This Week in Cyber Security - June 1, 2023

The latest edition of This Week in Cybersecurity has landed! If you haven’t had a chance yet, check out last week’s round-up. 

As a reminder, we’re bringing you the latest breaches, studies, trends, thought leadership, legislative news, and more from around the world. 

Not only were there some major breach disclosures, the discourse in our space was as loud and interesting as ever. Let’s get you up to speed. 

Over 90 organizations have reported breaches of personal data held by global outsourcing giant Capita. 

BBC broke a story on Monday covering the continued fallout of a successful cyberattack against Capita, a global outsourcing powerhouse. As a result of an attack in March and Capita leaving additional data exposed online, over 90 organizations have already reported issues to The Information Commissioners Office (ICO), a privacy and data watchdog. A renowned security researcher is quoted in the story as “very confident” it was a ransomware attack and explained that the breach is significant because of the breadth of data potentially at risk which could expose victims to fraud.

Our take: Ransomware attacks have become increasingly prevalent in recent years, causing widespread disruption and financial losses for businesses. These attacks typically involve malware that encrypts huge swaths of an organization’s data and demands payment in exchange for the decryption key. Trust us, going through a ransomware attack is as terrible as it sounds. The time to invest in adequate protection was yesterday. 

MNCA gets hacked, putting the PII of nearly 9 million users at risk. 

The HIPAA Journal is back with another report on a significant hacking incident in the healthcare sector. This time the victim was Managed Care of North America (MCNA), a dental insurance provider. The breach led to the potential compromise of personal information for approximately 8.9 million individuals. First discovered in May, the attack involved unauthorized access to MCNA’s computer systems, potentially exposing names, dates of birth, addresses, Social Security numbers, and dental treatment information of patients. MCNA took the typical steps to investigate the incident, secure its systems, and notify affected individuals.

Our take: While MCNA acted swiftly to mitigate the threat, notify impacted patients, offer free credit monitoring, and promise ramped-up vigilance and cooperation with authorities, this is a classic case of “the damage has already been done.” It appears the attack originated when the insurer’s network was compromised and infected with malicious code. This type of attack is all too common and can usually be prevented with the right processes in place.

Non-profit industry group finds that nearly one-fifth of businesses see managing digital identity as a top priority in their security program.

Biometricupdate.com covered a recent survey conducted by the Identity Defined Security Alliance (IDSA), which revealed that 17% of businesses consider managing digital identity as a top cybersecurity priority. The survey highlighted the increased awareness of the importance of digital ID management in protecting sensitive data and mitigating security threats. With the increasing adoption of digital transformation initiatives and remote work, businesses are realizing the need for comprehensive identity management solutions to ensure secure access, prevent unauthorized breaches, and safeguard critical information.

Our take: That’ll get a big +1 from us. We can tell you first-hand that these findings resonate strongly with the current state of digital security. Proactive adoption of full-stack identity management practices and technologies is essential to stay ahead of the evolving threat landscape. The survey underscores the need for organizations to invest in these strategies now and collaborate with industry experts to help get their cybersecurity program to an acceptable state.

Quick Bites

As reported by Dark Reading, Toyota just announced its discovery of yet another data breach that leaked 260,000 car owners’ personal information. This, of course, comes after their disclosure a few weeks ago that the data of 2.15 million customers was available to anyone on the internet. 

—

The Economist recently dropped a fascinating podcast episode entitled, “What if generative AI destroys biometric security?” It explores the rise of biometric authentication and the threat AI poses to its progress. They brought on an all-star cast of cybersecurity experts and academics to break down the topic. It’s definitely worth a listen. 

—

This week, GCN discussed the importance of building secure and frictionless digital identity programs in government. We thought the story did an excellent job of highlighting the need for leveraging modern technologies – such as decentralized identity and biometrics – while also emphasizing the significance of collaboration between government agencies, industry experts, and citizens.

—

Directors & Boards published a thorough opinion piece about how cybersecurity – or a lack thereof – is part of a company’s fabric, and that a strong security culture starts from the top. Tons of data and supporting evidence in the op-ed. Well done. 

—

CrowdStrike launched a chatbot called Charlotte AI that runs on AI models from AWS. The product’s aim is to help companies detect and mitigate breaches more efficiently. SiliconAngle has more.   

—

The second largest health insurer in Massachusetts was hit by a ransomware attack that likely exposed sensitive personal information as well as health information of current and past members. Another ransomware attack. Sensing a theme?