The IT Governance Weekly RoundUp
Twitter’s “chief twit” Elon Musk is again living up to his reputation after confirming that the social media site is placing certain types of two-factor authentication behind a paywall. We grapple with the tenuous logic behind the move in our latest blog, which you can find below. We also cover the story in this week’s podcast to learn more about the story, as well as the troubling developments regarding the EU–US Data Privacy Framework and yet another data breach at GoDaddy. Elsewhere, we bring you reports of a data breach at the crypto exchange Coinbase, trouble for game developer Activision and hackers meddling with Russian broadcasters.
Twitter to Charge Users for SMS Two-Factor Authentication in Apparent Security Crackdown
In yet another controversial policy move, Twitter announced this week that it’s removing text-based 2FA (two-factor authentication) for non-paying users. The log-in mechanism is designed to protect people’s accounts from scammers by requiring them to provide second piece of information in addition to a password. This is typically a code generated in an app, sent to an email address or delivered by text message. 2FA is considered an essential part of online security, but Twitter announced last week that text message authentication would soon be available only to users who have paid for a premium subscription.
IT Governance Podcast 2023-4: EU-US Data Privacy Framework, Twitter 2FA, GoDaddy, HardBit 2.0
In this week’s podcast, we discuss the European Parliament Committee on Civil Liberties’s opinion of the EU-US Data Privacy Framework, Twitter’s decision to disable free text-based 2FA, a series of attacks on GoDaddy’s infrastructure and the HardBit 2.0 ransomware group’s negotiation tactics.
EU lawmakers argue against signing US data-transfer pact
Lawmakers in the European Parliament have urged the European Commission not to issue the "adequacy decision" needed for the EU-US Data Privacy Framework (DPF) to officially become the pipeline for data to freely flow from the EU to the States.
Coinbase says some employees’ information stolen by hackers
Crypto exchange Coinbase has confirmed that it was briefly compromised by the same attackers that targeted Twilio, Cloudflare, DoorDash and more than a hundred other organizations last year.
How to Meet the Third-Party Risk Requirements of ISO 27001
Third-party risk management is a crucial part of an organisation’s information security practices, with suppliers often introducing vulnerabilities that can have devastating knock-on effects. According to a Ponemon Institute and RiskRecon study, between 2021 and 2022, over half of organisations suffered a data breach caused by a third party. To mitigate the risk, organisations must perform a risk assessment to identify weaknesses in third-party relationships. From there, they should implement appropriate controls that protect their systems and guide suppliers towards more robust defences.
领英推荐
Hackers blamed after Russian radio plays warnings of missle strikes and air raids
The Ministry of Emergency Situations, a Russian government agency, reportedly warned that false information about attacks had been broadcast on stations including Gazprom Media stations Relax FM, Comedy Radio, and Humor FM.
The bogus broadcast warnings, which were accompanied by loud siren noises, advised civillians to head to air raid shelters.
Activision did not notify employees of a data breach for months
On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data.
This data breach was not disclosed until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data, as well as the hackers’ messages on Activision’s internal Slack channel.
Free webinar | Navigating the 2023 Cyber Threat Landscape – A Briefing for Business Leaders
As cyber threats continue to evolve and become more sophisticated, it's crucial for business leaders to stay ahead of the curve and protect their organisations. This 20-minute webinar will provide a high-level overview of the most important considerations for business leaders, CEOs and senior management when it comes to their organisation’s privacy and cyber security. Alan Calder, Founder and Executive Chairman of IT Governance, will take you through the key cyber security and privacy that boards and senior leaders should be aware of.
Free download | Mobile Device Security – Adapting to flexible working
Most of us own at least one mobile device and, to some extent, rely on them to do our jobs. They also enable us to work on the go or from home with ease – a phenomenon becoming increasingly common in our interconnected world. Relying on mobile devices and remote working, however, comes with a host of security risks. Download this green paper to learn how you can control these vulnerabilities and the challenges you’ll face.