.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Reuters: Standard Chartered Plc (STAN.L) is the first major global bank to tell employees not to use Zoom Video Communications Inc (ZM.O) during the coronavirus pandemic due to cybersecurity concerns, according to a memo seen by Reuters.
Insurance Business: C-suite executives will increasingly be targeted as cyber criminals look for ways to extort money from large corporations, according to a new report from cyber analytics provider CyberCube.
IT News: A report on the ‘Commonwealth cyber security posture in 2019’ [pdf], released as Australia headed into the Easter weekend, provided a detailed breakdown of incidents that impacted Commonwealth (or federal) entities last calendar year, though it does not disclose which entities were victims.
Dark Reading: As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
The target: General Electric, a Fortune 500 technology firm
The take: Personally identifiable information and documentation of current and former employees, as well as their beneficiaries – including direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, child support orders, and many others.
The attack vector: While their own systems were not compromised, GE were notified by a service provider of a breach affecting their data. Canon Business Process Services reported that one of their employee’s email accounts was breached by an unauthorized party for a period of just under two weeks in February of this year. This employee had processed data on behalf of GE and the attackers gained access to a litany of confidential information.
Service provider relationships continue to pose increasing challenges for firms in today’s security landscape, as subcontracted entities may handle a firm’s sensitive data – be that business-critical data or the PII of their employees. A firm is ultimately responsible for their data regardless if they or a subcontractor are the ones handling it, and as such, a firm’s own security controls must follow that data and extend to third party processors.
ZDNet: Elon Musk's SpaceX has banned employees from using video-conferencing app Zoom over "significant privacy and security concerns", according to a memo seen by Reuters.
In response to these concerns, Zoom has announced it is immediately freezing feature development for 90 days to improve security and privacy and will conduct a third-party security review.
Dark Reading: A recent lawsuit filed regarding the infamous 2017 Equifax data breach revealed that the company was using "admin" as a username and password to protect sensitive data from 147 million customers — even though this password has been exposed through data breaches almost 50,000 times, according to the Have I Been Pwned database.
Tech Crunch: As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of growth funding.
Hedgeweek: Drawbridge Partners, a cybersecurity software and services firm specialising in the needs of hedge fund and private equity managers, has appointed Simon Eyre as Managing Director overseeing the European market.
Dark Reading: Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how to protect their employees — as well as their communities as a whole.
