.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Cision: Information Shield - a leading provider of cyber security compliance software – today announced support for the new Cyber Insurance Risk Framework. Using the ComplianceShield ™ platform and Cyber Risk Score ™ methodology, insurance providers can gain measurable insight into the cyber posture and inherent risk of their insured base. The new framework was created by the New York Department of Financial Service (NYDFS) to help reduce systematic cyber risk across the insurance industry.
KnowBe4: 57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last year were used for delivering malware. Cofense believes this is because credential phishing emails are better at bypassing email security filters than emails with malicious attachments or download links. Likewise, conversational phishing attacks, like business email compromise (BEC), have grown more popular.
Institutional Asset Manager: Data from the CrowdStrike Intelligence team reveals a surge in ransomware attacks during the pandemic, with data extortion becoming the most used attack method for all sectors – with 1,430 incidents reported globally in 2020.
The Straits Times: Extensive remote working arrangements open up financial institutions to multiple risks - some of them related to daily operations and information security and technology, and others to fraud and staff misconduct.
IT Pro Portal: The zero trust approach, which operates under the assumption that the network has already been breached and that every device and app needs authorization, is said to be the most efficient way to tackle advanced cybersecurity threats.
The target: The Health and Welfare Department of West Bengal, India
The take: 8 million COVID-19 test results including personally identifiable information such as: name, age, address, and positive or negative test results.
The attack vector: The breach revolves around the health authority’s reporting system, whereby individuals who had been tested for COVID-19 received links by SMS with a unique URL to access their test results by web. It was discovered that there was no authentication in place on the reporting system, and that by incrementing the ID number included in the URL, anyone with internet access could access all test results for the state.
This example serves once again to highlight the huge risks of adopting a ‘security by obscurity’ model. When administering a public facing portal which provides access to sensitive information, authentication controls are not optional – it is simply inadequate to make all records publicly available and trust that the uniqueness of the URL will protect the sensitive data of organizations or individuals.
GlobeNewswire: HYAS, a leader in threat intelligence, adversary infrastructure, and network defense, today announced that it had closed a $US16 million round of funding led by Austin, TX based, S3 Ventures. The funds will be used to accelerate product development and global market expansion for the company’s cyber attack infrastructure identification and blocking technology.
CBC: Hundreds of workers at Canada's foreign signals intelligence agency have voted to strike — a move that comes as the threat of state-sponsored cyber attacks related to the pandemic appears to be rising.
Tech Radar: The world is facing a cybercrime pandemic, a new report on the Covid-19 security landscape suggests. According to research from security firm Check Point, more than 100,000 malicious websites are currently active each day, as well as 10,000 different malware strains.
ZDNet: Microsoft is continuing to roll out more vertical cloud packages tailored for specific vertical industries. On February 24, the company announced three more of these "industry clouds" for financial services, manufacturing and nonprofit. These supplement the already-announced Microsoft cloud packages for healthcare and retail.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy