When a company is breached, as was the case for Fidelity Investments Life Insurance Company (FILI), who issued a breach notification letter to affected individuals, stakeholders want to know what happened. In the case of FILI, customer information was reportedly compromised because of a “cybersecurity event” at Infosys McCamish (IMS), a third-party service provider.
As it is for sports teams, security teams want the win, but we need look no further than American Express and Boston Celtic’s forward, Jayson Tatum, to understand that when something goes wrong, everyone wants to point fingers.
A spokesperson for American Express defended the security posture of the credit card company, telling CBS News, “We have sophisticated monitoring systems and internal safeguards in place to help detect fraudulent and suspicious activity. If we see there is unusual activity that may be fraud, we will take protective actions." Similarly, today’s headlines are critical of Tatum’s performances this week in the games against the Cavaliers and the Nuggets. But former Celtics player Paul Pierce defended Tatum, according to Boston.com, saying Tatum has made significant improvements this year.
Why does Tatum’s performance matter to cybersecurity professionals? Because it’s important to remember that everyone is a critic, but sometimes criticism invokes fear. The fear factor is “counterproductive when dealing with cybersecurity issues.” When people are afraid of being shamed, they are less likely to let others know when they’ve made a mistake. But, according to IoT World Today, business resilience hinges of security awareness.
To learn more about security awareness training, explore the RSAC Library or visit the RSAC Marketplace where you can find a vast selection of cybersecurity vendors and service providers who can assist with your specific needs.
Now let’s take a look at what else made industry headlines this week.
March. 8: The Hacker News reported, “CISA warns of actively exploited JetBrains TeamCity vulnerability. The vulnerability, tracked as CVE-2024-27198, refers to an authentication bypass bug that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker.”
March. 7: Apple has issued updates for iOS and iPadOS to address vulnerabilities that could expose sensitive information.
March. 7: Bleeping Computer reported, “The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.”
March. 7: “The weirdest trend in Cybersecurity – Nation-state threat groups are once again turning to USBs to compromise highly guarded government organizations and critical infrastructure facilities” Dark Reading reported.
March. 6: The Register reported, “Digital crimes potentially cost victims more than $12.5 billion last year, according to the FBI’s latest Internet Crime Complaint Center (IC3) annual report.”
March. 6: VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation, stating “a cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.”
March. 5: NSA released maturity guidance for the zero trust network and environment pillar, that provides details on how to, “strengthen internal network control and contain network intrusions.”
March. 4: “Hackers behind the change healthcare ransomware attack just received a $22 million payment. The transaction, visible on Bitcoin’s blockchain, suggests the victim of one of the worst ransomware attacks in years” Wired reported.