.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
Forbes: Cybersecurity is important for SaaS companies, both to comply with industry standards and to protect their businesses. Companies that still use legacy systems to host a product, application or service on their premises run additional risks, which include cyber breaches, loss of confidential data and intellectual property, and potential damage to customer relationships caused by noncompliance.
The Target: ENC Security, Netherlands based data-encryption firm.
The Take: Exposure of security keys for various firm applications and software including: SMTP credentials for sales channels, Ayden, the firm’s single payment platform, email marketing Mailchimp APIs, licensing payment APIs, and public and private keys.
The Vector: A misconfigured data server was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data.
This breach is critical reminder that authentication controls are an important piece in an overall robust cybersecurity posture and furthermore, that such precautions must in place in all third-party vendors that have access to a firm’s data. Multi-factor authentication and password length and complexity rules are effective strategies to mitigate these kinds of breaches to protect a firm’s data.
Forbes: The cyber threat landscape has grown increasingly specialized and more challenging for organizations to defend against on their own.
The Guardian: Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.
Yahoo News: The UK’s cybersecurity laws will be updated to require outsourced IT providers to meet security standards as part of efforts to better protect supply chains, the Government has announced.
Bleeping Computer: As revealed in a report published earlier this month, the KmsdBot malware behind this botnet was discovered by members of the Akamai Security Intelligence Response Team (SIRT) after it infected one of their honeypots.
Reuters: A warning from Crowdstrike Holdings Inc (CRWD.O) that clients were cutting back on spending and delaying purchases due to an economic slowdown slammed cybersecurity stocks, inflicting fresh pain on the battered sector.
Forbes: The whole point of a merger or acquisition (M&A) is to combine the resources of two organizations to take advantage of economies of scale. It can be a strong recipe for corporate success, yet cybersecurity often takes a back seat in the quest to boost profits and trim costs.
Dark Reading: As the US economy has tightened, the venture capital and acquisition landscape has quickly shifted to become a buyers' market, with startups failing to command the high valuations that were common in past years.
The Target: DraftKings, a U.S based sports betting website.
The Take: $300,000 USD of customer funds.
The Vector: Via a credential stuffing attack, where user passwords that have been exposed elsewhere were also used as a login for DraftKings, enabled attackers to login and steal the funds.
This breach is a stark reminder of how critical authentication controls are in an overall robust cybersecurity posture. Credential stuffing attacks can be avoided by enforcing multi-factor authentication and reasonably paced password resets. It is important to employ effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy