Tag Archives: supplychain

The Ultimate Guide to Cloud Data Protection

the ultimate guide to cloud data protection

Essential Strategies for Cloud Data Protection

The cloud has become a cornerstone for businesses of all sizes, providing scalable, cost-effective, and efficient solutions for data storage and operations. However, with the convenience of the cloud comes the critical need for robust data protection strategies. As a leading cybersecurity and ESG compliance company, we understand the complexities of cloud data protection. This blog aims to provide a comprehensive overview of cloud data protection, highlighting key strategies and best practices to ensure your data remains secure.

Understanding Cloud Data Protection

Cloud data protection encompasses a range of strategies and technologies designed to safeguard data stored in the cloud. This includes protecting data from unauthorized access, ensuring data privacy, maintaining data integrity, and ensuring data availability. As businesses increasingly migrate to the cloud, the importance of implementing strong data protection measures cannot be overstated.

Key Challenges in Cloud Data Protection

  1. Data Breaches: Unauthorized access to sensitive data can lead to significant financial and reputational damage.

  2. Data Loss: Accidental deletion, software bugs, or cyberattacks can result in irreversible data loss.

  3. Compliance: Adhering to regulatory requirements and industry standards is essential to avoid legal penalties.

  4. Shared Responsibility: Cloud providers and clients share the responsibility for data security, necessitating clear policies and collaboration.

Best Practices for Cloud Data Protection

  1. Implement Strong Access Controls: Utilize multi-factor authentication (MFA) and robust password policies to prevent unauthorized access. Ensure that only authorized personnel have access to sensitive data.

  2. Encrypt Data: Encrypt data both at rest and in transit to protect it from unauthorized access. Use strong encryption protocols and regularly update encryption keys.

  3. Regular Backups: Perform regular backups to ensure that you can recover data in case of accidental deletion or a cyberattack. Store backups in multiple locations to mitigate the risk of data loss.

  4. Continuous Monitoring: Implement continuous monitoring solutions to detect and respond to security threats in real-time. At Findings we offer advanced cloud monitoring solutions that provide comprehensive visibility into your cloud environment.

  5. Compliance Management: Ensure that your cloud data protection strategies align with regulatory requirements and industry standards. Conduct regular audits and assessments to maintain compliance.

  6. Incident Response Plan: Develop and regularly update an incident response plan to quickly address and mitigate the impact of data breaches or other security incidents.

The Role of Continuous Cloud Monitoring

Continuous cloud monitoring plays a crucial role in cloud data protection by providing real-time insights into your cloud environment. With continuous monitoring, you can:

  • Detect Anomalies: Identify unusual activities and potential security threats before they escalate.

  • Ensure Compliance: Monitor compliance with regulatory requirements and internal policies.

  • Optimize Performance: Gain insights into cloud performance and optimize resource usage.

  • Improve Incident Response: Enhance your ability to respond to security incidents quickly and effectively.

By integrating our solutions into your cloud data protection strategy, you can ensure that your data remains secure and compliant with industry standards.

Moving Forward With Confidence 

Protecting your data in the cloud is a continuous and evolving process. By implementing robust data protection strategies and leveraging advanced monitoring solutions, you can truly protect your sensitive information against a wide range of threats. At Findings we are committed to helping businesses navigate the complexities of the cloud, ensuring that your data remains secure, compliant, and resilient.

 

For more information on our cloud monitoring solutions and how we can help protect your data, don’t hesitate to reach out.

2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

Who Is the EU Taxonomy For?

Who is the eu taxonomy for?

In recent years, the global community has witnessed an increasing concern for environmental sustainability and the urgency to combat climate change. To address these issues, the European Union (EU) introduced the EU Taxonomy in 2020, providing a framework to classify economic activities based on their environmental impact. As of 2023, the EU Taxonomy has evolved into a critical tool for businesses across various sectors. In this blog, I will delve into the EU Taxonomy’s purpose, its intended audience, and the businesses to which it applies.

Intended Audience

The EU Taxonomy is intended for a wide range of stakeholders, each with different roles and responsibilities in promoting sustainability. 

Enterprises:

One of the main audiences of the EU Taxonomy is businesses operating within the EU or conducting activities that impact EU member states. Businesses need to assess their operations against the Taxonomy criteria to determine whether their activities can be classified as environmentally sustainable. The EU Taxonomy applies to a wide range of businesses, from large multinational corporations to small and medium-sized enterprises (SMEs). The EU Taxonomy covers various sectors of economic activities, including energy, transportation, agriculture, manufacturing, and more. It encompasses both green activities, such as renewable energy production and energy-efficient technologies, and enabling activities, such as research and development in sustainable technologies.

Investors:

Investors, including financial institutions, asset managers, and private investors, are significant stakeholders in the implementation of the EU Taxonomy. They use the taxonomy as a guide to make sustainable investment decisions and ensure that their portfolios align with environmental objectives. As written by the European Union, “The EU Taxonomy is not a mandatory list for investors to invest in. It does not set mandatory requirements on environmental performance for companies or for financial products. Investors are free to choose what to invest in. However, it is expected that over time, the EU Taxonomy will encourage a transition towards sustainability in order to achieve the EU’s climate and environmental goals.” 

Regulators:

EU member state governments and regulatory bodies play a critical role in enforcing and implementing the EU Taxonomy. They use the Taxonomy as a basis for setting regulations and standards related to sustainable finance and reporting.

Non-Governmental Organizations (NGOs) and Advocacy Groups:

Putting aside past controversy with NGOs, environmental NGOs and advocacy groups closely monitor the implementation and effectiveness of the EU Taxonomy. They advocate for its continuous improvement and ensure businesses and policymakers remain accountable for their sustainability commitments. 

Compliance Requirements:

As of 2023, the EU Taxonomy is still being phased in gradually. Some businesses may have mandatory reporting obligations under the Taxonomy Regulation, while others might face voluntary reporting requirements. However, the trend indicates that the regulations will become more stringent in the future, affecting a broader spectrum of businesses.

Reporting and Disclosure:

Businesses falling under the scope of the EU Taxonomy need to disclose relevant information about their sustainable activities, investments, and environmental performance. This transparency helps investors and stakeholders assess their contributions to sustainable development.

Challenges of Complying with the EU Taxonomy

Before talking about the challenges it’s important to note the benefits. Businesses that comply with the EU Taxonomy can not only attract sustainable finance and investments from environmentally conscious investors, but also seize opportunities to fund and expand sustainable projects and initiatives. This, in turn, enhances their reputation among customers, investors, and other stakeholders, potentially leading to increased brand loyalty and market share. Moreover, aligning with the EU Taxonomy ensures regulatory compliance, safeguarding businesses against potential penalties and legal issues by keeping them in line with the latest sustainability regulations.


Now let’s take a closer look at the challenges

Complexity: The EU Taxonomy is a complex framework with evolving criteria. Complying with its requirements may be challenging for some businesses, especially smaller ones with limited resources.

Data Collection and Verification: To demonstrate compliance, businesses must collect and verify extensive environmental data. This process can be time-consuming and resource-intensive.

Adaptation to New Standards: As the Taxonomy evolves and additional criteria are introduced, businesses may need to adapt their operations continually to meet the changing requirements.

In a nutshell:

The EU Taxonomy stands at the forefront of the EU’s efforts to combat climate change and foster sustainability. In 2023, businesses across various sectors must familiarize themselves with the Taxonomy’s criteria and reporting requirements. Complying with the EU Taxonomy not only positions businesses for long-term success but also contributes to a more sustainable future for Europe and the world. Embracing the principles of the Taxonomy is not merely a legal obligation; it is a commitment to environmental stewardship and responsible corporate citizenship.

Remember, the EU Taxonomy is continuously evolving, so it is crucial for businesses to stay informed and proactive in their sustainability efforts to align with future developments. By doing so, businesses can play a significant role in building a greener and more resilient economy for generations to come.


Interested to learn more about EU Taxonomy?


July Data Breach Roundup

Findings.co July 2023 cybersecurity and data breaches roundup

As we navigate the relaxing summer season, it’s important to note that just because half the world is on pause, doesn’t mean hackers are too. While those who are relaxing and not paying much attention, these attackers are sweeping their ways into their supply chains and causing damage. Luckily, automation helps, and catching vulnerabilities in your supply chain with our Assessment and Audit AI features will help you stay on track. 

 

This month’s blog arrives hot on the heels of an important announcement from the SEC. They have mandated that public companies must now report data breaches within 4 days of discovery. This new regulation comes at a critical time as the MOVEIT vulnerability continues to wreak havoc, causing significant disruptions in recent months.

 

July proved to be a challenging period for cybersecurity, with major players like Deutsche Bank, Genworth Financial, and Maximus falling victim to the consequences of data breaches. While numerous breaches occurred throughout the month, I will focus on the most noteworthy ones to glean valuable insights and lessons from.

 

Continue reading to discover other prominent names  that experienced security breaches, along with crucial information you should be aware of. Stay informed and learn from these incidents to protect your own data and systems.

 

  1. HCA Healthcare Experiences Breach

 

HCA Healthcare, a prominent hospital and clinic operator, recently announced that it has experienced a significant cyberattack, compromising the data of over 11 million patients. This unfortunate breach has raised concerns about the security of sensitive patient information and highlights the urgent need for better data protection measures in the healthcare industry. Just last week, IBM’s Cost of a data breach report came out proving that costs are escalating in healthcare breaches. The average cost of a studied healthcare breach reached nearly $11 million in 2023, a 53% increase since 2020. Cybercriminals targeting healthcare organizations have made stolen data more accessible to downstream victims, making medical records a high-value leverage point.

 

What Happened?

 

HCA Healthcare discovered the breach on July 5,2023, when a sample of stolen data was posted online by the suspected hacker. The company believes that the attack targeted an external storage location primarily used for email message formatting. As an immediate containment measure, the company disabled user access to this location.

 

Who Was Affected? 

 

Patients from 20 states, including California, Florida, Georgia, and Texas, have been affected by the breach, which ranks among the largest healthcare data breaches in history. The compromised data includes patients’ names, partial addresses, contact information, and upcoming appointment dates. Additionally, information such as email addresses, telephone numbers, date of birth, and gender was accessed by the hackers.

 

With the scale of this data breach impacting millions of patients, HCA Healthcare faces a significant challenge in safeguarding sensitive information. As investigations continue, it serves as a reminder to healthcare organizations to strengthen their cybersecurity protocols to protect patients’ data and maintain their trust in an increasingly digital world.

 

  1. Rite Aid Data Breach Exposes Customer Information

 

Rite Aid, a popular pharmacy chain in America, recently announced a data breach that may have exposed personal information of its customers. The breach, caused by an unknown third party exploiting a software vulnerability, occurred on May 27. Although sensitive data like Social Security numbers and credit card numbers were not accessed, Rite Aid is taking proactive steps to address the situation and notify affected customers.

 

The Breach Incident:

 

On May 31, one of Rite Aid’s vendor partners informed the company about the data breach. In response, Rite Aid took swift action by updating its systems and the vendor’s software to prevent further exploitation of the vulnerability. During this process, the company discovered that specific files containing customer information had been accessed during the breach. The information accessed by the unknown party included the following:

 

  • Patient First and Last Name

  • Date of Birth

  • Address

  • Prescription Information

  • Limited Insurance Information

  • Cardholder ID

  • Plan Name



The Rite Aid data breach serves as a reminder that security assessments are essential for catching vulnerabilities, whether it be your direct company, or your vendors. While the company has taken swift action to address the situation, affected customers should remain vigilant and take appropriate measures to protect their personal information. 



  1. A New Malware is Making Headlines

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported the discovery of a new malware strain known as Submarine, which was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies’ networks. 

Barracuda provides services and products to over 200,000 organizations worldwide, including prominent entities like Samsung, Delta Airlines, Kraft Heinz, and Mitsubishi.

 

The attack was carried out by a suspected pro-China hacker group known as UNC4841 and involved exploiting a now-patched zero-day vulnerability.

 

In May, a series of data-theft attacks was detected on Barracuda ESG appliances, but it was later revealed that the attacks had been active since at least October 2022. The attackers utilized the CVE-2023-2868 remote command injection zero-day to drop previously unknown malware named Saltwater and SeaSpy, as well as a malicious tool called SeaSide. These were used to establish reverse shells for easy remote access.

 

Barracuda took an unconventional approach last month by offering replacement devices to all affected customers at no charge. The decision came after the company issued a warning that compromised ESG appliances needed immediate replacement, rather than just re-imaging them with new firmware, as they couldn’t guarantee complete malware removal.

 

Now, CISA has disclosed the existence of the Submarine malware, also known as DepthCharge by Mandiant, the incident response division of FireEye. Submarine is a multi-component backdoor residing in a Structured Query Language (SQL) database on the ESG appliance. It serves various purposes, such as detection evasion, persistence, and data harvesting.CISA’s malware analysis report stated, “SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance. SUBMARINE comprises multiple artifacts that, in a multi-step process, enable execution with root privileges, persistence, command and control, and cleanup.” The report also mentioned that sensitive information was found in the compromised SQL database.

 

In response to Barracuda’s remediation actions, the threat actors employed the Submarine malware as an additional measure to maintain persistent access on customer ESG appliances. Barracuda maintains that the malware was present on a small number of already compromised ESG appliances. Barracuda’s recommendation to customers remains unchanged. Those with compromised ESG appliances should discontinue their use and contact Barracuda support to obtain a new ESG virtual or hardware appliance.

 

CISA has warned that the Submarine malware poses a significant threat for lateral movement within affected networks. 

 

  1. Estée Lauder Faces Data Breach and Ransomware Attack

 

Estée Lauder recently experienced a data breach and ransomware attack, but the company has been tight-lipped about the specifics of the incident. The beauty giant acted proactively by taking down some systems to prevent further expansion of the attack on their network. It appears that the CL0P ransomware gang gained unauthorized access to Estée Lauder by exploiting a vulnerability in the MOVEit Transfer platform used for secure file transfers. The threat actor took advantage of the vulnerability when it was still a zero-day in late May and claimed to have breached numerous companies for the purpose of data theft and extortion.

 

On their data leak site, the Clop ransomware gang publicly listed Estée Lauder as one of their victims. The gang criticized the company, accusing them of neglecting their customers’ security. They claimed to have over 131GB of Estée Lauder’s data in their possession. Another ransomware group, BlackCat, also added Estée Lauder to their list of victims. However, unlike Clop, BlackCat expressed dissatisfaction with the company’s silence in response to their extortion emails. BlackCat attempted to initiate negotiations with Estée Lauder by reaching out to their corporate and personal email addresses but received no response from the company.

 

Notably, BlackCat claimed that they did not encrypt any of Estée Lauder’s systems, but they threatened to reveal more details about the stolen data unless negotiations were initiated. The potential exposure of sensitive information could affect customers, company employees, and suppliers. The attack has caused significant disruption to parts of the company’s business operations, as stated in their SEC filing.



  1. Google Cloud Build Vulnerability Raises Supply Chain Attack Concerns

 

A vulnerability in Google Cloud Build, known as Bad.Build, has raised concerns about potential supply chain attacks for organizations using the Artifact Registry as their primary or secondary image repository. Security researchers from Orca Security and Rhino Security Lab independently reported the issue.

 

Orca Security researcher Roi Nisimi highlighted that the vulnerability allows attackers to escalate privileges by exploiting the cloudbuild.builds.create permission. This could enable attackers to tamper with Google Kubernetes Engine (GKE) docker images using artifactregistry permissions and run code inside the docker container with root privileges.

 

After the issue was reported, the Google Security Team implemented a partial fix by revoking the logging.privateLogEntries.list permission from the default Cloud Build Service Account. However, this measure didn’t directly address the underlying vulnerability in the Artifact Registry, leaving the privilege escalation vector and the supply chain risk still intact.

 

Google Cloud Build customers are advised to modify the default Cloud Build Service Account permissions to match their specific needs and remove entitlement credentials that go against the Principle of Least Privilege (PoLP) to mitigate the privilege escalation risks.

 

Supply chain attacks have had far-reaching consequences in recent cybersecurity incidents like the SolarWinds, 3CX, and MOVEit attacks. Therefore, organizations using Google Cloud Build need to be vigilant and implement cloud detection and response capabilities to identify anomalies and reduce the risk of potential supply chain attacks.

 

In response to the discovery, a Google spokesperson expressed appreciation for the researchers’ efforts and confirmed that a fix based on their report had been incorporated in a security bulletin issued in early June. Google also emphasized its commitment to identifying and addressing vulnerabilities through its Vulnerability Rewards Program.



As I wrap up this month’s breach blog, I must address IBM Security’s annual “Cost of a Data Breach Report.” The report reveals that the global average cost of a data breach has reached an all-time high of $4.45 million in 2023, marking a 15% increase over the past three years. Below I’ve outlined key findings. 

 

Key Highlights From the Report:

 

AI and Automation Accelerate Breach Identification and Containment: Organizations extensively employing AI and automation experienced a significantly shorter data breach lifecycle, reducing it by 108 days compared to organizations not leveraging these technologies (214 days vs. 322 days). This reduction resulted in nearly $1.8 million in lower data breach costs, making AI and automation the most impactful cost-saving measures identified in the report.

 

Silence is Costly in Ransomware Attacks:

 

Ransomware victims who involved law enforcement in their response saved an average of $470,000 in breach costs compared to those who chose not to involve law enforcement. Despite this potential benefit, 37% of the ransomware victims studied did not engage law enforcement during an attack, leading to longer breach lifecycles and increased costs.

 

Detection Gaps Persist:

Only one-third of the studied breaches were discovered by the organization’s own security team, while 27% were disclosed by the attacker, and 40% were disclosed by neutral third parties like law enforcement. Breaches identified by the organizations themselves incurred nearly $1 million less in breach costs compared to those disclosed by the attackers. This is where conducting regular assessments comes into play. The report emphasizes that early detection and rapid response are crucial in reducing the impact of a breach. Organizations are encouraged to invest in threat detection and response approaches, to bolster their cybersecurity defenses.



While this month’s update is on the longer side, I hope you’ve learned and realized just how important conducting regular security checks is for your business and entire supply chain. Findings automates assessment and audit processes, to help you stay compliant, while ensuring that your supply chain is secure. 

 

 

 

The Dark Side of Ransomware Attacks

The Dark Truth Behind Ransomware

 

Ransomware attacks have become an alarming threat in our increasingly digital world. As cybercriminals employ sophisticated techniques to exploit vulnerabilities, the consequences are felt by individuals, businesses, and even entire nations. In this blog post, we will delve into the dark side of today’s ransomware attacks, exploring the alarming trends and consequences that accompany these malicious acts.

 

The Rising Sophistication of Ransomware Attacks

 

Over time, ransomware attacks have evolved into more intricate and advanced operations. Cybercriminals now employ sophisticated tactics to maximize their impact. Spear-phishing, where attackers carefully craft personalized emails to trick victims into revealing sensitive information or downloading malware, has become a prevalent method. Additionally, zero-day exploits, which target software vulnerabilities unknown to the vendor, provide attackers with an advantage. Encryption algorithms used by ransomware have also become increasingly complex, making it extremely challenging for victims to recover their data without paying a hefty ransom. The complexity and ever-evolving nature of these attacks have made them a formidable menace.

 

Devastating Impact on Individuals and Businesses

 

The consequences of ransomware attacks are devastating for both individuals and businesses. Personal files, sensitive data, and intellectual property can be irreversibly encrypted or stolen, leading to significant financial losses and emotional distress for individuals. Businesses, on the other hand, face even more severe repercussions. Operational disruptions caused by ransomware attacks can halt critical processes, leading to significant financial losses. Moreover, the reputational damage resulting from an attack can have long-lasting effects, causing a loss of customer trust and potential bankruptcy.

 

Here are some notable examples of destructive ransomware strains witnessed in recent years:

 

CryptoLocker (2013): CryptoLocker emerged in September 2013 and caused widespread havoc until its neutralization in May 2014 by an international cybersecurity task force. Its propagation was facilitated through the extensive Gameover ZeuS botnet.



Petya (2016) & NotPetya (2017): The Petya ransomware family first emerged in 2016, but it was the devastating NotPetya strain that garnered widespread attention in 2017. NotPetya caused more than $10 billion in damages across Europe and the US.

 

WannaCry (2017): In May 2017, the WannaCry ransomware launched a highly impactful attack, infecting over 230,000 computers in 150 countries within a single day. The resulting damage and cleanup expenses were estimated to reach $4 billion.

 

DarkSide (2020): DarkSide gained notoriety in 2020 and 2021 for their RaaS model, which resulted in significant ransomware attacks and extortion demands. Although they claimed to avoid targeting government and healthcare entities, the group was responsible for the 2021 Colonial Pipeline attack, which disrupted fuel supplies across the US East Coast.

 

Nvidia (2022): In 2022, Nvidia, the semiconductor giant, was hit by a ransomware attack. Employee credentials and data were leaked online. The hacking group Lapsus$ claimed responsibility, demanding a $1 million ransom and a percentage of fees.

 

By highlighting these significant instances of ransomware, it becomes evident that this form of cyber threat has evolved over time, growing in complexity and impact.

 

Targeting Critical Infrastructure

 

The dark side of ransomware attacks extends beyond individual targets to critical infrastructure. In recent years, cybercriminals have shown an increased interest in targeting hospitals, energy grids, transportation systems, and government institutions. The motivation behind these attacks is not only to compromise sensitive data but also to put lives at risk and disrupt essential services. The consequences of successful attacks on critical infrastructure can be dire, underscoring the urgent need for robust cybersecurity measures to protect these vital systems.

 

Ransomware as a Service (RaaS)

 

The advent of ransomware-as-a-service has further exacerbated the threat landscape. Cybercriminals now offer ready-to-use ransomware kits to aspiring attackers, enabling them to execute sophisticated attacks without advanced technical skills. This commodification of ransomware has significantly contributed to its widespread proliferation and increased the number of potential attackers. The availability of RaaS lowers the entry barrier for cybercriminals and poses a challenge for law enforcement agencies and cybersecurity professionals.

 

Evolving Payment Methods and Cryptocurrencies

 

To facilitate ransom payments while maintaining anonymity, cybercriminals have turned to cryptocurrencies like Bitcoin. These decentralized digital currencies allow transactions to occur without being easily traceable. The use of cryptocurrencies complicates law enforcement efforts, as traditional financial institutions have limited visibility into these transactions. The relative anonymity offered by cryptocurrencies enables cybercriminals to operate with a reduced risk of detection and apprehension, adding to the challenges faced by authorities in combating ransomware attacks.

 

Collateral Damage and Hidden Costs

 

Beyond the immediate impact of ransomware attacks, there are hidden costs and collateral damage that organizations must face. The financial burden associated with incident response, recovery efforts, and potential legal actions can be significant. Furthermore, the loss of customer trust and diminished market reputation can have long-lasting effects on businesses, amplifying the damage caused by these attacks. Rebuilding trust and restoring operations after an attack can be a lengthy and costly process.

 

Urgent Need for Cybersecurity Collaboration and Proactive Measures

 

Today’s sophisticated ransomware attacks pose a severe and escalating threat to individuals, businesses, and critical infrastructure. The dark side of these attacks encompasses the rising sophistication of techniques, the devastating impact on victims, the targeting of critical infrastructure, the accessibility of ransomware-as-a-service, the use of cryptocurrencies, and the hidden costs incurred. To mitigate this menace, it is crucial to prioritize cybersecurity measures, stay informed about emerging threats, and foster collaborations to combat this growing cyber threat landscape. Proactive measures such as regular software updates, employee training on cybersecurity best practices, and robust incident response plans are essential for organizations to defend against these ever-evolving ransomware attacks. By working together, we can make significant strides in protecting ourselves and our digital assets from the dark side of ransomware attacks.

 

 

 

 

Top Cyber Attacks and Data Breaches: May 2023 Round Up

May 2023 data breaches

In an era dominated by digital connectivity, the frequency and impact of data breaches continue to escalate, leaving individuals and organizations vulnerable to devastating consequences. From state-sponsored hacking campaigns to opportunistic cybercriminals, the realm of data security is constantly under siege. Recent events have once again thrust data breaches into the spotlight, as major corporations and industry giants grapple with the aftermath of malicious intrusions. In this blog post, I will delve into a series of alarming incidents that have unfolded in May 2023, shedding light on the tactics employed, the extent of compromised information, and the potential ramifications for affected individuals and businesses. Brace yourself for an eye-opening exploration of the evolving threat landscape as we navigate the treacherous waters of data breaches and their far-reaching impact.

 

  1. On May 24,2023, Microsoft reported that it found targeted malicious activity by Volt Typhoon, a state-sponsored group from China, aiming to access unauthorized credentials and explore critical infrastructure networks in the US. This campaign supposedly  intends to disrupt communication infrastructure between the US and Asia during future crises. Volt Typhoon has been active since mid-2021, primarily targeting critical infrastructure organizations in Guam and other US regions across various sectors. They employ stealth techniques, living-off-the-land methods, and manipulate systems using command line instructions. The threat actor maintains persistent access and attempts to conceal their activities by routing network traffic through compromised SOHO network equipment. 

 
  1. Sysco, a major U.S. multinational food distribution corporation, recently revealed that approximately 126,243 current and former employees may have had their sensitive data accessed and acquired in a cyberattack that took place in January. According to notification letters sent to affected individuals, Sysco’s systems were initially breached on January 14, but the intrusion was only discovered nearly two months later. The company assured that its operational systems, business functions, and customer services remained unaffected by the breach. While specific details about the data accessed for each individual are yet to be confirmed, Sysco stated that the compromised information may include personal data provided for payroll purposes, such as names, Social Security numbers, account numbers, or similar information. 

 
  1. On May 26, 2023, Managed Care of North America (MCNA) Dental published a data breach notification on its website, informing approximately 9 million patients that their personal data was compromised. MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S. On March 6, 2023, the insurance provider discovered unauthorized activity in their computer system. They took immediate action to halt the activity and initiated an investigation with the assistance of a specialized team. It was determined that an unauthorized user was able to access and make copies of certain information between February 26, 2023, and March 7, 2023. The potentially compromised information includes contact details such as first and last name, address, date of birth, phone number, and email address. Social Security numbers, driver’s license numbers or other government-issued ID numbers were also accessed. Additionally, health insurance information such as plan details, insurance company information, member numbers, and Medicaid-Medicare ID numbers may have been involved. Specific information related to dental care, including visits, dentist and doctor names, past treatments, x-rays/photos, prescribed medicines, and treatment details, as well as bills and insurance claims, were also potentially exposed. 

 
  1. NextGen Healthcare, a vendor of cloud-based electronic health records, has been informing over 1 million individuals about a data compromise that involves the unauthorized acquisition of login credentials. This incident marks at least the second alleged data security breach that the company has probed since January. The company explained an unknown third-party gained unauthorized access to a limited set of personal data between March 29, 2023, and April 14, 2023. The accessed information includes names, dates of birth, addresses, and social security numbers. Out of the 198 significant breaches of health data that have been reported on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website in 2023, impacting a total of 17.4 million individuals, it has been disclosed that at least 75 of these incidents affecting 9.8 million individuals were reported to involve business associates. Approximately 38% of the major health data breaches reported on the HIPAA Breach Reporting Tool website in 2023 involved vendors and other business associates. Interestingly, despite accounting for a smaller proportion of breaches, these incidents were responsible for impacting 56% of the individuals affected by breaches in the healthcare sector.

 
  1. Luxottica, the world’s largest eyewear company known for brands like Ray-Ban, Oakley, and Chanel, has officially confirmed a data breach that occurred in 2021 via BleepingComputer. The breach exposed the personal information of approximately 70 million customers when a database was recently made available for free on hacking forums. Luxottica revealed that one of its partners experienced the breach, involving a security incident that affected a third-party contractor responsible for holding customer data. The exposed data includes sensitive details such as full customer names, email addresses, phone numbers, residential addresses, and dates of birth. Luxottica emphasized that financial information, social security numbers, login credentials, and other critical data that could endanger customer safety were not compromised. The FBI has made an arrest in connection with the incident, resulting in the shutdown of the website where the data was published. 

 
  1. On May 11, 2023, Brightly informed present and past SchoolDude users that a security incident occurred. SchoolDude is an online platform used by educational institutions for placing and tracking maintenance work orders. Information such as name, email address, account password, phone number, and school district name were potentially breached. 

 
  1. On May 8, 2023, Dragos, a company specializing in industrial cybersecurity, experienced a failed extortion scheme by a cybercriminal group. The group gained unauthorized access by compromising the personal email of a new sales employee, allowing them to impersonate a Dragos employee and access resources in SharePoint and the contract management system. Although they accessed a report with customer IP addresses, Dragos’ security controls prevented the threat actor from deploying ransomware or making further infrastructure changes. The cybercriminals resorted to extortion attempts, escalating their messages and contacting Dragos executives and known contacts. However, Dragos chose not to engage with the criminals and promptly activated their incident response retainer and involved their third-party MDR provider. The investigation is ongoing, but Dragos has implemented additional verification steps for their onboarding process and emphasizes identity and access management, multi-factor authentication, continuous monitoring, and incident response preparedness.

 

In other news, in May, it was discovered that Apple banned its employees from using generative AI tools like OpenAI’s ChatGPT and GitHub’s Copilot due to concerns about potential data leaks and disclosure of sensitive information. Apple’s decision is based on the fact that OpenAI stores all user interactions by default, including conversations with ChatGPT, which are used for training and subject to moderation. While OpenAI introduced an option to disable chat history, conversations are retained for 30 days for abuse review before permanent deletion. Apple worries that employees may unintentionally reveal confidential project information within ChatGPT, which could be accessed by OpenAI moderators. Similar restrictions have been implemented by other companies like JP Morgan, Verizon, and Amazon. Despite the ban, OpenAI recently launched an iOS app for ChatGPT, making Apple’s decision notable, considering the app’s availability and future expansion plans. 

 

As data breaches continue to make headlines, it becomes abundantly clear that the protection of sensitive information is of paramount importance. The incidents highlighted in this blog post serve as a stark reminder that no individual or organization is immune to the persistent and ever-evolving threats posed by cybercriminals. As we move forward, it is imperative for individuals and businesses alike to prioritize robust security measures, including stringent access controls, advanced encryption protocols, and employee education programs. By staying vigilant, proactive, and informed, companies can fortify their defenses and mitigate the risks associated with data breaches. 

 



March Data Breach Round-Up

findings shares the top breaches that happened in March 2023

As we move forward, it’s becoming increasingly clear that even large corporations aren’t safe from cyber attacks. From Chick-fil-A and Dole Food Company to Acer and Procter & Gamble, the number of companies that have suffered data breaches continues to grow. Today, I’ll delve into some of the latest confirmed data breaches from March, and examine what they could mean for both these businesses and their customers. With personal data security on the line, it’s time to brace yourself for a rollercoaster ride into the realm of cybercrime!

 

  1. Attention all Chick-fil-A lovers! Unfortunately, Chick-fil-A has sent a notice to customers about a data security incident that may have involved their personal information. The company has taken measures to prevent unauthorized activity and engaged a national forensics firm to investigate the issue. Based on their investigation, it was discovered that unauthorized parties launched an automated attack against Chick-fil-A’s website and mobile application between December 18, 2022, and February 12, 2023, using account credentials obtained from a third-party source. The information that may have been involved includes name, email address, Chick-fil-A One membership number, mobile pay number, QR code, masked credit/debit card number, and the amount of Chick-fil-A credit on the account, as well as the month and day of the birthday, phone number, and address if saved to the account. Unauthorized parties were only able to view the last four digits of the payment card number. Chick-fil-A recommends affected customers change their password immediately and choose a strong, unique password. 

 

  1. While we all love fresh produce, it’s important to remember that cybersecurity is vital to ensuring that we can continue to enjoy our favorite fruits and veggies. Fresh produce provider, Dole Food Company, has confirmed that employee information was accessed by threat actors during a February ransomware attack. The number of employees affected was not disclosed, but Dole employs approximately 38,000 people worldwide. The company said the attack was sophisticated, but limited in impact on operations. However, Dole was forced to shut down production plants across North America and was unable to fulfill orders for a week, leading to complaints from customers. In response to the attack, Dole engaged cybersecurity experts and notified law enforcement. The incident has been disclosed in an annual report filed with the US Securities and Exchange Commission. The company very nicely explained the damage that a cyber attack can cause a company. In the report they write, “our information technology networks and systems, some of which rely on third-party service providers, may be vulnerable to service disruptions or system failures due to causes including intentional hacking, security breaches, intrusions, malware, denial of service attacks, phishing, or other cybersecurity attacks, as well as natural disasters, catastrophic events, power outages, or human error or malfeasance. If we are unable to prevent or adequately respond to and resolve these disruptions or failures, our operations may be impacted and any unauthorized access to, or acquisition of, customer, employee, or other confidential information could result in adverse consequences such as reputational damage, premature termination or reduction of existing contracts, reduction of operating revenue, remediation costs, ransomware payments, litigation, and/or penalties under various laws and regulations. Our customers could also refuse to continue to do business with us and prematurely terminate or reduce existing contracts, resulting in a significant reduction of our operating revenue.” This further shows that everyone in the supply chain is ultimately affected by cyber attacks. 

 

  1. The FBI just put the cuffs on the supposed mastermind behind a notorious cybercriminal hub that boasted stolen data from Congress members and countless other individuals. The founder of the BreachForums website, Conor Brian Fitzpatrick, has been arrested and charged with operating a hacking forum and marketplace for cybercriminals. Fitzpatrick, 20, allegedly created BreachForums in March 2022 to buy, sell and trade hacked or stolen data and other contraband, including personally identifying information, bank account details, and social security numbers. According to reports, Fitzpatrick is believed to have played a role as a mediator or intermediary for unlawful deals and personally offered access to legitimate breached databases using a credit-based system run by the online platform. The site’s various sections included “Cracking,” “Leaks,” and “Tutorials.” The FBI and the Department of Health and Human Services Office of Inspector General have conducted a disruption operation that caused BreachForums to go offline. Fitzpatrick’s alleged victims included millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies. Deputy Attorney General Lisa O. Monaco has announced another successful crackdown on the cybercrime underworld, stating that the BreachForums platform – much like its predecessor RaidForums – facilitated the trade of stolen data between hackers and willing buyers. She warns all those involved in shady dealings on the dark web that they should take note: Law enforcement agencies are determined to dismantle these illicit forums and prosecute their administrators in U.S. courts. So if you’re operating in the shadows, you better watch out!

 

  1. On March 20th, Ferrari confirmed that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom demand related to certain client contact details. Twitter user Troy Hunt shared the breach letter sent to customers. Ferrari writes, “we regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment.” While the company explains that no no payment information or details of Ferrari cars owned or ordered had been stolen, hackers still accessed customers’ names, addresses, email addresses and telephone numbers. Let’s keep on dreaming about our favorite Italian sports cars and hope that Ferrari’s cybersecurity measures are strengthened to prevent any future incidents.

 

  1. After suffering at least two other hacking incidents in 2021, Acer, a Taiwanese electronics and computer manufacturer, has allegedly fallen victim to a ransomware attack, and the ransomware group, REvil, is claiming responsibility. The cybercriminals are demanding a staggering $50 million, the highest ransom on record to date. Acer is well-known for its laptops, desktops, and monitors, and employs around 7,000 people worldwide. The investigation is still ongoing, however Acer did confirm it suffered a breach. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” the company told PCMag in a statement. In another statement made to BleepingComputer, the company explained, “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity.” It’s extremely important that companies continue to stay up to date with cybersecurity regulations and best practices.  

 

  1. Oh boy, it seems like GoAnywhere just can’t catch a break! This supposedly secure web file transfer solution has been at the center of a string of breaches, and the hits just keep on coming. Let’s take a closer look, shall we?

 

In early February, Fortra – a company that offers GoAnywhere as a secure managed file transfer (MFT) product – announced that it had identified a zero-day vulnerability in the system. This vulnerability could allow attackers to remotely execute code on vulnerable systems, and it was actively being exploited. The news was first reported by journalist Brian Krebs, and it set off a chain reaction of breaches affecting multiple companies.

 

One of the latest victims to come forward is Procter & Gamble, a consumer goods company that confirmed it was impacted by the GoAnywhere incident. The company’s GoAnywhere MFT platform was compromised, and an unauthorized third party was able to obtain some information about P&G employees. Fortunately, financial and social security information was not accessed, but some data was stolen. It’s believed that the Clop ransomware gang may be behind the attack, as they previously claimed to have stolen files from over 130 organizations.

 

And now, Crown Resorts – Australia’s largest gambling and entertainment company – has also fallen victim to the GoAnywhere breaches. Their secure file-sharing server was breached using a zero-day vulnerability, and a ransomware group has claimed to have illegally obtained a limited number of Crown files. Crown Resorts is just the latest in a long list of victims, including CHS, Hatch Bank, Rubrik, the City of Toronto, Hitachi Energy and Saks Fifth Avenue.

 

It’s safe to say that the GoAnywhere breaches have had a huge impact on multiple industries, and it’s important for companies to take extra precautions when it comes to data security. Stay vigilant, folks!



In recent years, cybercrime has affected not only small businesses but also large corporations. This blog post examined several data breaches that occurred in March 2023, including those affecting Chick-fil-A, Dole Food Company, Ferrari, and Acer. These breaches have impacted the personal information of customers and employees, leading to potential risks such as identity theft and fraud. With these incidents in mind, it is crucial for individuals and companies to prioritize cybersecurity measures and remain vigilant against cyber threats. 

 

 

Why Security Assessments Are Essential

Findings discusses why security assessments are essential to your company

Security Assessments and Why They Are Essential

Security assessments are essential tools for businesses of all sizes.

They provide an important way to identify and address any vulnerabilities in networks, systems, and applications, to protect the business from potential cyber threats. This blog post will discuss the importance of security assessments and how businesses can incorporate them into their security strategy.

Why Are Security Assessments Important?

Security assessments are important for businesses because they objectively evaluate the security of their networks, systems, and applications.

They can identify potential security flaws, weak points, and risk areas and help businesses develop plans to address any vulnerabilities.

Additionally, security assessments help businesses understand the current security landscape and identify gaps in their security measures.

This can be an invaluable process for businesses, as it can help them determine any additional security measures that need to be implemented to ensure that their networks, systems, and applications remain safe and secure.

By reviewing and assessing current security measures, businesses can ensure that their policies and procedures are optimal for their organization and that their systems are as safe and secure as possible. It can also help evaluate the effectiveness of existing security measures

Types of Security Assessments

There are a variety of different types of security assessments.

Common types of assessments include penetration testing, vulnerability scanning, and application security testing.

  1. Penetration testing is a process of attempting to exploit any vulnerabilities in a system to gain access and gain further access to the system.

  2. In contrast, vulnerability scanning is a process that identifies any potential security flaws or weaknesses in a system.

  3. Application security testing is a process of testing the security of an application by analyzing the system for any potential security flaws or weaknesses.

Security assessments can also be tailored to specific needs, such as cloud security assessments focusing on the security of cloud-based systems and applications.

Why do it?

Security assessments are essential for businesses of all sizes, large and small, as they are critical in identifying and remedying potential vulnerabilities in networks, systems, and applications.

By conducting such assessments, businesses can create a comprehensive security strategy to help them keep their systems secure and protected from potential cyber threats.

Furthermore, such assessments can also provide valuable insights into potential areas of improvement, allowing businesses to remain one step ahead of any potential security risks.

You Need Automation

By automating your assessments, you can save time and money that would otherwise be spent on manual data entry and analysis.

Automation also makes it easier to quickly assess large amounts of data, which is especially helpful when dealing with complex problems or large datasets.

With automated assessment, you can also ensure more accurate and reliable results, as the software eliminates the potential for human error. Additionally, automated assessment can provide valuable insights into the data that can be used to inform your decision-making.


With Findings, digitize your assessments with ZERO effort and automate your assessment response in seconds – learn more about how Findings can help.

Why Should You Care About Your Compliance Posture?

Findings explains why businesses should care about their compliance postures.

In general, compliance means following rules made by an authority body. In practice, it means creating a program that has security controls in place to protect the confidentiality, integrity and availability of data.


Your business and customer data is valuable to cybercriminals who may use it for malicious reasons or personal gain. They could be acting on behalf of the state or an aggressive competitor interested in your trade secrets, technical data or internal communications. Or they may be motivated by money, which they make by selling your customers’ data on the dark web or holding it for ransom. 


Why is Regulatory Compliance Important?


The risk of non-compliance with cybersecurity regulations is too big to take lightly. PCI DDS breaches cost companies a minimum of $5,000 and a maximum of $100,000 per month in fines. Fines per HIPAA violation range from $100 to $50,000. If you do business in California, the state’s data privacy law – California Consumer Privacy Act (CCPA) – will apply to you provided you handle more than 50,000 consumers’ data or have an annual gross revenue of at least $25 million. Under the law, you could be fined up to $7,500 for sharing or processing certain types of employee information without their consent.  


Harsh punitive action apart, the bad publicity that accompanies data breaches can create a trust deficit among customers and make your competitors suddenly look a lot more attractive than you. Intentional or unintentional exposure of your employees’ information due to ineffective controls or training may also cause them distress. 


What Goes Into Maintaining a Strong Compliance Posture?


You’d have to create strong defensive measures for all the places where your data lives, such as systems, networks, smart devices, routers and the cloud. Here’s where industry standards and government regulations on cybersecurity come in. While there are many, not all may apply to your industry. So, the first step in creating a strong compliance posture is to identify the cybersecurity regulations you need to comply with and the cybersecurity frameworks you can adopt to reduce your cybersecurity risk. 


You’ll then have to appoint a person to manage your cybersecurity program and stay updated with compliance requirements. Large organizations have Chief Information Security Officers (CISOs), but in a medium-sized or small company, the IT Manager, CTO or COO performs this role, usually in consultation with a cybersecurity company. 


The individual is in charge of assessing risks and vulnerabilities, and implementing technical controls based on applicable cybersecurity regulations or a cybersecurity framework (e.g NIST, ISO/IEC 27001 or PCI DSS) with added technical controls to meet those regulations. They will also be responsible for implementing, in collaboration with other leaders, non-technical controls such as cybersecurity policies, procedures, audits and training, which are equally important to compliance. 


Cybersecurity requirements change. New threats emerge. The controls you have now may not stack up against new laws and evolving threats. Regularly assessing your security controls is necessary to identify security gaps due to any new risks that have emerged and enforce changes required to continue maintaining a robust compliance posture. If things appear complicated, a cybersecurity company or attorney specializing in cybersecurity compliance will prove to be a valuable ally by providing clarity on laws and recommendations on risk management.

A New Method of Attacking: Malicious Packages

Findings.co makes note of a new attack called malicious packages

It’s not always easy to spot malicious impostors posing as legit downloads. Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away anytime soon. In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.

Spotting Malicious Impostors in Open-Source Repositories

Open-source repositories are a great source of code and libraries, but malicious actors can also target them. In a recent incident, researchers uncovered a supply chain attack targeting an open-source code repository – the Python Package Index (PyPI) – that deployed information stealers on developer systems.

This attack highlighted the need for vigilance and safety measures when it comes to downloading code from open-source repositories, as malicious actors can use these code repositories to spread their malicious payloads. Developers should take extra precautions when downloading code from open-source repositories, such as scanning code for malicious content and ensuring that the code is from a trusted source. These steps can help ensure that developers are not unknowingly exposed to malicious attacks.

Attack on PyPI Repository

The attack involved six malicious packages that were inserted into the PyPI repository. The packages were designed to steal vital information from developers’ systems, such as usernames, passwords, and other sensitive data. The attack was successful since the malicious code was not detected until after unsuspecting developers had installed it.

Unfortunately, the attack was successful, as the malicious code was not detected until after developers had already installed the packages, making them vulnerable to the malicious attack. This underscores the need for heightened vigilance and vigilance against cyberattacks that target repositories and the unsuspecting public.

How to Protect Your System

Fortunately, there are ways to protect your system from malicious packages. One of the most effective methods is to use antivirus software to detect and remove malicious packages before they can cause any damage. Additionally, keep your system up to date with the latest security patches, and always download packages only from trusted sources.

Additionally, it is important to keep your system up to date with the latest security patches and only to download packages from trusted sources. This will help protect your system from malicious actors further, as they will not be able to take advantage of any security vulnerabilities present in older software versions. By following these simple steps, you can ensure that your system is well-protected from malicious packages.

Minimize Risk

Malicious packages are becoming increasingly prevalent in open-source repositories, so taking the necessary precautions to protect your system is essential. You can minimize the risk of falling victim to malicious impostors by using antivirus software, keeping your system up to date, and only downloading packages from trusted sources. Additionally, it is important to know the risks associated with using open-source repositories. Be sure to read the documentation and reviews of any package before downloading it, and be sure to keep a backup of your system in case something goes wrong. You can ensure your system remains secure and protected from malicious packages by being diligent and taking the necessary precautions.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!