Cyber Security News Bites #3
John Reeman
Protect your business against cyberattacks. I help law firms, professional service firms & mid market organisations implement my blueprints so they don't become the next cybercrime victim | Virtual CISO | Data Security
Welcome to “The Cyber Security Loop - News Bites” !
Perspectives and opinions on the world of cybersecurity and the current threat landscape here in Australia and from around the world.
Companies impacted by the CrowdStrike global IT outage are back on their feet again. Those who were prepared instigated and adapted their crisis management plans to get critical systems back up and running within 8 - 12 hours.? For others, it took a bit longer.? CrowdStrike, on reflection, handled the incident as well as they could have done, communicated well, and supported customers as best they could through the crisis.?
However, there are no excuses for what happened, and their post-incident review (PIR) has essentially said that a fundamental error in process caused the outage.? Unfortunately, I’m sure there will be legal ramifications for CrowdStrike in due course, as well as customers who will no doubt decide to swap providers.? I’m sure they will survive, though, and customers should reflect on all the good things that CrowdStrike has been doing to protect their customers from cyber criminals over the last five years and not just this singular event, however impacting it was. Now is also a good time to review your organisation's incident response plans and test them regularly!
In other news:
?? Microsoft suffered a 9 hour outage earlier this week that affected customers on North America and Latin America.? The outage was caused by a distributed denial of service attack.
?? A Fortune 50 company has paid a record $75 million dollars earlier this year to a ransomware gang known as Dark Angels.
?? The United States has released a number of high-profile Russian hackers in a diplomatic prisoner exchange?
?? 2023 was the worst year on record for cybersecurity in the legal industry by some distance! Since 2018, 2.9 million records have been stolen in association with publicly reported breaches of law firms. Some 1.56 million records were stolen last year alone, an increase of 615% as compared with the previous year of 2022 (218,473 records).
Tips
Outside of work, if you and your family members are not using a password manager for all your online accounts, I recommend you do so. I personally use “Bitwarden” but 1Password is also a good one to use.? Make sure you enable Multi Factor Authentication (Google Authenticator or similar) to protect your master password.?
The hardest part is transferring all your accounts over, but once done, it’s a breeze, and you won’t have to think about passwords again!
As it’s tax time agin, also be on the lookout for both email scams and SMS messages claiming to be from the ATO.
Tool
If you are looking for a tool to quickly test your organisations email security and assess if it follows best practice industry guidelines then check out “email spoof test”.? It’s safe to use and will quickly identify any gaps in your email security configuration.? If you are not tech savvy then please pass it on to your IT department or get in touch with me!
Resource
Australia's new Data Privacy reforms are coming into effect this month (August 2024).? They will bring significant changes that could impact your business. ? Are you prepared?? Here’s a summary of what you need to know:
?? ?????????? ???????????????????? ?????? ???????????????????? ??????????????: You must ensure your data practices align with the new standards. Privacy Impact Assessments will now be required prior to undertaking activities with high privacy risks. e.g., Targeted advertising and sale of personal information.
?? ???????????????? ???????????????? ??????????????????: Your business will be required to meet baseline data security outcomes (confidentiality, integrity and availability), adopt data breach response plans and notify the OAIC within 72 hours of a data breach.
?? ???????? ?????????????????? ????????????????????: Your business will be required to document minimum and maximum retention periods for different types of personal information held.? You will need to demonstrate how you are managing this effectively.
?? ???????????? ?????????????????? ?????? ??????-????????????????????: Avoid hefty fines and reputational damage.? Directors can be fined up to $2.5 million and businesses up to $50 million for non-compliance.?
To help with this, I’ve put together a guide that summarises what you need to do, the impact, and a six-step process that you can follow.
Quote
The best and most beautiful things in the world cannot be seen or even touched - they must be felt with the heart.? - Helen Keller