InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
United States – DailyQuiz
https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/Exploit: Hacking
DailyQuiz: Entertainment App
Risk to Business: 1.655= Severe
The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.
Individual Risk: 2.711= Moderate
Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.
How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.
United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)
https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employeesExploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit
Risk to Business: 1.833= Severe
Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.
Risk to Business: 1.833= Severe
RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.
How it Could Affect Your Business: Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.
United States – Bose
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Ransomware
Bose: Audio Equipment Maker
Risk to Business: 2.812= Moderate
Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.
Risk to Business: 2.812= Moderate
According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – JBS SA
https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.htmlExploit: Ransomware
JBS SA: Meat Processor
Risk to Business: 1.221 = Extreme
International meat supplier JBS SA has been hit by a ransomware attack. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada. The company is in contact with federal officials and has brought in a “top firm” to investigate and remediate the incident which is potentially tied to nation-state cybercrime. JBS stated that the attack only impacts some supplier transactions and no data was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially of the nation-state variety, for its potential for business disruption without even stealing data.
Canada – Canada Post
https://globalnews.ca/news/7894760/canada-post-data-breach/Exploit: Third Party Data Breach
Canada Post: Postal Service
Risk to Business: 1.882 = Severe
A supplier’s malware attack is responsible for a nasty data breach at Canada Post affecting 44 of the company’s large business clients and their 950,000 receiving customers. The exposure comes from Commport Communications, an electronic data interchange (EDI) solution supplier that manages shipping data for business customers, informed Canada Post that address data associated with some of their customers had been compromised in May 2021. Canada Post has announced that only shipping information pertaining to less than 50 corporate customers was involved.
Customers Impacted: 44 companies and an estimated 950,000 individual addresses
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
Australia – TPG Telecom
https://www.zdnet.com/article/a-pair-of-tpg-trustedcloud-customers-were-breached/Exploit: Hacking
TPG Telecom: Communications Technology
Risk to Business: 1.115 = Extreme
TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Japan – Net Marketing Co.
https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/Exploit: Hacking
Net Marketing Co.: App Creator
Risk to Business: 1.922 = Severe
Japanese app company Net Marketing Co. said Friday that the personal data of 1.71 million users of one of its apps has been compromised in a hacking incident. The company is the operator of the popular dating app Omiai. Net Marketing said that Omiai customer information provided to the company between January 2018 and last month has been accessed on more than one occasion by unauthorized parties and PII on users may have been stolen.
Individual Risk: 1.942 = Severe
The company notes that assorted user data, including names, identity cards, addresses, email addresses and face photos, was likely leaked due to unauthorized access to its server. Customers that use the Omiai app should be cautious for spear phishing and identity theft risk.
How it Could Affect Your Business: Personal data like this is a hot commodity in booming dark web data markets. Failing to protect it adequately makes it catnip for cybercriminals.
United States – DailyQuiz
https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/Exploit: Hacking
DailyQuiz: Entertainment App
Risk to Business: 1.655= Severe
The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.
Individual Risk: 2.711= Moderate
Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.
How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.
United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)
https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employeesExploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit
Risk to Business: 1.833= Severe
Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.
Risk to Business: 1.833= Severe
RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.
How it Could Affect Your Business: Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.
United States – Bose
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Ransomware
Bose: Audio Equipment Maker
Risk to Business: 2.812= Moderate
Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.
Risk to Business: 2.812= Moderate
According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – JBS SA
https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.htmlExploit: Ransomware
JBS SA: Meat Processor
Risk to Business: 1.221 = Extreme
International meat supplier JBS SA has been hit by a ransomware attack. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada. The company is in contact with federal officials and has brought in a “top firm” to investigate and remediate the incident which is potentially tied to nation-state cybercrime. JBS stated that the attack only impacts some supplier transactions and no data was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially of the nation-state variety, for its potential for business disruption without even stealing data.
Canada – Canada Post
https://globalnews.ca/news/7894760/canada-post-data-breach/Exploit: Third Party Data Breach
Canada Post: Postal Service
Risk to Business: 1.882 = Severe
A supplier’s malware attack is responsible for a nasty data breach at Canada Post affecting 44 of the company’s large business clients and their 950,000 receiving customers. The exposure comes from Commport Communications, an electronic data interchange (EDI) solution supplier that manages shipping data for business customers, informed Canada Post that address data associated with some of their customers had been compromised in May 2021. Canada Post has announced that only shipping information pertaining to less than 50 corporate customers was involved.
Customers Impacted: 44 companies and an estimated 950,000 individual addresses
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
Australia – TPG Telecom
https://www.zdnet.com/article/a-pair-of-tpg-trustedcloud-customers-were-breached/Exploit: Hacking
TPG Telecom: Communications Technology
Risk to Business: 1.115 = Extreme
TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Japan – Net Marketing Co.
https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/Exploit: Hacking
Net Marketing Co.: App Creator
Risk to Business: 1.922 = Severe
Japanese app company Net Marketing Co. said Friday that the personal data of 1.71 million users of one of its apps has been compromised in a hacking incident. The company is the operator of the popular dating app Omiai. Net Marketing said that Omiai customer information provided to the company between January 2018 and last month has been accessed on more than one occasion by unauthorized parties and PII on users may have been stolen.
Individual Risk: 1.942 = Severe
The company notes that assorted user data, including names, identity cards, addresses, email addresses and face photos, was likely leaked due to unauthorized access to its server. Customers that use the Omiai app should be cautious for spear phishing and identity theft risk.
How it Could Affect Your Business: Personal data like this is a hot commodity in booming dark web data markets. Failing to protect it adequately makes it catnip for cybercriminals.
Small and Medium Businesses (SMBs) usually invest less in cybersecurity, making them easier targets for cybercriminals. Close to 30% of businesses experience a cyberattack at least once per week.1
The need for constant vigilance and defense against hackers has led many SMBs to complicate cybersecurity matters. Though the percentage of businesses that have adopted formal, business-wide incident response plans has increased from 18% in 2015 to 26% in 2020, the ability to contain an actual attack dropped by 13%.2 This is because: (1) businesses do not consistently test threat-readiness of incident response plans and (2) many of them use too many security products that hamper the ability to identify and respond to a cyberattack.
It is here where a cyber resilience strategy can help organizations protect uptime and recover from incidents faster. Some people use the terms cybersecurity and cyber resilience simultaneously, but the meanings are different.
While cybersecurity primarily aims at blocking nefarious cyber players from attacking your network, cyber resilience is more about planning, defending, responding to and recovering quickly from a cyberattack. Endpoint protection, email security, network security, backup and data recovery, identity and access management and a host of other critical solutions together fuel a comprehensive cyber resilience strategy.
Your business is cyber resilient when:
Article curated and used by permission.Sources:
The need for constant vigilance and defense against hackers has led many SMBs to complicate cybersecurity matters. Though the percentage of businesses that have adopted formal, business-wide incident response plans has increased from 18% in 2015 to 26% in 2020, the ability to contain an actual attack dropped by 13%.2 This is because: (1) businesses do not consistently test threat-readiness of incident response plans and (2) many of them use too many security products that hamper the ability to identify and respond to a cyberattack.
It is here where a cyber resilience strategy can help organizations protect uptime and recover from incidents faster. Some people use the terms cybersecurity and cyber resilience simultaneously, but the meanings are different.
While cybersecurity primarily aims at blocking nefarious cyber players from attacking your network, cyber resilience is more about planning, defending, responding to and recovering quickly from a cyberattack. Endpoint protection, email security, network security, backup and data recovery, identity and access management and a host of other critical solutions together fuel a comprehensive cyber resilience strategy.
Arm Your Business with Cyber Resilience
The cyberthreat landscape is evolving at lightning speed and traditional security measures cannot keep up with it. Experts have predicted that a ransomware attack will occur every 11 seconds in 2021.3 The only way forward for businesses, including yours, is to draft a cyber resilience strategy that highlights ways to move forward in the face of a cyberattack.Your business is cyber resilient when:
- You’ve implemented measures to guard against cyberattacks
- Proper risk control measures for data protection get deployed
- Hackers cannot severely disrupt business operation during or after an attack
- Threat protection
- Adaptability
- Recoverability
- Durability
5 Ways Cyber Resilience Protects SMBs
Adopting cyber resilience proves beneficial before, during and after cyberattacks. Five ways cyber resilience protects SMBs:- Enhances system security, work culture and internal processes
- Maintains business continuity
- Reduces financial loss
- Meets regulatory and insurance requirements
- Boosts company reputation
Don’t worry if the concept of cyber resilience is tough to crack. We can guide your business to and through cyber resilience. Start with an assessment to check your business’ cyber resilience level. Contact us now!
Article curated and used by permission.
Sources:
1.Infosecurity Magazine
2. The 2020 Cyber Resilient Organization Study
3. JD Supra Knowledge Center
Small and Medium Businesses (SMBs) usually invest less in cybersecurity, making them easier targets for cybercriminals. Close to 30% of businesses experience a cyberattack at least once per week.1 The need for constant vigilance and defense against hackers has led many SMBs to complicate cybersecurity matters. Though the percentage of businesses that have adopted formal, business-wide incident response plans has increased from 18% in 2015 to 26% in 2020, the ability to contain an actual attack dropped by 13%.2 This is because: (1) businesses do not consistently test threat-readiness of incident response plans and (2) many of them use too many security products that hamper the ability to identify and respond to a cyberattack.
It is here where a cyber resilience strategy can help organizations protect uptime and recover from incidents faster. Some people use the terms cybersecurity and cyber resilience simultaneously, but the meanings are different.
While cybersecurity primarily aims at blocking nefarious cyber players from attacking your network, cyber resilience is more about planning, defending, responding to and recovering quickly from a cyberattack. Endpoint protection, email security, network security, backup and data recovery, identity and access management and a host of other critical solutions together fuel a comprehensive cyber resilience strategy.
Arm Your Business with Cyber Resilience
The cyberthreat landscape is evolving at lightning speed and traditional security measures cannot keep up with it. Experts have predicted that a ransomware attack will occur every 11 seconds in 2021.3 The only way forward for businesses, including yours, is to draft a cyber resilience strategy that highlights ways to move forward in the face of a cyberattack.
Your business is cyber resilient when:- You’ve implemented measures to guard against cyberattacks
- Proper risk control measures for data protection get deployed
- Hackers cannot severely disrupt business operation during or after an attack
- Threat protection
- Adaptability
- Recoverability
- Durability
5 Ways Cyber Resilience Protects SMBs
Adopting cyber resilience proves beneficial before, during and after cyberattacks. Five ways cyber resilience protects SMBs:
- Enhances system security, work culture and internal processes
- Maintains business continuity
- Reduces financial loss
- Meets regulatory and insurance requirements
- Boosts company reputation
Don’t worry if the concept of cyber resilience is tough to crack. We can guide your business to and through cyber resilience. Start with an assessment to check your business’ cyber resilience level. Contact us now!
Article curated and used by permission.
Sources: 1.Infosecurity Magazine 2. The 2020 Cyber Resilient Organization Study 3. JD Supra Knowledge Center
With the cyberthreat landscape getting more complicated with every passing minute, cybersecurity deserves more attention than ever before. Fully trusting applications, interfaces, networks, devices, traffic and users without authentication is no longer an option. Misjudging and misplacing your trust in a malicious entity can lead to severe breaches that can damage your business. Zero Trust Security practices, however, can go a long way towards helping small and medium-sized businesses (SMBs) minimize cybersecurity risks and prevent data breaches.
Zero Trust was introduced in 2010 by John Kindervag, a former Forrester analyst. The concept has since gained wide acclaim and approval as a trusted framework for cybersecurity. The Zero Trust approach trusts nothing within or outside its perimeter and insists on verifying everything attempting to connect to the company systems before granting access. In simple terms, the National Institute of Standards and Technology (NIST) refers to it as a “never trust, always verify” approach.
Implementing Zero Trust Security within your business can help guard against data breaches, downtime, productivity loss, customer churn and reputation damage. Over 70% of businesses planned for the deployment of Zero Trust in 2020 and it is even more critical for SMBs in an era where workforces and networks are becoming heavily distributed.1
If you’re not equipped with a solid defense against cyberthreats, you may regret it later when a breach happens. Chances are your current approach to cybersecurity falls short of stopping cybercriminals from accessing your network. The Zero Trust approach can change all that.
Adopting Zero Trust Security within your business does not mean you throw away your existing security tools and technologies. In fact, according to NIST, Zero Trust Security must incorporate existing security tools and technologies more systematically.
Build an effective Zero Trust model that encompasses governance policies—like giving users only the access needed to complete their tasks—and technologies such as:
Taking your business down the path of Zero Trust may not be easy, but it’s certainly achievable and well worth it. Don’t worry about where and how to begin. With the right MSP partner by your side, your journey becomes easier and more successful. Contact us to get started.
Article curated and used by permission.
Source:
Zero Trust was introduced in 2010 by John Kindervag, a former Forrester analyst. The concept has since gained wide acclaim and approval as a trusted framework for cybersecurity. The Zero Trust approach trusts nothing within or outside its perimeter and insists on verifying everything attempting to connect to the company systems before granting access. In simple terms, the National Institute of Standards and Technology (NIST) refers to it as a “never trust, always verify” approach.
Implementing Zero Trust Security within your business can help guard against data breaches, downtime, productivity loss, customer churn and reputation damage. Over 70% of businesses planned for the deployment of Zero Trust in 2020 and it is even more critical for SMBs in an era where workforces and networks are becoming heavily distributed.1
Three Misconceptions and Facts About Zero Trust Security
Misconception: Zero Trust Security is only for enterprises.
Misconception: Zero Trust Security is too complex.
Misconception: The cost of implementing Zero Trust is too high.
Still Not Convinced?
Let’s look at a few statistics that should convince you of the seriousness of today’s cyberthreat landscape as well as the need for a Zero Trust approach:- Human error causes close to 25% of data breaches.2
- Experts predict that ransomware attacks will occur every 11 seconds in 2021.3
- Over 40% of employees are expected to work from home post-pandemic.4
- Phishing attacks have increased by over 60% since the pandemic started.5
If you’re not equipped with a solid defense against cyberthreats, you may regret it later when a breach happens. Chances are your current approach to cybersecurity falls short of stopping cybercriminals from accessing your network. The Zero Trust approach can change all that.
Adopting Zero Trust Security within your business does not mean you throw away your existing security tools and technologies. In fact, according to NIST, Zero Trust Security must incorporate existing security tools and technologies more systematically.
Build an effective Zero Trust model that encompasses governance policies—like giving users only the access needed to complete their tasks—and technologies such as:
- Multifactor authentication
- Identity and access management
- Risk management
- Analytics
- Encryption
- Orchestration
- Scoring
- File-system permissions
Taking your business down the path of Zero Trust may not be easy, but it’s certainly achievable and well worth it. Don’t worry about where and how to begin. With the right MSP partner by your side, your journey becomes easier and more successful. Contact us to get started.
Article curated and used by permission.
Source:
- com
- IBM 2020 Cost of Data Breach Report
- JD SUPRA Knowledge Center
- Gartner Report
- Security Magazine Verizon Data Breach Digest