Global Affairs Canada (GAC), the country’s foreign affairs department, is reeling from the impacts of a data breach that leaked the personal information of users and staff members.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
ITRC report noted that the 3,205 data breaches recorded last year shatters the prior record of 1,860 and is a 78% increase from a similar number (1,806) seen in 2022.
There’s now a drive towards convergence which is seeing disparate technologies brought together over the SIEM to complement its threat hunting capabilities. Putting these technologies over a single platform reduces complexity and brings down management costs and eradicates duplicated functionality.
Energy and automation company Schneider Electric has confirmed a ransomware attack that disrupted the Sustainability Business division and leaked company data.
Beijing’s Justice Bureau says that Wangshendongjian Technology has provided it with the capability to capture mobile phone numbers and email addresses associated with the sending device. AirDrop sharing encryption has been in question for some time.
A grave warning from FBI director Christopher Wray: Chinese hackers can be expected to continue to infiltrate critical infrastructure, and similar activity is likely proceeding successfully.
In addition to five new state privacy laws, 2024 is expected to bring not only an amplified number of cyberattacks but also increasingly sophisticated attacks, including using emerging technologies such as artificial intelligence (AI), in what is a quickly and continuously evolving threat landscape.
US and UK water companies Veolia North America and Southern Water have confirmed a ransomware attack and a data breach that leaked personal information.
A botnet used by a state-backed Chinese hacking group has lost at least some of its capacity, according to security officials that spoke to Reuters anonymously. The Volt Typhoon group has been targeting US critical infrastructure since at least mid-2021.
Trello user data leak resulted in the personal information of 15 million people being scraped from a public API and listed for sale on a popular dark web hacking forum.










