ISMS.online News Roundup – 19th September 2019

Welcome

Table of Contents

Ecuador suffers the biggest data breach in the country’s history; vulnerabilities in iOS 13; the effects of having no data privacy legislation; a possible shortage in new cybersecurity talent; and the passing of new information privacy law. All of this and more in this weeks roundup!

Database leaks data on most of Ecuador’s citizens, including 6.7 million children

Due to a misconfigured database, the private data of most of Ecuador’s population, including children, have been left exposed online. The violation was uncovered two weeks ago by security researchers Noam Rotem and Ran Locar. Catalin Cimpanu for ZDNet collaborated with the scientists in this brilliant article to evaluate the leaked data, check the authenticity, and contact the owner of the server.

Read the full article here.

GDPR Survey Finds Companies Still Not Prepared to Comply with Rules and Potential EU Data Breaches

PRNewswire published this fascinating study by the international law firm McDermott Will & Emery, which surveyed businesses in the United States, the EU, China and Japan as they evaluated advancement and difficulties under the GDPR criteria after one year.

Read the full article here.

We need a national policy to protect data privacy

In this fantastic article for the CT Mirror, Tim Phelan, the president of the Connecticut Retail Merchants Association, examines how the US is long overdue of new regulations for protecting personal data since no national data privacy policy framework exists. Phelan continues to discuss how this has made it possible to overlook the management of consumer data, resulting in a pattern of data leakage and mishandling of sensitive information.

Read the full article here.

Chicago brokerage to pay $1.5 million for cyber attack lapses -U.S. CFTC

In this intriguing report for Reuters, Suzanne Barlyn describes how the U.S. Commodities Futures Trading Commission (CFTC) has issued a $1.5 million in fine to a Chicago-based futures brokerage organization that allowed cybercriminals to hack the company’s email systems and withdraw $1 million from a customer’s account.

Read the full article here.

iPhone 11 will have a major SECURITY FLAW when it launches on September 20

A vulnerability has been discovered in Apple’s iOS 13 that lets users look at another iPhone’s contact information, even if it’s Face ID or PIN-guarded. In this fantastic article, T3’s Josh Levenson explores how the current flaw still exists in the latest version of iOS 13 set to be launched with iPhone 11, iPhone 11 Pro and iPhone 11 Pro Max on September 20 and how this is not the first time contact data has been at risk.

Read the full article here.

Medical images and details of 24.3 million patients left exposed on the internet

For his website, Graham Cluley published this wonderful article describing how Greenbone Networks researchers found that 13.7 million confidential patient documents were left unprotected on hundreds of servers used by health care suppliers around the world. These compromised records include pictures of X-rays, CT and MRI scans as well as American patients ‘ social security numbers.

Read the full article here.

Simjacker exploit allowed hackers to attack users for two years

This wonderful article by Rene Millman has been published for Absolute Gadget detailing how researchers found a defect in SIM cards that allows hackers to monitor mobile users. For two years, the vulnerability has been present and can be utilized by sending an SMS. Researchers said the defect is extremely complicated and sophisticated in comparison to previous attacks on mobile core networks.

Read the full article here.

Benefits of data rules must reach citizens, not just companies: S Gopalakrishnan

The Economic Times published this thought-provoking report by Bharani Vaitheesvaran exploring how information laws should be put in place not only for the advantage of corporations but also for people, as well as defending them from the vulnerabilities intrinsic in the digital age. The article also describes how in a committee, the Indian Ministry of Electronics and Information Technology (MeitY) examined non-personal information and recommended a legislative structure for dealing with such information.

Read the full article here.

Digital battlegrounds: The war between big tech and regulators

The struggle between enterprises and regulators continues almost 18 months after the creation of GDPR, which was made in response to the fast growth of always-on tech and the desire to profit off of big data. Rafi Azim-Khan investigates, in this compelling post published by City A.M., whether laws are destined to fail against the apparently unstoppable growth of technology and just how safe is your information in the possession of big tech?

Read the full article here.

Improving Safety At The Rugby World Cup, On And Off The Pitch

As the modern-day sporting event is becoming a hyper-connected production of massive change and possibilities, this year’s rugby world cup in Japan will be the largest and most tech focused event ever. David Warburton discusses in this wonderful article for ISBuzz News how cyber criminals getting ready to breach organizers, sponsors and supporters ‘ security defences alike.

Read the full article here.

Smashing Security #146: Password secrets and baking brownies

Passwords. Love them or loathe them, they are essential and so is the ability to be diverse with them across the platforms you use. Graham Cluley’s latest podcast revisits a previous episode, to discuss the easy pitfalls which can be made and the methods which can deliver your best protection ever. A fun and easy listen with some light banter along the way.

Listen to the full podcast here.

California Consumer Privacy Act to take effect in January with minor amendments

The 2018 California Consumer Privacy Act, California’s approach to GDPR, is due to be put into action on January 1st as the law has passed through the legislative evaluation process with only a few changes.For SiliconAngle, Duncan Riley investigates what this implies for customers as well as organizations, in this intriguing article.

Read the full article here.

The Amount of Data Exposed in Last Decade Increased Tenfold

As the rate of data breaches increase and more and more organizations discover that hackers have attacked their security measures, determined to get their hands on private data. This has caused confidential data to go from being exposed 35.7 million times in 2008 to 10 times that amount in 2018 and is still rising. In this wonderful infographic, Eric Griffith for PC Mag UK compares the rise of data breaches.

Read the full article here.

The digital security of Europe

As part of the Euractiv Special Reports on ‘ Finding Digital Freedom in a Crowded World’, Dr Thomas Kremer, of the Deutsche Telekom Group, wrote this wonderful article on how digital networks have been and will become a progressively appealing target for criminal or state-controlled cyber attacks, and how global businesses need to be vigilant of this.

Read the full article here.

How Cybersecurity Leaders Can Best Navigate the C-Suite

Following the latest surge of data breaches at large businesses such as British Airways, it has become more apparent than ever before cybersecurity leaders need to prepare for more possible threats than ever before. Ron Burley, for CPO Magazine, investigates how if the C-suite does not fully grasp a security risk, they are unlikely to prioritize investing against the threat to the detriment of the entire organisation.

Read the full article here.

New Zealand helps mitigate cybersecurity risks in the Pacific

Two of New Zealand’s ministers have unveiled a new strategy to assist Pacific countries in responding to the region’s cybersecurity risks and will provide $10 million in over five years to help. Teresa Umali explores the implications of this on developing cybersecurity capacity in the Pacific in this brilliant post for OpenGov.

Read the full article here.

Deep learning and machine learning to transform cybersecurity

Specialists in cybersecurity have hypothesised that artificial intelligence (AI) will be able to protect organisations from cyber-attacks as they become more and more sophisticated. In this intriguing article, Soumik Roy for TechWire Asia discusses how deep learning and machine learning appears to have the ability to do so.

Read the full article here.

Cybersecurity top tech investment priority for UK banks

Finextra’s editorial team published this interesting article investigating the outcomes of a study by Lloyds Bank, that discovered cybercrime has become a serious concern for UK financial services firms as it has become the fourth biggest concern for firms. This greater concern is mirrored in budgets as it is now prioritized by 70 per cent of the 100-odd financial services decision-makers questioned.

Read the full article here.

Episode 108 — The Capital One Data Breach and Vendor Cybersecurity Risks

JD Supra has published a new episode of their podcast in which Michael Volkov explores how the Capital One data breach resulted from the behaviour of one person who downloaded approximately 30 GB of 100 million applicants data and highlights the importance of handling information security risks through third parties as well as approaches to mitigate those risks.

Listen to the full podcast here.

CybHER security: Cyber Security Women of the Year

In this fantastic interview, SciTech Europa Quarterly talks to UK Cyber Security Association (UKCSA) CEO and founder Lisa Ventura about the significance of bringing women into the cybersecurity sector and what we can do to safeguard ourselves from present cyber threats.

Read the full article here.

National Australia Bank: Dealing with talent shortages in cybersecurity

Defending against cybersecurity risks is becoming increasingly difficult and organisations are having to cope with the stress caused by hackers with even more sophisticated tools. In this brilliant article for TechWire Asia, Soumik Roy investigates how one of the biggest problems of effectively protecting yourself against cyber attacks is the lack of skilled talent in cybersecurity and what is being done about it.

Read the full article here.

Skill Sets for Transitioning into a Cybersecurity Career

Predictions have been made that by 2021 there will be 3.5 million unfilled cybersecurity jobs, and with cybercrime on the rise, why are employers having trouble filling these positions? Security Boulevard has published this thought-provoking article in which Joseph Feiman seeks to address this problem by investigating the impacts of potentially uncertain applicants as to how their skills can be translated into the cybersecurity field.

Read the full article here.

How MSPs Can Overcome Optimism Bias to Sell Cybersecurity Solutions

According to recent research, 67 per cent of SMBs reported experiencing a cybersecurity attack in the last 12 months, but optimism bias causes them to think that they will be among the 33 per cent who wont experience an incident. For Channel Futures, Adrian Gendre’s fascinating article explores what optimism bias is, why managed service providers should demonstrate to customers the dangers that pass through their defences and how to support them to combat this.

Read the full article here.

Who’s Financially Responsible for Cybersecurity Breaches?

As networks are becoming less secure and cloud data becomes more significant, cybersecurity breaches are even more costly and common. Kayla Matthews, for Security Boulevard, poses the question in this brilliant post, in regards to a data breach, who should be charged when the information of a customer is stolen?

Read the full article here.

California data security experts urge action to fend off hacks, data breaches as regulatory deadline nears

A selection of technology and cybersecurity specialists gathered this Wednesday at the North Bay Business Journal’s North Bay Cybersecurity Summit for Business. In this excellent post for the North Bay Business Journal, Chase Difeliciantonio discusses what the overriding theme from the speakers was and how to keep the information in your company secure in the run up to the California Consumer Privacy Act.

Read the full article here.

Achieve your information security goals with us

ISMS Online Rating: 5 out of 5
Share This