learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: TronicsXchange

The target: TronicsXhange, a California-based electronics retailer

The take: 80,000 images of personal identification cards and 10,000 fingerprint scans. Information included: driver license number, full name, birthday, home address, gender, hair and eye color, height and weight, and a photo of the individual. 

The attack vector: The breach occurred when an unsecured Amazon S3 bucket was discovered online even after the company had ended its operation. The database was connected with no password protection meaning anyone who found the correct URL could access and freely download the data. 

The breach is serious as the sensitive information stored could lead to severe cases of fraud. Asset management is a critical procedure for any company, and the fact that this server was kept online even after the company had supposedly closed its doors for business highlights the extreme importance of proper decommissioning procedures to ensure sensitive information is securely destroyed or taken offline.

Read more...

The UK's New Offensive Cyber Unit Takes On Organised Crime and Hostile States

2020-11-19

ZDNet: A new offensive force made up of spies, cyber experts and the members of the military is already conducting cyber operations to disrupt hostile state activities, terrorists and criminals, the UK government has revealed.

Read more...

Cybercrime to Cost the World $10.5 Trillion Annually By 2025

2020-11-18

Yahoo Finance: Cybersecurity Ventures predicts global cybercrime costs will grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015. This prediction is part of a special report conducted by Cybersecurity Ventures and sponsored by INTRUSION, Inc.

Read more...

Canada Names China, Russia As Main Cyber-crime Threats; Sees Risk to Power Supply

2020-11-18

Reuters: Canada on Wednesday identified state-sponsored programs in China, Russia, Iran and North Korea as major cyber crime threats for the first time, and said it feared foreign actors could try to disrupt power supplies.

Read more...

Trump Fires Head of Election Cybersecurity Who Debunked Conspiracy Theories

2020-11-18

NBC News: Krebs, the director of the Cybersecurity and Infrastructure Security Agency, or CISA, has been the target of public criticism from Trump since the Nov. 3 election over his agency's Rumor Control blog, which rebuts a list of false claims about election fraud and hacking — many of which Trump or his lawyers have touted as real after he lost the election.

Read more...

Department of Financial Services to Help New York Small Businesses Improve Cybersecurity

2020-11-17

My Twin Tiers: The New York State Department of Financial Services has announced their partnership with Global Cyber Alliance to help bring a “cybersecurity toolkit” to small businesses in the State. The DFS stated that this partnership is following many small businesses switch to online and remote work during the COVID-19 pandemic.

Read more...

Growth In Cybersecurity Has Been Accelerated By Covid-19 - But Will It Last?

2020-11-17

Investment Week: The worm damaged about 6,000 computers, representing - at the time - roughly 10% of the entire internet. Over the ensuing decades, computing and connectivity would become even more ubiquitous, as how we work and play increasingly went online; and where, the combination of chips and sensors would become the very fabric of our how we live our lives.  

Read more...

Cybercriminals Use Cloud Technology to Accelerate Business Attacks

2020-11-16

Cision: Trend Micro Incorporated, the leader in cloud security, has identified a new class of cybercrime. Criminals are using cloud services and technology to speed up attacks, which decreases the amount of time enterprises have to identify and respond to a breach.

Read more...

Know Your Breach: Vertafore

The target: Vertafore, a U.S based insurance provider. 

The take: 27.7 million records of personally identifiable information including: driver license numbers, first and last names, date of birth, address, and vehicle registration history. 

The attack vector: Three database files containing the above information were placed, through human error, on an unsecured external, third-party storage service with no authorization access. Meaning anyone with an internet connection had the ability to access and download the data.

This breach highlights the importance of robust cybersecurity protocols and processes. Rigid steps around the transfer andmovement of data is needed to ensure maximum protection of sensitive information, with multiple checks to verify that the destination of the information is secure and expected safeguards are in place. When data is moved, the proper controls commensurate with the sensitivity of the data must travel with it.

Read more...

12 Cybersecurity CEOs On What Each Learned Leading During the Pandemic

2020-11-12

Forbes: How each cybersecurity CEO responds to the challenges of keeping employees safe, customers secure and product release cycles on schedule while still achieving customer success – all virtually – provide valuable insights into leading a company during difficult times. Simon Biddiscombe, CEO of MobileIron, exemplifies the empathy all CEOs interviewed have for their employees' welfare. "My first priority when the pandemic hit was to protect the health and safety of our employees, yet still maintain an "always-on business" for our customers," Simon mentioned during a recent interview.

Read more...