Category Archives: Uncategorized

The Monthly Breach Report: A Recap of April’s Data Breaches

In this article, Findings.co will take a deep dive into the top breaches that affected various companies in April 2023. So let's get started and explore the latest cybersecurity incidents!

As our world becomes increasingly digitized, businesses are relying more heavily on technology to conduct their operations. Unfortunately, with this greater dependence on digital systems comes a higher risk of cyber attacks. We’ve all heard about the devastating consequences of data breaches – from compromised personal information to stolen funds. Recently, the headlines have been dominated by high-profile breaches that have impacted millions of people worldwide. In this article, we’ll take a deep dive into the top breaches that affected various companies in April 2023. So let’s get started and explore the latest incidents!



  1. T-Mobile just can’t seem to catch a break! T-Mobile has disclosed its second data breach of 2023, affecting 836 customers who had their personal information accessed by hackers for over a month starting in late February.While the number of affected individuals might seem small compared to previous breaches, the amount of exposed data is pretty extensive. The exposed personally identifiable information is extensive and exposes individuals to identity theft and phishing attacks. The stolen information included names, contact details, social security numbers, account numbers, and T-Mobile account PINs, among other data. T-Mobile proactively reset the account PINs and offered affected customers two years of free credit monitoring and identity theft detection services. This is not the first time T-Mobile has suffered a data breach, having disclosed seven other incidents since 2018.

  2. Yum! Brands, the parent company of fast food chains KFC, Pizza Hut, and Taco Bell, has sent  out breach notification letters to individuals whose personal information was stolen in a ransomware attack on January 13, 2023. Yum! Brands clarified that some customer data was stolen, but they have no evidence that any of it was exfiltrated. However, the company found out that some individuals’ personal information, including names and driver’s license numbers, was stolen. The ongoing investigation has not found evidence of identity theft or fraud using the stolen data. About 300 restaurants in the UK were shut down as a direct result of the attack, but the company expects no material adverse impact on its business or financial results. Yum! Brands operates over 55,000 restaurants in 155 countries and territories. 

  3. Americold, a prominent cold storage and logistics company, is currently facing IT issues after experiencing a network breach. The company contained the attack and is now investigating the incident, which also impacted its operations. Americold estimated that its systems would be down for at least next week, and it requested customers to cancel inbound deliveries and to reschedule non-critical outbound deliveries. While the company has not provided any attack details, the focus on rebuilding impacted systems and assessing recoverable data suggests a ransomware attack is likely the cause. This is not the first time the company has faced a cyberattack; it experienced another in 2020. Americold owns and operates 245 temperature-controlled warehouses across the globe.

  4. The Kodi Foundation, which operates an open-source media player, disclosed a data breach after hackers stole the organization’s forum database containing user data and private messages and attempted to sell it online. The Kodi forum had roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts. Hackers stole the forum database by logging into the Admin console using an inactive staff member’s credentials, created and downloaded database backups multiple times in 2023. The stolen database contains all public forum posts, staff forum posts, private messages sent between users, and forum member data, including usernames, email addresses, and encrypted passwords. The company writes, “Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised. If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site. Once the Kodi forum comes back online we will provide instructions on how to complete a reset of your Kodi forum password.” The Kodi team is planning a global password reset that will inevitably impact service availability. The team also plans to run penetration tests once everything is up and running again. 

  5. Western Digital, a data storage company, recently confirmed that they suffered a “network security incident” where an unauthorized third party gained access to their internal systems on March 26,2023. The company stated that certain data had been obtained and that they were working to understand the nature and scope of that data. While it is not yet known who was behind the attack, the incident appears to have caused disruptions to the company’s business operations and services, including downing their My Cloud network-attached storage service. Western Digital is currently implementing proactive measures to secure its business operations and investigating the incident with a cybersecurity firm while coordinating with law enforcement. 

  6. Yellow Pages Group, a Canadian directory publisher, has been hit by a cyber attack and the Black Basta ransomware and extortion gang has claimed responsibility for it. The ransomware group has posted sensitive documents and data, including customer and employee data, exposing personal information like ID documents, tax documents, sales and purchase agreements, and more. Yellow Pages Group has confirmed the attack and is investigating the issue with the help of external cybersecurity experts to contain the incident. The attack appears to have occurred on or after March 15th, 2023, and the company has been notifying impacted individuals and reporting to the appropriate privacy regulatory authorities. Black Basta ransomware group has been active over the past year, targeting multiple high-profile victims, including Sobeys and Capita, and has been theorized to be a rebrand of the Conti ransomware gang.


Data breaches can have a significant impact on businesses, organizations, and individuals. Not only can they result in the loss of sensitive data, but they can also lead to financial losses, reputational damage, and legal repercussions. In today’s digital landscape, where data is a valuable commodity, it’s crucial that companies take proactive measures to secure their systems and protect their data from cyber threats. To achieve this, companies need to adopt a multi-layered approach to cybersecurity that includes continuous monitoring, regular security assessments, and the implementation of best practices.It’s important to note that companies must have a plan in place to respond quickly and effectively to a data breach if it does occur. This involves having an incident response plan that outlines the steps to take in the event of a breach, including who to notify and how to contain and remediate the issue.



Take the Security of Your Business to the Next Level



How the UN’s Sustainable Development Goals Will Impact the Business Landscape

findings.co discusses the 17 sdg goals that the un has implemented.

How will the UN’s Sustainable Development Goals Affect the Future of Companies?


In 2015, the United Nations (UN) established 17 Sustainable Development Goals (SDGs) aimed at creating a prosperous and thriving future for all communities, countries, and their people by 2030. Central to achieving these goals is the need for industries, companies, and organizations to adhere to environmental, social, and governance (ESG) frameworks and regulations.


Several of the SDGs, including goal 8 (Decent Work and Economic Growth), goal 9 (Industry, Innovation and Infrastructure), goal 10 (Reduced Inequalities), and goal 11 (Sustainable Cities and Communities), have a profound impact on businesses’ decision-making processes and investment strategies.


Now, let’s take a deep dive into these four goals and explore how they may shape the future of businesses. 


Goal 8: Decent Work and and Economic Growth

One of the five factors identified by the UN that halt the advancement of SDGs is supply chain disruption caused by various events such as pandemics, natural disasters, conflicts, or economic barriers. Companies can take measures to prevent such events from drastically impairing their businesses, such as by administering risk management assessments to their suppliers, diversifying their suppliers, and setting a concrete communication network between their suppliers and product managers.

Failing to take appropriate action can lead to detrimental consequences that can affect businesses, such as quality reduction, product delays, and ultimately profit loss.


Goal 9: Industry, Innovation and Infrastructure

It is no secret that technology has significantly enhanced people’s lives worldwide and accelerated the growth of industries. The objective of this SDG is to promote sustainable and inclusive industrialization.

According to the United Nations Environment Program (UNEP), “the number of people employed in renewable energy sectors is presently around 2.3 million.” To ensure sustainable and environmentally-friendly practices, it is crucial to adopt technology that enhances the wellbeing of employees while minimizing harm to the environment, especially given that technology has created job opportunities in this field.


Goal 10: Reduced Inequalities

The COVID-19 pandemic has exacerbated an already significant problem in many developing countries, where rural communities are experiencing a massive economic downturn. As a result, a large number of people are leaving these areas in search of refuge and economic opportunities elsewhere. The number of refugees across the world has reached an all time high. Rather than solely relying on governments and non-profit organizations, the private sector can play a significant role in reducing inequality and improving the current situation. Large corporations hold substantial sway in decision-making processes and can create business models that enhance working conditions, wages, and the lives of their employees, particularly those in developing countries.

While profitability remains the ultimate measure of success for businesses, investors are no longer solely interested in financially successful ventures. They are increasingly seeking to invest in companies that prioritize providing fair and humane working conditions for their employees and have a positive impact on the communities where they operate.


Goal 11: Sustainable Cities and Communities

Cities, neighborhoods, and industrial areas are being built to work with the environment as opposed to cause a disruption. New start-ups and companies have emerged and use AI technology to plan transportation paths, and reduce costs and stress in crowded cities and areas, such as Optibus, a start-up based in Tel Aviv, Israel. Similarly, Nordnese, another company, “develops waste management solutions to provide ‘greener; cleaner, and smarter; waste collection’.”

Moreover, Olleco, located in the United Kingdom, has developed technology that can convert waste and leftover oil into renewable, reusable energy to fuel cities and promote a circular economy. Essentially, they are taking something that was meant to go to waste and are putting it back into the economic cycle.

Improving the lives of human beings and the planet is one of the biggest challenges of the 21st century. Moving from the industrial era into one where new challenges no longer are defined by improving the lives of people has demanded the world change its strategy when it comes to how we do business. Technology, sustainable procedures, and healthy supply chain management are crucial to growing businesses.


How Findings Contributes to the UN’s SDGs:

Findings has contributed to these goals by providing businesses with a centralized platform for automating their risk management and supply chain compliance. Living up to these new standards can be challenging for companies whether they be small or large.

With Findings, customers can use our ESG assessments cost-effectively to monitor their suppliers’ carbon footprints to help achieve the UN’s SDGs. With one less thing to worry about, companies can focus on improving and growing their future for the sake of their success, their surrounding environment, and the planet.


LEARN MORE HERE

From Earth to Orbit: Understanding and Preventing Cyber Attacks on Space Systems

findings.co discusses understanding and preventing cyber attacks on space systems

Space systems have become critical components of modern society, and their importance continues to grow as the world becomes increasingly reliant on technology. Space systems are used for communication, navigation, weather forecasting, and national defense, among other purposes. However, as space systems rely on computer networks and software, they are vulnerable to cyber attacks. Cyber attacks on space systems can have catastrophic consequences, including loss of critical data, disruption of communication, and even damage or destruction of space assets.

It is, therefore, crucial to understand the nature of cyber attacks on space systems and take preventive measures to safeguard these assets. Cyber attacks on space systems can come from various sources, including state-sponsored attacks, hackers, and insider threats. These attacks can exploit vulnerabilities in the software, hardware, and communication protocols used in space systems.

The expansion of the New Space economy, innovation in technologies, and the emergence of various private firms have contributed to the development of the space industry. However, this growth has also expanded the cyberattack surface of space systems, making them more susceptible to attacks. Attacks are becoming more sophisticated and affecting several components of the space system’s architecture, including ground segment, space segment, and communications.

Cyber threats to space systems can come from various sources, including state-sponsored attacks, hackers, and insider threats. Attackers can exploit vulnerabilities in the software, hardware, and communication protocols used in space systems. For instance, in 1998, hackers took control of the US-German ROSAT X-Ray satellite by hacking into computers at the Goddard Space Flight Center in Maryland. They instructed the satellite to aim its solar panels directly at the sun, which fried its batteries and rendered the satellite useless. The defunct satellite eventually crashed back to Earth in 2011. Hackers can also hold satellites for ransom, as happened in 1999 when hackers took control of the UK’s SkyNet satellites.

Preventing cyber attacks on space systems requires a multi-pronged approach that involves implementing robust cybersecurity measures, training employees, and promoting collaboration between the public and private sectors. Encryption, access control, and continuous monitoring of space systems are some of the cybersecurity measures that can be implemented to protect space systems from cyber attacks. Space system operators and employees must be trained to identify and respond to potential cyber threats actively. Governments and space agencies worldwide are recognizing the importance of cybersecurity in space systems and are taking steps to enhance the resilience of space systems against cyber threats.

For instance, the United States government has established the Space Information Sharing and Analysis Center (Space ISAC), a public-private partnership aimed at enhancing the resilience of space systems against cyber threats. Congress could work to adopt a comprehensive regulatory framework for the commercial space sector that mandates the reporting of all cyber breaches involving satellites. There also needs to be clarity on which space-based assets are deemed critical to prioritize cybersecurity efforts. Clear legal guidance on who bears responsibility for cyberattacks on satellites will also go a long way to ensure that the responsible parties take the necessary measures to secure these systems.

In order to address all space system stakeholders, several security principles for satellites and space assets are proposed to help reorient the sector toward designing, developing, building, and managing cyber secure systems. These security principles address both technical and policy issues.

Technical Issues:

  1. Secure system design

  2. Secure software

  3. Secure communication

  4. Secure supply chain

  5. Incident response and recovery

  6. Continuous monitoring and assessment

Policy Issues:

  1. Cybersecurity governance

  2. Cybersecurity standards and regulations

  3. Cybersecurity education and training

  4. Cybersecurity risk management

In conclusion, cyber attacks pose a significant threat to space systems, and it is essential to take proactive steps to prevent them. This includes implementing cybersecurity measures, training employees, and promoting collaboration between the public and private sectors. By doing so, we can ensure that space systems continue to play a vital role in our daily lives without being compromised by cyber threats.

In addition, the complex supply chain of these satellites and the multiple parties involved in their management means it’s often not clear who bears responsibility and liability for cyber breaches. Clear legal guidance on who bears responsibility for cyberattacks on satellites will also go a long way to ensuring that the responsible parties take the necessary measures to secure these systems.

Finally, it would be a profound mistake to wait for hackers to gain control of a commercial satellite and use it to threaten life, limb, and property before addressing this issue.


Check out our cybersecurity solutions here

Why CSR Matters: The Benefits of Being a Socially Responsible Business

Findings explains why CSR matters and the benefits that come with being a socially responsible business

Corporate Social Responsibility (CSR) has increasingly become important for businesses in today’s world. CSR refers to a company’s efforts to operate in an ethical and sustainable manner while taking into account the social and environmental impacts of its operations. The benefits of being a socially responsible business can positively impact the bottom line in several ways.

 

Attracting and retaining top talent is one of the most significant benefits of being a socially responsible business. Employees are more interested in working for companies that prioritize making a positive impact on society and the environment. By being a socially responsible business, companies can differentiate themselves from competitors and attract employees who are committed to making a difference. Furthermore, socially responsible businesses tend to have higher levels of employee engagement, leading to higher productivity, lower turnover rates, and a more positive work culture overall.

 

Another benefit of being a socially responsible business is that it can enhance the company’s reputation. Consumers are increasingly interested in doing business with companies that share their values, and being a socially responsible business can help build trust and credibility with the target audience. A strong reputation can also help companies weather a crisis, as stakeholders are more likely to forgive missteps if they believe that the company is committed to doing the right thing. Further, it can also improve customer loyalty. Consumers are more likely to support companies that are transparent about their social and environmental impacts and take steps to address any negative impacts. By being a socially responsible business, companies can build a loyal customer base that will continue to support the business over time. Additionally, businesses that prioritize social responsibility can expand their customer base, incentivize customers to pay a premium price, and be seen as a competitive edge. Finally, being a socially responsible business can help attract investors. Many investors are interested in putting their money into companies that are committed to making a positive impact on society and the environment. By demonstrating a commitment to CSR, companies can attract investors who share their values and are interested in supporting the business over the long term.

 

In addition to the financial benefits, social responsibility can benefit society and the environment. Businesses have a responsibility to be good corporate citizens and contribute to the greater good. By incorporating social responsibility into their operations, businesses can demonstrate their commitment to making a positive impact on society and the world.Social responsibility can also reduce a company’s environmental impact. By implementing sustainable practices, such as reducing waste and conserving energy, businesses can minimize their negative impact on the environment. This not only benefits the planet but can also save the company money in the long run through reduced energy and waste costs.

 

Furthermore, social responsibility can contribute to the development of stronger and more resilient communities. By investing in community programs and initiatives, businesses can support the local economy and improve the lives of the people who live there. This can create a positive cycle where a stronger community leads to a more prosperous business environment.

 

Overall, being socially responsible is essential for businesses that want to thrive in today’s world. By improving their reputation, attracting top talent, reducing their environmental impact, contributing to stronger communities, and doing the right thing, businesses can not only benefit themselves but also society as a whole. By embracing social responsibility, businesses can make a positive impact on the world while also achieving long-term success.

 

For More ESG Related Content Click Here

 

The SEC Is Cracking Down on the Crypto Industry

Findings.co can help with the SEC cracking down on the crypto industry

Crypto this, crypto that. Cryptocurrencies have made a huge rise in recent years, but what does the SEC have against crypto companies? 


The Securities and Exchange Commission (SEC) has cracked down on cryptocurrency operations on the back of a crypto market crash that has wiped out investors’ wealth and cast doubt on the future of firms operating in this space. The worries (among many) are that stablecoins, which are pegged to EUR, GBP or USD, are not so stable after all, and that crypto trading platforms have no protections in place for investors should they collapse. Since there aren’t many regulations in place, cryptocurrencies are experimenting and growing quickly, but this rapid growth comes with risky practices that can leave consumers exposed.  


The SEC has a bone to pick with crypto companies


Crypto exchanges have faced increasing scrutiny in the past months. The US Treasury has warned in reports that cryptocurrencies, if not properly regulated, pose a risk for consumers, investors and businesses. The reports also state that the SEC and Commodity Futures Trading Commission (CFTC) must launch investigations and enforce actions against crypto companies that do not comply with laws. The Treasury says that the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) should increase efforts to monitor consumer complaints and take action against deceptive or unfair practices. 


What is the future of crypto regulations?


Cryptocurrencies aren’t governed by a single regulatory authority. The CFTC considers Bitcoin a commodity while the SEC allows traders to bet on the value of bitcoin through CME’s bitcoin futures contract. The IRS regards Bitcoin as property for tax purposes. 


The CFTC, whose enforcement summary for fiscal year 2022 reported that over 20% of its 82 actions were related to cryptocurrency, could become the chief regulator of cryptocurrency. That said, the SEC’s influence in regulating the US crypto market cannot be undermined. In September, SEC Chair Gary Gensler said that the agency would take the lead in regulating the crypto market by monitoring crypto tokens and intermediaries. He also appeared to suggest in a lawsuit that the SEC would assert jurisdiction over the entire Ethereum network. 


Can the SEC also regulate Initial Coin Offerings (ICOs)?


ICOs are to cryptocurrencies what initial public offerings (IPOs) are to shares. Gensler has deemed ICOs unregistered securities falling within the purview of securities laws. In 2021, ICOs accounted for 70% of the total of 20 enforcement actions related to crypto brought by the SEC.  


What does the crypto community think?


The main attraction of blockchain is that it’s used in a decentralized way. So, it’s not surprising that the crypto community isn’t in favor of cryptocurrency regulations. There are concerns that regulations, if enforced, will not be enforced fairly and that excessive regulation may have the opposite effect of making crypto more risky. Already, decentralized finance (DeFi) built on the blockchain are considered safer and more transparent than traditional financial instruments.


Those in favor of cryptocurrency regulation say it would prevent market manipulation and price volatility, thereby protecting investors, while also highlighting the technological and cybersecurity risks associated with crypto trading platforms. As cryptocurrencies are vulnerable to money laundering, regulations would also keep criminal activity in check. 


Whether a legal framework for cryptocurrency is coming next year is anyone’s guess. Whatever governments decide, they should consider the potential economic benefits of virtual currencies in managing risks.


Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!