Consumers and cybersecurity professionals around the world have been stunned by Uber’s revelation that it paid hackers $100,000 to delete data on 57 million users stolen last year. There are many strands to the case, and more details are likely to emerge over time. But fundamentally it highlights the need for firms to secure their cloud environments as rigorously as anything on premise.
No organisation is breach-proof: we all know that the odds are stacked too high in the attackers’ favour. However, by following industry best practices we can make it as difficult as possible for hackers, and discourage all but the most determined and well resourced. That’s why it will dismay many in the industry to learn that Equifax knew about the vulnerability that it claims led to a massive breach at the firm this year, all the way back in March. However, it was apparently only fully patched months later once the damage had been done.
Given the scale of the breach, and the fact the firm could have been hit with fines of over $60m under the forthcoming GDPR regime, this should serve as yet another cautionary tale to IT leaders. Best practice security, including effective patch management, is called “best practice” for a reason. Continue reading →
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening again. The unpalatable truth is that many of those organisations caught out by WannaCry earlier this month could face punitive fines if the same kind of thing happens again in a year’s time.
That’s right: the EU General Data Protection Regulation (GDPR) is coming, adding a whole new level of urgency to firms realising they need a major cybersecurity overhaul after WannaCry. Continue reading →
News emerged this week of an alleged data breach at the Qatar National Bank. On the face of it, it’s yet another large multi-national with inadequate security getting hacked and exposing the details of its customers. But on closer inspection the details revealed in the data dump tell us more – that the hacker was using the breached bank data to build up profiles on specific individuals in order to launch follow-on attacks.
It’s another fascinating insight into the shadowy world of cybercrime which should remind us all, businesses and individuals, that personal information is a valuable online commodity that should be protected at all times. Continue reading →