The IT Governance Weekly Round Up
As January comes to an end, the notions of new year’s resolutions and the promise of a ‘new year, new me’ are well and truly fading. That’s clear when looking at our first monthly list of data breaches and cyber attacks of 2023, which includes a staggering number of incidents. You can find the full list of incidents in this week’s newsletter, alongside the other latest industry news. That includes a data breach at GoTo, the parent company of LastPass – which is itself still reeling from a security incident – as well as cyber attacks against JD Sport and Arnold Clark.
List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached
Welcome to our January 2023 list of data breaches and cyber attacks. The new year comes with the promise of fresh beginnings and the promise to revolve the bad habits of our past, but we’ve had no such luck in the cyber security sector. Our research discovered 104 publicly disclosed security incidents, which accounted for 277,618,767 leaked records. That’s more breached records than we found in any calendar month last year, and it’s among the most incidents we’ve ever seen.?
How to Investigate a Cyber Incident: 5-Step Guide
Cyber incident investigation is one of the most crucial skills that an organisation can master. With countless information security threats looming over your business, you need to understand that data breaches are inevitable. When you come to this realisation, you can implement an incident response plan that helps you identify and investigate security threats. This ensures that you can respond promptly when disaster strikes, mitigating the damage, and saving your organisation time and money.
IT Governance Podcast Episode 14 | Rackspace, Citrix and EU-US adequacy decision
Our latest podcast discusses the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell's parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard.
If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can
Last week, GoTo – the parent company of LastPass, which has been the victim of some recent horrendous security breaches itself – announced it too had been hacked.
The organisation explained that its backups had been stolen in the attack, and although the information was encrypted, the attackers also got hold of the decryption keys.
It’s a huge own goal for the organisation, with cyber security researcher Graham Cluley describing GoTo’s approach as “like trying to argue that a locked box is locked, if the key to the locked box is stolen at the same time as the box”.?
ISO 27001 compliance a must have in the digital era
Often businesses feel that having certifications is something they need to satisfy clients and stakeholders but see little intrinsic value in compliance. This approach reduces ISO compliance to a tick-box exercise which is generally regarded as a burden. Yet, compliance can hold many benefits when an organisation applies the standard to identify its current levels of maturity and, based on this, tries to close the gaps.?
领英推荐
GDPR, what are strictly necessary cookies?
The way websites use cookies changed significantly with the introduction of the GDPR and its UK version. But the GDPR isn’t the only legislation that organisations should be concerned about. In the UK, its rules sit alongside the PECR (Privacy and Electronic Communications Regulations) 2003, which is the primary legislation governing the use of cookies. In this blog, we look at organisations’ cookie requirements under the GDPR and the PECR, explaining where they’re necessary and what measures must be taken to ensure that cookies are collected lawfully.
JD Sports data breach affects 10 million customers
The retailer said on January 30 that the data breach occurred after a malicious party gained unauthorized access to a system containing customer data relating to orders placed between November 2018 and October 2020.
The hacker may have gained access to customers’ names, addresses, phone numbers and partial payment information. JD Sports told the London Stock Exchange the data accessed was “limited” as the retailer “does not believe passwords were accessed” and does not save payment information.?
Arnold Clark customer data 'stolen in cyber attack'
The car retailer, which sells more than 300,000 cars per year, said data that may have been stolen included bank details and ID documents. Customers were emailed on Tuesday about the UK-wide hack which happened on 23 December. Those affected have been offered a two-year subscription to an identity fraud checking service because the hack puts them at a higher risk of being victims of the crime.
Free webinar | Unpacking your ISO 27001:2022 Transition Strategy
Are you ready for the transition to ISO 27001:2022? IT Governance has partnered with Perry Johnson Registrars for this webinar on what the upcoming changes to the Standard mean for your organisation. Host Alan Calder explains how to create an effective transition strategy, with practical advice and solutions.?
Free webinar | Cyber Essentials – The 5 key steps to certification
Cyber Essentials is one of the most popular UK cyber security certification schemes. This government-backed scheme outlines five controls that can prevent about 80% of the most common cyber attacks. These controls can be implemented by anyone who is familiar with the scheme, regardless of their level of information security knowledge. Join us on this live webinar where Alan Calder, the Founder and Executive Chairman of IT Governance, will take you through the five key steps to getting your organisation Cyber Essentials certified.?