The IT Governance Weekly Round-Up
It’s again time for latest monthly list of data breaches and cyber attacks, which was marked with several instances of malicious insiders stealing classified data. On that topic, we also have our comprehensive guide to information classification under ISO 27001, as well as our usual review of the latest industry news. This week’s headlines include a data breach at NHS Orkney and a massive breach at a Russian streaming service. You should also be sure to check out our latest IT Governance Podcast, as well as our upcoming webinar on implementing defence in depth
List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached
August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems. Meanwhile, the bastion of password security, LastPass, announced that its systems had been breached – although the organisation is confident that customers’ details remain secure. In total, we identified 112 publicly disclosed security incidents in August, resulting in 97,456,345 compromised records.
What is ISO 27001 Information Classification?
Information classification is a process in which organisations assess the data that they hold and the level of protection it should be given. Organisations usually classify information in terms of confidentiality – i.e. who is granted access to view it. As you might expect, larger and more complex organisations will need more levels, with each one accounting for specific groups of employees who need access to certain information. Read out blog to find out how information classification fits into your organisation, and how ISO 27001 can help.
IT Governance Podcast Episode 7: Apple zero-day, NHS ransomware update and 0ktapus phishing campaign
This week, we discuss two zero-day vulnerabilities affecting Apple devices, the further effects of a ransomware attack on an NHS digital services provider and a large-scale phishing campaign affecting users of secure services such as Okta, Authy and Signal.
Data privacy truly matters to your customers. It’s time to make it a core business value
According to a new study by MAGNA Media Trials and Ketch, a remarkable 74% of people now rank data privacy as one of their top values.
Hackers are attempting to steal millions of dollars from businesses by bypassing multi-factor authentication
A phishing and business email compromise (BEC) campaign that attempts to steal millions of dollars from victims is targeting Microsoft 365 accounts with attacks that can bypass multi-factor authentication (MFA).?
领英推荐
NHS Orkney apologises after data breach
The primary care records of 69 Stronsay residents have been unnecessarily accessed by an individual while they were working for NHS Orkney. The health board has written to the residents to apologise for the data breach, which was first uncovered last August, and has taken steps in a robust approach to the breach.
Russian streaming platform confirms data breach affecting 7.5M users
Russian media streaming platform ‘START’ (start.ru) has confirmed rumors of a data breach impacting millions of users. The platform’s administrators shared that network intruders managed to steal a 2021 database from its systems and are now distributing samples online.
Free Webinar | Stage 2 – Protection: The second layer of your cyber defence-in-depth strategy
Protecting an organisation from the increasing threat of cyber attacks can be challenging. Employees are a crucial line of defence, and ensuring they know their security responsibilities and how to spot a cyber attack is critical. Knowing how to embed effective technologies alongside staff awareness is the key to success. We discuss the approach, known as defence-in-depth, in our latest webinar. Join IT Governance Founder and Executive Chairman Alan Calder for this presentation on 29 September, where he explains the types of threat your organisation is likely to face and how you can counter them.
Free Download: Data Flow Mapping Under the GDPR
To comply with the GDPR (General Data Protection Regulation), organisations must understand the types of personal data they process, as well as knowing where and how it is collected, accessed, shared and stored. Many organisations process much more data than they realise, which is why it is vital to perform a data flow mapping exercise. Download our free green paper to find out how you can create a GDPR-compliant data flow map.