Aussie data breach report exposes supply chain risks – CyberTalk

Aussie data breach report exposes supply chain risks – CyberTalk

EXECUTIVE SUMMARY:

Approximately 60% of Australian organizations lack a comprehensive understanding of third-party data breach risks, with over 50% failing to implement impactful measures to assist with long-term third-party risk management. Authorities are concerned…

The Office of the Australian Information Commissioner’s recent data breach report highlights growing concern over supply chain risks and breaches. The report reveals a significant number of multi-party incidents.

These often originate from cloud or software providers, raising questions about awareness of and efforts to mature supply chain security measures.

Commonly reported incidents, catalyzed by supply chain breaches, include phishing, compromised account credentials and ransomware.

OAIC response

The Office of the Australian Information Commissioner (OAIC) is intensifying its pursuit of regulatory actions against organizations that have experienced data breaches. Civil penalties are being exacted through the Federal Court.

In particular, Australia is prioritizing actions in cases where there were clear failures to adhere to reporting requirements and obvious lapses around protecting personal information. This includes situations where organizations have left data vulnerable by retaining it for undue lengths of time.

“As the guardians of Australians’ personal information, organisations must have security measures in place to minimise the risk of a data breach. If a data breach does occur, organisations should put the individual at the front and centre of their response, ensuring they are promptly told so their risk of harm can be minimized,” said Australian Information Commissioner Angelene Falk.

Steps for organizations

An organization’s third-party risk management approach should be unique to the given enterprise on account of who it works with, its role in the larger ecosystem, regulatory requirements, data protection requirements and risk tolerance.

There are numerous ways in which to go about being more proactive around third-party risk. As a strong initial step, the Office of the Australian Information Commissioner recommends, among other things, embedding risk management into third-party contractual agreements.

If your organization is just starting out in this area or would like to improve existing agreements, consider the following:

Define clear expectations and requirements

  • Establish well-defined SLAs. They should clearly outline cyber security expectations and requirements for all parties.
  • Specify ownership of data. Clearly define who is responsible for which data and how it can or cannot be used.
  • Address access and use of customer data. Ensure that data handling aligns you’re your organization’s privacy and security standards.
  • Call out data retention. Define how long data can be stored for. Specify when it should be securely deleted.

Create backup and contingency plans

  • Retain backup vendors for critical services. Should one provider fail for whatever reason, your organization will be able to quickly switch to an alternative without operational disruption.
  • Have a data breach response plan. Roles and responsibilities should be clearly defined. Establish communication channels and procedures for notifying affected parties, should a breach occur.

Regularly monitor and assess

  • Conduct risk assessments. Understand third-party security practices and evaluate risk posture.
  • Conduct compliance audits. Conduct audits in order to verify compliance with contractual obligations. Ensure that third-parties adhere to agreed upon cyber security measures.

Further thoughts

In our global business landscape, supply chain risk management is a critical practice. By limiting supply chain breaches, organizations protect their reputations, avoid emergency costs, and reduce the potential for risk management related lawsuits — Which, again, are about to affect a number of organizations in Australia.

If you’d like to get ahead of potential regulatory and legal challenges, be sure to read A CISO’s Guide to Preventing Downstream Effects (And Litigation) After a Breach.

7 best practices for tackling dangerous emails – CyberTalk

7 best practices for tackling dangerous emails – CyberTalk

EXECUTIVE SUMMARY:

Email is the #1 means of communication globally. It’s simple, affordable and easily available. However, email systems weren’t designed with security in mind. In the absence of first-rate security measures, email can become a hacker’s paradise, offering unfettered access to a host of tantalizingly lucrative opportunities.

Regarding email threat prevention, adherence to security best practices positively influences outcomes. In this article, discover seven unbeatable ways to tackle the issue of email security and dangerous emails. Reduce your organization’s risk, safeguard systems, and minimize your mean time to incident recovery.

7 best practices for tackling dangerous emails

1. Develop and enforce a corporate email policy. This document should provide guidelines around use and monitoring of corporate email services.

Specify that email communications should center around work tasks, work projects and official business. Excessive non-work related email is not acceptable, as it can introduce undue security risks.

Provide guidance around creating strong passwords, rotating them on a regular basis and avoidance of password sharing. Encourage employees to use unique passwords for corporate accounts.

An email policy might also note that in an effort to prevent insider threats, employees may be subject to monitoring of messages that reside on the mail server.

2. Implement an advanced email filtering system. Invest in technologies that can sift through emails before they reach the end-user. These technologies analyze patterns, identify anomalies and continuously adapt to new threats — providing your people with high-quality threat protection.

3. Incorporate AI-powered tools into your email security stack. AI and ML bring new capabilities to the table. They can identify threats that may be missed by more traditional tooling, blocking the most evasive and sophisticated of threats before they can evolve into intimidating multi-stage attacks.

4. Endpoint security. Ensure that devices used by employees to access email and network resources are secure. Install and regularly update endpoint security software. In addition, implement a password management policy and device encryption.

5. Leverage email encryption. By encrypting emails, your organization ensures that sensitive data remains impervious to interception and unauthorized access. Encryption means that only the intended recipient can open and read through the contents of messages.

This cuts down on the possibility that a bad actor will attempt to parse through data for social engineering purposes, and it reduces the potential for malware-based email attachment attacks, among other threat types.

6. Provide employees with awareness training. Ensure that employees are well-informed about corporate security policies, their responsibilities in helping to maintain organizational security, and common types of threats that they should look out for – many of which are email-based.

Explain recommended best practices and provide contact information for cyber security personnel, should they have any questions or encounter anything seemingly malicious.

7. Opt for an email security solution that goes beyond email. Because email-based threats can spread through an organization horizontally, consider an email security solution that covers all collaboration channels — think G Suite, Teams, Slack and OneDrive. Solutions like Avanan provide this service and offer free proof-of-value.

Bonus: While this isn’t a means of proactively tackling dangerous emails, it will assist with addressing dangerous emails after they’ve been opened or clicked on:

Have an incident response plan. If your organization can take swift action after learning of a threat, you may be able to avoid far-reaching damage and unexpected expenses.

Regularly evaluate and update an incident response plan. This will help ensure that your organization can combat new and emerging email threats. Check out our incident response resources, here.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

The Legend Of Zelda: Majora’s Mask Part 6 | Super Replay

The Legend Of Zelda: Majora’s Mask Part 6 | Super Replay

After The Legend of Zelda: Ocarina of Time reinvented the series in 3D and became its new gold standard, Nintendo followed up with a surreal sequel in Majora’s Mask. Set two months after the events of Ocarina, Link finds himself transported to an alternate version of Hyrule called Termina and must prevent a very angry moon from crashing into the Earth over the course of three constantly repeating days. Majora’s Mask’s unique structure and bizarre tone have earned it legions of passionate defenders and detractors, and one long-time Zelda fan is going to experience it for the first time to see where he lands on that spectrum.

Join Marcus Stewart and Kyle Hilliard today and each Friday on Twitch at 2 p.m. CT as they gradually work their way through the entire game until Termina is saved. Archived episodes will be uploaded each Saturday on our second YouTube channel Game Informer Shows, which you can watch both above and by clicking the links below. 

Part 1 – Plenty of Time
Part 2 – The Bear
Part 3 – Deku Ball Z
Part 4 – Pig Out
Part 5 – The Was a Bad Choice!
Part 6 – Ray Darmani

[embedded content]

If you enjoy our livestreams but haven’t subscribed to our Twitch channel, know that doing so not only gives you notifications and access to special emotes. You’ll also be granted entry to the official Game Informer Discord channel, where our welcoming community members, moderators, and staff gather to talk games, entertainment, food, and organize hangouts! Be sure to also follow our second YouTube channel, Game Informer Shows, to watch other Replay episodes as well as Twitch archives of GI Live and more. 

Mobile TCG Pokémon Trading Card Game Pocket Announced

Mobile TCG Pokémon Trading Card Game Pocket Announced

While the main headline event from today’s Pokémon Presents showcase was the announcement of Pokémon Legends: Z-A, it wasn’t the only new game that got announced. It shares that status with Pokémon Trading Card Game Pocket, a new mobile game that allows players to collect, trade, and battle with the franchise’s signature trading cards.

Check out the reveal trailer below:

[embedded content]

While there are several features available in the game, Pokémon Trading Card Game Pocket seems to focus the most on the collection aspect, which is fitting given the renaissance of physical card games in recent years. While no details on microtransactions are given, the end of the trailer notes that players will get two free packs a day – implying that more than that might come at a cost.

You’ll also be able to trade cards with other players and battle them online as well. The trailer also shows off immersive cards, which seem to feature a 3D cinematic inside the cards.

The app is being developed by DeNA (best known for their work on Pokémon Masters) and is due out sometime later this year. For more Pokémon cards, check out our Trading Card hub, which features some of our favorite pulls from the game’s big releases.