.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Insurance Business: C-suite executives will increasingly be targeted as cyber criminals look for ways to extort money from large corporations, according to a new report from cyber analytics provider CyberCube.
IT News: A report on the ‘Commonwealth cyber security posture in 2019’ [pdf], released as Australia headed into the Easter weekend, provided a detailed breakdown of incidents that impacted Commonwealth (or federal) entities last calendar year, though it does not disclose which entities were victims.
Dark Reading: As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
The target: General Electric, a Fortune 500 technology firm
The take: Personally identifiable information and documentation of current and former employees, as well as their beneficiaries – including direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, child support orders, and many others.
The attack vector: While their own systems were not compromised, GE were notified by a service provider of a breach affecting their data. Canon Business Process Services reported that one of their employee’s email accounts was breached by an unauthorized party for a period of just under two weeks in February of this year. This employee had processed data on behalf of GE and the attackers gained access to a litany of confidential information.
Service provider relationships continue to pose increasing challenges for firms in today’s security landscape, as subcontracted entities may handle a firm’s sensitive data – be that business-critical data or the PII of their employees. A firm is ultimately responsible for their data regardless if they or a subcontractor are the ones handling it, and as such, a firm’s own security controls must follow that data and extend to third party processors.
ZDNet: Elon Musk's SpaceX has banned employees from using video-conferencing app Zoom over "significant privacy and security concerns", according to a memo seen by Reuters.
In response to these concerns, Zoom has announced it is immediately freezing feature development for 90 days to improve security and privacy and will conduct a third-party security review.
Dark Reading: A recent lawsuit filed regarding the infamous 2017 Equifax data breach revealed that the company was using "admin" as a username and password to protect sensitive data from 147 million customers — even though this password has been exposed through data breaches almost 50,000 times, according to the Have I Been Pwned database.
Tech Crunch: As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of growth funding.
Hedgeweek: Drawbridge Partners, a cybersecurity software and services firm specialising in the needs of hedge fund and private equity managers, has appointed Simon Eyre as Managing Director overseeing the European market.
Dark Reading: Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how to protect their employees — as well as their communities as a whole.
CTV: Marriott says guests' names, loyalty account information and other personal details may have been accessed in the second major data breach to hit the company in less than two years.
