Governance, Risk & Compliance: GRC
Alert: Cybersecurity Risks Continue as New Threats Emerge in 2021
Cybersecurity and data privacy events small and large continue to demand active vigilance and communication as we inch our way into this new year.
With so much news and information filling up device alerts every day, cybersecurity teams won’t want to miss that Apple released an important security upgrade with its 14.4 update this week. On Wednesday, Jan. 27, 2021, Apple urged iPhone and iPad users to update devices to fix security flaws that than can be “actively exploited” by remote hackers – noting that it was a serious threat.
Apple’s announcement came on the heels of a massive internet outage on Jan. 26, 2021, that impacted remote workers (and their distance-learning children) along the U.S. East Coast, slowing collaboration to a crawl for organizations that use Zoom, Google Gmail, and Slack. Verizon acknowledged an unspecified network issue as the cause.
Australia’s financial sector was also dealing with delayed news about a cyberattack this week. The country’s corporate regulator, the Australian Securities and Investments Commission (ASIC), revealed that it had waited 10 days before informing financial institutions that its servers had been hacked in a breach that targeted file-transfer software. The attack also impacted the Reserve Bank of New Zealand and a law firm, Allens, that represents many blue-chip clients.
Walmart is reacting to a data breach of its subsidiary Bonobos, a men’s clothing retailer it acquired in 2017. A cloud backup of its database was downloaded by a threat actor, an action that Retail Info Systems (RIS) said highlights the need for cybersecurity protocols for cloud-based retail systems. RIS noted that Gartner predicts that by next year at least 95% of cloud security failures will be the customer’s fault in neglecting to properly observe the shared responsibility model.
Keys to integrating cybersecurity with business continuity in risk management
Something as simple as a phone software update can quickly turn from a cybersecurity event into a business continuity event, or both. This is especially true now when organizations still have a large portion of their workforce working remotely and accessing company information via bring-your-own-device (BYOD) policies.
Cyber threats are clearly not diminishing, as we wrote about in a recent blog that looked at the top risks we will likely face in 2021. For example, Fortune 500 companies, the Pentagon and other U.S. government agencies are still addressing the vulnerabilities of last year’s SolarWinds hack. Analysis has revealed the scope of that attack reached 18,000 private and government users who downloaded a tainted software update that gave Russian hackers a foothold into victims’ systems.
SAI360 offers a comprehensive suite of IT Risk and Cybersecurity risk management technologies and training solutions on data privacy and information security that can help you stay ahead of malicious cyber actors.
We help organizations map risks to requirements, automate assessments against common risk and control frameworks, improve compliance with regulatory requirements, and improve overall business performance with compliance training focused on cybersecurity, data privacy, data protection, and information security regulations and best practices.