This year has been the "Year of the Data Breach", and there is a lot that companies need to be aware of in the security sphere. Changes in Notifiable Data Breach regulations, and the GDPR, have altered the face of risk for corporations, and digital advancements have seen the evolution of technology - and the threats it encounters.
Some of the most notable data threats in 2018 have included:
- March 2018. Facebook is the data breach gift that keeps giving. Who can forget the scandal of Cambridge Analytica having access to the personal information of over 50 million Facebook users? Cambridge Analytica says that only 30 million users were affected, but the number quickly rose to 87 million in April, and it wasn't Facebook's only security issue. The most recent occurred in September when the platform notified users regarding a vulnerability in its system that had allowed malicious threat actors to take control accounts and consequently view information stored within their profile. This saw another 50 million users compromised.
- May 2018. UnderArmor announced that approximately 150 million users of the popular MyFitnessPal food and nutrition app had their data and credentials compromised. Shares of the company dropped 3.8 per cent, and the company received global criticism.
- June 2018. The Cloud-based human resources (HR) software provider PageUp revealed that personal data relating to its clients, placement agencies, applicants, references and employees had probably encountered events of unauthorised access. The PageUp application was used by many high-profile organisations including Australia Post, Medibank, Telstra, NAB and Coles to name a few. Subsequently, PageUp has found no evidence of actual data exfiltration, though they cannot prove data was not taken.
- Dec 2018. This month, Marriott announced a massive data breach that exposed the private data (including passport and credit card numbers) of over half a million guests to their international hotel chain. The breach came from a database in a Starwood branded hotel but also affects the hotel's other brands, such as Westin, Sheraton, Le Meridien, St Regis and W Hotels. What is especially concerning was the loss of passport information. While the organisation has publicly promised to pay for any replacement passports, the fine print says that they will follow through on reimbursement only in instances where it “determine[s] that fraud has taken place.”
Another key security concern raised in the last 12-months was the sheer number of attacks related to users’ credentials, with attention shifting to user-based risks and away from systems vulnerabilities. Our teams saw this reflected when assisting clients with potential data breaches. In virtually every case we encountered, breaches were related to a compromised cloud email account. This has driven many organisations to see that two-factor authentication (2FA/MFA) is mandatory regardless of the industry they operate in.
Fortunately, the year has not been all doom and gloom. There have been significant advancements in digital security - and our team has stayed well ahead of the curve. In fact, we would like to pass congratulations on to the crack team of security professionals at the MOQdigital Security Operations Centre (SOC). For the second time in a year, our team has managed to win the CERT ICC Hacking Challenge, and have been among the top three competitors for the past three years. Well done the members of Team Stark (Isuru, Sasitha and Udara)! You can read more about their achievement here.
Contact MOQdigital today to find out how to improve your security now - and well into 2019 and beyond.