TWITS AT TWITTER SAY THEY ARE SORRY
This Past Week* has seen ‘twitter’ announce an ‘error’ that led to advertisers access to users information; a report identifies cyber vulnerabilities still not being addressed; Instagram launches new tool to combat phishing emails; Seek warns of sophisticated email phishing campaigns; Analytics executives in Equador ‘nicked’; and major data breaches in AUSTRALIA; NEW ZEALAND; CANADA; UNITED KINGDOM & USA.
Known Customers Effected by Data Breaches reported in this Briefing this past week: 219,011,600 **
(**4/8 Breaches in this Newsletter were unable to quantify the number of Customers effected.)
This Past Week's Top Dark Web ID Trends: Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance & Insurance
Top Employee Count: 501+ Employees
TWITTER SAYS SORRY FOR ALLOWING ACCESS TO USERS INFORMATION*:
Twitter says it was just an accident that caused the microblogging giant to let advertisers use private information to better target their marketing materials at users. The social networking giant on Tuesday admitted to an "error" that let advertisers have access to the private information customers had given Twitter in order to place additional security protections on their accounts. "We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system," Twitter said. "When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes. This was an error and we apologize."Twitter assures users that no "personal" information was shared, though we're not sure what Twitter would consider "personal information" if your phone number and email address do not meet the bar. "We cannot say with certainty how many people were impacted by this, but in an effort to be transparent, we wanted to make everyone aware. No personal data was ever shared externally with our partners or any other third parties," the mea cupa reads. "As of September 17, we have addressed the issue that allowed this to occur and are no longer using phone numbers or email addresses collected for safety or security purposes for advertising." Earlier this year, Facebook was handed a US$5 Billion fine by the US government for playing fast and loose with the personal information of its customers. It is not clear what this incident could mean for Twitter legally, if anything. The FTC declined to comment on the matter. Aside from being a violation of privacy and potential legal liability for Twitter, the incident will have the added effect of making users less safe by discouraging them from using phone numbers and email verification as additional levels of security. All in all, this is a bad look for Twitter that isn't likely to go away any time soon.
REPORT IDENTIFIES VULNERABILITIES STILL NOT BEING ADDRESSED FOR SECURITY*
In 2010, report that knowledge of the “Pass The Hack” attack (Microsoft describes “Pass-the-Hash” attacks as a technique in which an attacker captures account logon credentials on one computer and then uses those captured credentials to authenticate other computers over the network.) first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete. Password management firm One Identity surveyed (PDF) more than 1,000 qualified individuals with a direct responsibility for security and a knowledge of IAM (Identity and access management - IAM - is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities ) and privileged access in firms with more than 500 employees. Fifty-three percent of the firms had more than 5,000 employees from a wide range of different industry sectors, while 40% of them are in the U.S. or Canada. The purpose of the survey was to determine current understanding of, and mitigations used for, Pass the Hash attacks. Thirteen percent of the respondents said they had no plans to do anything at all. A Pass the Hash attack involves stealing the password hash rather than the plaintext password. A typical attack might target a local or remote user's desktop with malware that would serve two purposes. The first would introduce a problem, such as slowing performance or breaking a commonly used app; the second would have the ability to scrape memory. The first purpose is to persuade the victim that he has a problem that could be fixed by the help desk staff. With a call logged, the help team is persuaded to log into the user's computer to fix the problem. This would typically involve using an administrator account. When the administrator logs in, the admin account hash is logged on the computer -- and the second function of the malware to scrape this from memory comes into play. The result is that the attacker now has privileged access to the network. Since there is no technological defense against legitimate access, Pass the Hash must be prevented rather than detected. The One Identity survey sought to understand how companies are preventing the attacks, and "to explore the impact of Pass the Hash attacks." Only 26% of respondents believe they have not experienced such an attack; 15% don't know if they have had an attack; and 4% don't know what it is. The larger the company, the greater the likelihood of an attack. In companies with more than 5,000 employees, 8% know they have been attacked with a further 18% thinking it probable. With companies between 2,500 and 5,000 employees, the figures are 5% and 14%; and for those with less than 2,500, it is 2% and 10%. Among those respondents that had experienced an attack, 70% reported a result in increased operational costs, 68% reported staff costs in addressing the issue, and 40% reported a direct financial impact through lost revenue and fines. "The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having significant financial and operational impact on organizations, there is vast room for improvement in the steps organizations are taking to address them," said Darrell Long, VP of product management at One Identity. The key to mitigating Pass the Hash attacks is the issuance of single-use passwords for privileged accounts. In our described scenario, it won't stop the attackers getting hold of the administrative hash, but the password will have been used and the hash will not work again. "Another solution," One Identity evangelist Todd Peterson told SecurityWeek, "would be to use advanced Active Directory practices to use a delegated set of permissions without using administrator credentials." Microsoft's recommended solution is to use Red Forest, the common name for its Enhanced Security Administrative Environment (ESAE) offering. This, explained Peterson, "requires an entirely separate Active Directory forest in order to move the desktop that requires work into this forest, where it can remain protected, and then move it back when the fix is complete. It's a pretty expensive, complex and cumbersome way to do it," he added, "but it does solve the problem." Fifty-five percent of the respondents say they have tackled Pass the Hash by implementing privileged password management (a password vault). Fifty percent say they have implemented advanced Active Directory controls, and 26% say they have implemented Red Forest. Worryingly, perhaps, 13% say they have no plans to combat Pass the Hash. The concern here is that if a firm does nothing to prevent Pass the Hash, there may be no way of knowing whether they are already victims of the attack. "The key takeaway from this survey," says Peterson, "is that of all the options, barely more than half of the respondents are doing any one of them, while probably none of them are adequate on their own. The best approach," he continued, "would be to combine the Active Directory management and a password vault. Or if you choose to go the Red Forest route, augment it with the others. Eighty-seven percent of the respondents are doing something," he added, "but the financial impact reported shows they are not doing enough."
NEW TOOL INTRODUCED ON INSTAGRAM TO PREVENT PHISHING ATTACKS*.
Instagram has added a new feature to its app to help users work out if an email was sent by the Facebook company or if it’s an attempted phishing scam. Now, if you receive an email claiming to be from Instagram, you can check if it’s genuine by heading over to the “Emails from Instagram” option in the app’s Security settings, which lists every email the service has sent you over the last 14 days. The update is rolling out now and may take time to appear in your settings.
SEEK WARNS OF ‘SOPHISTICATED’ PHISHING CAMPAIGN*
Seek has warned of a phishing campaign that impersonates the job posting service’s head of digital marketing. A message sent out to Seek customers said that the phishing email used the head of digital marketing’s email address and had the subject line “Files have been sent to you via Hightail”. Seek said that people who replied to it received a second phishing email impersonating this Email address. “If you click on the link you will be redirected to a phishing (fake) website posing as Microsoft Office 365 where you will be prompted to log into your account,” the message sent by Seek warned. “Do not provide your log in information. If you have provided your information, we recommend letting your IT or security operations team know so that they can apply the appropriate measures. Seek said it apologised for any inconvenience caused.
A fraud report issued by security firm RSA said that phishing accounted for 37 per cent of all attacks it observed in Q2. “Overall, phishing volume has increased 6 percent since last year,” the report said. Australia did not make RSA’s top list of target countries for phishing during the quarter, by was ranked number seven in the world for hosting phishing campaigns.
The most recent report on the Notifiable Data Breaches scheme issued by the Office of the Australian Information Commissioner (OAIC) said that during the April-June quarter 62 per cent of the 245 breaches reported to it involved “malicious or criminal attacks”. “Many incidents in this quarter exploited vulnerabilities involving a human factor,” the OAIC report stated. “This included individuals clicking on a phishing email or use of credentials that had been compromised or stolen by other means (such as in another data breach) to obtain unauthorised access to personal information.”
The OAIC said that 46 of the breaches it was notified of during the quarter involved phishing.
ANALYTICS EXECUTIVES “NICKED” AS EQUADOR TRIES TO PUSH THROUGH PRIVACY LAWS AFTER MASSIVE DATA LEAK*.
The head of Novaestrat, the data analytics company at the centre of the huge leak revealed on Monday involving personal information about more than 20 million Ecuadorian citizens, has been taken into custody. Once the leak was made known, the country's federal authorities announced a formal investigation. Within hours, local police swooped on Novaestrat's office to confiscate computer equipment, with Ecuador's interior minister Maria Paula Romo dramatically tweeting pictures of the raid in the early hours of Tuesday morning. Curiously, this office was also said to be the home of its general manager, William Roberto G (Roberto Garces), who was arrested at the scene and taken to the Esmeraldas province. The arrest was confirmed by the state attorney general, referring to the Novaestrat executive as its "legal representative" and outlining its reasons as follows: The [raid] was carried out to collect elements on an alleged crime of violation of privacy, after [the authorities] learned about the leakage of information from about 20 million Ecuadorians, including about 7 million minors [and people already deceased]. The data allegedly came from a server located in the United States owned by Novaestrat, a consulting firm that provides services such as data analysis and software development. During the raid, electronic equipment, computers and storage devices were seized, as well as documentation among other elements. Prosecutors will continue to conduct more actions to investigate the alleged crime. The Novaestrat website and its social media pages are currently offline. It remains unclear what specific charge is to be made against Garces, if any. Ministry of Telecommunications and Information Society officials had announced on Monday that the ministry was to hold its own investigation into what had happened, but seemed to suggest that Novaestrat held the data legitimately, probably as the result of a contract with the previous government administration. So it's not going to be a hacking charge. There was also a hint that the existence of a database on an unprotected server wasn't itself proof that Novaestrat had misused the data or that anyone else had accessed it during its leaky phase with malicious intent. So it may not be any type of criminal charge. Will it be data privacy? Ecuador's laws in this area are out of date and telecoms minister Andrés Michelena Ayala had to admit to journalists that his ministry had been thrashing out a new data privacy law for the last eight months. The president insisted that this legislation be "expedited" – i.e. rushed through full of mistakes – and set before parliament. The minister said he would comply. It also remains unclear why Ecuador's Government would entrust personal data for its entire population to a consultant working from a home office. It's the gig economy gone mad.
THREAT FOCUS: West Gippsland Hospital - AUSTRALIA*
Exploit: Ransomware
West Gippsland Hospital: Regional emergency hospital
Risk to Small Business: 2.111 = Severe: A ransomware attack has significantly impacted the healthcare provider’s ability to conduct business and treat patients. West Gippsland Hospital expects their book and record keeping system to be unavailable for two weeks. In response, the hospital had to disconnect and isolate its computer network to prevent the malware’s spread. Emergency and surgery centers remain operational, but some patient procedures were cancelled, and others were delayed until full operations can be restored. The ransomware attack was one of seven reported at healthcare providers around Australia.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect on Customers: Ransomware attacks are on the rise, and healthcare providers are a top target. However, regardless of industry, every organization needs to examine the deliverable pathways for ransomware. Since there is no advantageous or affordable response once a ransomware attack occurs, these critical defensive maneuvers are a bottom-line issue for every company in 2019.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Call Avantia on 07 30109711 for more information.
THREAT FOCUS: Tu Ora Compass Health - NEW ZEALAND*
Exploit: Unauthorized database access
Tu Ora Compass Health: Primary health organization
Risk to Small Business: 1.666 = Severe: Tu Ora Compass Health recently acknowledged a data breach that compromised the personal information for up to a million people. The breach was extensive, and hackers likely had access to the healthcare provider’s system since 2016. The organization discovered the breach after its website was defaced in August, and their slow response time made an already difficult situation even more damaging. Now, the organization will face public backlash, regulatory scrutiny, and high recovery costs.
Individual Risk: 2.428 = Severe: Tu Ora Compass Health’s data breach included a wide range of patient data, including names, ages, ethnicities, and addresses. In addition, hackers had access to patients’ smoking history, alcohol intake levels, immunization records, diabetes information, and other highly-personal data points. Administrators believe this data was harvested to perpetuate identity theft, so those impacted by the breach should enroll in identity monitoring services to ensure that their information isn’t leveraged for nefarious reasons.
Customers Impacted: 1,000,000 Effect On Customers: Companies operating in highly regulated industries like healthcare have to be especially vigilant about their cybersecurity stance. Patients’ personal data must be protected at all costs, and when a breach occurs, it should not take three years to discover. Deploying proper defenses is much more affordable and advantageous than considering data breaches an inevitability and leaving it up to chance.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia Cyber Security in ‘real time’ when their customers employee or private emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can inexpensively partner up by phoning Avantia on 07 30109711
THREAT FOCUS: EA Sports - UNITED KINGDOM*
https://www.infosecurity-magazine.com/news/ea-games-leaks-personal-data/
Exploit: Accidental sharing
EA Sports: Developer and publisher of sports video games
Risk to Small Business: 2 = Severe: EA Sports inadvertently leaked the personal data of 1,600 gamers who participated in a competition on the company’s website. The breach is related to the company's FIFA 20 Global Series competition. Aside from becoming a PR nightmare for EA Sports on social media, the leak occurred just hours after the company's announcement of new security features and promotional events related to the UK’s National Cyber Security Month. The web form was removed after thirty minutes, and the competition was temporarily cancelled.
Individual Risk: 2.142 = Severe: The leaked data includes email addresses, account ID numbers, usernames, and dates of birth. Those impacted by the breach should monitor their accounts for suspicious or unusual activity.
Customers Impacted: 1,600 Effect On Customers: Even relatively small data breaches can have a sizable impact on a company’s reputation and future earnings potential. Even apart from the bad press and media scrutiny that often accompanies a breach, customers are quick to take to social media to voice their concerns. Taken together, a data breach can quickly escalate into a PR disaster. To protect your brand’s reputation, prioritize customer data security.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia Cyber Security in ‘real time’ when their customers employee or private emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can inexpensively partner up by phoning Avantia on 07 30109711
THREAT FOCUS: The National Basketball Association - CANADA*
https://www.narcity.com/sports/ca/nba-canada-data-breach-reported-one-month-after-the-incident
Exploit: Unauthorized database access
The National Basketball Association: Men’s professional basketball league in North America
Risk to Small Business: 2.111 = Severe: An unauthorized user accessed a server managed by the NBA for its Canadian business efforts. The league quickly identified the intrusion and took the server offline, began an investigation, and hired cybersecurity experts to make further recommendations. However, these measures can’t retroactively restore users’ data integrity, nor will it negate the reputational damage that always accompanies a privacy breach.
Individual Risk: 2.428 = Severe: The exposed user data includes names, addresses, email addresses, phone number, and other account-related information. Although the breach is limited to those who recently entered an online contest in Canada, this information is especially sensitive, and those impacted by the breach should take every precaution to ensure the long-term integrity of their credentials.
Customers Impacted: Unknown Effect on Customers: Digital platforms can be a great way to engage customers, but when data integrity is compromised, these initiatives can quickly become a liability. Therefore, cybersecurity needs to be the bedrock of any online engagement to ensure that such marketing efforts meet customers where they are securely, as opposed to manifesting into self-inflicted wounds on your company's reputation and customer engagement. Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia Cyber Security in ‘real time’ when their customers employee or private emails and passwords have been compromised and are for sale ton the Dark Web to the highest bidder, before a breach occurs. Learn how you can inexpensively partner up by phoning Avantia on 07 30109711
BullPhish ID, offered FREE OF CHARGE to Avantia’s Clients compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: Phone 07 30109711 for more information
THREAT FOCUS: Listowel Wingham Hospital Alliance - CANADA*
Exploit: Ransomware
Listowel Wingham Hospital Alliance: Healthcare partnership between Listowel Memorial Hospital and Wingham and District Hospital
Risk to Small Business: 2 = Severe: The Listowel Wingham Hospital Alliance, which is comprised of two hospitals, was struck by a ransomware attack that significantly curtailed their treatment capabilities. Although the emergency rooms remain open, less urgent patients are enduring long waits or are being transferred to other facilities. In addition, the hospitals are unable to communicate with other healthcare providers until their network is cleared of ransomware-spreading malware. Not only does this put patients’ health at risk, but the recovery expenses and opportunity costs are sure to be immense.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown Effect On Customers: There are no inexpensive ways to respond to a ransomware attack, which raises the importance of strong cybersecurity standards that can defend against these attacks. As the cost of a ransomware attack continues to rise, every business needs to be aware of the urgent need to secure their IT infrastructure against this incredibly frustrating and unfortunately expensive cybersecurity threat.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia Cyber Security in ‘real time’ when their customers employee or private emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can inexpensively partner up by phoning Avantia on 07 30109711
THREAT FOCUS: Zendesk Software - UNITED STATES*
https://www.channele2e.com/technology/security/zendesk-chat-data-breach/
Exploit: Unauthorized database access
Zendesk: Customer service software company
Risk to Small Business: 1.888 = Severe: More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.
Individual Risk: 2.285 = Severe: The personal details of customers, agents, and end users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.
Customers Impacted: 10,000 Effect On Customers: When it comes to protecting customer data, speed and precision are your best friends. Unfortunately, too many companies don’t have the IT capabilities to identify a data breach or to adequately investigate an event after it happens. As a result, customer data can virtually linger indefinitely before protective action can be taken, such as changing passwords or otherwise ensuring data integrity. This incident serves as an important reminder that every business needs to enlist in services that help proactively monitor and protect customer data.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Industry. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a FREE ‘real time’ Dark Web search today: Call Avantia Cyber Security on 07 30109711 to schedule a search.
THREAT FOCUS: Tomo Drug Testing - UNITED STATES*
https://finance.yahoo.com/news/tomo-drug-testing-provides-notice-210000275.html
Exploit: Unauthorized database access
Tomo Drug Testing: Medical laboratory providing drug and screening services
Risk to Small Business: 1.888 = Severe: An unauthorized user gained access to Tomo’s customer database, which contained a treasure trove of personal data. Upon discovering the access, Tomo hired an external forensic firm to investigate the incident, which confirmed that customer data was either deleted or removed from the database. Although Tomo can’t confirm that hackers downloaded data, they are charged with notifying their customers and regulatory bodies of the incident. This could bring additional expenses and revenue reductions to the drug testing company. Moreover, the company will certainly face additional criticism and scrutiny for its lengthy reporting process and the sensitive nature of the compromised information in question. The breach occurred on July 1, 2019 but wasn’t officially reported until this week.
Individual Risk: 2.142 = Severe: Tomo confirmed that personal data, including names, driver’s license numbers, Social Security numbers, and drug test results could be compromised. The drug testing company has set up a designated helpline, and they encourage those impacted by the breach to acquire a free credit report to identify abnormalities.
Customers Impacted: Unknown Effect On Customers: Although Tomo states that data privacy is one of their top concerns, their actions say otherwise. Companies demonstrate their priorities by actively securing their customers’ data and by having a response plan ready in case a breach occurs. Knowing what happens to data after it is stolen and having deliberate channels to communicate this information to your customers are both critical to hastening the recovery process and restoring customer confidence in your brand.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Industry. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyse and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a FREE ‘real time’ Dark Web search today: Call Avantia Cyber Security on 07 30109711 to schedule a search.
THREAT FOCUS: Zynga Software - UNITED STATES*
https://www.cisomag.com/data-breach-affected-218-million-words-with-friends-gamers/
Exploit: Unauthorized database access
Zynga: Social game development company
Risk to Small Business: 2 = Severe: Hackers gained access to the company’s database, which exposed the personally identifiable information(PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.
Individual Risk: 2.428 = Severe: The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.
Customers Impacted: 218,000,000 Effect On Customers: Data security is increasingly top of mind for consumers. For companies operating in a highly competitive marketplace, it can mean the difference between keeping your customers happy while increasing revenue or losing them forever. Therefore, businesses of every size need to meet the moment by understanding their vulnerabilities, embracing best practices for cyber defense, and building a breach response action plan.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
Avantia Cyber Security & ID Agent to the Rescue: Dark Web ID alerts Avantia Cyber Security in ‘real time’ when their customers employee or private emails and passwords have been compromised and are for sale on the Dark Web to the highest bidder, before a breach occurs. Learn how you can inexpensively partner up by phoning Avantia on 07 30109711
POSTSCRIPT*
U.S. Senate Passes Ransomware Response Law*
Ransomware is making a devastating comeback in 2019, impacting SMEs, Government Agencies, and educational institutions with frightening regularity and at great cost. The scourge of attacks has been so profound that a bill governing ransomware response tactics actually elicited bipartisan support from a divisive U.S. senate. The new legislation calls for dedicated teams tasked with providing organizations with best practice advice for protecting against and responding to ransomware attacks. These resources will be available for SMEs, Government Agencies, and Schools, which were specifically addressed by senate minority leader, Chuck Schumer.
The practical effects of such legislation are unclear, but the more prescient fact is that the law exists at all. It underscores the incredible need for more companies to adopt a best practice defensive posture and the chasm between those that are ready to defend themselves and those that remain vulnerable. However, the law alone won’t solve SMEs problems. They need to understand the ways that their IT infrastructure might be vulnerable, and they need to make addressing those concerns a top priority.
UK Business Leaders Believe Data Breaches Are the New Normal*
The majority of UK businesses have suffered some form of a data breach in 2019, and C-suite business leaders view this reality as the “new normal.” This information was derived from the latest Carbon Black study, which surveyed 250 C-level business leaders from the UK. In total, 84% indicated that they endured a data breach in the past year, and the same amount indicated that cyber attacks were becoming more sophisticated. This new reality is especially notable among smaller businesses, which reported a 57% increase in cyber attacks. While the financial repercussions varied significantly, 75% of executives noted that reputational cost is one of the most problematic results of a data breach. Interestingly, two of the most prominent threats identified by executives, malware and phishing attacks, are defensible. By implementing comprehensive awareness training, companies of all sizes can neutralize a persistent and problematic threat group.In a cybersecurity landscape that’s increasingly defined by continuous attacks, controlling some of the variables can give any organization a leg up on the best efforts of bad actors.
ARE YOU AN AVANTIA CYBER SECURITY PARTNER?
Not a Partner? Learn more about Dark Web ID™ and schedule a FREE ‘real time’ Dark Web scan of your business and your private credentials to determine your vulnerability to Credential theft and exploitation. Find out how the benefits our low cost leading edge cyber protection programs can deliver to your Business and your personal privacy. Phone +61 7 30109711 (Office Hours) or Email info@avantiacorp.com.au today.
Disclaimer*: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach and cyber security information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.
*COPYRIGHT 2019 Avantia Corporate Services - All Rights Reserved.