shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Casio

      The Target: Japanese electronics manufacturer Casio.

      The Take: The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.

      The Vector: Casio detected the incident on Wednesday, October 11, 2023, following the failure of a ClassPad database within the company's development environment. Evidence suggests that the attacker accessed customers' personal information a day later, on October 12, 2023.

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      How Much Cybersecurity Expertise Does A Board Need?

      2023-10-25

      CSO: Whether a specific requirement or not, companies must either educate their board of directors in cybersecurity and risk management or look to recruit directors with specific cybersecurity experience to improve organizations response and decision-making.

      Read more...

      Tikehau Capital Launches The New Vintage of Brienne, its Flagship Private Equity Cybersecurity Strategy

      2023-10-25

      Business Wire: The focus of this next vintage will be on seizing European opportunities and supporting companies with significant global B2B scalability potential. It aims to invest ticket sizes ranging from €10 million to €50 million, including reinvestments, thus offering the potential for substantial backing to companies poised to redefine the cybersecurity landscape.

      Read more...

      September Was a Record Month For Ransomware Attacks in 2023

      2023-10-24

      Bleeping Computer: Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.

      Read more...

      Censys Lands New Cash to Grow its Threat-Detecting Cybersecurity Service

      2023-10-24

      TechCrunch: Investments in cybersecurity companies are beginning to turn a corner, seemingly. After a brutal summer, VC funding to security startups saw a slight (12%) uptick from Q3, according to Crunchbase — reaching nearly $1.9 billion compared to $1.7 billion in the second quarter.

      Read more...

      Microsoft to Help Australia’s Cyber Spies Amid $5 Billion Investment in Cloud Computing

      2023-10-23

      The Guardian: Microsoft says it will invest an additional $5 billion in Australia over the next two years to expand hyperscale cloud computing capacity while collaborating with the Australian Signals Directorate (ASD) to boost domestic protection from cyber threats.

      Read more...

      Okta Cybersecurity Breach Wipes Out More Than $2 Billion In Market Cap

      2023-10-23

      CNBC: Okta has shed more than $2 billion from its market valuation since the company disclosed a hack of its support systems. The high-profile incident is the latest in a string of incidents that have been tied to Okta or its products, including a spate of intrusions at casinos that crippled Las Vegas hotel rooms for days.

      Read more...

      Fighting Cyberattacks Requires Top-Down Approach

      2023-10-23

      Chief Investment Officer: Mitigating cybersecurity threats requires organizations to reassess their approach to technical vulnerability, advised an internet security expert and author at the “Cybersecurity Threats and Concerns: An Overview” session of CIO’s Cybersecurity livestream on October 12.

      Read more...

      Know Your Breach: D.C. Board of Elections

      The Target: The District of Columbia Board of Elections (DCBOE) operates as an autonomous agency within the District of Columbia Government and is entrusted with overseeing elections, managing ballot access, and handling voter registration processes.

      The Take: This dataset includes the individual's name, registration ID, voter ID, partial Social Security number, driver's license number, date of birth, phone number, email, and more.

      The Vector: DCBOE’s investigation into the claims has revealed that the attackers accessed the information through the web server of DataNet, the hosting provider for Washington D.C.'s election authority.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and more critically, ensuring these controls are in place on all third-party vendors which have access to a firm’s data.

      Read more...

      "Cybersecurity in the Cloud Era: Financial and Operational Impacts Decoded"

      2023-10-19

      PR Newswire: Measured Analytics and Insurance, the AI-powered cyber insurance provider to small and midsize enterprises (SMEs), introduced its latest white paper, "Cybersecurity in the Cloud Era: Financial and Operational Impacts Decoded."

      Read more...

      Cybersecurity Funding Sees Slight Bounce Back From Q2, But Still Down From 2022

      2023-10-19

      Crunchbase: Venture funding to cybersecurity startups in the third quarter saw a slight uptick from Q2, but was still down 30% year to year. According to Crunchbase data, cybersecurity startups raised nearly $1.9 billion through 153 deals announced in Q3, a 12% increase from the $1.7 billion raised in 181 deals the previous quarter. 

      Read more...

      Cybersecurity Software Provider SecureW2 Raises $80 Million From Insight Partners

      2023-10-19

      Verdict: Cybersecurity software-as-a-service (SaaS) company SecureW2 has raised $80m in funding from Insight Partners. SecureW2 is engaged in offering a suite of passwordless security software solutions, with headquarters in the Netherlands and regional hubs in the US and India.  

      Read more...

      Top 5 Questions to Cover on Cybercrime When Looking at Equity Investing

      2023-10-17

      PR Newswire: In today's digital age, the threat of cybercrime looms large over businesses and individuals alike. The need for robust cybersecurity solutions has never been more critical as the world becomes increasingly interconnected. 

      Read more...

      UAE, US Partner to Bolster Financial Services Cybersecurity

      2023-10-17

      Dark Reading: The US Treasury Department and the Cyber Security Council of the United Arab Emirates have agreed to share more information on cybersecurity threats and incidents affecting the financial services industry.

      Read more...

      CSC Report Highlights Cybersecurity Threats .AI Domains Pose

      2023-10-17

      Security Boulevard: An analysis published by CSC found 43% of Forbes Global 2000 companies do not have control over their branded artificial intelligence (.AI) domain names that have instead been registered by third parties.

      Read more...

      The Cyber AI Dilemma—And What It Means For The Cybersecurity Industry

      2023-10-16

      Forbes: Ever since OpenAI released ChatGPT last year and DALL-E the year before, there has not only been an explosion in the amount of AI tools available for general consumption, but AI also transitioned from being perceived as largely academic or some magic employed by Big Tech to a family dinner conversation topic.

      Read more...

      Know Your Breach: 23andMe

      The Target: DNA testing company 23andMe.

      The Take: The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.

      The Vector: The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.

      This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

      Read more...

      Half of Canadian SMBs Say Keeping on Top of Cybersecurity Threats is Their Biggest Challenge

      2023-10-12

      GlobeNewswire: Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), released a new report, Cybersecurity for SMBs: Navigating Complexity and Building Resilience.

      Read more...

      Cybersecurity Should be a Business Priority for CEOs

      2023-10-12

      Help Net Security: 60% of CEOs said their organizations don’t incorporate cybersecurity into business strategies, services or products from the outset, and 44% believe cybersecurity requires episodic intervention rather than ongoing attention.

      Read more...

      SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms

      2023-10-12

      SecurityWeek: The new Seed Fund I brings the firm’s total assets under management to more than $600 million. The final closing is expected for later this quarter. 

      Read more...

      Economic Challenges Tighten CISO Compensation: IANS Study

      2023-10-10

      CSO: The ongoing economic challenges are severely impacting CISOs, many of whom are struggling to get any salary hikes at all while new job postings for the role are on a decline, according to an IANS study.

      Read more...

      The Cybersecurity Paradox: Keeping Data Both Secure And Accessible

      2023-10-10

      Forbes: In the fight to keep hackers out of your network and applications, a robust cybersecurity program focuses a lot on access management and authorization. 

      Read more...

      Arctic Wolf Acquires Cybersecurity Automation Platform Revelstoke

      2023-10-10

      TechCrunch: Arctic Wolf, a cybersecurity company that’s raised hundreds of millions of dollars in debt and equity, announced that it plans to acquire Revelstoke, a company developing a security orchestration, automation and response (SOAR) platform, for an undisclosed amount.

      Read more...

      Gutsy Gains $51M Seed Round, One Of Cybersecurity’s Largest This Year

      2023-10-10

      Venture Beat: Emerging from stealth today with one of cybersecurity’s largest-ever seed rounds of $51 million, startup Gutsy’s vision is to revolutionize security governance through process mining. 

      Read more...

      Know Your Breach: Really Simple Systems

      The Target: Cloud customer relationship management (CRM) software provider Really Simple Systems.

      The Take: Personally identifiable information (PII), including medical records, identification documents, real estate contracts, credit reports, legal documents, tax documents, and non-disclosure agreements.

      The Vector: Cybersecurity Researcher, Jeremiah Fowler, discovered and promptly notified Really Simple Systems about a non-password-protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customer’s stored CRM files.

      While some immediate corrective actions were implemented, specific folders remained open for an extended duration before their access was limited. This incident highlights the pressing requirement for strong password encryption measures to protect customer data and thwart unauthorized access to sensitive information.

      Read more...

      CEOs Lack Confidence in Their Organizations’ Ability to Protect Against Cyberattacks

      2023-10-05

      Business Wire: Three-quarters (74%) of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack—despite the fact that 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to a new report from Accenture (NYSE: ACN).

      Read more...

      BlackBerry Plans IPO for Its Internet of Things Business

      2023-10-04

      BNN Bloomberg: BlackBerry Ltd., wrapping up a strategic review of its options, plans to hold an initial public offering for the company’s Internet of Things division, separating the business from its main cybersecurity operations. 

      Read more...

      Cybersecurity Breaches at UK Pensions Soar More Than 4,000% in 1 Year

      2023-10-03

      Chief Investment Officer: Cybersecurity breaches reported by British financial services companies more than tripled in the 12-month period ending June 30, with the pension sector reporting the biggest increase at 4,000%, according to research from international law firm Reynolds Porter Chamberlain.

      Read more...

      New SEC Cyber Rules to Push Publics and Their Third Parties to Strengthen Programs

      2023-10-03

      PR Newswire: Following the Securities and Exchange Commission's (SEC) adoption of new rules for cybersecurity risk management, strategy, governance, and incident disclosure by public companies, 64.8% of public company executives say their organizations will strengthen their cybersecurity programs, according to a new Deloitte poll.

      Read more...

      Strategic Cyber Ventures Backs Evo Security with a $1M Investment for Identity and Access Management Cybersecurity Solutions Tailored for MSPs

      2023-10-03

      PR Newswire: Strategic Cyber Ventures, a leading cybersecurity-focused venture capital firm, is excited to announce a $1 million dollar investment into Evo Security's latest funding round. Evo Security builds enterprise-grade identity and access management products tailored for IT Managed Service Providers (MSPs).

      Read more...

      TPG Completes Acquisition of Forcepoint Global Governments and Critical Infrastructure Cybersecurity Business from Francisco Partners

      2023-10-03

      Business Wire: Global security leader Forcepoint today announced the completed acquisition of the company’s Global Governments and Critical Infrastructure (G2CI) cybersecurity business by TPG, a global alternative asset management firm.

      Read more...

      How Private Equity Firms Can Protect ‘Treasure Trove’ From Digital Threats

      2023-10-03

      Chief Investment Officer: Cybersecurity risks are omnipresent. September’s hack of MGM Resorts International and Caesars Entertainment showed just how vulnerable companies can be, no matter how large or small.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates