shutterstock_490960141-1

Industry News: ESG5

    Know Your Breach: Toyota

    The Target: Toyota Italy, one of the world’s largest vehicle manufacturers.

    The Take: Exposure of Personally Identifiable Information belonging to Toyota’s clients including: phone numbers and email addresses.

    The Vector: Unsecured and exposed marketing tools, namely APIs for Salesforce and Mapbox, were able to be accessed publicly on Toyota Italy’s website. This allowed attackers to access employee credentials to the third-party platforms and exfiltrate client data.

    This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. In particular, the information exposed here is perfect for crafting highly believable phishing campaigns as it would allow push notifications. Access monitoring and testing for every public-facing webpage is a key strategy to mitigate these kinds of breaches to protect a firm’s customer base.

    Read more...

    Cybersecurity: Bright Spot Amid Tech Layoffs

    2023-03-30

    Fox Business: While tech firms are firing, the cybersecurity segment is hiring. Technology firms have shed more than 300,000 jobs in the past two years with more on the way. Electronic Arts announced a restructuring plan that includes a 6% workforce reduction to prioritize "growth opportunities."

    Read more...

    Cybersecurity Investment Outlook Remains Grim as Funding Activity Sharply Declines

    2023-03-29

    DarkReading: Financial activity in the cybersecurity industry declined sharply in the first quarter of 2023 compared to the same period in 2022, and analysts tracking the sector expect little improvement until at least the second half of the year.

    Read more...

    Private Equity Turns to Resiliency Strategies for Software Investments

    2023-03-29

    McKinsey & Company: Private equity (PE) investments in software—500-plus deals of more than $100 billion in value last year—have outperformed other investments made by the asset class for upward of a decade.

    Read more...

    Europe Cyber Security Market will reach US$ 103.51 Billion in 2028

    2023-03-28

    GlobeNewswire: In 2021, according to Eurostat, the expanding penetration of internet users, 95% of young people (aged 16-29 years) in the European region, and the adoption of cloud-based services and Advanced Persistent Threats (APTs) presented an extensive chance for cyber vendors in the European cyber security market size.

    Read more...

    DigitalOcean Study Finds Growing Cybersecurity Concerns Among SMBs and Startups

    2023-03-28

    Yahoo Finance: DigitalOcean Holdings, Inc., the cloud for startups and small-to-medium-sized businesses (SMBs), today announced the findings of a recent report on how SMBs feel about and are responding to cybersecurity threats.

    Read more...

    Regulator Tells Australian Banks to Boost Cyberattack Defenses

    2023-03-27

    BNN Bloomberg: Australia’s financial institutions must improve their resilience to cyberattacks, the head of the nation’s banking regulator said.

    Read more...

    Latitude Financial Cyber-attack Worse Than First Thought with 14m Customer Records Stolen

    2023-03-27

    The Guardian: Latitude Financial has revealed that 14m customer records – including driver’s licence numbers, passport numbers and financial statements – were stolen from its system in a cyber-attack that was far worse than the company initially reported.

    Read more...

    Know Your Breach: Lionsgate Play

    The Target: Lionsgate Play, a U.S based video-streaming platform.

    The Take: Exposure of 30 Million records of User Data including: IP addresses, operating system, user search queries, and web browser information.

    The Vector: A misconfigured Elasticsearch database was left open and unsecured, meaning anyone with an internet connection could have viewed and downloaded the data. 

    This shows how important authentication controls are, and even more critically, that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.

    Read more...

    Arlington Forms New Cyber Intelligence Platform

    2023-03-23

    Private Equity Wire: Arlington Capital Partners has launched Eqlipse Technologies, (Eqlipse) a new platform company formed from firms focused on full-spectrum cyber and signals intelligence engineering, digital operations and identity management, and research and development.

    Read more...

    Less Talk, More Action: 3 Steps to Diversify the Cybersecurity Workforce

    2023-03-22

    Information Week: Despite all the conversations about diversity initiatives and efforts in the past few years to get more women in STEM careers, it often seems the needle is moving slowly. Too often, these conversations are just that -- talking points that sound good but aren’t connected to action-oriented strategies.

    Read more...

    Banks, Financial Industry Hit by Rising Ransomware Attacks

    2023-03-21

    BNN Bloomberg: Ransomware gangs didn’t come out with any big new innovations last year, but “what 2022 lacked in innovation it made up for in volume,” according to a report by a financial services group.

    Read more...

    Geopolitical Tensions Enabled Increased Hacktivist Cyber Threats in 2022

    2023-03-21

    Global Newswire: FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, announced the findings of its annual Global Intelligence Office report, Navigating Cyber 2023.

    Read more...

    New Cisco Study Finds Only 9% of Canadian Companies Surveyed are Ready to Defend Against Cybersecurity Threats

    2023-03-21

    Financial Post: A mere 9% of organizations in Canada have the ‘Mature’ level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s NASDAQ: CSCO first-ever Cybersecurity Readiness Index released.

    Read more...

    Cybersecurity Skills Shortage, Recession Fears Drive 'Upskilling' Training Trend

    2023-03-21

    Dark Reading: Companies continue to value cybersecurity skills, but many have moved their focus from hiring cybersecurity professionals to training up in-house staff on needed cybersecurity skills.

    Read more...

    Insurer Spots Cybersecurity Weakness With Model Simulating Catastrophic Attacks

    2023-03-20

    BNN Bloomberg: Coalition Inc., a cyber-insurance provider that tries to curb digital risk, has designed technology that simulates large-scale attacks to help insurers identify potential weaknesses in their portfolios and prevent widespread losses.

    Read more...

    Know Your Breach: Latitude Financial

    The Target: Latitude Financial, an Australian-based consumer finance service company.

    The Take: Documents and records belonging to 328,000 customers including Personally Identifiable Information such as Driver’s License details which have name, addresses, and dates-of-birth.

    The Vector: An employee’s credentials were compromised, allowing the attacker pivot access to two different third-party vendors which contained the customer data.

    This breach is a stark reminder of how important authentication controls are in an overall robust cybersecurity posture. Regular social engineering, phishing awareness training, and in this case, tightly enforced password and identity management are effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

    Read more...

    Cybersecurity Market Confronts Potential Consequences of Banking Crisis

    2023-03-16

    Cybersecurity Dive: The banking crisis and nagging suspicion that hardship will spread, even to companies not directly linked to the failed banks, could have an ancillary effect on the cybersecurity market.

    Read more...

    SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets

    2023-03-15

    SEC: The Securities and Exchange Commission proposed requirements for broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents (collectively, “Market Entities”) to address their cybersecurity risks.

    Read more...

    Safety Net: Cybersecurity Staff Shortage Looms if Canada Fails to Develop Homegrown Talent

    2023-03-15

    Financial Post: The former chief executive of Bulletproof, a cybersecurity firm with headquarters in Fredericton, New Brunswick, points to the rash of cyberattacks against organizations around the world that have been hacked and whose IT systems have been held for ransom by online bandits, including the attack on the City of Saint John, just an hour down the road.

    Read more...

    Cybercriminals Exploit SVB Collapse to Steal Money and Data

    2023-03-14

    Bleeping Computer: The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity.

    Read more...

    DeFi Lender Euler Finance Hit By $197 Million Hack, Experts Say

    2023-03-13

    BNN Bloomberg: Decentralized lending protocol Euler Finance was hit by an attack that drained $197 million in cryptocurrencies from its platform, making it the largest hack in its corner of the digital-assets market this year.

    Read more...

    SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital

    2023-03-13

    Dark Reading: The stunning collapse of Silicon Valley Bank (SVB) could put a damper on the ability of venture-backed cybersecurity startups to secure vital capital for operations and strategic investments.

    Read more...

    Know Your Breach: CHS

    The Target: Community Health Systems, a U.S based multi-state hospital chain.

    The Take: Exposure of 1 million records of Personally Identifiable Information including: full names, medical billing and insurance information, diagnoses, medication, date-of-birth, and social security numbers.

    The Vector: A zero-day exploit was used to breach a third-party vendor, Fortra, of CHS, targeting their file transfer software which let the attackers gain access to sets of files throughout the third-party vendor’s systems.

    This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

    Read more...

    Global Cybersecurity Market Size To Grow USD 501.6 Billion By 2030

    2023-03-08

    GlobeNewswire: The cyber security market growth includes increased number of data breaches across the globe, rising digitalization, and increased sophisticated cyber intrusions. Cyber threats are anticipated to evolve with the increase in usage of devices with intelligent and IoT technologies.

    Read more...

    Darktrace Warns Of Rise In AI Enhanced Scams Since ChatGPT Release

    2023-03-08

    The Guardian: The cybersecurity firm Darktrace has warned that since the release of ChatGPT it has seen an increase in criminals using artificial intelligence to create more sophisticated scams to con employees and hack into businesses.

    Read more...

    Key Proposals In Biden's Cybersecurity Strategy Face Congressional Challenges

    2023-03-07

    Dark Reading: The Biden administration's plans to introduce minimum cybersecurity requirements for organizations in critical infrastructure sectors could face challenges in a divided Congress.

    Read more...

    BlackBerry Says Cybersecurity Revenue Will Be Lower Than Expected

    2023-03-07

    BNN Bloomberg: Shares in BlackBerry Ltd. were down more than 10 per cent in early trading after the company lowered its fourth-quarter and full-year revenue expectations for its cybersecurity business. The dip in share price comes as the company said some large deals that were expected to close in the quarter were not completed in time.

    Read more...

    How Cybersecurity Protects Valuation: Considerations For Private Equity In The Deal Lifecycle

    2023-03-07

    Mondaq: Cybersecurity risk applies to businesses of all sizes and across all industries - it is a risk that cannot be ignored. In particular, cybersecurity risk can no longer be ignored in the deal lifecycle. Time and again, investors have seen value evaporate after an acquisition target or new portfolio company is breached by a threat actor.

    Read more...

    As Cyber Attacks On Health Care Soar, So Does The Cost Of Cyber Insurance

    2023-03-06

    Axios: Health systems buffeted by labor and supply chain costs and broader economic woes have another unwieldy financial problem: the soaring costs of cyber insurance.

    Read more...

    European Police, FBI Bust International Cybercrime Gang

    2023-03-06

    ABC News: German police said Monday they have disrupted a ransomware cybercrime gang tied to Russia that has been blackmailing large companies and institutions for years, raking in millions of euros.

    Read more...

    Know Your Breach: Animker

    The Target: Animker, an all-in-one video marketing online platform company.

    The Take: Exposure of 700,000 records of Personally Identifiable Information including: full names, device types, postal codes, IP addresses, mobile phone numbers, email addresses, profile details, and physical addresses.

    The Vector: A misconfigured database was left open and unsecured, and notably, on its default settings, meaning anyone with an internet connection could have viewed and downloaded the data using the server maker’s basic setup guide.

    This shows how important authentication controls are, and even more critically, that they be purposefully and smartly deployed with security in mind. Multi-factor authentication and password length and complexity rules on server access are effective strategies to mitigate these kinds of breaches to protect a firm’s data.

    Read more...

    U.S. Unveils New Cybersecurity Strategy with Tighter Regulations

    2023-03-02

    U.S News: The White House announced a new cybersecurity strategy in the latest effort by the U.S. government to bolster its cyber defenses amid a steady increase in hacking and digital crimes targeting the country.

    Read more...

    Ransomware Attack on US Marshals Compromises Sensitive Information

    2023-02-28

    The Guardian: The US Marshals service fell victim to a ransomware security breach this month that compromised sensitive law enforcement information, a spokesperson said.

    Read more...

    Chairman Behnam Announces Veteran Federal Prosecutor Ian McGinley as Enforcement Director

    2023-02-28

    CFTC: Commodity Futures Trading Commission Chairman Rostin Behnam today announced that longtime federal prosecutor Ian McGinley will serve as the agency’s Director of Enforcement. Mr. McGinley’s arrival supports the Chairman’s continued focus on aggressively monitoring and policing commodity markets at a time of heightened stress and volatility, emerging digital threats to financial markets, including cryptocurrency frauds, cyber-enabled financial fraud, and cyberattacks.

    Read more...

    Personal Data Targeting and Cyber Attacks Linked to China on the Rise

    2023-02-28

    Yahoo News: Cybersecurity firm CrowdStrike’s latest Global Threat Report showed that the number of attacks using malware has dropped in the last year, with hackers instead using “hands-on keyboard activity” to breach organisations.

    Read more...

    Cloud Security Startup Wiz, Now Valued at $10B, Raises $300M

    2023-02-27

    Tech Crunch: Cybersecurity continues to be a major area for investment among businesses — and VCs. While a decline from the previous year, venture capital funding in the cybersecurity sector totaled $18.5 billion in 2022, according to Momentum Cyber.

    Read more...

    US Cyber Official Urges Microsoft, Twitter to Boost Security

    2023-02-27

    BNN Bloomberg: A senior US cybersecurity official described adoption of some of Microsoft Corp. and Twitter Inc.’s security protocols as “disappointing” as part of a broadside against large technology companies’ approach to protecting user accounts.

    Read more...

    Australia Plans to Reform Cyber Security Rules, Set up Agency

    2023-02-26

    U.S News: The Australian government on Monday said it planned to overhaul its cyber security rules and set up an agency to oversee government investment in the field and help coordinate responses to hacker attacks.

    Read more...

    About Castle Hall Diligence

    Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

    Subscribe to Cyber Updates