Dear privacy pros,
I hope you are keeping well and staying safe, especially if you are based in Asia, which is currently facing another deadly surge of COVID-19 cases stemming from more virulent strains of the virus.
Besides witnessing the obvious toll the disease has wrought in many countries around the region, it has also been heart-wrenching for me to see the social fabric beginning to strain and tear in my home country of Singapore. I think we would do all of humanity a service if we stopped associating the virus with a particular region or country, whether that be China, India or, indeed, Singapore.
Stepping off that soapbox and into the introduction, I thought I would first highlight the recent NIST Cybersecurity White Paper on confidence mechanisms for Internet of Things devices, given that this was the topic I last wrote on.
Another related document to pay close attention to is the 14th edition of Verizon's annual "Data Breach Investigations Report." Based on its analysis of 29,207 data security incidents, the company found a significant increase in the number of confirmed breaches compared to the prior year at 5,258, or a third more. In particular, attacks on web applications constituted 39% of all breaches, which may pose a material challenge to companies as they continue to shift more operations and business functions into the cloud.
Unsurprisingly, given that a large number of companies have shifted their employees to remote working arrangements during the pandemic, there has been a marked increase in the number of incidents involving phishing (11% more) or ransomware (6% more). We need to look no further than the recent shutdown of the Colonial Pipeline in the U.S. for evidence of the devastating and real-world impact such attacks might have.
Closer to home, the Thai operations of a wholly-owned subsidiary of AXA Group, Inter Partners Asia, was also recently hit by a ransomware attack. Members of the ransomware gang Avaddon, which claimed responsibility for the attack, said they exfiltrated three terabytes of data from the AXA Group. As of 20 May, AXA has approximately two days left before Avaddon starts leaking these documents on the dark web.
It comes as no surprise that governments are rushing to shore up their defenses against such cyberattacks. U.S. President Joe Biden already issued an Executive Order proposing sweeping cybersecurity reforms to force major upgrades, facilitate the sharing of threat information, require federal contractors to report major breaches and so on. I would suggest that these are measures companies or certain industry associations should review and considering implementing as well.
At the end of the day, however, it is worth remembering that 85% of the security breaches analyzed in the Verizon DBIR report involved a human element. It is incumbent on each and every employee within a company to adopt cyber hygiene practices to safeguard themselves and the company data they hold against attacks. If you need a reminder that not even the most powerful man on earth is impervious to privacy slip-ups, here is one final interesting article for you.
If you want to comment on this post, you need to login.