Weekend Must Reads on Infosec

5 ?????????????? ?????????? ???? ?????????????????????? ???????????????? & ????????????????????

1. Okta Data Breach Spotlights Untapped Gold Mine for Hackers

A recent data breach at tech company Okta, which provides software for managing login accounts, has exposed the risks associated with insufficiently safeguarded customer service records. Hackers used stolen login credentials to access Okta's help desk system, where clients upload sensitive internal data. The breach could have far-reaching consequences as the stolen data could potentially be used to infiltrate Okta's clients' systems. Leading password management company 1Password also reported that hackers used information from Okta's help-desk portal to access part of its network. Such supply-chain attacks have become a favored tactic for hackers aiming to exploit digital interconnectedness between companies.

Read more on The Messenger . Article written by Eric Geller .

2. Key points of the DPCs GDPR decision on TikTok and childrens data

Ireland's Data Protection Commission finalized its decision against TikTok for processing children's data, citing issues with transparency and default public settings. The decision is significant as it's the first to assess age-verification measures in light of GDPR, providing insights into future regulatory approaches for mixed-user digital services.

• Public-by-default settings:?The Data Protection Commission (DPC) found that TikTok's default public account settings, which required user action to enable privacy, posed risks to child users by allowing potential abuse and loss of data control, violating GDPR principles.
• Family pairing and direct messaging: The DPC found TikTok's "Family Pairing" feature, which allowed users to enable direct messages for child accounts, lacked proper verification and safeguards, posing unauthorized data processing risks, particularly for child users over 16.
• Transparency: What does 'anyone' mean? TikTok's transparency resources did not adequately inform users, especially children, that their public accounts could be viewed by both registered and non-registered users, violating GDPR's Article 13(1)(e). The DPC found these transparency infringements to be the most significant among the violations.
• Age verification: TikTok's age-verification measures, while challenged, couldn't be conclusively determined to infringe the GDPR, and requiring hard identifiers for age verification was deemed disproportionate by the DPC.

Read more on IAPP . Article written by Anna Morgan and Katerina Tassi .

3. One in four Americans have had their health data compromised this year

In 2023, over 25% of the US population has had their health data exposed in security breaches, affecting nearly 87 million patients, particularly due to the rise in ransomware attacks and hacking incidents. During Q3 2023, data from more than 45 million patients was compromised, exceeding the total for 2022. Healthcare companies are required to report data breaches impacting 500 or more individuals to the US Department of Health and Human Services. The healthcare sector is a lucrative target for cybercriminals due to valuable data on the dark web, despite US healthcare organizations dedicating just 6% of their IT budgets to cybersecurity. The cost of patient data breaches is increasing, reaching an average of $10.9 million in the healthcare sector.

Read more on Quartz . Article written by Faustine Ngila.

4. South Korea’s privacy watchdog fines PayPal $664,000 over data breaches

PayPal has been fined $663,863 (922 million won) by South Korea's Personal Information Protection Commission due to security incidents exposing the personal data of over 23,000 customers. The penalties are related to a cyberattack in December 2021 that exposed 22,000 customers' personal information, a phishing attack compromising data of more than 1,000 customers, and a credential stuffing attack affecting over 300 customers. PayPal was also penalized for reporting delays. Data breaches are a constant threat in the digital age, so safeguarding PayPal accounts is crucial through strong passwords, multi-factor authentication, and vigilance against phishing attempts.

Read more on Bitdefender. Article written by Alina B.

5. More than 500 potential cyber attacks are logged every second, BT says

BT, the telecoms giant, reports that over 46 million potential cyber attack signals are detected daily across the globe, with more than 530 signals per second. Hackers relentlessly scan internet-connected devices using automation and machine learning to find vulnerabilities. Over the past year, the IT, defense, banking, and insurance sectors were the most targeted by cybercriminals, followed by retail, hospitality, education, and charities. BT's data underscores the challenges businesses face in keeping up with cybersecurity measures, with 61% finding it increasingly difficult. The company launched a podcast series called "True Cybercrime Stories" to raise awareness of cyber threats during Cyber Security Awareness Month.

Read more on Lancashire Telegraph.

While jumping into the next task,

If you do one thing:?

Do something today your future self will be thankful for.?

Autodit?offers Tools & Solutions for

• SMBs' InfoSec Compliances (10 hour effort from Engineering Leadership)
• Large Enterprises' Third Party Risk Assessments, RFP Questionnaire Response Automation, Security Awareness LMS, Trust Center
• Custom Integrations & InfoSec Frameworks for Real Time Monitoring of your Information Security Readiness Posture.

Ping our Founder,?Prithvi Raju Alluri?now!