Industry News: ESG5

The Target: DNA testing company 23andMe.

The Take: The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.

The Vector: The company said its preliminary investigation indicated that an attacker may have compiled login credentials leaked from other platforms and then recycled these credentials to access the accounts of 23andMe customers who had used the same username and password combination.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2023-10-12

GlobeNewswire: Sage, the leader in accounting, financial, HR and payroll technology for small and mid-sized businesses (SMBs), released a new report, Cybersecurity for SMBs: Navigating Complexity and Building Resilience.

Read more...

2023-10-12

Help Net Security: 60% of CEOs said their organizations don’t incorporate cybersecurity into business strategies, services or products from the outset, and 44% believe cybersecurity requires episodic intervention rather than ongoing attention.

Read more...

2023-10-12

SecurityWeek: The new Seed Fund I brings the firm’s total assets under management to more than $600 million. The final closing is expected for later this quarter. 

Read more...

2023-10-10

CSO: The ongoing economic challenges are severely impacting CISOs, many of whom are struggling to get any salary hikes at all while new job postings for the role are on a decline, according to an IANS study.

Read more...

2023-10-10

Forbes: In the fight to keep hackers out of your network and applications, a robust cybersecurity program focuses a lot on access management and authorization. 

Read more...

2023-10-10

TechCrunch: Arctic Wolf, a cybersecurity company that’s raised hundreds of millions of dollars in debt and equity, announced that it plans to acquire Revelstoke, a company developing a security orchestration, automation and response (SOAR) platform, for an undisclosed amount.

Read more...

2023-10-10

Venture Beat: Emerging from stealth today with one of cybersecurity’s largest-ever seed rounds of $51 million, startup Gutsy’s vision is to revolutionize security governance through process mining. 

Read more...

The Target: Cloud customer relationship management (CRM) software provider Really Simple Systems.

The Take: Personally identifiable information (PII), including medical records, identification documents, real estate contracts, credit reports, legal documents, tax documents, and non-disclosure agreements.

The Vector: Cybersecurity Researcher, Jeremiah Fowler, discovered and promptly notified Really Simple Systems about a non-password-protected database that contained over 3 million records. The documents appeared to be associated with internal invoices, communications, and customer’s stored CRM files.

While some immediate corrective actions were implemented, specific folders remained open for an extended duration before their access was limited. This incident highlights the pressing requirement for strong password encryption measures to protect customer data and thwart unauthorized access to sensitive information.

Read more...

2023-10-05

Business Wire: Three-quarters (74%) of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack—despite the fact that 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to a new report from Accenture (NYSE: ACN).

Read more...