The Briefing on Cybersecurity
The latest news, trends and data from the cybersecurity industry
Cybersecurity News in Numbers
The percentage of British companies that believe concerns surrounding cybersecurity are limiting the rate they adopt new technologies, according to a survey by EY. In particular, companies are more hesitant to make use of internet of things and cloud computing technologies due to security concerns.
The combined total of the fines issued to British Airways and Marriott by the UK ICO over their respective data breaches. The fines are the first issued by the governing body under GDPR, which came into force on 25 May 2018.
The percentage of companies that conduct red team exercises to test their cybersecurity readiness, according to research by Exabeam conducted at Black Hat USA 2019. The survey also found that a third of blue teams rarely or never catch the red team, with 74% reporting an increase in corporate security infrastructure investment as a result of the efforts.
The value of bitcoin stolen from Slovenian cryptocurrency mining marketplace NiceHash, in a hack at the start of December. NiceHash has said that it believes the attack was likely made from a non-EU IP address. The attack is the latest in a string of bitcoin hacks over the last few years, with one of the most high-profile occurring in 2014 leading to the collapse of the target, then the world’s largest bitcoin market Mt Gox.
The amount in US dollars spent by Canadian financial services cooperative Desjardins for costs relating to a data breach earlier this year. The breach included personal data such as banking habits, addresses and social insurance numbers, and impacted 2.9 million members.
The key data breaches to occur in the last few months
Biometric data exposed
A data breach impacting Suprema’s BioStar 2 web-based security platform has seen key biometric data exposed. The breach, which was discovered by security researchers, involved a vulnerability in the platform’s cloud API. Researchers have said the breach involves over a million fingerprints, although Suprema claims the number is considerably lower.
Choice Hotels breached
The records of 700,000 customers were exposed in a data breach at Choice Hotels when a third-party vendor copied data without permission. The data was transferred to a third-party server, where it was left online and freely accessible for four days. While much of the data was fake, guest information, including contact details and names, was included.
Visa applicants impacted
The health data of 317 people applying for Australian visas was accidentally exposed when it was inadvertently emailed to a member of the public. The information included names, dates of birth, passport numbers and key medical notes, including tests being performed.
Capital One ransacked
US bank Capital One suffered a severe data breach when software engineer Paige Thompson stole the personal data of over 100 million people. Thompson, a former AWS employee, is also believed to have stolen data from around 30 other companies after breaching their AWS servers.
Key Industry Purchases
Symantec sells enterprise arm to Broadcom
In August Broadcom announced that it would be purchasing the enterprise security business of Symantec. The purchase is being made for $10.7bn in cash, 36 times its operating income for fiscal 2019. Broadcom describes the purchase as key to strengthening its position in infrastructure technology.
McAfee bolsters container security with NanoSec buy
McAfee announced that it is buying application security software developer NanoSec for an undisclosed amount. The acquisition will see the startup’s container-focused security solutions applied to McAfee’s products, providing app-level segmentation to customers in a bid to improve threat detection and prevention.
Exiger nabs Convergent for intelligence boost
Exiger, a company specialising in risk, regulatory and financial crime solutions has announced the acquisition of Convergent Solutions. Convergent, which specialises in cyber and national security solutions for the US government, will bolster Exiger’s intelligence solutions and offerings for the federal government.
Sophos buys Rook to boost managed solutions
Sophos in June announced that it had purchased managed detection and response specialist Rook Security. The purchase, which was made for an undisclosed amount, will see Sophos merge is synchronized security offering with Rook’s 24 hour managed detection and response service, which will be delivered to Sophos’ 47,000 channel partners.