This month, MyCena Security Solutions CEO Julia O’Toole lent her thoughts to Ciso Mag on the single points of failure in any digital infrastructure. Julia warns that just one vulnerability can lead to large-scale chaos, citing the SolarWinds hack and how one lost password led to a massive espionage operation. Julia advises “going back to the drawing board” and removing these single points of failure to prevent long-term cyber damage.
Following the leaked account details of more than 533 million users, Facebook has come under fire once again. An email sent by internal teams was ironically at the centre of another privacy misplay – this time, the email was accidentally sent to Data News in Belgium. The email suggested that the social network “expected” incidents like this and that it would issue limited statements. Facebook told the BBC they understood people’s concerns and are doing everything to strengthen systems.
Following in Facebook’s footsteps, LinkedIn has also succumbed to the latest data scraping attack. Five hundred million user accounts have been compromised, but representatives at the top say that the scraped data was “in the public domain”. They added that no information from private accounts had been scraped, and as yet, are not planning to inform users.
Following a sharp increase in sales of smart devices during the pandemic, the UK has now published plans for new legislation to protect users. The Department for Digital, Culture, Media and Sport states that easy to guess default passwords will now be banned, while tech giants such as Apple must notify users when their devices will stop getting security updates. Figures suggest 49% of UK residents have bought new smart devices during the pandemic.
Investment in cybersecurity is set to exceed $200 billion by the year 2024, according to reports by Bloomberg Intelligence. The trends come from the general switchover to cloud-based security, while remote working was also blamed for the surge in spend. Bloomberg says that security will make up a bigger share of IT budgets as businesses try to fend off reputational and business risks.
On March 2nd, Microsoft announced that four zero-day vulnerabilities in its Exchange email service were being exploited by attackers, leaving hundreds of thousands of companies worldwide under threat. Microsoft released emergency patches and tools for clients to install as soon as possible. There are fears that tens of thousands of businesses, especially small to medium companies without dedicated cybersecurity staff, may not yet have applied the fixes. Attackers have used the ProxyLogon vulnerabilities to gain access to Exchange servers from which they are able to execute commands remotely.
