November is an interesting time of year for information security. With the holiday season in full swing, shoppers become easy targets for data theft. November is also when the United States comes together to elect our next round of officials. The combination of those things and more keep the world of information security news a rather busy one this time of year. Check out some of the headlines from November!
- You’ve probably heard about the Marriott breach by now. They announced the second largest breach in history in November. An interesting note is that the breach was actually caused through Marriott’s acquisition of Starwood— a reminder that when you purchase a company, you also purchase its security risks.
- Big breaches don’t always have to happen at big companies. In fact, they often don’t. Small and medium businesses are more susceptible than ever to breaches. 47% of small businesses in the U.S. experienced a breach last year.
- Dunkin’ Donuts announced a breach this month. A testament to how important good password etiquette is, this breach was the result of a completely independent site being breached, then those attackers attempting the same login and passwords on the Dunkin’ perks platform.
- Late this month, more penalties surrounding the Uber breach of 2016 were decided upon. Between data protection authorities in the U.K. and the Netherlands, the company was fined $1.2M for their failure to report the breach.
- According to Salesforce, Black Friday e-Commerce revenue grew by 13% in 2018, with mobile accounting for 49% of all Cyber Week purchases. This certainly leaves the door open wider than ever for creative attacks.
- While this has flown relatively under the radar, Amazon notified some customers of security incidents that occurred just before Black Friday and Cyber Monday. The company was not breached, but certain customers’ data was inadvertently leaked to a destination which Amazon has been strangely secretive about.
- Mozilla conducted research in preparation for this year’s holiday season. The study took a look at connected devices on people’s holiday lists and how secure they are. You can find the full list of products here.
InfoSec in Government
- The Pentagon and Homeland Security Department established an enhanced cybersecurity relationship that would improve the DOD and DHS’s readiness to respond to cyber attacks in preparation of midterm elections.
- A new rule is being proposed surrounding government contractors. Contractors have always been a weak link in government information security efforts, and this rule hopes to improve government visibility into contractor breaches.
- The FBI has been brought in to investigate a breach that targeted the NRCC earlier this year. It’s not yet clear who initiated the attack or how long it took to recognize, but it has become big news given the similar incident to the DNC in 2016.
- You may have seen the new service through the postal service where you can preview what mail is coming to your house before it even gets there. Well, not surprisingly, hackers are taking advantage of this service. Thieves have proven capable of using data from the service, Informed Delivery, to commit identity theft.
- The common thought lately around breaches is that we’re so desensitized to them that the businesses affected don’t actually lose many loyal customers in a breach’s wake. A recent study suggests this may be false. Over three-quarters of respondents would stop engaging with the brand online.
- Virtually immediately, a security expert was able to find a passcode bypass in the new iOS (12.1) update. This is the second time in two updates that the expert was able to find a bypass.
Understanding information security trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.