New: 299,368,075 records breached in 3,478 incidents in March

Welcome to this week’s Security Spotlight, where we shine a light on:?

• Our global March report, finding 299,368,075 records breached in 3,478 incidents?
• Our weekly news round-up, featuring 67,273,297 records breached in 130 incidents?
• Expert insight into simplifying third-party risk management?
• An expert’s overview of CISM??
• 10 easy steps to ISO 27001 certification?
• A blog on service management from a practitioner of 30 years?
• A new, free white paper from DQM GRC about AI and data privacy?
• Our free green paper on transitioning to ISO 27001:2022?

?

Our research found for March 2024:?

• 3,478 publicly disclosed incidents?
• 299,368,075 known records breached?

Read our full report?

We also updated our 2024 annual page.?

-- ?

This week, we found 130 newly disclosed security incidents, accounting for 67,273,297 records known to have been breached.?

In the spotlight this week:?

8,460,182 accounts from the US Environmental Protection Agency exposed?

A threat actor published a large database from the US EPA on a popular hacking forum.?

HackRead reports that, after removing duplicated records, 8,460,182 accounts are exposed in total.?

?

Kid Security breached again: at least 456,000 records exposed?

Last November, parental control app Kid Security exposed over 300 million records.?

Now, the company has again exposed highly sensitive children’s data – at least 456,000 records – because of configuration errors.?

Read our full news round-up?

?

?

Andrew Pattison on simplifying third-party risk management?

We sat down for another chat with Andrew, head of GRC consultancy at IT Governance Europe, asking about:?

• What he likes about risk assessment?

• The importance of simple risk assessments?
• How DORA might change how organisations manage risk?
• How organisations can simplify supply chain risk management?
• Considerations around risk when outsourcing, e.g. to a Cloud provider?

Read the full interview?

?

Q&A: An expert overview of CISM??

What topics does CISM cover? Who is it aimed at? What are its career opportunities? And what are the alternatives??

We put all these questions and more to Soji Ogunjobi, our cyber security specialist and instructor.?

Read the full interview?

?

Blog update: ISO 27001 certification in 10 easy steps?

An ISO 27001 ISMS helps ensure the confidentiality, integrity and availability of all corporate data.?

ISO 27001 certification demonstrates your commitment to data security and proves you’re following best practices.?

This blog explains in 10 easy steps how you can achieve ISO 27001 certification.?

Read more?

?

New blog: An education in service management?

Over the last 30 years, tools and technologies have advanced. However, the essence of service management – facilitating outcomes that deliver value to customers and users – remains unchanged.??

Yet, a gap exists between understanding and applying the principles effectively in a rapidly digitising world.?

David Barrow, an experienced service management practitioner, elaborates in this blog.?

Read more?

?

Free green paper: ISO 27001 and ISO 27002 – Transitioning to the 2022 standards?

Preparing to transition to ISO 27001:2022? This free green paper explains:?

• The key changes to ISO 27001 and ISO 27002?
• The new and noteworthy merged Annex A controls?
• The ISO 27002 attributes, and how to create and use views?

Download now?

?

Free white paper: Mastering Data Privacy in the Age of Artificial Intelligence?

In this new white paper from our sister company DQM GRC, learn about:?

• AI ethics and reliability?
• Data security measures for AI systems?
• Integrating AI systems with privacy by design in mind?

• How to implement a robust AI and data privacy strategy?
• The future of data privacy and AI, including emerging tools?

Download now?

?

Speak to an ISO 27001 expert?

Trust a company that has mastered information security.?

We’ve been at the forefront of ISO 27001 from the start:?

• We were the first to implement an ISMS aligned with the Standard.?
• We introduced ISO 27001 training qualifications.?
• We developed the most effective way of implement an ISO 27001 ISMS: our nine-step approach.?

Need practical advice on your implementation and/or certification project??

Or require a more in-depth discussion and extra support??

Get in touch?