Virtual Election Simulation Provides Glimpse of Security Risks
… inexperienced users misconfiguring cloud object stores and databases. Since teams cannot secure assets that they do not know about, tracking everything is the critical first step to securing data.”
Once your cloud data is secure, you need to manage your customers’ and employees’ personal information, Manley said. With this latest data leak, individuals will worry about the personal information that businesses have about them. And regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) allow people to ask organizations to show and/or delete information about them, he said.
Each new leak and new law creates a spike in privacy requests, he said. Now is the time to prepare.
“Finally, you need to protect against new ransomware attacks that may come from the TikTok/Facebook/Instagram data leak,” Manley said. “With the leaked personal information, cybercriminals can phish more individuals. Since everybody is working remotely, those phishing attacks can compromise a personal device, which then connects to a corporate network and spreads the ransomware. Therefore, core ransomware protection … becomes even more important over the coming weeks.”
Timm Hoyt is Druva‘s global vice president of partners and alliances.
“The onslaught of cyber threats, malicious actors and government or industry regulations can easily overwhelm an organization,” he said. “Working with a capable expert MSSP to help is often the wiser investment decision. MSSPs are solely focused on helping customers build the protective moat around their castle and also bring the firepower to eradicate the bad guys when they storm the walls. As organizations increasingly support a dispersed, remote workforce, it’s important MSSPs offer robust options to protect endpoint devices, SaaS apps and cloud-native workloads alongside data stored in traditional data centers.”
Bugcrowd Offers Pre-M&A Security Testing
Bugcrowd has launched a new bundle of security tests to evaluate M&A targets’ security status and mitigate cyber risk post-acquisition.
The tests combine remotelydeployed penetration testing with the asset discovery, alerting, attribution, prioritization, and management capabilities of Bugcrowd’s platform. Organizations can initiate these tests in 72 hours or less.
Ashish Gupta is Bugcrowd’s CEO. Historically, M&A due diligence focused on financial, legal, commercial and technological risk, he said.
“However, cybersecurity posture is becoming increasingly critical to M&A negotiations as the impact that can result from acquiring a company without a proper risk analysis can be devastating,” he said. “In fact, 60% of organizations engaging in M&A activity will consider security posture a critical factor in the M&A due diligence process.”
Marriott’s acquisition of Starwood is a recent example of what can go wrong when cybersecurity due diligence is not a part of the M&A process, Gupta said.
“To elaborate, when Marriott acquired Starwood in 2016, Marriott was unaware that the Starwood network had been compromised since 2014,” he said. “Two years later, Marriott announced that one of its reservation systems had been compromised, with hundreds of millions of customers’ information exposed, including credit card and passport numbers. To make matters worse, the credit cards were encrypted, but the encryption keys were stored on the same compromised server and were also exfiltrated by the attackers.”
Partners can sell Bugcrowd’s M&A assessment while participating in other products or services that complement the assessment, Gupta said.
“It does help channel partners address a broader market by allowing them to offer their customers cybersecurity due diligence pre-acquisition from a neutral third party,” he said.