Weekend Must Reads on Infosec

5 ?????????????? ?????????? ???? ?????????????????????? ???????????????? & ????????????????????

1. Blackbaud to Pay $49.5 Million in Data Breach Settlement

On October 5, 2023, Blackbaud Inc., a software provider for philanthropy, healthcare, and education, settled claims raised by 49 U.S. states and the District of Columbia regarding a 2020 ransomware attack. The breach affected 13,000 Blackbaud customers and their clients and donors. Vermont and Indiana led the investigation, alleging that Blackbaud misled customers and failed to promptly notify them. The settlement requires Blackbaud to enhance breach notification procedures, provide cybersecurity training to staff, bolster encryption efforts, and undergo third-party compliance assessments. All U.S. states, except California, participated in the settlement, emphasizing the importance of timely and transparent data breach responses.

Read more on Hunton Andrews Kurth LLP .

2. India’s first law enforcement Chief Information Security Officers’ council launched in Hyderabad

India's first Chief Information Security Officers' (CISO) council was launched by law enforcement officials in the Cyberabad Police Commissionerate. The CISO council aims to combat cybersecurity threats in real-time through partnerships with public and private institutions. With cybercrimes on the rise, the council addresses the changing nature of criminal activities, emphasizing the need for a strong defense against online threats. The launch underscores the significance of public-private partnerships and cooperation with academia and cybersecurity organizations to tackle the growing challenges posed by cyber criminals and evolving cyber threats.

Read more on The Hindu .

3. Google enhances security with dark web monitoring, iOS password filler

For Cybersecurity Awareness Month, Google is enhancing user safety with new features. Apple users in the Google ecosystem will benefit from enhanced security through password management features on iOS devices. Google now offers an autofill option for its password manager, simplifying login and password management for Apple users. This comes shortly after Google made passkeys the default login option for accounts. For Android users, Google is expanding its dark web reporting feature, previously exclusive to Google One subscribers, to the Google app. This enables users to check if their personal information has been exposed on the dark web, providing redacted results and security recommendations.

Read more on ZDNET . Blog written by Artie Beaty .

4. The key to Proactive Cyber Security Is the Management of Third-Party Vendor Risks

The recent hack of the MOVEit file transfer platform highlights the potential vulnerabilities associated with third-party software. Such attacks can result in data breaches and business interruptions, which are particularly damaging for manufacturing companies. To address this, businesses need to adopt a comprehensive approach to managing vulnerabilities, collaborating with the cyber insurance industry, and implementing stricter vendor risk management policies. Continuous vendor assessment, comprehensive hardware and software inventory, cloud service monitoring, and patch management are among the crucial steps to safeguard against vendor-related risks. Security awareness, business impact analysis, and cyber insurance are also essential components of a robust cybersecurity strategy.

Read more on Insurance Journal . Blog written by Mauro Marongiu .

5. California residents can now delete all their personal info from the internet

California Governor Gavin Newsom has signed the Delete Act (SB 362) into law, enabling residents to request the deletion of all their personal data from data brokers in the state. The bill, introduced by California Senator Josh Becker, aims to simplify the process by allowing individuals to request data deletion from a single page, rather than having to contact each company individually. Data brokers must also register with the California Privacy Protection Agency, and non-compliance with these rules can result in fines. Proponents of the bill praise the user-friendly approach, but advertising companies argue it will harm their industry.

Read more on WION (World Is One News) . Blog written by Moohita Kaur Garg .

While jumping into the next task,

If you do one thing:?

Do something today your future self will be thankful for.?

Autodit?offers Tools & Solutions for

• SMBs' InfoSec Compliances (10 hour effort from Engineering Leadership)
• Large Enterprises' Third Party Risk Assessments, RFP Questionnaire Response Automation, Security Awareness LMS, Trust Center
• Custom Integrations & InfoSec Frameworks for Real Time Monitoring of your Information Security Readiness Posture.

Ping our Founder,?Prithvi Raju Alluri?now!