In This Issue:
Cyber Crime Ranked as Primary Concern by Compliance Experts
Cyber crime has been identified as the top threat among financial crimes in Ireland, according to compliance professionals. Cyber crime, including hacking, phishing, and online scams, was highlighted as the most significant issue by 34% of respondents. This category surpassed other concerns like fraud and tax evasion, which were jointly ranked second at 21%. Other threats included money laundering (19%), bribery and corruption (4%), and insider trading (1%). The survey, conducted by the Compliance Institute, involved 230 compliance professionals from Irish financial services. The CEO of the Compliance Institute, Michael Kavanagh, emphasised the rapid development of cyber crime and the challenges in keeping pace with it. He also noted the government's plans to combat cyber threats, including creating a national anti-ransomware organisation and offering financial support to small businesses. Kavanagh highlighted the significant impact of cyber attacks, citing the 2021 HSE hacking and an 8.8% increase in funds stolen through frauds and scams in 2022.
23andMe Attributes Data Breach to User Habit of Reusing Passwords
23andMe, a genetics company, faced a data breach in late 2023, impacting about half of its customers (6.9 million users). The company attributes the breach to users recycling exposed passwords from past security incidents. Facing lawsuits for allegedly breaching US privacy laws, 23andMe argues that no security breach occurred under the California Privacy Rights Act (CPRA) rules. They claim the incident resulted from customers' negligence in updating their passwords. In response, 23andMe implemented mandatory two-step verification in November 2023, although this option has been available since 2019. The stolen data, primarily ancestry information, was reportedly being sold on hacker forums but is said to be incapable of causing financial harm.
Source: https://www.siliconrepublic.com/enterprise/23andme-data-breach-blames-users-password-recycling
Microsoft Announces Critical Security Alert for Outlook Users Over Vulnerability Risk
Microsoft has issued an urgent advisory for all Outlook users to update their software due to a vulnerability being exploited by a nation-state threat actor, identified as "Forest Blizzard" and linked to Russia. This group targets government, energy, and transportation sectors, primarily in the US, Europe, and the Middle East. The exploited vulnerability, CVE-2023-23397, was initially patched in March 2023 but a bypass found in May 2023 led to further patches. Despite available fixes, the exploit remains a threat due to unpatched systems. Microsoft advises updating Outlook, implementing multi-factor authentication, and running a script to check if servers have been targeted.
Source: https://tech.co/news/microsoft-outlook-update-exploit
Cyber Resilience Act approved by European Commission
The European Commission has approved the Cyber Resilience Act, initially proposed in September 2022. This legislation mandates manufacturers of internet-enabled devices to be responsible for cybersecurity throughout the product's life cycle, including regular security updates. It aims to ensure that consumers are informed about their rights regarding device security. All products in the EU market must meet the Commission’s cybersecurity standards and will display a special CE marking to indicate compliance. Once enacted, companies will have 36 months to adapt to these rules, with a shorter 21-month period for reporting obligations on incidents and vulnerabilities. Non-compliance may result in fines and product withdrawal from the EU market.
Source: https://www.siliconrepublic.com/enterprise/cyber-resilience-act-approval-european-commission
Discover More
Interested in how HLB can fortify your business against cyber threats? Explore our Cyber Security Solutions on our website.
