Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity Breach. Show all posts
Regulatory Compliance
AIL Hack Customer Data Theft Cybersecurity Breach Data Leak Data Privacy Identity Theft Risks Insurance Cyberattack Insurance Fraud Privacy Regulatory Compliance

Hackers Claim Data on 150000 AIL Users Stolen


It has been reported that American Income Life, one of the world's largest supplemental insurance providers, is now under close scrutiny following reports of a massive cyberattack that may have compromised the personal and insurance records of hundreds of thousands of the company's customers. It has been claimed that a post that has appeared on a well-known underground data leak forum contains sensitive data that was stolen directly from the website of the company. 

It is said to be a platform frequently used by cybercriminals for trading and selling stolen information. According to the person behind the post, there is extensive customer information involved in the breach, which raises concerns over the increasing frequency of large-scale attacks aimed at the financial and insurance industries. 

AIL, a Fortune 1000 company with its headquarters in Texas, generates over $5.7 billion in annual revenue. It is a subsidiary of Globe Life Inc., a Fortune 1000 financial services holding company. It is considered to be an incident that has the potential to cause a significant loss for one of the country's most prominent supplemental insurance companies. 

In the breach, which first came to light through a post on a well-trafficked hacking forum, it is alleged that approximately 150,000 personal records were compromised. The threat actor claimed that the exposed dataset included unique record identifiers, personal information such as names, phone numbers, addresses, email addresses, dates of birth, genders, as well as confidential information regarding insurance policies, including the type of policy and its status, among other details. 

According to Cybernews security researchers who examined some of the leaked data, the data seemed largely authentic, but they noted it was unclear whether the records were current or whether they represented old, outdated information. 

In their analysis, cybersecurity researchers at Cybernews concluded that delays in breach notification could have a substantial negative impact on a company's financial as well as reputational position. It has been noted by Alexa Vold, a regulatory lawyer and partner at BakerHostetler, that organisations often spend months or even years manually reviewing enormous volumes of compromised documents, when available reports are far more efficient in determining the identity of the victim than they could do by manually reviewing vast quantities of compromised documents. 

Aside from driving up costs, she cautioned that slow disclosures increase the likelihood of regulatory scrutiny, which in turn can lead to consumer backlash if they are not made sooner. A company such as Alera Group was found to be experiencing suspicious activity in its systems in August 2024, so the company immediately started an internal investigation into the matter. 

It was confirmed by the company on April 28, 202,5, that unauthorised access to its network between July 19 and August 4, 2024, may have resulted in the removal of sensitive personal data. It is important to note that the amount of information that has been compromised differs from person to person. 

However, this information could include highly confidential information such as names, addresses, dates of birth, Social Security numbers, driver's licenses, marriage certificates and birth certificates, passport information, financial details, credit card information, as well as other forms of identification issued by the government. 

A rather surprising fact about the breach is that it appears that the individual behind it is willing to offer the records for free, a move that will increase the risk to victims in a huge way. As a general rule, such information is sold on underground markets to a very small number of cybercriminals, but by making it freely available, it opens the door for widespread abuse and increases the likelihood that secondary attacks will take place. 

According to experts, certain personal identifiers like names, dates of birth, addresses, and phone numbers can be highly valuable for nabbing identity theft victims and securing loans on their behalf through fraudulent accounts or securing loans in the name of the victims. There is a further level of concern ensuing from the exposure of policy-related details, including policy status and types of plans, since this type of information could be used in convincing phishing campaigns designed to trick policyholders into providing additional credentials or authorising unauthorised payments.

There is a possibility of using the leaked records to commit medical fraud or insurance fraud in more severe scenarios, such as submitting false claims or applying for healthcare benefits under stolen identities in order to access healthcare benefits. The HIPAA breach notification requirements do not allow for much time to be slowed down, according to regulatory experts and healthcare experts. 

The rule permits reporting beyond the 60-day deadline only in rare cases, such as when a law enforcement agency or a government agency requests a longer period of time, so as not to interfere with an ongoing investigation or jeopardise national security. In spite of the difficulty in determining the whole scope of compromised electronic health information, regulators do not consider the difficulty in identifying it to be a valid reason, and they expect entities to disclose information breaches based on initial findings and provide updates as inquiries progress. 

There are situations where extreme circumstances, such as ongoing containment efforts or multijurisdictional coordination, may be operationally understandable, but they are not legally recognised as grounds for postponing a problem. In accordance with HHS OCR, the U.S. Department of Health and Human Services' “without unreasonable delay” standard is applied, and penalties may be imposed where it perceives excessive procrastination on the part of the public. 

According to experts, if the breach is expected to affect 500 or more individuals, a preliminary notice should be submitted, and supplemental updates should be provided as details emerge. This is a practice observed in major incidents such as the Change Healthcare breach. The consequences of delayed disclosures are often not only regulatory, but also expose organisations to litigation, which can be seen in Alera Group's case, where several proposed class actions accuse Alera Group of failing to promptly notify affected individuals of the incident. 

The attorneys at my firm advise that firms must strike a balance between timeliness and accuracy: prolonged document-by-document reviews can be wasteful, exacerbate regulatory and consumer backlash, and thereby lead to wasteful expenses and unnecessary risks, whereas efficient methods of analysis can accomplish the same tasks more quickly and without the need for additional resources. American Income Life's ongoing situation serves as a good example of how quickly an underground forum post may escalate to a problem that affects corporate authorities, regulators, and consumers if the incident is not dealt with promptly. 

In the insurance and financial sectors, this episode serves as a reminder that it is not only the effectiveness of a computer security system that determines the level of customer trust, but also how transparent and timely the organisation is in addressing breaches when they occur. 

According to industry observers, proactive monitoring, clear incident response protocols, and regular third-party security audits are no longer optional measures, but rather essential in mitigating both direct and indirect damages, both in the short run and in the long term, following a data breach event. Likewise, a breach notification system must strike the right balance between speed and accuracy so that individuals can safeguard their financial accounts, monitor their credit activity, and keep an eye out for fraudulent claims as early as possible.

It is unlikely that cyberattacks will slow down in frequency or sophistication in the foreseeable future. However, companies that are well prepared and accountable can significantly minimise the fallout when incidents occur. It is clear from the AIL case that the true test of any institution cannot be found in whether it can prevent every breach, but rather what it can do when it fails to prevent it from happening. 

There is a need for firms to strike a delicate balance between timeliness and accuracy, according to attorneys. The long-term review of documents can waste valuable resources and increase consumer and regulatory backlash, whereas efficient analysis methods allow for the same outcome much more quickly and with less risk than extended document-by-document reviews. 

American Income Life's ongoing situation illustrates how quickly a cyber incident can escalate from being a post on an underground forum to becoming a matter of regulatory concern and a matter that involves companies, regulators, and consumers in a significant way. There is no doubt that the episode serves as a reminder for companies in the insurance and financial sectors of the importance of customer trust. 

While on one hand, customer trust depends on how well systems are protected, on the other hand, customer trust is based on how promptly breaches are resolved. It is widely understood that proactive monitoring, clear incident response protocols, and regular third-party security audits are no longer optional measures. Rather, they have become essential components, minimising both short-term and long-term damage from cyberattacks. 

As crucial as ensuring the right balance is struck between speed and accuracy when it comes to breach notification is giving individuals the earliest possible chance of safeguarding their financial accounts, monitoring their credit activity, and looking for fraudulent claims when they happen. 

Although cyberattacks are unlikely to slow down in frequency or sophistication, companies that prioritise readiness and accountability can reduce the severity of incidents significantly if they occur. AIL's case highlights that what really counts for a company is not whether it can prevent every breach, but how effectively it is able to deal with the consequences when preventative measures fail.
Read more »
Malicious Code
Corporate Sabotage Cybersecurity Breach Data Breach data security Federal Sentencing Insider Threat IT Infrastructure Attack Malicious Code

Worker Sentenced to Four Years for Compromising Company IT Infrastructure


 

It is the case of a Chinese-born software developer who has been sentenced to four years in federal prison after hacking into the internal systems of his former employer, in a stark warning of the dangers of insider threats that corporations across the globe should be aware of. Known as Davis (David) Lu, 55, of Houston, Texas, the disgruntled employee allegedly committed one of the most devastating forms of digital retaliation, embedding hidden malicious code into Eaton Corporation's computer network that crippled their operations. 

In 2019, after Lu had been demoted and suspended, the attack disrupted global operations, locked out thousands of employees, and caused severe financial losses that resulted in the demotion and suspension being followed by the attack. As reported by the Department of Justice, Lu’s actions illustrate how even the most resilient enterprises can face crippling risks when they are mistrustful and unchecked with insider access. 

According to Lu's investigation, after he was cut off from his responsibilities in 2018 as a result of a corporate reorganisation, his dissatisfaction began in 2018. A professional setback, prosecutors argued, was the inspiration for a carefully orchestrated sabotage campaign. By planting malicious Java code within Eaton's production environment, he planted the code to wreak maximum havoc once it was activated. 

It was the logic bomb labeled IsDLEnabledinAD that was the most detrimental element of this scheme. This logic bomb was designed to remain dormant until Eaton terminated his employment on September 9, 2019 by disabling his account and then executing on that day, causing Eaton to terminate his employment as a result of the logic bomb.

In the instant after it exploded, thousands of employees across global systems were locked out of their offices, widespread disruptions were caused, and a cascading series of failures were set off across corporate networks, showing the devastating impact of a single insider on the company. According to court filings, Lu's actions went far beyond just a single sabotage attack. Eventually, he had injected routines into the code that was designed to overload the infrastructure by mid-2019.

These routines included infinite loops in the source code that forced Java virtual machines to create threads indefinitely, ultimately leading to the crash of production servers as a result of resource exhaustion, and also the deletion of employee profiles within the Active Directory directory. This further destabilized the company's workforce. t was his intention to carefully engineer his plan, which was evident in the embedded kill switch activating when it was revoked in September, demonstrating that his plan had been carefully devised for many years. 

In short, the result was swift and severe: thousands of employees were locked out of their systems, key infrastructure came to a complete halt, and losses quickly soared into the hundreds of thousands. In a later investigation, it became evident that Lu was not only intent on disrupting production, but also implementing a sabotage campaign. 

Logs of his malicious execution drew attention to a unique user ID and a Kentucky-based machine, revealing the extent to which he attempted to conceal the attack. During the course of investigating Lu's code, officials learned that portions were named Hakai—the Japanese word for destruction—and HunShui—the Chinese word for sleep and lethargy. These are clear signals that Lu's intention was destructive. 

Lu escalated his retaliation on the very same day he was instructed to return his company-issued laptop by trying to delete encrypted volumes, wipe Linux directories, and erase two separate projects in his attempt to evade the company's demands. The search history of the individual documents a meticulous effort on the part of the man to find ways to obstruct recovery efforts, demonstrating his determination to escalating privileges, concealing processes, and erasing digital evidence.

There is a strong belief among federal authorities that the losses incurred were in the millions of dollars, with the FBI stating that the case serves as a reminder of how much damage insiders can cause in systems that do not have the appropriate safeguards in place. Lu's actions were strongly condemned by the Justice Department, describing it as a grave betrayal of professional trust by Lu. He was credited with technical expertise that used to serve as an asset to the organization at one point, but ultimately was weaponized against that very infrastructure he was supposed to protect, according to officials. 

According to the prosecutors in court, the sabotage was a clear example of insider threats circumventing traditional cybersecurity protections by exploiting privileges and bypassing traditional cybersecurity defenses in order to deliver maximum disruptions. In their view, the sentencing reflects the seriousness with which the United States takes corporate sabotage as a threat that destabilizes operations and undermines trust within critical industries. 

In an era of increased digital dependence, Davis Lu's convictions reinforce a broader lesson for businesses that are in business today. There is no doubt that firewalls, encryption standards, and intrusion detection systems remain essential; however, the case emphasizes that the most dangerous risks are often not the result of faceless hackers in the outside, but rather of individuals with privileged access within a organization. 

As a central component of an organization's cybersecurity strategy, insider threat detection must be considered as a central pillar to mitigate such risks. To minimize exposure, continuous monitoring systems need to be implemented, user activity audits conducted on a regular basis, stricter access controls must be implemented, and role-based privileges need to be adopted. 

Aside from the technical measures, experts emphasize how important it is to build work cultures rooted in accountability, transparency, and communication, which will reduce the likelihood that professional grievances will escalate into retaliation if they occur. According to cybersecurity analysts, companies need to prioritize behavioral analytics and employee training programs to be able to detect subtle warning signs before they spiral into damaging actions. 

In order to be proactive in security, companies need to recognize and address vulnerabilities that have been found within their organization and address them before they are exploited by external adversaries. Technology continues to become increasingly integrated into every aspect of a global organization, so the ability to remain resilient depends on establishing a strong security infrastructure that is backed up by sound governance and a culture of vigilance. 

In addition to being a sobering example of what one insider can create, the Lu case also serves as a reminder that it takes foresight, diligence, and a relentless commitment to safeguarding trust to build digital resilience.
Read more »
Ransomware attack
cyber attack Cybersecurity Breach Data Breach data security Lee Enterprises newspaper hack Ransomware attack

Lee Enterprises Confirms Ransomware Attack Impacting 75+ Publications

 

Lee Enterprises, a major newspaper publisher and the parent company of The Press of Atlantic City, has confirmed a ransomware attack that disrupted operations across at least 75 publications. The cybersecurity breach caused widespread outages, impacting the distribution of printed newspapers, subscription services, and internal business operations.

The attack, first disclosed to the Securities and Exchange Commission (SEC) on February 3, led to significant technology failures, affecting essential business functions. In an official update to the SEC, Lee Enterprises reported that hackers gained access to its network, encrypted key applications, and extracted files—common tactics associated with ransomware incidents.

As a result of the attack, the company's ability to deliver newspapers, process billing and collections, and manage vendor payments was severely affected. “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments,” Lee Enterprises stated in its SEC filing.

With a vast portfolio of 350 weekly and specialty publications spanning 25 states, Lee Enterprises is now conducting a forensic investigation to assess the extent of the data breach. The company aims to determine whether hackers accessed personal or sensitive information belonging to subscribers, employees, or business partners.

By February 12, the company had successfully restored distribution for its core publications. However, weekly and ancillary publications are still facing disruptions, accounting for approximately five percent of the company's total operating revenue. While recovery efforts are underway, full restoration of all affected services is expected to take several weeks.

Cybersecurity experts have warned that ransomware attacks targeting media organizations can have severe consequences, including financial losses, reputational damage, and compromised data security. The increasing frequency of such incidents highlights the urgent need for media companies to strengthen their cybersecurity defenses against evolving cyber threats.

Growing Cybersecurity Threats in the Media Industry


The publishing industry has become an attractive target for cybercriminals due to its reliance on digital infrastructure for content distribution, subscription management, and advertising revenue. Recent high-profile cyberattacks on media organizations have demonstrated the vulnerability of traditional and digital publishing operations.

While Lee Enterprises has not yet disclosed whether a ransom demand was made, ransomware attacks typically involve hackers encrypting critical data and demanding payment for its release. Cybersecurity experts caution against paying ransoms, as it does not guarantee full data recovery and may encourage further attacks.

As Lee Enterprises continues its recovery process, the company is expected to implement stronger cybersecurity measures to prevent future breaches. The incident serves as a reminder for organizations across the media sector to enhance their security protocols, conduct regular system audits, and invest in advanced threat detection technologies.
Read more »
trending news
Cybersecurity Breach Data Breach EU News SecurityScorecard trending news

Third-Party Data Breaches Expose Cybersecurity Risks in EU's Largest Firms

A recent report by SecurityScorecard has shed light on the widespread issue of third-party data breaches among the European Union’s top companies. The study, which evaluated the cybersecurity health of the region’s 100 largest firms, revealed that 98% experienced breaches through external vendors over the past year. This alarming figure underscores the vulnerabilities posed by interconnected digital ecosystems.

Industry Disparities in Cybersecurity

While only 18% of the companies reported direct breaches, the prevalence of third-party incidents highlights hidden risks that could disrupt operations across multiple sectors. Security performance varied significantly by industry, with the transport sector standing out for its robust defenses. All companies in this sector received high cybersecurity ratings, reflecting strong proactive measures.

In contrast, the energy sector lagged behind, with 75% of firms scoring poorly, receiving cybersecurity grades of C or lower. Alarmingly, one in four energy companies reported direct breaches, further exposing their susceptibility to cyber threats.

Regional differences also emerged, with Scandinavian, British, and German firms demonstrating stronger cybersecurity postures. Meanwhile, French companies recorded the highest rates of third- and fourth-party breaches, reaching 98% and 100%, respectively.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard, stressed the importance of prioritizing third-party risk management. His remarks come as the EU prepares to implement the Digital Operational Resilience Act (DORA), a regulation designed to enhance the cybersecurity infrastructure of financial institutions.

“With regulations like DORA set to reshape cybersecurity standards, European companies must prioritise third-party risk management and leverage rating systems to safeguard their ecosystems,” Sherstobitoff stated in a media briefing.

Strengthening Cybersecurity Resilience

DORA introduces stricter requirements for banks, insurance companies, and investment firms to bolster their resilience against cyberattacks and operational disruptions. As organizations gear up for the rollout of this framework, addressing third-party risks will be crucial for maintaining operational integrity and adhering to evolving cybersecurity standards.

The findings from SecurityScorecard highlight the urgent need for EU businesses to fortify their digital ecosystems and prepare for regulatory demands. By addressing third-party vulnerabilities, organizations can better safeguard their operations and protect against emerging threats.

Read more »
Ransom Demand
CloudSEK Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Fortnite IAM system MFA Ransom Demand

Fortinet Cybersecurity Breach Exposes Sensitive Customer Data

 

Fortinet experienced a significant cybersecurity breach involving a third-party cloud drive, where 440 GB of data was leaked by a hacker named “Fortibitch” after the company refused to pay the ransom. The breach affected about 0.3% of Fortinet’s customers, roughly 1,500 corporate users, and included sensitive information such as financial documents, HR data, customer details, and more. Experts highlight that the breach underscores the critical need for implementing rigorous cybersecurity measures like multi-factor authentication (MFA) and robust identity access management (IAM) systems. 

Multi-factor authentication is particularly emphasized as a vital layer of defense against unauthorized access, significantly reducing the risk of data exposure when combined with strong identity access management. Organizations need to ensure that they enforce MFA and other identity management protocols consistently, especially for accessing essential systems like SharePoint and cloud storage services. Jim Routh, Chief Trust Officer at Saviynt, pointed out the growing concern over cloud security, given its increased adoption in software development and data storage. He stressed that without proper safeguards, such as MFA and secure access controls, sensitive data is at risk of exposure. 

Cybersecurity analyst Koushik Pal from CloudSEK echoed this sentiment, advocating for stricter IAM policies and urging organizations to regularly monitor repositories for potential misconfigurations, exposed credentials, or sensitive data leaks. This kind of vigilance is necessary for all teams to adhere to security best practices and minimize vulnerabilities. Relying on third-party vendors for data storage, as Fortinet did, is not inherently dangerous but introduces additional risks if strict security protocols are not enforced. The breach serves as a reminder that even established cybersecurity companies can fall victim to attacks, highlighting the need for ongoing vigilance. 

According to Routh, it’s crucial for system administrators to manage accounts meticulously, ensuring that identity access management protocols are properly configured and that privileged access is monitored effectively. The breach exemplifies how cybercriminals exploit security weaknesses to gain unauthorized access to sensitive data. As cloud technologies continue to be integrated into businesses, the responsibility to protect data becomes increasingly important. Cybersecurity experts emphasize that organizations must invest in proper training, regularly update security measures, and remain vigilant to adapt to evolving cyber threats. 

Ensuring that MFA, identity management systems, and monitoring practices are in place can go a long way in protecting against similar breaches in the future. This Fortinet incident serves as a wake-up call, showing that no organization is entirely immune to cyber threats, regardless of its expertise in cybersecurity.
Read more »
Personal Information
Customer Data Customer Data Exposed Cybersecurity Breach Data Breach Data Leak Data protection Personal Information

Avis Data Breach Exposes Over 400,000 Customers’ Personal Information

 

Over 400,000 customers of Avis, a prominent car rental company known for its presence at U.S. airports, have had their personal data compromised in a recent cybersecurity breach. The company revealed the incident to the public on Monday, stating that the breach occurred between August 3 and August 6. Avis, which is part of the Avis Budget Group, sent notifications to affected customers last week, advising them on how to protect themselves from potential identity theft or fraud. 

The Avis Budget Group, which owns both Avis and Budget, operates over 10,000 rental locations across 180 countries, generating $12 billion in revenue in 2023, according to its most recent financial report. However, the recent data breach has cast a shadow over its operations, highlighting vulnerabilities in its data security measures. In a data breach notice filed with the Iowa Attorney General’s office, Avis disclosed that the compromised information includes customer names, dates of birth, mailing addresses, email addresses, phone numbers, credit card details, and driver’s license numbers. 

A separate filing with the Maine Attorney General revealed that the data breach has impacted a total of 299,006 individuals so far. Texas has the highest number of affected residents, with 34,592 impacted, according to a report filed with the Texas Attorney General. The fact that sensitive personal information was stored in a manner that allowed it to be accessed by cybercriminals has raised serious questions about the company’s data protection practices. Avis first became aware of the data breach on August 5 and took immediate steps to stop the unauthorized access to its systems.

The company stated that it had launched a comprehensive investigation into the incident and enlisted third-party security consultants to help identify the breach’s origins and scope. Avis has not yet disclosed specific details about the nature of the attack, the vulnerabilities exploited, or the identity of the perpetrators, leaving many questions unanswered. This breach underscores the growing challenges faced by companies in protecting customer data in an increasingly digital world. While Avis acted quickly to contain the breach, the company’s reputation could suffer due to the extent of the data compromised and the sensitive nature of the information accessed. 

The breach also serves as a reminder of the importance of robust cybersecurity measures, especially for businesses that handle large volumes of personal and financial data. The incident has also prompted scrutiny from regulators and data privacy advocates. Many are questioning how sensitive customer information was stored and protected and why it was vulnerable to such an attack. Companies like Avis must ensure they are equipped with advanced security systems, encryption protocols, and regular audits to prevent such breaches from occurring in the future. As the investigation continues, Avis customers are advised to monitor their financial accounts closely, watch for signs of identity theft, and take appropriate measures.
Read more »
Ransomware attack
banking service outage Cyber Security Cybersecurity Breach online banking disruption Patelco Credit Union Phishing email Ransomware attack

Ransomware Attack on Patelco Credit Union Disrupts Services for Nearly Half a Million Members

 

A ransomware attack on Bay-area Patelco Credit Union has disrupted banking services for nearly half a million members, and the outage could persist for weeks.

The credit union announced the attack on June 29 via Twitter. The affected services include online banking, the mobile app, direct deposits, transfers, debit and credit card transactions, Zelle, balance inquiries, online bill payments, and monthly statements, among others.

Patelco Credit Union, based in Dublin, California, serves the San Francisco Bay Area and Northern California. In addition to consumer banking, it offers mortgage origination, home equity lines of credit, and mortgage refinancing.

Patelco CEO Erin Mendez issued a statement on Wednesday confirming that cybersecurity specialists have validated the "core systems" and assured members that their money is "safe and secure." However, she mentioned that full system functionality is not expected to be restored over the weekend.

"I know this continues to cause our members frustration and many of you have questions," she said, promising that any fees incurred due to the shutdown will be waived. "We hear your concerns and are working around the clock to address them. Our team is committed to doing everything we can to support our members through this difficult situation."

The Mercury News reported that hackers infiltrated the bank’s internal databases via a phishing email, encrypting its contents and locking the bank out of its systems.

Operating as a nonprofit cooperative, Patelco holds $9 billion in assets. Despite providing daily updates since the attack, there is no clear timeline for when systems will be fully restored, and further outages are possible.

Services that remain operational include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments, and in-branch loan payments.
Read more »
Ransomware attack
banking service outage Cyber Security Cybersecurity Breach financial services disruption member frustration online banking down Patelco Credit Union Ransomware attack

Patelco Credit Union Working Diligently to Recover from Security Incident

 

A ransomware attack on Patelco Credit Union in the Bay Area has disrupted banking services for nearly half a million members, with the outage potentially lasting for weeks.

The credit union announced the attack on June 29 through Twitter. Affected services include online banking, the mobile app, direct deposits, transfers, debit and credit card transactions, Zelle, balance inquiries, online bill payments, and monthly statements.

Besides consumer banking, Patelco Credit Union also provides mortgage origination, home equity lines of credit, and mortgage refinancing. Headquartered in Dublin, California, the credit union serves the San Francisco Bay Area and Northern California.

On Wednesday, Patelco CEO Erin Mendez issued a statement confirming that their cybersecurity team has validated the "core systems" and assured members that their funds are "safe and secure." However, she noted that the systems would not be operational by the weekend.

“I understand this situation continues to frustrate our members and that many have questions,” Mendez said. She added that any fees resulting from the outage would be waived. “We are aware of your concerns and are working tirelessly to resolve them. Our team is fully dedicated to supporting our members during this challenging time.”

According to The Mercury News, hackers accessed the bank’s internal databases via a phishing email, encrypting the contents and locking the bank out of its systems.

Patelco, a nonprofit cooperative with $9 billion in assets, has been providing daily updates since the attack but has not provided a specific timeline for when services will be fully restored. They have also cautioned that further outages may occur.

Currently, members can still perform check and cash deposits, ATM withdrawals, ACH transfers, ACH bill payments, and in-branch loan payments.
Read more »
security measures
Cyber Attacks Cybersecurity Breach data security Hotel Chains Ransomware attack Restaurant Chain security measures

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.
Read more »
security measures
Axie Infinity co-founder crypto community cryptocurrency theft Cyber Security Cybersecurity Breach Digital Assets Hackers personal accounts security measures

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.
Read more »
Remote Access Software
cyber attack Cyber Attacks Cyber Hacking Cybersecurity Breach data security Remote Access Software

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.
Read more »
North Korean Hackers
Cybersecurity Breach Data Breach LinkedIn messaging scam malicious software download Meta recruiter impersonation North Korean Hackers

Security Breach: Hacker Poses as Meta Recruiter, Targets Aerospace Company

 

The Lazarus Group, an entity linked to North Korea, has been identified in a cyber espionage operation aimed at an aerospace firm based in Spain. The scheme involved impersonating a Meta recruiter on LinkedIn to approach employees of the targeted company. 

These individuals were then tricked into opening a malicious file that masqueraded as a coding challenge or quiz. This attack is part of a broader spear-phishing campaign known as Operation Dream Job. Its goal is to entice employees from potential strategic targets with enticing job opportunities, thereby initiating the infection process.

In a recent technical report shared with The Hacker News, ESET security researcher Peter Kálnai shed light on the attack. In a previous incident this March, the Slovak cybersecurity company had outlined an attack focused on Linux users, where fake HSBC job offers were used to deploy a backdoor named SimplexTea.

The latest intrusion, designed for Windows systems, aims to install an implant referred to as LightlessCan. Kálnai emphasized the significance of this new payload, highlighting its sophistication and representing a substantial advancement compared to its predecessor, BLINDINGCAN. BLINDINGCAN, also known as AIRDRY or ZetaNile, is a multifaceted malware capable of extracting sensitive data from compromised hosts.

The attack unfolded as follows: the target received a message on LinkedIn from a counterfeit recruiter claiming to represent Meta Platforms. This recruiter sent two coding challenges as part of the supposed hiring process, ultimately convincing the victim to execute the test files (named Quiz1.iso and Quiz2.iso) hosted on a third-party cloud storage platform.

ESET pointed out that these ISO files contained malicious binaries (Quiz1.exe and Quiz2.exe), which were downloaded and executed on a device provided by the company. This resulted in the system compromising itself and the corporate network being breached.

This attack sets the stage for an HTTP(S) downloader known as NickelLoader. This allows the attackers to deploy any desired program into the victim's computer memory, including the LightlessCan remote access trojan and a variant of BLINDINGCAN referred to as miniBlindingCan (aka AIRDRY.V2).

LightlessCan boasts support for up to 68 distinct commands, with 43 of them currently functional in its present version. Meanwhile, miniBlindingCan primarily focuses on transmitting system information and downloading files from a remote server.

One noteworthy feature of this campaign is the use of execution guardrails to prevent the payloads from being decrypted and run on any machine other than the intended victim's.

Kálnai highlighted that "LightlessCan emulates the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions." This strategic shift bolsters stealthiness, making it more challenging to detect and analyze the attacker's activities.

In recent months, the Lazarus Group and other threat clusters originating from North Korea have been notably active. They have conducted attacks spanning various sectors, including manufacturing and real estate in India, telecoms companies in Pakistan and Bulgaria, and government, research, and defense contractors in Europe, Japan, and the U.S., as per Kaspersky.
Read more »
Small Businesses
Business hacking Cyber Attacks Cyber Protection Cyber Threats Cybersecurity Breach IT Experts Small Businesses

How can Small Businesses Protect Themselves From Cyber Threats?


In today’s world where businesses of kinds and shapes are developing into a digitalized body, it has also increased chances of cybercrime in their cyber spaces significantly. Newbie business personnel who are looking forward to set a business in bakeries, renovations, and other fascinating passions now struggle, seeing the complexities in cybersecurity. Due to the fact that cybercriminals are continuously keeping an eye on vulnerabilities, it is crucial for organizations to take proactive measures to safeguard their digital assets and keep their operations running smoothly.

Modern Reality of Cyber Threats 

While pondering over cyberattacks is definitely not the first thing that comes over an entrepreneur’s mind, in today’s world where digital footprints is a known issue in any operation, cyber security needs to be taken into consideration. Data breaches and ransomware assaults are only two examples of the destructive actions that go under the umbrella of "cyber risk," which are frequently carried out by rogue agents, organized crime groups, or even nation-states. The virtual nature of cyberattacks does not lend itself to the straightforward answer of shifting to a "safer neighborhood," unlike conventional physical protection. Attackers benefit from ongoing access and endless opportunities as a result of firms being online all the time.

Adding to this, incorporation of AI technologies into a business has given threat actors a chance to improvise and add more complexities to their attacks. Ransomware-as-a-Service (RaaS) has further aided in expending the gig economy in the cybercrime-space, allowing small-time offenders to use automation and scale up their destructive activities. As a result, the fusion of technology with malicious intent has made the business of cyberattacks a booming one worldwide.

Critical Strategies for Cyber Protection 

There are many measures that could be followed to protect oneself from getting their systems struck by any cybercrime entity. We are listing some them below:

Keep Software Up-to-Date: Software maintenance is an essential practice. Cybercriminals may be able to exploit weaknesses in software that is even decades old. By installing software updates from reputable manufacturers like Microsoft, the danger of cyberattacks can be greatly reduced.

Implement Essential Controls: Leaders from small-size businesses are advised to emphasize on foundation measures in order to protect against known threats, like phishing attacks, malware or hacking. Some of the best safety measures include multifactor authentication, email and web filtering, data security and backups, privileged access management, and endpoint detection and response.

Collaborate with Insurers and IT Experts: Despite effective cybersecurity precautions, hacks can still happen, thus planning and cooperation are crucial. Working together with IT professionals and cyber insurers can result in specialized incident plans and quick recovery plans in the event of a successful attack. Cyber insurance offers access to specialized teams, coaching for crisis response, and financial support.  

Read more »
USA
API API- Application Programming Interface Cybersecurity Breach Data Breach USA

API Security Losses Total Billions, US Companies Hit Hard


According to the analysis of breach data, US companies are the ones affected the most by the APIs. Companies have lost a combined amount of $12 billion to $23 billion in 2022 from compromises linked to Web application programming interfaces (APIs). 

APIs are used in Internet of Things (IoT) applications and on websites. An API is a mechanism that facilitates two software systems to interact. It controls the types of requests that take place between programs, how these requests are made, and the kinds of data formats used. For example, the Google Maps application on a mobile device does not contain names of all the streets, cities, towns, and other landmarks on your device. Instead, it connects to another application within the Google server that contains all of that information and this connection is made possible using an API. 

The data over the last decade suggests that API security has leveled up as a significant cybersecurity problem. Following the information, the Open Web Security Application Project (OWASP) has listed the top 10 APl security issues in 2019. 

It has explained various API weaknesses including broken authorization for objects, weak user authentication, and excessive data exposure as sensitive issues for software makers and companies that rely on cloud services. Thus, API security has become increasingly important. 

APIs work as the backend framework for mobile and web applications. Crucial and sensitive data is transferred between users, APIs, and applications and systems. Therefore, it is important to protect the sensitive data they transfer. 

According to the report 'Quantifying the Cost of API Insecurity' published this week by application-security firm Imperva and risk-strategy firm Marsh McLennan – cybersecurity issues would grow as APIs continue to become a common pattern for cloud and mobile devices.

"The growing security risks associated with APIs correlate with the proliferation of APIs. The volume of APIs used by businesses is growing rapidly — nearly half of all businesses have between 50 and 500 deployed, either internally or publicly, while some have over a thousand active APIs," says Lebin Cheng, vice president of API security for Imperva. 

Further, in Asia, more than 100 combined API security incidents occurred, and in the US more than 600 API security events. To prevent this, companies have to gain visibility into how they are using APIs and create a complete inventory of the API traffic in their network.
Read more »
Tokens
Badger Defi and MonoX Cybersecurity Breach Data Breach Hackers Steal Money Hacking. Tokens

Hackers Drained $120m From Badger Defi and $30m From MonoX

 

Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors. 

The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th. 

As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings. 

As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses. 

The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.” 

On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met. 

It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported. 

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.

Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle. 

1. – 5.7M MATIC ($10.5M) 
2. – 3.9k WETH ($18.2M) 
3. – 36.1 WBTC ($2M) 
4. – 1.2k LINK ($31k) 
5. – 3.1k GHST ($9.1k) 
6. – 5.1M DUCK ($257k) 
7. – 4.1k MIM ($4.1k) 
8. – 274 IMX ($2k)
Read more »
Vulnerability and Exploits
Cybersecurity Breach Mac macOS PoC Vulnerability and Exploits

Expert Releases PoC Exploit for MacOS Gatekeeper Bypass

 

Cybersecurity expert Rasmus Sten, an F-Secure software engineer, published a PoC exploit code for MacOS Gatekeeper bypass that Apple fixed earlier in 2021. The PoC (Proof of Concept) exploit attacks CVE-2021-1810 vulnerability, which leads to escaping three protection that Apple has built against harmful file downloads, particularly Gatekeeper, notarization and file quarantine. The vulnerability was discovered in the Archive Utility component of MacOs Big Sur and Catalina and can be compromised using specifically made ZIP file. 

For the compromise to be successful, the attacker has to fool the user into downloading and installing the archive to deploy malicious codes in the system. The vulnerability exploit would allow an attacker to execute unsigned binaries on MacOS systems, including Gatekeeper that enforces code signatures and user wouldn't be aware of the malicious code execution. According to Sten, the vulnerability is linked to a pattern where Archive Utility controls file paths. Especially, if the paths are larger than 886 characters, the com.apple.quarantine feature couldn't be enabled, which will allow Gatekeeper bypass for the malicious files. 

During the investigation of long path file names samples, Sten found that few MacOS parts showed unexpected pattern after the final path length touched a certain point. In the end, experts found that it may be possible to make an archive with a hierarchical structure, in this case, the path length would be long enough for Safari to call Archive Utility to unload it and wouldn't use com.apple.quarantine attribute, but small enough for Finder to browse and MacOS to deploy the malicious codes in the system. 

To lure the victim easily, attacker could hide archive folder structure using a symbolic link in root which is almost indifferent from a single application bundle in an archive root. "Sten, who also released a video demo of the exploit, has published PoC code that creates the archive with the path length necessary to bypass CVE-2021-1810, along with a symbolic link to make the ZIP file look normal.The vulnerability was addressed with the release of macOS Big Sur 11.3 and Security Update 2021-002 for Catalina," reports Security Week.
Read more »
US
CISA Cyber Security Cybersecurity Breach US

US Agencies Hit By Cyberattack, Confirms CISA Investigation

 

Around five federal civilian agencies were breached recently, in a hit to the US government, revealed an investigation by a top Cybersecurity and Infrastructure Security Agency, which followed emergency protocol to minimize damage from the attack. Suspected hackers from China exploited vulnerabilities in Pulse Secure VPN, a popular remote connectivity tool, to hack into government organizations, defense systems, financial agencies across Europe and the US, said a report released earlier this month. 

For the past few weeks, CISA has been constantly working to find out to find the total damage of the attack and help organizations protect their systems, telling organizations to run an "integrity tool" to look for potential breaches. Matt Hartman, Deputy Executive Assistant Director of Cybersecurity said "CISA is aware of at least five federal civilian agencies who have run the Pulse Connect Secure Integrity Tool and identified indications of potential unauthorized access." CISA is coordinating with various agencies to verify if a breach occurred and to provide assistance as a response to the issue. The news came out first when Reuters reported about the affected agencies. Earlier this week, CNN had reported that CISA found 24 Federal Civilian Agencies using Pulse Secure VPN, but were not sure whether they were compromised. 

CNN reports, "The discovery of potential breaches comes a little over a week after CISA issued a rare "emergency directive" ordering all federal civilian agencies to determine how many instances of the product they have, run the "integrity tool," install updates and submit a report to CISA. Emergency directives are used when there is a high potential for compromise of agency systems. Since March 31, CISA has been assisting multiple entities whose vulnerable Pulse Connect Secure products have been exploited by a cyber threat actor, according to a CISA spokesperson." 

The US government is still determining the extent of the attack. The Pulse Secure VPN intrusions don't show any signs of sophisticated attack or supply chain attack, as was the case with the recent SolarWinds attack. The hack was also different from the Microsoft Exchange Server Campaign indiscriminate targetting, where hackers breached thousands of servers.
Read more »
IoT
China Cyber Security Cybersecurity Breach IoT

Hackers Tap Into Home Security Cameras, Record Sex Tapes To Sell Online

Chinese hackers are infiltrating into residents' house security cameras, shooting them having sex and selling the footage online. However shocking this crime may sound, it's pretty common nowadays, according to South China Morning Post. It reports, "the videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report."  

These videos are always in high demand in the online market. This can be frightening as the sophisticated gadgets that we use for our security can be turned against us, and the internet can put us in such a vulnerable condition. The attackers hacked into candid cameras to spy on hundreds of thousands of victims and record their sex tape, besides this, they were also able to find out about the hidden cameras that hackers used to plant in the hotel rooms.  These sex tapes that are on sale are being called "home videos", hackers have also set up multilevel marketing scheme where the clients are encouraged to sell these videos furthermore. 

The customers were shared the login credentials of the hacked security cameras so that they can tune in themselves. According to one hacker's audio conversation with his VIP clients, he had dozens of people walking around and installing these cameras wherever they went.  Even if these cameras are caught by the hotels, the hackers will only lose around 100 yuan, the losses can be compensated by uploading a couple of videos online. 

"Such videos are primitive,” the hacker said. “Many people like such kind of stuff nowadays, watching people’s privacy, what they’re doing at the moment… You know what, I have sold this video several hundred times," said the hacker, according to South China Morning Post. In a similar incident, hackers hacked into the Amazon ring cameras where the customers were unaware of the breach.
Read more »
Security Breach
Breach Cyberattack Cybersecurity Breach FireEye Security Breach

US Cybersecurity Company FireEye Hacked by 'Nation-Backed' Threat Actors


On Tuesday, one of the leading cybersecurity firms, FireEye said that it has been attacked by "highly sophisticated" state-sponsored hackers who stole the company's valuable hacking tools used for testing customers' security and computer networks. The attack was heavily customized to breach FireEye's systems. 
 
The breach substantiated the biting reality that the most advanced security vendors out there, primarily to protect others from intrusions can also be targeted and consequently hacked. Notably, the attacker mainly sought data of some government customers, using an unprecedented combination of tactics, according to the firm. CEO Kevin Mandia in his blogpost characterized the attack as a 'highly targeted cyberattack', a kind never witnessed before. So far, no customer data seem to be accessed by the attackers. 
 
There are a number of speculations about who might have performed the attack, however, the firm gave no clarity about the origins of the attackers and is investigating the matter along with the FBI. In a similar context, Mandia indicated in his blog post that the nation responsible for the attack is someone with world-class offensive capabilities as the unfamiliarity of the attack speaks volumes about the top-notch capabilities tailor-made to attack FireEye.  
 
On the basis of his 25 years of experience in cybersecurity, Mr. Mandia further said in his Saturday's blog that this attack was “different from the tens of thousands of incidents we have responded to throughout the years,” and “used a novel combination of techniques not witnessed by us or our partners in the past.” 
 
“These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” the company said in the filing. “Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.” 
 
While giving insights, a CISA spokesperson told, "As details are made available we are working to share and implement countermeasures across the federal networks and with our private sector partners," 
 
Meanwhile, FireEye has been said to have a "ringside seat" for some of the most advanced intrusions carried out globally by Mike Chapple, a former NSA official who's currently working at the University of Notre Dame as a cybersecurity expert.
Read more »
Cybersecurity Breach
Cybersecurity Cybersecurity Breach

Every Organization Should Ask These 8 Questions Before Choosing Their Cybersecurity Provider


Being cybersecurity ready offers many advantages, but your organization can always target hackers unless you do not know critical details. According to a Junior Research report in 2019, the expense of cybersecurity breaches in 2024 will reach to $5 Trillion every year from $3 Trillion currently. The data is helpful, especially for large organizations that depend on third-party cybersecurity services for their day to day operations. Data by Opus and Ponemon Institute shows that 60% of organization attacks happen due to the third-party actors. Data breaches can destroy the brand image of any organization and also result in a financial crisis. To limit data breaches, the organization should have a reliable third-party vendor that it can trust.

Here's why any organization should research while preferring a new provider and why third-party threats are pressing. Fewer vendors mean fewer threats. Currently, companies depend on many vendors to perform their day to day operations. For instance, in 2019, Apple alone had 200 supplier companies. In most of the cases, these threats come from third-party vendors. For instance, hackers attacked Agama, a cryptocurrency app which had vulnerabilities in its third party javascript library.

According to Juniper, "the new research, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 noted that while the cost per breach will steadily rise in the future, the levels of data disclosed will make headlines but not impact breach costs directly, as most fines and lost business are not directly related to breach sizes. 

How to choose a reliable vendor? 
  1. Are your vendor's offerings compatible with your organization's needs? 
  2. Your cybersecurity provider should have an excellent cyber score. 
  3. Did your vendor experience any data breach or attack in the past? 
  4. If the provider has an immediate incident response project. 
  5. Whether your cybersecurity provider offers 'right to inquire.' 
  6. If the vendor has an intelligence program for potential threats. 
  7. Whether the vendor has industry certification or not. 
  8. If the third party provider has a chief information security officer or a security contact. 
Answers to these questions will help your organization select third-party cybersecurity provider wisely.
Read more »
Subscribe to: Posts (Atom)