.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
The Target: Microsoft, one of the world’s leading computer hardware and software companies.
The Take: Exposure of Personally Identifiable Information belonging to over 65,000 business entities. The data included: names, email addresses, email content, company name, phone numbers, Statement of Work documents, product offers, and more.
The Vector: A misconfigured Microsoft server was accessible over the internet to anyone with a connection.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture, including maintaining correct access configurations. In addition, multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s data.
The Guardian: The US secretary of state visited Silicon Valley this week, on a trip that experts say highlights the Biden administration’s growing concerns over cybersecurity and officials’ push to collaborate more closely with the US’s powerful tech industry.
Dark Reading: Banco Santander, one of the largest banks in the world with over 157 million customers, and Forgepoint Capital, one of the world’s leading venture capital firms focused on cybersecurity, announced today a strategic alliance to drive cybersecurity investment and innovation globally.
Infosecurity: The global cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million more workers needed to secure assets effectively, according the (ISC)2 2022 Cybersecurity Workforce Study.
ZDNet: While Google, Microsoft and Apple roll out passwordless passkey functionality for their platforms, most people are still dependent on passwords.
U.S. News: Australia's biggest health insurer said a criminal had apparently stolen customers' medical information as part of a massive breach of data, fuelling concern about a wave of high-profile cyber attacks.
Global News: A new research report says federal cybersecurity legislation is so flawed it would allow authoritarian governments around the world to justify their own repressive laws.
Dark Reading: A new survey shows Generation Z and millennials, younger workers who have grown up as digital natives, are surprisingly more careless about their employer's cybersecurity than their senior Gen X and baby boomer colleagues.
The target: Optus, an Australian Telecommunications company
The take: Personal information for up to 10 million customers, including names, email addresses, postal addresses, phone numbers, dates of birth, and some passport numbers, driver’s license numbers and Medicare numbers.
The attack vector: Reports suggest that an application programming interface (API) was exposed to the public internet and did not enforce any kind of authentication to access customer data.
Where sensitive data is handled, controls must be put in place to authenticate access, and verify an individual’s authorization to access that data. Failing to ensure that such access is carefully controlled is akin to leaving the window open.
ZDNet: The UK's cybersecurity agency has told firms to do more to protect themselves from attacks on their supply chains.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy