Loop-the-loop in this week's episode. Entertaining, educational and all in plain English. Transcript inside.
Category: data breach
A Finnish court has given the former CEO of a chain of psychotherapy clinics a suspended jail sentence after failing to adequately protect highly sensitive notes of patients' therapy sessions from falling into the hands of blackmailing hackers.
Read more in my article on the Hot for Security blog.
Did the sentence fit the crime? Read the backstory, and then have your say in our comments! (You may post anonymously.)
Data breach reporting is mandatory and, as per some prevailing laws, any incident that goes unreported for a while can lead to the arrest of the technology head of the victimized company. However, if we take practical stats into account in the United States, they are different and contrary to what is existing in paper.
According to a survey conducted by Bitdefender, the 42% of respondents who participated in the survey were asked to keep the info steal as a secret, as soon as they learnt about the incident. Every 3 in the 10 surveyed respondents kept the breach as a secret, as per the 2023 Cybersecurity Assessment Report published by the security provider.
Timely notification to the victims about the breach is vital as it can lead to serious consequences and if this is not done as per the proper procedure, it can deteriorate the situation and make it more complex to resolve.
So, reporting about the breach and notifying the affected victims is crucial.
However, in most business firms, this standard procedure is determined to be missing due to many factors.
First, the fear of the business image getting tarnished might make the CTOs and CFOs keep the incident a secret. Next is the fear of compensating the victims and that could go into millions, if the auditing statistics are taken into account.
In countries like Europe, GDPR rules can make the data watchdogs penalize the victim company, sometimes a burden that can only be recovered after losing profits for months and years.
So, is the decision to ask the technology heads to stay silent over data breach a valid point?
The post Most of US IT professionals asked to stay silent about data breaches appeared first on Cybersecurity Insiders.
The US Department of Justice has arrested a member of the US Air Force National Guard in connection with a high profile leak of classified Pentagon documents.
Here are my thoughts...
Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the "AI-a-go-go or a no-no?" quiz for Dave and Graham.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.
Data breaches have become increasingly common in recent years, and they can have a significant impact on merger and acquisition (M&A) deals. In this article, we will explore the influence of data breaches on M&A deals and the steps that companies can take to minimize their risks.
Information breaches can have a severe impact on M&A deals because they can compromise the confidentiality, integrity, and availability of sensitive data. A data breach can expose sensitive information, such as financial statements, customer data, intellectual property, and other confidential information, to unauthorized parties. This can lead to reputational damage, legal liabilities, and financial losses for both the acquirer and the target company.
As a result, acquirers are increasingly scrutinizing the target company’s cybersecurity posture as part of their due diligence process. They want to ensure that the target company has robust security controls in place to protect their data and that any past breaches have been properly remediated. In some cases, data breaches can even derail M&A deals entirely.
In addition, data breaches can have a significant impact on the valuation of the target company. Acquirers may reduce their offer price or include more extensive representations and warranties in the acquisition agreement to protect themselves from potential liabilities.
To minimize the risks of data breaches in M&A deals, companies should take proactive steps to strengthen their cybersecurity posture. This includes implementing robust security controls, conducting regular vulnerability assessments and penetration testing, and developing an incident response plan to address data breaches promptly.
Companies should also conduct thorough due diligence on potential acquisition targets’ cybersecurity posture to identify any potential risks and evaluate the target’s overall security posture. This will help acquirers make informed decisions and mitigate any risks associated with the acquisition.
In conclusion, data breaches can have a significant impact on M&A deals. Companies should take proactive steps to strengthen their cybersecurity posture, conduct thorough due diligence, and evaluate potential risks to minimize the impact of data breaches on M&A deals. By doing so, companies can protect their sensitive data, reputation, and financial assets from potential harm.
The post Influence of data breaches on Merger and Acquisition deals appeared first on Cybersecurity Insiders.
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat.
Read more in my article on the Tripwire State of Security blog.
A Ukrainian video game developer has revealed that a hacker has leaked development material stolen from the company's systems, and is threatening to release tens of gigabytes more if their unorthodox ransom demands are not met.