SoftwareOne logo

3.9 min to readNews and UpdatesCloud ServicesDigital Workplace

Cyber security update, August

Ravi Bindra
Ravi BindraCISO
An image of a blue and green hallway with neon lights.

SoftwareOne believes there is a need for additional information when it comes to cyber security, as organisations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly “Cyber Security Update” provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

American Express confirms data leak of APAC employee details

American Express, a major US financial services company, reportedly experienced a significant data breach that exposed sensitive personal information of its Asia-Pacific region employees.

The breach was initially revealed through an Instagram account called "The Aussie Corporate," which shared an anonymous video detailing the breach's extent. The leaked information contained a wide range of personal data, such as bank account information, names, addresses, payment histories, and tax file numbers, making it a comprehensive repository for potential identity theft. The breach was attributed to a former employee based in India.

Metropolitan Police investigating suspected data breach

The Metropolitan Police in the UK is investigating a suspected data breach that has exposed the names, ranks, photos, vetting levels, and pay numbers of officers and staff held in a third-party supplier’s system.

The force has said that it has now taken additional security measures. It has also stated that the system “did not hold personal information such as addresses, phone numbers or financial details”.

Duolingo Data Breach Exposes 3 Million User Emails

Just under 3 million Duolingo users’ (2.68 million) email addresses were compromised and are being sold online following a data breach at the beginning of this year. According to new data from Surfshark, around a third of the compromised users were from U.S. accounts.

The new report found 967,000 U.S. email addresses were exposed, while accounts from South Sudan were second, followed by France and then the U.K.

In total, 16.3M data points of Duolingo users were exposed. On average, each email account was leaked with five data points, such as language, profile picture, username, name, country or bio.
SoftwareOne blog editorial team

Surfshark

Cyber security awareness

Over 200 Million Brits have data compromised in four years

Between 2019 and 2022, UK organisations suffered significant financial losses due to data breaches, impacting hundreds of millions of their customers' personal information, according to an analysis by Imperva.

They examined 99,490 breaches reported to the Information Commissioner’s Office (ICO) and notable breaches identified by Chartered Institute of Information Security (CIISec) members. During this period, data belonging to over 200 million individuals in the UK was compromised, roughly equivalent to every citizen's data being breached at least three times.

Surprisingly, the analysis revealed that malicious attacks like malware, phishing, and ransomware accounted for only 33% of reported breaches, while insider threats caused 40% of incidents.

Cyber security intelligence

2022 top routinely exploited vulnerabilities

A new joint advisory paper, co-authored by national cyber security agencies from 5 countries has been published to examine the vulnerabilities that cyber criminals and actors exploited throughout 2022.

This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE). In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems.

The authoring agencies strongly encourage vendors, designers, developers, and end-user organisations to implement recommendations found within the Mitigations section of the paper as a means of reducing the risk of compromise by malicious cyber actors.

Hot topic of the month: Human element remains biggest threat

Human error continues to be an integral element whenever organisational security fails against data breaches. The human element features in 74% of all breaches, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering. This is a key finding in Verizon’s new 2023 Data Breach Investigations Report.

The report presents data from an analysis of 16,312 cyber security incidents, of which 5,199 were confirmed data breaches. The incidents described took place between Nov. 1, 2021, and Oct. 31, 2022.

A blue ocean with sunlight shining through the water.

Put a lock on your critical data

SoftwareOne Cloud Security Services help reduce security costs for companies, nonprofits, and governments worldwide.

Put a lock on your critical data

SoftwareOne Cloud Security Services help reduce security costs for companies, nonprofits, and governments worldwide.

Author

Ravi Bindra

Ravi Bindra
CISO

Ravi holds over 20 years’ experience as a cyber security evangelist, holding multiple leadership roles in the Swiss pharmaceutical industry, such as Global Head of Risk Management, Global Head of Architecture and Global Head of Security Operations.