

This is a very interesting technique used by malicious actors and attackers to gain access to valuable data and information, including contact information. One could potentially argue that all of this information is in the public domain, so is it technically an unauthorized disclosure, incident, or breach. However, the consent to use this contact information is clearly where the privacy is breached, as these impacted individuals will not have given permission for their data to be shared and/or
.....Read More
As expected, we are continuing to see the impact of the Accellion file-sharing data breach expand. We applaud the due diligence that many of the affected organizations are taking to be transparent with customers, partners, employees, and with CU, their students, about the exposure of their personally identifiable information (PII). As it appears to be the case with the University of Miami, an organization may not be directly exposed to the breach, but they may be using services or technology
.....Read More
Password Stealing Malware and Phishing Attacks remain a challenge for most modern enterprises. Password Stealing techniques usually target the weakest link in an organisation’s security posture - the human being. Once successfully performed, any future attacks have a high chance of staying undetected as they use official credentials to access personal and business resources. Attackers don't need to pay lot of attention when obfuscating their actions as having full access allows them to run a
.....Read More
Identity and access management is the fundamental protection control for reducing security, privacy and operational error events or incidents. The federal reserve IT outage is the latest example of an operational error. Knowing who and what is trying to access the environment, limiting their access only to their true business needs and asking employees to re-authenticate prior to carrying out high risk or high privilege actions are key access control components which reduce operational risk
.....Read More
Ransomware continues to be a global cybersecurity threat. In the business of cybercrime, ransomware takes the top spot since it has a high ROI by holding the victims' ransom for financial payment. Cybercriminals will of course continue to focus their efforts on this revenue-generating stream as we’re now seeing with the DoppelPaymer gang targeting Kia. During 2021, we will definitely see cyber-criminal individuals and groups try to maximize their return of investment with their attacks,
.....Read More
We are likely to see more breach disclosures originating from the Accellion file-sharing data breach over the forthcoming months.
Business leaders can take appropriate action now to help maintain the trust with their customers, partners and employees. They can achieve this by carrying out due diligence with their organization to understand if the Accellion data file sharing tool is in use, and/or was in use in the past.
Being transparent with customers, partners and employees about this
.....Read More
Business leaders and organizations need to take time out of their day to carry out due-diligence in relation to the Accellion breach. This will help them determine the likelihood of their exposure to the breach and establish the full use of Accellion in their organizations.
It's critical to ask each business leader if they are using an Accellion account belonging to a customer, partner, and/or vendor organization to send or receive shared files. An organization may not be directly exposed to
.....Read More
Financial data is subject to both regulatory and compliance requirements. The fundamental security requirement for all industries storing financial data is to understand who and what is trying to access the technology environments that the financial data is stored in. This breach further highlights the importance of identity and access management to support all businesses through digital transformation delivering to security, compliance, and privacy requirements.

This is a great example of the need for organizations to build a comprehensive Trust and Security program focusing on people, processes and technology controls to protect data processed and stored, whether it's within their own organization or with a third party. This breach emphasizes the importance of a "Security First" culture within organizations who must stay on top of the latest threats. Security must be seen as a business enabler. The State of Washington appears to be taking the right
.....Read More
Ransomware will remain a global cybersecurity threat during 2021 and the associated risk of this threat materializing will be more prevalent for certain industries and in particular Government bodies. Cybercrime is a business so all should think of it the same way. Out of all the various types of cybercrime activities, ransomware is the one activity that has a high direct return of investment associated with it, by holding the victims' ransom for financial payment. Taking the global economic
.....Read More