.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
Institutional Investor: Traditional asset managers, hedge funds, and private equity firms are spending billions to protect against hackers and cybersecurity attacks. But public pension plans, which are often understaffed and underfunded, are among the most vulnerable. Still, no matter how much is spent to protect vulnerable systems, the breaches often involve simple ruses.
The target: Portpass, a private proof-of-vaccination mobile application.
The take: Exposure of potentially 650,000 records of personally identifiable information including: email addresses, names, blood types, phone numbers, birthdays, and driver's licences
The attack vector: Portpass stored user profiles on their website, accessible to the public, which exposed the above information to anyone visiting the site. This data not encrypted and was stored as plain text.
Use of industry standard authentication protocols is an integral part of maintaining a rigorous cybersecurity posture, and it is critical to employ robust practices of credential management, user authentication and validation, around all points of access, especially public facing ones, in a firm’s IT network. This breach also highlights the important of encryption as a method to improve the security of stored data, which can still protect the exposed information.
Legal Reader: The institutions offering financial services are 300 times more exposed to the threat of cyber criminals. According to the latest survey of KPMG Business Instincts, many C-suites are always at the risk of some form of cyber-attack due to low technology investment. If the companies continue overlooking the pressing and rising concern surrounding cyber security, they are at risk of losing everything.
O' Canada: Apple Inc ramped up its criticism of EU draft rules that would force it to allow users to install software from outside its App Store, saying that would boost the risk of cybercriminals and malware.
CTV News: Russia was not invited to attend a 30-country virtual meeting led by the United States that is aimed at combating the growing threat of ransomware and other cyber crime, a senior administration official said.
Business Wire: During the Covid-19 crisis, another outbreak took place in the cyber space: a digital pandemic driven by ransomware. In a new report, cyber insurer Allianz Global Corporate & Specialty (AGCS) analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.
Yahoo: As most Americans are still learning about the hacking-for-cash crime of ransomware, the nation’s top homeland security official is worried about an even more dire digital danger: killware, or cyberattacks that can literally end lives.
Cayman Compass: With Cayman’s economic stability now heavily vested in financial services, as tourism remains closed, keeping assets ‘cyber secure’ within that industry and within government is not just a reputational concern, but crucial to the country’s very survival.
ABC News: Businesses hit by cyber attacks will be required to report the incidents to federal authorities, as new specific offences for criminals operating online are announced by the Federal Government.
The target: Twitch.tv, a U.S based video game streaming service.
The take: Exposure of 125GB of information including source code and commit history dating back to the company’s founding, creator payout revenue from 2019 to 2021, their internal cybersecurity tool NOC tool, and which AWS services they use.
The attack vector: A misconfiguration error left one of its servers exposed, allowing the attacker to gain access to the server and exfiltrate the data of some 6000 repositories of firm storage.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy