PageUp, a leading HR software support company has revealed it has fallen victim to a massive data breach, potentially compromising the personal details of thousands of Australians. Boasting over 2 million active users worldwide and counting a roll call of major Australian companies together with a number of government agencies as clients, the breach may be the largest since the introduction of mandatory data breach notification laws in February (which we blogged about here).
By Cameron Abbott and Georgia Mills
In addition to all things cyber security related, we here at CyberWatch love to see new technologies being developed and Microsoft’s latest data storage project has us all excited.
Microsoft has leveraged the technologies of submarines and renewable energy to plunge an experimental 12 metre long datacentre into the sea near Scotland’s Orkney Islands. The project, known as Project Natick, seeks to understand the benefits and difficulties in deploying subsea datacentres powered by offshore renewable energy.
By Cameron Abbott and Georgia Mills
The Australian Defence Department granted IBM Australia a $4 million, 3 year contract for the provision of its Watson cognitive computing infrastructure. The platform provides a cognitive, artificial intelligence and machine learning capability for use by Defence and is only the second on-premises instance of Watson globally.
Matt Smorhun, Assistant Secretary for the ICT Strategy Realisation Branch at the Department of Defence said they decided to “just buy this thing” and then work out how it was going to fit into the organisation later. (Which did strike us as a rather strange approach to spending tax payers dollars – but congrats to the IBM sales person who pulled that off!)
By Cameron Abbott and Edwin Tan
On Wednesday, police in China’s Zhejiang province released a statement reporting the arrest of 22 third-party Apple distributors for allegedly selling customer data on the black market. Officials claim that the suspects searched an internal Apple database to obtain sensitive information, such as names, Apple IDs and phone numbers.
Each sale was for between 10 yuan to 180 yuan (A$1.95 to A$35.17). The entire scam was reportedly worth more than 50 million yuan (about A$9.8 million).
It is presently unclear whether there were victims outside of China, or how many people were affected by the breach.
No doubt these events will raise concerns worldwide about distributors’ access to customer data when it flows through the supply chain. Companies will need to have strong guarantees in place with their distributors, in relation to the handling and security of data, in order to reduce their risk of breaches when data leaves their control.
Users wishing to add an extra layer of security to their Apple ID can try utilising two-factor authentication, as set out by Apple here.
Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.
According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:
• Data breaches in the U.S. reached an all-time high in 2016, with the number of breaches tracked reaching 1,093, a 40% increase from the year earlier;
• The financial services industry accounted for only 52 of the breaches, or 4.8%, making it the least hit of the five industries tracked. Business, healthcare, education and the government and military were hacked more than the financial services industry;
• For the eighth consecutive year, hacking, skimming and phishing were the main drivers of data breaches, representing 55.5% of all reported incidents. Many were due to CEO phishing in which sensitive data is exposed;
• While consumers and businesses are constantly warned to pay close attention to their email, breaches that used email and the internet as a way to hack people only accounted for 9.2% of all the hacks, while employee error was responsible for 8.7% of the hacks.
This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.
A new report has revealed 95% of cloud services used by enterprises aren’t enterprise ready.
The January 2017 Netskope Cloud Report reveals a staggering 82% don’t encrypt data at rest, 66 per cent don’t specify in their terms that the customer owns their own data, and 42% don’t allow administrators to enforce password controls.
The report also shows an increase in the use of cloud services – with an average of 1031 cloud services in use per enterprise, up from 977 in the previous quarter. The retail, restaurant and hospitality industry was the biggest user of cloud services (1193), followed by financial services, banking and insurance (1132).