Catches of the Month: Phishing Scams for October 2023
Welcome to this week’s Security Spotlight, where we shine a light on:
Catches of the Month: Phishing Scams for October 2023
Keeping informed about current attacks is one of the best ways of avoid becoming a victim. So, as ever, this blog series examines recent phishing campaigns and the tactics criminals use to trick people into divulging their data.
This month, we look at:
Podcast: TikTok, Sony and MOVEit, and DarkBeam
Our latest podcast discusses:
List of Data Breaches and Cyber Attacks in 2023
According to our research, there were 71 publicly disclosed security incidents in September 2023, accounting for 3,808,687,191 compromised records, bringing the year’s total to over 4.5 billion.
September saw the biggest data breach of the year by far, when digital risk protection company DarkBeam exposed an astounding 3.8 billion records thanks to a misconfigured Elasticsearch and Kibana interface.
This week’s reader question comes from Claire, who asks the following:?We want to start using CCTV in our staff car park. What do we need to think about?
An important first step is to consider conducting a DPIA (data protection impact assessment). DPIAs help you articulate the purposes for processing the data and understand the privacy risks involved. CCTV can be quite intrusive, so there must be a proportionate and objectively determined reason for using it – having an external advisor challenge your thinking can help with this.
Also think about how you tell people CCTV is in use – through clearly visible signs, for example. These should be supported by an internal policy that sets out information like who operates the equipment, how long and where footage is stored, who can access it, and how your organisation will handle requests – by, for example, data subjects or the police – to access the footage.
Finally, if you use a third party to provide and/or monitor the system, make sure your contract contains all the right legal clauses, including on security assurances and the data controller–processor relationship.
This answer has been provided by Louise Brooks, Head of Consultancy at our sister company, DQM GRC , which also provides CCTV audits .
We’ll be back next week with another question. If you have an issue you’d like our team to answer, please contact us via LinkedIn, X/Twitter or email.
领英推荐
Free webinar | Building Your Career as a Cyber Engineer and Ethical Hacker
Thursday, 19 October?
3:00 – 3:45 pm (BST)?
The demand for skilled cyber security professionals has never been higher. Are you ready to take the first step towards a career in the dynamic world of cyber security?
Meet and get invaluable guidance from your security mentor, who will shed light on the career paths available so you can identify your ideal trajectory.
?
Free white paper | Data Loss Identification and Prevention
Our sister company DQM GRC has released a new white paper on data seeding.
Data is often an organisation’s most valuable asset, and should be treated – and protected – as such. Learn why data seeding is an effective way of monitoring data use, and identifying and preventing data loss.
MGM Resorts ransomware attack led to $100 million loss, data theft
MGM Resorts has revealed that last month’s cyber attack has cost it $100 million and resulted in customers’ personal information being breached.
?
NSA and CISA share top 10 cyber security misconfigurations
A joint cyber security advisory published by the NSA and CISA[KK1] ? lists the top 10 cyber security misconfigurations and the tactics cyber criminals use to exploit them.
Free assessment of your cyber security defences
As part of National Cyber Security Awareness Month, we’re committed to help protect your organisation from cyber threats. That’s why we are excited to offer you a one-on-one assessment of your organisation’s cyber security.
Simply complete the form to book a no-obligation call with our cyber security experts, where they’ll evaluate your current cyber security posture and offer tailored advice on the best strategies to close any gaps in your defences.