare Information Management Executives highlighted challenges such as the tight reporting timelines and potential duplicative reports, advocating for flexibility and financial support, especially for under-resourced hospitals.

Healthcare groups say cyber rule should explicitly name insurers, vendors healthcaredive.com