October news roundup: Scary security stories
Ghosts, ghouls and goblins weren’t the only things to be scared of this October. From cyberattacks to major data breaches that exposed the information of millions, data security (or the lack thereof) was an active concern from small to medium-sized enterprises (SMEs) in every industry.
Below are five stories security and IT pros should read as we kick off November and the holiday season. A season filled with surprises of every shape and form.
Dyn DDoS attack exposes soft underbelly of the cloud (by Fahmida Y. Rashid, InfoWorld)
Many East Coasters woke up to limited access to their favorite websites on Friday, October 21. The world quickly learned a distributed denial-of-service attack (DDos) against internet service provider Dyn was holding sites like Twitter, Netflix and The New York Times hostage. While most were worried about their inability to tweet about the outage, organizations were also unable to access important information like corporate applications. Bombarded with questions about why Twitter widgets and sales tools like Shopify weren’t working, security pros had no choice but to sit and wait for the attack to end. The events of October 21 raise the question, “is this the future of cyberattacks?” If the answer is yes, IT teams need to learn how they can make sure their organizations aren’t severely affected by attacks that are out of their control.
Republicans hacked, skimmed NRSC donations sent to Russian domain (by Steve Ragan, CSO)
Leading up to the presidential election in November, a slew of data breaches have affected political organizations. Most recently, hundreds of Republicans who gave money to the National Republican Senatorial Committee (NRSC) made their donations via a platform that was affected by a code designed to steal personal information and credit card details. While it is still unclear who is behind the attack, politicians and political organizations must be doing their part to ensure data security on the campaign trail.
A breach alone means liability (by Tom Henderson, Network World)
Organizations that think a data breach won’t affect them better think again. Not only should security and IT teams worry about the financial implications of a breach, but also potential legal consequences. A recent case against Nationwide Mutual Insurance found that companies can be charged in court for a data breach even if no personal fraud or identify theft has occurred. Despite no actual damage being caused, Nationwide subjected 11 million customers to the risk of identify theft. Will the increase in legal responsibility for a data breach encourage businesses to improve their security practices?
Breach exposes at least 58 million accounts, includes names, jobs and more (by Dan Goodin, Ars Technica)
According to security firm Risk Based Security, the information of more than 58 million subscribers of Modern Business Solutions, a data storage and database hosting services company, was exposed. Revealing names, IP and email addresses, birthdays, occupations and more, the information was pulled using MongoDB, an open source database application. While Modern Business Solutions was responsible for protecting the data, there are steps organizations can take to ensure their data is secure, even with a third party, such as maintaining data integrity through internal auditing.
Cybersecurity staffing issues may be putting you at risk (by Sarah K. White, CIO)
A recent study from Spiceworks found that less than one-third of companies have a cybersecurity expert on their internal IT teams. While this trend might align with the lack of qualified security pros and a shortage of resources in the industry, working with an outside security provider can help organizations lacking internal experience. By taking on some of the backbreaking work of ensuring data security, a third party can alleviate the stress placed on IT teams that may not have as much training. Organizations should also educate employees and encourage a data-aware culture by sharing security news and highlighting best practices for protecting company-owned data.
Subscribe for email updates about the latest in cybersecurity news.Like This