The IT Governance Weekly Round-Up
List of Data Breaches and Cyber Attacks in September 2022 – 35.6 Million Records Breached
Welcome to our September 2022 list of data breaches and cyber attacks. Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records. As always, you can find the full list of incidents in our blog, broken into their respective categories.
What are you doing for cyber security awareness month?
This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved. This year’s event focuses on phishing and ransomware – two of the biggest threats that organisations currently face.
IT Governance Podcast Episode 9: TikTok, American Airlines and Morgan Stanley Smith Barney
In episode 9 of the IT Governance Podcast, we discuss a potential fine of £27 million for TikTok, a data breach caused by a phishing attack on American Airlines and a $35 million penalty for Morgan Stanley Smith Barney LLC after ”extensive” security failures.
This sneaky fraud attack looks like an email forwarded by your boss
A business email compromise (BEC) campaign is using an email thread that pretends to have been forwarded by the boss in a bid to trick targets into handing over big sums of money.
How a deepfake Mark Ruffalo scammed half a million dollars from a lonely heart
Cyber criminals are rarely known for their sensitivity, but romance scammers take it to the next level. The attacks manipulate the lonely, fooling them into thinking they have found love and using the emotional connection to persuade them into handing over large sums of money.
In the latest romance scam to hit the headlines, fraudsters are using deepfake technology to masquerade as Hollywood star Mark Ruffalo. Cyber security researcher Graham Cluley explains how the scam works and how someone might fall victim.
领英推荐
The 6 Phases of a Cyber Incident Response Plan
A cyber incident response plan is a document outlining what an organisation should do in the event of a data breach or other form of security incident. They are a crucial part of an organisation’s information security and business continuity plan given the surging threat of cyber crime. A 2022 UK government report found that 39% of organisations had suffered a data breach in the previous year.
By implementing a cyber incident response plan, organisations understand that information security risks are an inevitable part of modern business and that they must take pre-emptive measures to contain the threat.
Former Uber security chief found guilty of concealing data breach
A San Francisco jury has found Uber’s former chief security officer, Joe Sullivan, guilty of criminal obstruction for failing to report a 2016 cybersecurity incident to authorities. “Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught,” said Stephanie Hinds, US attorney for the northern district of California.
City of Tucson discloses data breach affecting over 125,000 people
The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 125,000 individuals. As revealed in a notice of data breach sent to affected people, an attacker breached the city's network and exfiltrated an undisclosed number of files containing sensitive information.
Free Webinar | Management: The third layer of your cyber-defence-in-depth strategy
Managing cyber security risks requires a more intensive approach than implementing basic security protection. Join us for this 45-minute webinar on Thursday, 20 October hosted by IT Governance Founder and Executive Chairman Alan Calder to find out how to get started. We explain how to embed risk-based security controls, manage the security of supply chains and conduct audits as part of your cyber defence in depth strategy.
Free PDF download: Business Continuity and ISO 22301 – Preparing for disruption
Cyber attacks, natural disasters, power failures, industrial action and human error are all risks that can severely disrupt business operations. Read this green paper to find out how ISO 22301 can help mitigate the damage to your organisation in the event of a disaster.