When to Report a Data Breach

When to Report a Data Breach

Information Security
When to Report a Data Breach Cathay Pacific Airways, the official flag carrier of Hong Kong, recently disclosed that it suffered a major data breach. The data breach announcement was, however, made 7 months after the cyber incident was discovered by the company. Cathay Pacific’s delayed data breach disclosure highlights the question on when is the right time to report a data breach. To date, the data breach at Cathay Pacific is the world’s biggest airline data breach, affecting 9.4 million people – more than the total population of Hong Kong. The airline, in a statement, said that passenger data, including name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number and historical travel information were accessed without authorization. The company…
Read More
Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link

Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link

Information Security
Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link The revelation that the server used by attackers as a passageway in Singapore’s biggest cyberattack hadn’t been updated for more than a year shows how a failure to update a server can be your organization’s weakest link. The circumstances surrounding the failure to update the server used by attackers in ultimately reaching Singapore Health Services (SingHealth)'s critical system were revealed during the recent hearing conducted by the Committee of Inquiry (COI), the body tasked to investigate Singapore’s biggest cyberattack, the SingHealth cyberattack. Last July 20, Singapore’s Ministry of Communications and Information and Ministry of Health issued a joint statementdisclosing that attackers stole non-medical related personally identifiable information of more than 1.5 million patients who visited SingHealth’s outpatient clinics…
Read More
Mind the Air Gap: Pros and Cons of Network Separation

Mind the Air Gap: Pros and Cons of Network Separation

Information Security
Mind the Air Gap: Pros and Cons of Network Separation The Singaporean Government recently completed the task of disconnecting staff computers at public healthcare facilities from the internet. Disconnecting the staff computers from the internet, also known as internet surfing separation, network separation or air-gapping, is aimed at preventing cyberattacks, Singapore's Deputy Prime Minister Teo Chee Heansaid at an engineering conference. The announcement of air-gapping or network separation at the public healthcare facilities in Singapore came on the heels of a major cyberattack at the Singapore Health Services (SingHealth), the country’s largest group of healthcare institutions. Singapore’s Ministry of Health, in a statement, said, non-medical personally identifiable information of more than 1.5 million patients who visited SingHealth’s outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 were…
Read More
Importance of Protecting Your Organization’s Server from Malware

Importance of Protecting Your Organization’s Server from Malware

Data Backup, Information Security, Servers
Importance of Protecting Your Organization’s Server from Malware The recently disclosed data breach at Algonquin College highlights the importance of protecting your organization’s server from malware. Algonquin College, in a statement released last July 16, said that on May 16 cyberattacks illegally accessed one of the College’s servers by infecting it with a malicious software (malware). The educational institution didn’t indicate what specific type of malware that the attackers installed on the infected server nor indicate how the attackers were able to get inside the server. The infected server, according to Algonquin College, hosted access to databases which contained personal information. Sensitive information, including date of birth and home address, of 4,568 individuals (students and alumni) may have been exposed, while non-sensitive information of an additional 106,931 individuals (students, alumni…
Read More
Effects of a Cyberattack: City of Atlanta Experience

Effects of a Cyberattack: City of Atlanta Experience

Information Security
Learning from the City of Atlanta Cyberattack It has been over 2 months since the City of Atlanta suffered a cyberattack, but a city official said at a public meeting that the effects of the cyberattack seem “to be growing every day”. On March 22, 2018, the City of Atlantaexperienced a ransomware cyberattack that affected the city’s multiple software applications and computers. A ransomware is a malicious software (malware) that locks files on infected computers and asks for ransom payment to unlock files. The City of Atlanta, in a statement, said that as a result of the attack, "some City data is encrypted and customers are not able to access City applications". Atlanta Information Management head Daphne Rackley told the Atlanta City Council that more than a third of the…
Read More
How to Secure Your Organization’s Network

How to Secure Your Organization’s Network

Information Security
How to Secure Your Organization’s Network Securing your organization’s network − devices connected to the internet − is imperative as being connected to the internet today increases the risk of cybersecurity issues. Many small businesses today leave their network unsecured as they believe that a) their business network is small enough for cyberattackers to bother, and b) devices right off the box are secure enough. “Most attacks are not personal in nature and can occur on any type of network − big or small, home or business,” the United States Computer Emergency Readiness Team (US-CERT)said. “If a network connects to the internet, it is inherently more vulnerable and susceptible to outside threats.” VPNFilter Malware One of the ways that your organization’s network may be vulnerable to outside threats is through…
Read More
GDPR: Ready or Not this Pan-EU Privacy Regulation is Already Here

GDPR: Ready or Not this Pan-EU Privacy Regulation is Already Here

Information Security
GDPR: This Pan-EU Privacy Regulation Has Arrived The compliance deadline for General Data Protection Regulation (GDPR) has lapsed, but only 1 in 3 companies are ready, according to a new global survey conducted by ISACA. The ISACA survey showed that this coming May 25, 2018 – the enforcement date of GDPR – only 29% of companies globally will be ready. GDPR is a European Union (EU) regulation that requires businesses to protect the personal data and privacy of individuals residing in the EU. Extra-Territorial Application of GDPR While other country-specific personal data and privacy regulations are vague in terms of their extra-territorial applicability, GDPR makes it clear that it’s applicable even to businesses based outside the EU, so long as these businesses process personal data of individuals residing in the…
Read More
9 Dangers of Using Aging Hardware

9 Dangers of Using Aging Hardware

Data Backup, Information Security
9 Dangers of Using Aging Hardware Chipmaker Intel recently announced that it won’t issue updates to fix the security vulnerability called “Spectre” in some of its processors. According to Intel, the following processors, won’t receive an update for Spectre: Bloomfield line, Clarksfield, Gulftown, Harpertown line, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale line and Yorkfield Line. The processors not supported by Intel for Spectre update are older chips, some more than 5 years old and some are even more than 10 years old. The only exception to the list is the processor SoFIA 3GR which was released in 2015. Spectre is a security vulnerability that affects, not just Intel, but also most of the modern computer processors and operating systems. This security vulnerability enables computer programs to steal critical data processed…
Read More
Information Security Standards for SMEs

Information Security Standards for SMEs

Information Security
Information Security Standards for SMEs Are the Information Security standards for small and medium-sized enterprises (SMEs) different from larger enterprises? Similar to larger organizations, SMEs have embraced information and communication technology. The vast majority of SMEs today use some form of information technology and most have an online presence. The study “Canadian Business Speaks Up: An Analysis of the Adoption of Internet-based Technology” conducted by the Canadian Chamber of Commerce found that Canadian businesses, comprised mostly of SMEs, use the internet for general searches (91%), customer relations (86%), marketing (85%), online banking (72%) and operational matters (68%). The study showed that the internet solutions most Canadian businesses used are wireless services (82%), business internet – wired lines (63%) and cloud solutions (54%). The world economy is mostly comprised of SMEs.…
Read More
Why SMEs Are Big Targets for Cyberattacks

Why SMEs Are Big Targets for Cyberattacks

Information Security
Why SMEs Are Big Targets for Cyberattacks Reports by mainstream media often highlight cyberattacks against large corporations. These reports lead to the belief that cybercriminals target only large companies. The truth is far from this belief. Cost of Cyberattacks on SMEs According to StaySafeOnline.org, a site maintained by the National Cyber Security Alliance, 71% of security breaches target small businesses and nearly half of all small businesses have been victims of cyberattacks. Despite these high number of security breach attempts on small businesses and high number of cyberattack victims, StaySafeOnline.org said that “many SMBs believe they are not vulnerable to cyber attacks because of their small size and limited assets.” Visa Inc. estimated that nearly 95% of the credit-card data breaches it discovered were from its smallest business customers. Data…
Read More