Monthly Archives: January 2024

Scope 2 Simplified: Navigating Indirect Emissions in Energy

Scope 2 Simplified: Navigating Indirect Emissions in Energy

Mastering Indirect Energy Emissions for ESG Compliance

In the current era of environmental accountability, companies are increasingly focusing on aligning with the principles of ESG criteria. A critical aspect of this alignment involves the meticulous understanding and management of Scope 2 emissions. These indirect emissions, derived from an organization’s purchased energy use, often don’t receive as much attention as direct emissions but are just as vital in the pursuit of environmental sustainability objectives. These emissions, arising indirectly from the energy purchased and used by an organization, are a critical component of a comprehensive carbon footprint analysis. As ESG officers and compliance professionals, it’s essential to have a clear understanding of Scope 2 emissions to effectively navigate the complexities of corporate environmental responsibility. In this article I will aim to highlight the significance of Scope 2 emissions within the framework of ESG compliance and provide guidance for businesses seeking to refine their environmental strategies towards a more sustainable future.

Understanding Scope 2 Emissions

At its core, Scope 2 emissions refer to indirect greenhouse gas (GHG) emissions from the generation of purchased electricity, steam, heating, and cooling that an organization consumes. While direct emissions (Scope 1) are often the primary focus of emission reduction strategies, Scope 2 emissions play a significant role in a company’s overall environmental impact. They are pivotal in understanding the broader implications of a company’s energy choices.

Recent years have seen significant evolutions in the way Scope 2 emissions are measured and reported. The Greenhouse Gas Protocol, a globally recognized standard for GHG accounting, has set forth guidelines that bring clarity and consistency to Scope 2 emissions reporting. These guidelines emphasize the need for accurate tracking of energy procurement and consumption, offering a more comprehensive view of an organization’s carbon footprint.

Strategic Management of Scope 2 Emissions

The management of Scope 2 emissions presents unique challenges and opportunities for organizations. Developing a strategic approach to these emissions involves a deep understanding of energy procurement and the use of renewable energy sources. One prevalent method employed by many companies is the utilization of Renewable Energy Certificates (RECs). RECs represent a specific amount of green energy, providing a way for organizations to offset their emissions. However, relying solely on RECs might not fully address the need for actual reductions in greenhouse gas emissions.

Effective management of Scope 2 emissions also hinges on the understanding of diverse energy markets and regulatory frameworks. For instance, companies operating in Europe face challenges due to fluctuations in gas supply and energy prices, while those in Asia, particularly China, navigate complex energy markets with dual pricing structures. Understanding and adapting to these regional differences is crucial for developing a robust Scope 2 emission strategy.

Advanced Tools for Scope 2 Emission Calculation and Reporting

In the digital age, technological advancements are revolutionizing how companies approach Scope 2 emissions. One innovative solution is offered by companies like Findings.co, which provides automated assessment tools. These tools enable organizations to accurately calculate their indirect emissions by analyzing energy consumption data. This technology simplifies the complex process of gathering and interpreting data, making it easier for companies to understand their energy usage and associated emissions. By leveraging such technologies, businesses can not only comply with reporting requirements but also identify areas for improvement in their energy consumption and sourcing strategies.

Overcoming Challenges in Scope 2 Emission Reporting

Accurate reporting of Scope 2 emissions is fraught with challenges, primarily due to the indirect nature of these emissions. Organizations often struggle with obtaining precise data, especially when their supply chains span across various regions with different reporting standards and practices. Moreover, the risk of double counting emissions in Scope 3 (which includes all other indirect emissions in a company’s value chain) further complicates this process.

To overcome these challenges, companies need to invest in quality data collection and technology. This involves developing robust internal tracking systems and leveraging external databases and analytical tools. Establishing clear lines of communication with suppliers and partners throughout the supply chain is also vital to ensure accurate and comprehensive data collection.

Regulatory Landscape and Compliance

Looking ahead, the management and reporting of Scope 2 emissions are expected to evolve significantly. With the global push towards net-zero commitments, companies will need to intensify their efforts in reducing indirect emissions. This will likely include a greater reliance on renewable energy sources and more innovative approaches to energy management.

Moreover, as regulatory frameworks continue to tighten, with initiatives like the EU’s Corporate Sustainability Reporting Directive (CSRD) and the SEC’s climate disclosure rules, companies will need to be more transparent and proactive in their emission reporting. The concept of double materiality, which considers both the financial impact and the broader societal and environmental impact of a company’s activities, will become increasingly important.

The Role of AI in Enhancing Corporate Compliance

Supply chain compliance - the role of ai in enhancing corporate compliance

In the rapidly evolving corporate world, Artificial Intelligence (AI) is no longer a futuristic concept but a present-day reality, especially in the realm of corporate compliance. AI is transforming traditional compliance processes, offering innovative solutions like automated risk assessments, real-time monitoring, and predictive analytics. This article delves into how AI is reshaping compliance management, its benefits, and the challenges it poses.

Transforming Traditional Compliance

AI is revolutionizing Governance, Risk, and Compliance (GRC) platforms by identifying risk, audit, and control deficiencies. It aids in detecting duplicate risks, over-testing, and under-testing of controls, and significantly reduces false positives in Anti-Money Laundering (AML) and Know Your Customer (KYC) applications. In compliance organizations, AI forces professionals to rethink operational models and risk management approaches, making compliance more efficient and effective.

Automated Risk Assessments

AI significantly enhances risk assessments by predicting planning and prioritization. It scans multiple data sets and systems, offering incredible improvements in horizon scanning, regulatory change management, and policy management. AI’s ability to integrate and improve finance and internal controls is also noteworthy, providing insights into the effectiveness of controls and identifying potential weaknesses.

Real-time Monitoring

The real-time monitoring capabilities of AI are pivotal in compliance. Natural language models, for instance, can scan thousands of sources for regulatory updates, producing consolidated summaries for senior management review. This real-time information flow enables firms to stay current with regulatory changes and respond proactively to emerging risks.

Predictive Analytics

AI’s predictive analytics play a crucial role in understanding risk models, offering more accuracy than traditional statistical analyses. AI tools can identify patterns and potential causes of risk events, recommending controls to mitigate such risks. This predictive power is particularly beneficial in financial risk management, AML/KYC functions, and in addressing environmental, social & governance (ESG) issues.

Challenges and Best Practices

Despite its advantages, integrating AI into corporate compliance strategies presents challenges. Ethical, legal, and compliance risks emerge when AI is not appropriately governed. Organizations must create internal policies, procedures, and oversight mechanisms to harness AI effectively. Best practices include appointing a dedicated AI leader, mapping all AI uses, and ensuring transparency and continuous testing of AI systems.

Ethical Considerations and Future Directions

AI in compliance is at a nascent stage, and its ethical implications cannot be ignored. AI functions can find themselves in gray areas of legal frameworks and organizational procedures. Looking forward, the development of AI must be ethically controlled, involving legal governance or organizational regulation. The next wave of AI solutions in compliance will need to be tailored to fit within ethical boundaries, ensuring client confidentiality and practical business solutions.

Closing Thoughts

AI’s role in enhancing corporate compliance is undeniable. From transforming traditional compliance processes to providing real-time monitoring and predictive analytics, AI is a valuable asset in the compliance toolkit. However, the journey is not without challenges. As we embrace AI’s potential in compliance, we must also navigate its ethical implications and ensure its responsible use. By doing so, organizations can leverage AI not just for compliance but as a competitive advantage, fostering trust and scaling with confidence.

A Deep Dive into Scope 1 Emissions

Scope 1 Emissions explained - Findings.co

The Carbon Footprint Puzzle


Picture a world where each corporation is a ship navigating the complex seas of environmental responsibility. In this world, Scope 1 emissions are the direct ripples created by these vessels. For professionals in environmental, social, and governance (ESG) compliance, understanding and managing these ripples is not just about adhering to regulations; it’s about steering their organizations toward a sustainable future. Scope 1 emissions, the direct greenhouse gas (GHG) emissions from sources that an organization owns or controls, are the foundational pieces in the intricate puzzle of carbon accounting and environmental responsibility.


Understanding Scope 1 Emissions: The Direct Impact


At the heart of effective ESG strategy lies a deep understanding of Scope 1 emissions. Just as direct footprints in the sand reveal our immediate impact, Scope 1 emissions are the immediate environmental repercussions of an organization’s activities. These emissions are primarily sourced from three areas:


  • Stationary Combustion: This includes the burning of fuels such as coal, oil, natural gas, or biomass in stationary equipment like boilers, furnaces, or ovens. It’s a significant source of Scope 1 emissions, especially for industries with high energy needs. Just as replacing an old, inefficient light bulb with an LED can reduce a household’s carbon footprint, so can upgrading to high-efficiency boilers or switching from coal to natural gas reduce an organization’s Scope 1 emissions.

  • Mobile Combustion: Imagine a fleet of vehicles, each representing a potential source of direct emissions. Mobile combustion refers to the burning of fuels for transportation, whether by road, rail, air, or sea. For organizations with large vehicle fleets, transitioning to electric or hydrogen-powered vehicles can be as impactful as shifting an entire fleet from sail to steam was in the past.

  • Process Emissions: Some industrial processes, like the production of cement or aluminum, release GHGs. These emissions are inherent to the process itself, similar to how baking bread releases carbon dioxide as yeast ferments. Although more challenging to reduce, innovations in production processes and materials can lead to significant reductions in these emissions.

It’s imperative for ESG professionals to recognize these sources to devise effective strategies for carbon management.


Measurement and Calculation


The accurate measurement of Scope 1 emissions is akin to a navigator charting a precise course. Organizations use two primary methods:


  • Direct Measurement: This involves monitoring the concentration and flow rate of GHG emissions directly. It’s the gold standard for accuracy but can be resource-intensive.


  • Calculated Emissions: For many organizations, emissions are calculated based on purchased fuel quantities and known emission factors. This method, while less direct, allows organizations to estimate their emissions based on fuel consumption and is widely used due to its practicality.


Management Strategies: Steering Towards Sustainability


Once measured, the next challenge is managing Scope 1 emissions. This process can be likened to a captain adjusting the sails to navigate changing winds. Key strategies include:


  • Energy Efficiency: Improving energy efficiency is a highly effective and often cost-efficient way to reduce emissions. This could involve upgrading to more energy-efficient equipment or changing operational practices. It’s like fine-tuning an engine to get the maximum output with minimum fuel usage.

  • Fuel Switching: Switching to lower-carbon fuels or renewable energy sources can have a significant impact on reducing Scope 1 emissions. This strategy may require investment but often leads to long-term savings and a lower carbon footprint.



Reporting and Compliance: The Beacon of Transparency


The final piece in mastering Scope 1 emissions lies in the realm of reporting and compliance. This step is crucial as it not only ensures adherence to regulatory requirements but also demonstrates an organization’s commitment to transparency and environmental stewardship.


  • Corporate Sustainability Reports: These reports are a fundamental tool for organizations to communicate their environmental impact and sustainability efforts. Reporting Scope 1 emissions in these documents involves not just stating the figures but also explaining the methodologies used for calculation, the strategies implemented for reduction, and the progress made over time. This reporting helps build trust with stakeholders, including investors, customers, and regulatory bodies. It provides a narrative that goes beyond numbers, illustrating the company’s journey in environmental responsibility. Furthermore, these reports often reflect the organization’s overall commitment to sustainable practices.

  • Carbon Disclosure Projects: Platforms like the Carbon Disclosure Project (CDP) offer a more formalized and standardized approach to environmental reporting. The CDP is a global non-profit that runs a leading environmental disclosure platform, allowing companies, cities, states, and regions to measure and manage their environmental impacts. Reporting to the CDP involves disclosing detailed information about Scope 1 emissions, the risks and opportunities associated with climate change, and the strategies in place for managing these aspects. Participation in such initiatives not only provides transparency but also benchmarks an organization’s performance against peers, offering insights for continuous improvement.

  • Compliance with Regulations: Accurate and timely reporting of Scope 1 emissions is also a key component of regulatory compliance. With the increasing global focus on climate change, many countries and regions are implementing stringent regulations requiring organizations to measure, report, and reduce their GHG emissions. These regulations often have specific reporting requirements and deadlines, and failure to comply can result in penalties or reputational damage. Therefore, staying abreast of these regulatory changes and ensuring accurate reporting is crucial for organizations to maintain compliance and demonstrate their commitment to environmental responsibility.



Charting a Sustainable Future


In conclusion, mastering Scope 1 emissions is not merely about regulatory compliance; it’s about leading the charge in corporate environmental responsibility. For ESG officers and sustainability experts, it represents an opportunity to make a tangible difference. By effectively understanding, measuring, managing, and reporting these emissions, organizations can reduce their environmental impact, demonstrate their commitment to sustainability, and inspire others in their industry to follow suit.


The journey to sustainability is a collective endeavor, and every step taken to manage Scope 1 emissions is a step towards a greener, more sustainable future. As stewards of our planet, ESG professionals have the opportunity to lead this transformative journey, turning challenges into opportunities and setting the course for a more sustainable world.


2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

Year-End Cyber Alert: December 2023’s Data Breaches

december 2023 data breaches

Welcome to 2024, a year promising advancements and challenges in the digital world. Each month, we embark on a detailed journey through the world of cybersecurity, scrutinizing key incidents that have affected prominent global corporations. Our monthly analyses not only provide unique perspectives on the complexities of digital security in an ever-changing tech landscape, but also shed light on the vulnerabilities within our digital infrastructures. By highlighting the essential need for robust cybersecurity measures, we aim to enhance your understanding of how even the strongest organizations can face significant challenges in this digital era. Join us as we navigate through these captivating episodes of digital drama and learn how even the mightiest can be vulnerable.

EasyPark:

EasyPark, a Swedish app developer, recently reported a data breach impacting an unspecified number of its users, detected on December 10, 2023. The breach potentially exposed users’ names, phone numbers, physical addresses, email addresses, and partial credit/debit card or IBAN details. This incident raises concerns about potential phishing attacks targeting affected users. The company’s widely used apps, including EasyPark, RingGo, and ParkMobile, span across multiple countries. EasyPark is advising all users to change their account passwords and is contacting affected individuals directly.

National Amusements:

National Amusements, the parent company of media giants Paramount and CBS, has confirmed a data breach impacting 82,128 people. The breach, which occurred in December 2022, was only disclosed a year later following notifications to those affected. The compromised data includes personal and financial information, potentially involving employee details as the notification was filed by the company’s HR chief. The nature of the cyberattack and whether customer information was also compromised remains unclear, and the company has not commented further on the incident. Additionally, Paramount reported a separate security breach in August, affecting an unspecified number of customers, where personal details like names, birth dates, and government-issued identification numbers were stolen.

Mr. Cooper:

Nationstar Mortgage LLC, doing business as Mr. Cooper, notified 14,690,284 customers on December 15, 2023 of a data security incident that may have compromised their personal information. This incident, detected on October 31, 2023, involved unauthorized access to the company’s network systems between October 30 and November 1, 2023. The breach resulted in the acquisition of files containing personal details such as names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers. While there’s no evidence yet of identity theft or fraud resulting from this incident, Mr. Cooper is reaching out to potentially affected individuals to explain the situation and offer assistance in protecting their information.

Comcast Cable Communications LLC:

Xfinity has issued a notice about a data security incident that compromised personal information of 35,879,455 customers. The incident stemmed from a vulnerability in a software product by Citrix, used by Xfinity and numerous other companies. Although Citrix released a patch and additional guidance by October 23, 2023, unauthorized access to Xfinity’s internal systems occurred between October 16 and 19, 2023. The compromised data includes usernames, hashed passwords, and for some customers, names, contact details, the last four digits of social security numbers, dates of birth, and secret questions and answers. Xfinity has proactively asked customers to reset their passwords and encourages the use of two-factor or multi-factor authentication. Customers who use the same login information on other accounts are advised to change it there as well. Further protective measures are detailed in Xfinity’s additional information section.

Panasonic:

Panasonic Avionics Corporation, a key provider of in-flight communications and entertainment systems, announced a data breach following a cyberattack on its corporate network in December 2022. This breach, just recently discovered, was disclosed in a notification to California’s Attorney General, and involved unauthorized access to a subset of network devices and impacted personal and health information of an unspecified number of individuals and their employers. The compromised data includes names, contact information, dates of birth, medical and health insurance details, financial account numbers, employment status, and government identifiers like Social Security numbers. Panasonic has found no evidence of misuse of this data since the attack. Over 200 airlines use Panasonic’s services on approximately 70% of the global in-flight entertainment-equipped fleet.

Mint Mobile:

Mint Mobile recently disclosed a data breach that compromised its customers’ personal information, potentially facilitating SIM swap attacks. As a mobile virtual network operator offering prepaid mobile plans, Mint Mobile started informing customers of this security incident on December 22, 2023. The breach exposed customer names, telephone numbers, email addresses, SIM serial numbers, IMEI numbers (device identifiers), and details of service plans. However, credit card numbers and passwords, which are secured with strong cryptographic technology, were not compromised.

The carrier did not announce the breach on its social channels but notified affected customers through email. One of these emails was shared by a customer on Reddit. This breach poses a significant risk for SIM swapping attacks, where attackers can port a victim’s phone number to their device, potentially accessing online accounts and bypassing multi-factor authentication. This technique is often used to compromise cryptocurrency exchange accounts.

The company has not yet disclosed how the breach occurred, but a previous incident in July 2023 involved an attempted sale of data allegedly from Mint Mobile on a hacking forum, including partial credit card details. Mint Mobile experienced a similar breach in 2021.

Nissan Australia:

Nissan Oceania, covering Australia and New Zealand, announced it is currently managing a significant cyber incident involving unauthorized network access. The Akira ransomware gang has claimed responsibility for this attack, stating they stole approximately 100GB of data from Nissan Australia’s systems. This data reportedly includes sensitive corporate and client information, personal details of employees, and other confidential documents.

Despite ransom negotiations, Nissan has either refused to engage or pay the demanded ransom, leading Akira to threaten the release of the stolen data. Akira, emerging in March 2023, is known for targeting various industries, including deploying a Linux variant of their ransomware in June 2023, specifically aimed at VMware ESXi virtual machines.

Nissan has been working with global incident response teams and cybersecurity experts to assess the impact and restore affected systems. While the company has confirmed the breach, it is still investigating whether personal information was accessed. Nissan has notified cybersecurity agencies, privacy regulators, and law enforcement in Australia and New Zealand. Customers have been advised to remain vigilant for any unusual or suspicious online activity. Nissan is yet to provide additional information or comment on the incident.

MongoDB:

MongoDB, a prominent database platform, has recently disclosed that its corporate systems were compromised in a cyberattack, leading to the exposure of customer data. The breach was detected on the evening of December 13, 2023. MongoDB’s Chief Information Security Officer, Lena Smart, informed customers via email that the incident involved unauthorized access to certain MongoDB corporate systems, exposing customer account metadata and contact information. However, there is no indication that customer data stored in MongoDB Atlas was accessed.

The company believes the threat actors had access to its systems for an extended period before detection, raising concerns about potential data theft. MongoDB is actively investigating the incident and has advised customers to enable multi-factor authentication, change passwords, and remain vigilant against targeted phishing and social engineering attacks.

MongoDB has stated they are still investigating the breach and will provide updates on the MongoDB Alerts web page, used for notifying about outages and other incidents. This situation is ongoing, and further details are expected as the investigation progresses.

Reflecting on December’s Data Breaches:

The series of data breaches discussed in this blog underscores a crucial aspect: the importance of cybersecurity vigilance and preparedness. Organizations, irrespective of their size or industry, are potential targets for cybercriminals. The varied nature of these breaches – from ransomware attacks to phishing expeditions – demonstrates the need for comprehensive security protocols and rapid response plans. As customers and stakeholders, staying informed and adopting preventive measures is imperative. This compilation of incidents serves as a reminder that in the digital world, security is not just a necessity but a continuous commitment to safeguarding data and preserving trust.

Want to learn more about SEC reporting requirements for data breaches?

Findings.co and IBM Partner to Secure Global Critical Supply Chains

Findings.co and IBM partner to offer global supply chain solutions.

New York, NY, January 8, 2024 – 


In response to mounting concerns over state-sponsored attacks, supply chain vulnerabilities, and sustainability requirements, Findings.co today announced a partnership with IBM Federal. The collaboration offers robust supply chain security and compliance solutions tailored for government organizations in the United States and across the world.


Supply chain cyber attacks have increased significantly, with multiple targets, such as critical infrastructure, defense, and finance. The supply chain attack vector is a significant concern to organizations and governments and will continue to be exploited by criminals.


The escalating threat landscape necessitates enhanced regulatory compliance, demanding greater visibility, assured security, and more extensive, continuous monitoring than ever before.


Findings.co leads the supply chain compliance domain, providing a comprehensive solution that seamlessly manages complex N-tier and multi-jurisdictional networks. Our advanced platform automates assessments, audits, control verifications, and continuous monitoring, fostering trust, ensuring regulatory compliance, and enhancing risk visibility throughout the entire supply chain.


In recent years, we’ve witnessed a significant surge in supply chain regulatory demands. Key frameworks and regulations like the CMMC in the US, DORA in Europe, and CII in Singapore, among others, are emphasizing the need for enhanced vendor coverage, N-tier visibility, resilience, breach disclosure, and heightened accountability. All of this points to a substantial escalation in supply chain monitoring requirements, a challenge that is adeptly being solved by Findings.co.


Kobi Freedman, CEO of Findings.co, stated, “Our collaboration with IBM Federal is an exciting opportunity to counteract the multifaceted threats the federal sector and critical domains face. We are committed to safeguarding the nation’s critical assets and supply chains resilience by partnering to offer innovative and scalable solutions.”


Terry Halvorsen, General Manager for IBM’s Federal Market Organization and former CIO for the DoD, leads this collaboration, as local and global initiatives are already underway to secure supply chains in various sectors and countries.


This partnership underscores the importance of comprehensive security solutions, especially when some nation-states and other hostile actors increasingly resort to sophisticated cyber espionage and attacks.


Findings and IBM Federal are dedicated to changing how critical infrastructure, procurement, trust, regulatory compliance and risk mitigation are managed effectively.



For further information, please contact:

or@findings.co 

yogev@findings.co



About Findings:

Findings is dedicated to ensuring global supply chain compliance, creating an environment where businesses and government bodies can operate with trust. Findings’ advanced platform provides thorough cybersecurity and ESG assessments, continuous risk monitoring, and easy audit automation.

This helps every member of the supply chain achieve and maintain compliance effortlessly.


About IBM Federal:

IBM Federal assists US Federal agencies in navigating complex, hybrid cloud cybersecurity landscapes. With the surge in threats and expanding skill gaps, IBM Federal specializes in accelerating zero-trust plans, enhancing cybersecurity, and managing multifaceted environments. Tailored to individual needs and legacy systems, their solutions protect data across hybrid clouds, ensure the security of remote users, and proactively address modern threats, all while focusing on risk and compliance.


Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!