Cybersecurity Chronicles | September 11 2023
Netswitch Technology Management
Empowering cyber resilience with AI speed and precision. Netswitch: Real-time security insights and measurable ROI.
Headlines of the Week
MANUFACTURING - Data Breach Hits Golf Brand Into Rough
Topgolf Callaway suffered a data breach, exposing sensitive personal and account data, including names, addresses, account passwords, answers to security questions, and order histories, of 1,114,954 customers.
EDUCATION - International Students Impacted by Data Breach
The University of Sydney experienced a data breach affecting the personal information of international applicants, but no evidence suggests that local students, staff, or alumni were impacted.
GOVERNMENT - Another 10 Years of Out-Date Systems for US Government
The White House is working to develop a 10-year modernization plan for federal civilian agencies as part of a broader effort to transition away from outdated information technology systems while bolstering the nation's cyber posture, a top official said Tuesday.
NON-PROFIT - 7 Million Users Possibly Impacted by Data Breach
The non-profit organization Freecycle Network suffered a data breach, exposing usernames, email addresses, and hashed passwords of over seven million members, as per screenshots posted by the attacker.
SOCIAL - Destructive Cyberattack Results in Worldwide Outage of Platform
Coffee Meets Bagel experienced a recent outage caused by attackers breaching the systems and deleting company data. The attack disrupted the dating platform’s production servers.
TECHNOLOGY -? Ransomware Gang Steals Data from Travel Booking Giant
Travel booking giant - Sabre Corporation - is investigating a cyberattack after files allegedly stolen from the company appeared on a leak site. The Dunghill Leak group claimed responsibility for the attack and stealing 1.3TB of data.
Insights & Expert Analysis
STRATEGY - Ransomware Beyond Just Data
The report reveals alarming insights into the persistent and detrimental nature of ransomware attacks on organizations. It highlights that these attacks, though often kept private, are a widespread problem, causing significant and recurring disruptions to businesses.
Shockingly, only a small fraction of affected organizations manage to fully recover their data after a ransomware incident, leaving a substantial majority grappling with unrecoverable losses.
Threat actors behind these attacks are growing bolder, resorting to additional extortion tactics even after ransoms are paid. As a result, a majority of organizations anticipate increasing their spending on ransomware preparedness in the near future.
The findings underscore the urgent need for organizations to bolster their defenses against ransomware by focusing on preventive measures, such as safeguarding cloud data, employing blockchain-verified technology, and storing data independently.
This shift towards proactive strategies offers a tangible return on investment for organizations seeking to mitigate the risks posed by ransomware attacks in the coming months.
INSIGHTS: Ransomware attacks are pervasive and cause significant business disruptions, that's not news.
However, what may be news, is that few organizations ever fully recover their data after an attack also known as unrecoverable data loss.
As threat actors become bolder, organizations are planning to increase spending on ransomware preparedness; and should do so with a clear understanding of how these efforts will provide data security and privacy while being compliant with a rainbow of data privacy laws while still allowing for the data to be used in production and value extrapolated from possession of that data.
Then ultimately, how will these efforts be measured and monitored?? How will you gauge the ROI?? How will you verify the ongoing compliance alignment to the law, framework, or even internal GRC?
These steps offer a worthwhile investment in preparedness but verify what you're buying and stakeholders should agree upon and how that investment is valued.
MANAGEMENT - Benefits of Security Performance Metrics
There are benefits of security performance metrics for executives in their efforts to enhance security and align with business objectives. It's important to use meaningful and context-driven metrics to avoid information overload.?
Additionally, meaningful and straightforward so that non-technical executives can clearly understand the cyber risks the organization faces.?
Leaders must find tools that deliver value to enhance security and communicate effectively with stakeholders.
INSIGHTS: We often refer to information confusion with data obfuscation being the result of cybersecurity providers (read: marketers) wanting it to appear incredibly complicated and difficult.?
That approach brings no value to customers but brings top-line value to cyber companies in a hot market.
We have helped customers with our Open Source Unity Risk Indicator?:
领英推荐
COMPLIANCE - Feds Publicly Name & Shame Healthcare Firms
The FTC and the HHS have publicly named 130 hospital systems and telehealth providers about concerns regarding the use of online tracking technologies like Meta/Facebook pixel and Google Analytics.
These technologies collect identifiable user information without their full disclosure and are challenging for users to avoid while interacting with websites or apps. The agencies emphasized the need for entities to review relevant laws and protect individuals' health information. They selected providers based on research and aimed to inform the public often unaware of privacy risks.
The FTC has previously taken enforcement actions against telehealth providers for unfair data practices, and HHS OCR is actively investigating potential HIPAA violations related to web-tracking tools.
This proactive effort seeks to safeguard patient data, privacy, and consumer trust in healthcare technology.
INSIGHTS: Stakeholders in providers in the healthcare industry should take an approach to mitigate risks associated with the use of digital tools and technology, including tracking technologies.
Here are strategies to be aware of where you stand - even if not in healthcare.? Among those is starting with a baseline Risk Assessment - know your starting point. (Just like using Google Maps for road trip plans.)?
From there creating and enforcing policies and procedures that align with regs, and educating staff on data privacy and compliance - ALL EMPLOYEES.?
Evaluate and audit third parties, and minimize your data footprint and assess it on a regular basis.
It seems so basic, but just like basic hygiene can keep you healthy - so can basic infosec hygiene.
Ways We Can Help You Elevate Your Cyber Risk Cognizance
Get a Fast and Comprehensive Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Contact Netswitch for more info.
Attend a LinkedIn Live Event
We host regular LinkedIn Live Events to provide insights to elevate your cognizance.
Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.
Keep up to date about future events by following Netswitch.
Signup for Our "Quick Start" Pilot Program?
Know your risk level in cybersecurity and governance at NO COST.
To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled
Join Our CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.?
Would you like to join us?
Here's the link:?https://www.dhirubhai.net/groups/13991569
DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.