.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Hedge Week: Drawbridge has continued to invest in its people, technology and customers throughout the year, working closely with clients to help them ensure security, continuity and safety during the unprecedented times that have resulted from Covid-19.
DarkReading: CyberArk tested products from multiple major security vendors, including Kaspersky, Symantec, Trend Micro, McAfee, and Check Point Software Technologies, and says it found vulnerabilities in every single one.
Cision: BitSight, the Standard in Security Ratings, and Solactive, a German index engineering firm, today released new research demonstrating that a company's cybersecurity performance is an indicator of business performance. Analysis shows that indices composed of well-performing BitSight-rated companies outperform their respective benchmarks by 1% to 2% annually. For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7% per year. The findings are an endorsement for today's introduction of the Solactive BitSight Cyber Risk Index, a financial index that will enable investors to invest in companies who are top cybersecurity performers as measured by BitSight.
Institutional Asset Manager: Cyber-enabled fraud attempts are escalating and evolving, and the current remote working environment has created additional vulnerabilities that firms need to address. The memo, produced by the SBAI’s Governance Working Group, provides guidance on key controls that help protect managers’ payment processes. It also can be used as a tool for investors to evaluate these controls during due diligence.
Security Magazine: Security teams in the financial services sector are experiencing even more exacting demands as they defend their organizations in a world under a new and unexpected threat — a global pandemic, says a new Accenture report, "2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services."
Institutional Asset Manager: Dow Jones’s risk data, including politically exposed persons (PEPs), sanctions lists and adverse media entities for the UK, Europe and the Asia Pacific, will flow through Bottomline’s cyber fraud and risk management platform. The additional intelligence will help identify internal and external threats and protect against criminal activity. The data inclusion can also help banks and corporates avoid incurring regulatory fines and reputational damage that often accompany fraud incidents by enabling them to identify suspicious transactions and stop payments fast.
The target: BrandBQ, a European fashion retailer.
The take: 7 million customer records of personally identifiable information including: full names, email addresses, home addresses, date of birth, phone number, and payment records.
The attack vector: The data was exposed on an unencrypted and unsecured Elasticsearch server meaning anyone with an internet connection could have found the information and downloaded a copy. Along with customer information, an additional 50,000 records of relating to contractors who worked with BrandBQ were also stored on the server, exposing their purchase information and correspondence. Further mixed in were API logs relating to their mobile app, greatly increasing the range of possible exposure to over 500,000 affected users.
Credential management and proper security around storage of data is critical for every business. In this case, the mixing of data all kept in one place compounded the severity of the breach as not only were BrandBQ’s customers made into vulnerable phishing targets, but their contractors are now also extremely susceptible to Business Email Compromise scams.
Reuters: Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.
National Post: America’s top law enforcement agents and spies are teaming up under one roof as part of a new federal strategy to fight foreign hackers, senior FBI officials said in an interview.
Financial Post: Anthem Inc said it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy