CIA-triad mapping; Meta and LastPass
Welcome to LEVEL7’s issue of CYBER2GO - A Weekly Recap, in which we will analyse a few of last week’s Cybersecurity topics, reported by CYBER2GO, and share our perspectives, tools and strategies in English.?
Follow our LinkedIn page, and subscribe to this newsletter, to not miss out!?
Recap week 48?
What a week!
Let’s start with giant Meta aka. Facebook.?
If you have listened to our last episodes of CYBER2GO, you may have heard that mega platform Facebook has been fined €450,000 by the Irish Data Protection Commission (DPC) for failing to prevent a “serious breach” of its data security measures. This is the first time an entity has been fined for a breach in the EU under the General Data Protection Regulation (GDPR).?
In November 2019, it was discovered that a third-party app was able to access personal information of users, including their posts and profile pictures, without any knowledge or consent.?
Meta, at the time Facebook, failed to notify the DPC as soon as it became aware of the breach and waited nine months before doing so. The fine is intended to deter companies from similar malfeasance in the future and encourage vigilance when it comes to data security. The GDPR explains that companies must be transparent and accountable when handling data, and the fine demonstrates that breaching these regulations will not be tolerated.?
CIA perspectives?
The breach of Facebook's data security measures highlighted in the article violates the three main goals of the CIA (Confidentiality, Integrity, and Availability) triangle for cybersecurity.?
领英推荐
? Firstly, personal information such as user posts and profile pictures were accessed without the knowledge or consent of the users, meaning confidentiality was not maintained.?
? Secondly, Facebook failed to notify the DPC of the breach within a reasonable amount of time and did not take appropriate measures to fix it, thus compromising the integrity of the data.?
? Finally, access to this personal information was made available to an unauthorised third-party, thus rendering it unavailable to the rightful owners.?
?Another highlight of last week’s episodes was LastPass.
LastPass, a company that helps people remember their passwords, detected unusual activity within a third-party cloud storage service they share with an affiliate.?They immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. It has been determined that an unauthorised party, using information obtained in the August 2022 incident, was able to gain access to certain elements of the customers' information. However, due to LastPass's Zero Knowledge architecture, their customers' passwords remain safely encrypted. This is not the first time LastPass has had a security issue, they have had problems before. They are still investigating and trying to figure out what happened and the exact information the hacker was able to see.?
CIA perspectives?
The above break of LastPass' system triples the risk of a successful attack on cybersecurity, compromising the Confidentiality, Integrity, and Availability of their customers' information. Such an attack can lead to data leakage, data alteration, or even total disruption of service, as well as additional costs for organisations that rely on LastPass for secure storage and authentication of their digital resources.
What did you think about last week's topics? Share your comment below !
Visit our Website for more information.