learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      To Make US more Cyber-resilient, Government and Business Need Far Greater Collaboration

      2022-08-04

      The Hill: Cybercrime is now so ubiquitous that the question is not when an attack will occur on a business, individual, or government — It’s whetherthe victim is resilient enough to deal with the consequences.

      Read more...

      Tory Leadership Contest Ballot Papers Delayed Over Security Fears

      2022-08-04

      BBC: The party said it had changed its plans for the contest, which will decide the next prime minister, after consulting with security agency GCHQ.

      Read more...

      UK Provisionally Approves $8.1B NortonLifeLock-Avast Merger, Citing Competition from Microsoft

      2022-08-03

      Tech Crunch: The U.K.’s Competition and Markets Authority (CMA) has provisionally greenlighted the proposed $8.1 billion merger of cybersecurity companies NortonLifeLock and Avast, with Microsoft emerging as an unlikely ally as the two companies seek to push the deal over the line.

      Read more...

      Solana Wallets Targeted in Latest Multimillion-Dollar Hack

      2022-08-02

      Coin Desk: The Solana ecosystem appears to be the victim of crypto’s latest exploit, with users reporting their funds have been drained without their knowledge from major internet-connected “hot” wallets including Phantom, Slope and TrustWallet.

      Read more...

      State of Cybersecurity Funding in the First Half of 2022

      2022-08-02

      Help Net Security: As the stock market dropped more than 20% in 2022 and prices rise at the pump and grocery store, there are some markets that have shown their ability to weather the storm and retain strong demand and growth even amongst broader market turmoil. One example of this: the cybersecurity market

      Read more...

      NYDFS Proposes Significant Changes to Its Cybersecurity Rules

      2022-08-01

      Debevoise & Plimpton: On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Part 500 Cybersecurity Rules, which include a mandatory 24-hour notification for cyber ransom payments, annual independent cybersecurity audits for larger entities, increased expectations for board expertise, and tough new restrictions on privileged accounts.

      Read more...

      Know Your Breach: Entrust

      The Target: Entrust, a digital cybersecurity firm focused on identity management.

      The Take: Sensitive corporate internal data from Entrust’s own IT systems.

      The Vector: The attacker used previously compromised Entrust employee credentials to access their internal systems, posing as an authenticated user. 

      This breach is a critical reminder of the importance of credential authentication and password hygiene. Enforced multi-factor authentication could have prevented the Entrust breach, and enforcing this multi-factor authentication, along with reasonably regular forced password resets, password length and complexity rules, are effective strategies to mitigate these kinds of breaches.

      Read more...

      5 Best Practices to Ramp Up Cybersecurity At Private Equity And VC Firms

      2022-07-27

      Forbes: Private equity (PE) and venture capital (VC) firms have become prime targets for cyberattacks. Perhaps unsurprisingly, cybercriminals tend to gravitate toward money, and there’s a lot of it in private equity. The numbers are mind-boggling: The average midmarket fund encounters more than 10,000 cyberattacks daily.

      Read more...

      Average Data Breach Costs Hit a Record $4.4 Million, Report Says

      2022-07-27

      CNet: The average cost of a data breach rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020.

      Read more...

      LockBit Claims Ransomware Attack on Italian Tax Agency

      2022-07-26

      Bleeping Computer: Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate).

      Read more...