.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
CNBC: In a new proposed settlement, the Federal Trade Commission is seeking to hold a tech CEO accountable to specific security standards, even if he moves to a new company.
The Target: Microsoft, one of the world’s leading computer hardware and software companies.
The Take: Exposure of Personally Identifiable Information belonging to over 65,000 business entities. The data included: names, email addresses, email content, company name, phone numbers, Statement of Work documents, product offers, and more.
The Vector: A misconfigured Microsoft server was accessible over the internet to anyone with a connection.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture, including maintaining correct access configurations. In addition, multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s data.
The Guardian: The US secretary of state visited Silicon Valley this week, on a trip that experts say highlights the Biden administration’s growing concerns over cybersecurity and officials’ push to collaborate more closely with the US’s powerful tech industry.
Dark Reading: Banco Santander, one of the largest banks in the world with over 157 million customers, and Forgepoint Capital, one of the world’s leading venture capital firms focused on cybersecurity, announced today a strategic alliance to drive cybersecurity investment and innovation globally.
Infosecurity: The global cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million more workers needed to secure assets effectively, according the (ISC)2 2022 Cybersecurity Workforce Study.
ZDNet: While Google, Microsoft and Apple roll out passwordless passkey functionality for their platforms, most people are still dependent on passwords.
U.S. News: Australia's biggest health insurer said a criminal had apparently stolen customers' medical information as part of a massive breach of data, fuelling concern about a wave of high-profile cyber attacks.
Global News: A new research report says federal cybersecurity legislation is so flawed it would allow authoritarian governments around the world to justify their own repressive laws.
Dark Reading: A new survey shows Generation Z and millennials, younger workers who have grown up as digital natives, are surprisingly more careless about their employer's cybersecurity than their senior Gen X and baby boomer colleagues.
The target: Optus, an Australian Telecommunications company
The take: Personal information for up to 10 million customers, including names, email addresses, postal addresses, phone numbers, dates of birth, and some passport numbers, driver’s license numbers and Medicare numbers.
The attack vector: Reports suggest that an application programming interface (API) was exposed to the public internet and did not enforce any kind of authentication to access customer data.
Where sensitive data is handled, controls must be put in place to authenticate access, and verify an individual’s authorization to access that data. Failing to ensure that such access is carefully controlled is akin to leaving the window open.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
2nd Floor, The Park
V Parku 8
Chodov, Praha, 148 00
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy