Barron's: Wilson would grow up to lead first the National Security Agency’s counterterrorism mission, and later its cyber-exploitation mission. Currently Morgan Stanley Wealth Management’s cybersecurity chief, Wilson talks with Barron’s Advisor about how fraudsters are trying to gain an edge in data theft and how advisors can stay a step ahead. And she reveals how a bunch of cybercriminals “in a basement somewhere in Tehran” drew her to Wall Street.
Independent.IE: Chinese hackers with a history of state-sponsored espionage have intercepted the text messages of thousands of foreigners in a targeted campaign that planted eavesdropping software on a telecommunications provider’s servers, a cybersecurity firm has said.
Global News Wire: Willis Towers Watson (NASDAQ: WLTW), a leading global advisory, broking and solutions company, has launched three new cyber insurance policies for clients across the U.S., Canada, the U.K. and Western Europe. The policies provide innovative, tailored solutions for large enterprise and mid-market clients, enabling them to fully assess, protect and recover losses related to cyber risk.
Tech Crunch: There are two types of enterprise startups: those that create value and those that protect value. Cybersecurity is most definitely part of the latter group, and as a vertical, it has sprawled the past few years as the scale of attacks on companies, organizations, and governments has continuously expanded.
Reuters: A cyber attack on Asian ports could cost as much as $110 billion, or half the total global loss from natural catastrophes in 2018, a Lloyd’s of London-backed report said.
Dark Reading: According to its annual "State of Enterprise Risk Management" report, ISACA found that 29% of the 4,625 risk managers polled identify cybersecurity at the top threat to their business, while 15% consider reputational risks and 13% name financial dangers as most critical...
ZDNet: In total, roughly three million records were exposed, revealing the names, telephone numbers, email addresses, and cities where clients were registered.
The target: Imperva, cyber-security firm based out of California.
The take: A complete copy of their customer information database.
The attack vector: Imperva uploaded a snapshot of its customer database for testing. However, in an unrelated incident, they left one of their internal systems publicly accessible on the internet from which the attacker stole key to the recently uploaded database. Using the key, the hacker was able to download a copy of the customer information.
After Imperva adopted cloud technologies to scale their infrastructure to meet increasing needs, they failed to account for the increased risk of this strategy. Cyber-security diligence applies at all levels of scale including times of expansion and investment in new technology.
The Guardian: Thousands of reports of cybercrime were quarantined on a police database instead of being investigated because software designed to protect the computer system labelled them a security risk.
Cision: A pan European survey of almost 600 successful businesses* has revealed that 61% of business leaders on the board of their company believe that in the war against cybercrime the hackers are more sophisticated than the software developers.
Institutional Investor: Hackers breached the official email accounts of investment executives at the Kansas University endowment and Community Foundation of Texas late last month. This week, attackers hit hedge fund Arena Investors, sending a malicious phishing email from its chief operating officer’s address.
Asian Investor: With cybersecurity challenges set to keep mounting, investing into the area seems a sensible move, not least because it offers asset owners a potential inside track to protecting themselves.
But Asia-based investors looking to do so face several hurdles, in addition to the high current valuations, something Singapore state investor Temasek is well aware of.
**Article may require free sign-in to read**
NCSC: The National Cyber Security Centre (NCSC) has defended the UK against more than 600 cyber attacks in the past year – bringing the total number to almost 1,800, new figures show.
Europol: Europol and Palo Alto Networks have signed a Memorandum of Understanding (MoU) to expand their collaborative efforts in combating cybercrime and working together to make cyberspace safer for citizens, businesses and governments.
Homeland Security News Wire: Companies interested in protecting themselves and their customers from cyber-attacks need to invest in themselves and the vendors that handle their data, according to new research from American University.
The target: FireEye, a publicly traded cybersecurity company in California.
The take: Corporate documents, details on client contracts and licenses, and personal login credentials.
The attack vector: Attackers used credentials exposed in public data breaches to access the personal accounts of a security analyst employed by FireEye. Once his accounts had been compromised, they were able to exploit his business use of those personal accounts to obtain sensitive information belonging to his employer.
On an individual level – this attacks highlights the importance of changing passwords and rotating credentials, particularly in the wake of a publicized credential breach. At the firm level - once confidential and sensitive information leaves a firm’s information systems, it’s completely outside of their control. Security policies must reflect zero tolerance for use of personal accounts to communicate on behalf of the firm or store/transfer sensitive and proprietary information.
Asian Investor: Cyber criminals continue to develop a variety of smart tools to plot hacking schemes and data breaches in today’s intricately connected digital world, in which almost everyone’s data is stored, processed and accumulated. Anybody can become a target.
**Article may require free sign-in to read**
ZDNet: Ensuring an organisations suppliers and supply chain are well protected is now one of the key features of cybersecurity strategy because your company's defences rely on suppliers further down the chain.
Reinsurance News: While 95% of respondents to Aon’s Global Pension Risk Survey 2019 said their schemes had not been affected by cybercrime, a handful confirmed that they had been, and analysts expect this number to increase.
Gulf News: SWIFT is the leading provider of secure financial messaging services. SWIFT CSP is an initiative aimed at reinforcing the overall security of the global banking system by improving information sharing throughout the community, enhancing SWIFT-related tools for customers, sharing best practices for fraud detection and enhancing support by third party providers.
Financial Review: The cybersecurity company will open offices in Sydney and Melbourne with a starting presence of five full-time employees, led by former Symantec and Linksys executive Stephanie Boo, the firm's Asia-Pacific managing director.
ZDNet: It is unclear how today's Sophos acquisition will impact plans to buy McAfee, but the two companies -- Sophos and McAfee -- are classic rivals on the cyber-security market and share a product portfolio, so the door seems to have closed on the McAfee deal.
The target: Malindo Air, a Malaysian subsidiary of Indonesia’s Lion Group
The take: Approx. 35 million passenger records, including names, emails, addresses, passport numbers/expiration dates.
The attack vector: Two former employees of a subcontracted e-commerce provider were identified as having “improperly accessed and stole the personal data of our customers.” Malindo Air reiterated that their external controls were not breached and that “services and infrastructure worked as designed and were not compromised in any way.”
Malicious insiders are unfortunately common sources of data breaches, and internal controls and oversight must be put in place to ensure that data is being handled appropriately by both direct employees and subcontracted staff.
Property Funds World: A survey commissioned by Drooms, a provider of secure cloud solutions, found more than two in five (41 per cent) real estate professionals in Europe believe their industry is unprepared to deal with cyber-attacks.
CSO: With volumes of cybersecurity insurance claims surging, businesses need to be more careful than ever about what their policies do and don’t cover, according to an academic who warned that insurers are becoming more mercenary in their interpretations of cyber events.
ZDNet: "Attackers are compromising these enterprise networks in order to access data and eventually the networks of their clients," the National Cybersecurity Agency of France, known locally as ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information), said in a technical report.
Pensions & Investments: In the survey of 531 retirement plan advisers at the NAPA 401(k) Summit in April, 35% of respondents ranked the issue of client retention "very important" compared with 24% the previous year when NAPA first conducted the survey. Thirty-five percent also ranked cybersecurity as very important. Cybersecurity was not included as an option in the 2018 survey.
Forbes: U.S. companies have been abuzz about compliance requirements with the European Union’s (EU) Global Data Protection Regulation (GDPR), which became effective May 25, 2018. The GDPR was so scary because the enforcement provisions allowed fines up to 2-4% of total global turnover.
City A.M.: The UK boss of an unnamed energy firm was tricked into transferring the money following a phone call from that appeared to come from his boss at the German parent company, the Mail on Sunday reported.
The target: Philips Capital Inc, a Chicago-based brokerage firm.
The take: $1 million USD from a client account.
The attack vector: Attackers gained access to internal systems via a successful phishing attempt and impersonated a client of the firm using information they’d gained from reviewing past e-mail correspondences. Gaps in disbursement procedures allowed a requested wire transfer to an unknown bank account to be approved and processed.
While technical controls can protect against cyber-attacks, they cannot always compensate for gaps in procedure and a failure to think critically.
The Moscow Times: The personal details of millions of Sberbank customers may have been leaked, in what would be the largest-ever data breach in Russian banking, according to cyber security experts.
Analysts at cybersecurity firm DeviceLock found personal information relating to up to 60 million Sberbank credit card holders for sale on the black market. They were able to analyse the data of around 200 supposed customers — provided to them by the seller — and verified their authenticity.
The Times of Israel: A leading Israeli cybersecurity company found that a series of cyberattacks against Egyptian journalists, academics, opposition politicians and rights activists was likely perpetrated by the Egyptian government.
Business Wire: The accolade is based on an online peer-review survey in which investors, hedge fund managers and service providers are invited to elect a “best in class” in a variety of categories. The recognition comes on the heels of Align ranking 122 on the Top 200 Managed Security Services Providers (MSSPs) of 2019. The firm was also highly commended for “Best Use of Cloud Technology” in the HFM US Service Awards.
ABC News: One email was all it took for hackers to steal some of the most personal information from people potentially now in high-ranking roles across the globe.
The cyber attack was so sophisticated it didn’t even need the person to click on a link or open a document to compromise decades worth of private information.
McKinsey: In 2018, the World Economic Forum noted that fraud and financial crime was a trillion-dollar industry, reporting that private companies spent approximately $8.2 billion on anti–money laundering (AML) controls alone in 2017. The crimes themselves, detected and undetected, have become more numerous and costly than ever. In a widely cited estimate, for every dollar of fraud institutions lose nearly three dollars, once associated costs are added to the fraud loss itself.
Hubbis: The first key observation raised by the discussion was the acknowledgement of the potential for poor risk culture to contribute to occurrences of cyber incidents. Members of the Cyber Security Advisory Panel (CSAP) advised that the board and senior management of financial institutions should set clear expectations for cyber risk culture, and subsequently monitoring and assessing how well the desired risk management culture is operating across the organisation.