Industry News: ESG5

2022-01-18

U.S. News: The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau's cyber division said in an interview with The Associated Press.

Read more....

The Target: Fertility Center of Illinois

The Take: Exposure of Personally Identifiable Information including: full names, social security numbers, financial information, medical data, and health insurance policy numbers, employee numbers, and passport numbers.

The Vector: The threat actors were able to access a third-party server where FCI’s data was stored, and as the firm did not employ proper authentication tools, the attackers were able to freely view and download the sensitive information. 

This breach highlights the critical nature of employing robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, firms must be aware of where their data is stored, be that on their own sites or a third-party, and take steps to ensure it is secure.

Read more...

2022-01-13

JDSUPRA: Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements.

Read more...

2022-01-13

The Hill: Executives from Apple, Amazon and other top tech firms are meeting at the White House to discuss software security with the administration after major cyberattacks last year. 

Read more...

2022-01-12

Help Net Security: The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organization’s network.

Read more...

2022-01-12

Tech Crunch: The Federal Communications Commission is the next US regulator hoping to hold companies more accountable for data breaches. Chairwoman Jessica Rosenworcel has shared a rulemaking proposal that would introduce stricter requirements for data breach reporting.

Read more...

2022-01-11

ZDNet: Cybersecurity firm Check Point Research has released new data from 2021 showing that among their customers, there was a significant increase in overall cyberattacks per week on corporate networks compared to 2020.

Read more...

2022-01-11

Financial Post: Israeli cybersecurity firm Pentera has raised $150 million in its latest funding round, taking the company’s value to $1 billion, the company told Reuters, adding it was eyeing an initial public offering in the United States.

Read more...

2022-01-11

NPR: Cybersecurity and space are emerging risks to the global economy, adding to existing challenges posed by climate change and the coronavirus pandemic, the World Economic Forum said in a report.

Read more...

The Target: United States Cellular Corporation, a wireless carrier. 

The Take: Personally Identifiable information including: names, addresses, PIN codes, phone numbers, information on wireless usage and billing statements.

The Vector: The threat actors contacted employees of U.S Cellular and tricked them into downloading and installing malicious software and as the employees were logged on with legitimate credentials, the dangerous software was able to be installed. This malware let the attackers further access customer accounts remotely to port the victim’s phone numbers to a different carrier.

This breach highlights the ongoing and ever-present threat that social engineering poses to firms. Regular training and policy review can help firms ensure their employees are employing a slow and measured approach whenever access, or installation of software, is made – especially when the request is initiated from outside the firm.

Read more...