02 Aug Security Breach – 2 Aug 2024
Cybercriminals are becoming increasingly sophisticated, continuously finding new ways to exploit vulnerabilities in corporate networks, systems, and applications. To stay ahead of these threats and protect sensitive data, companies must employ robust cybersecurity measures. Two critical components of a comprehensive security strategy are penetration testing and vulnerability scanning. While these terms are often used interchangeably, they serve distinct and complementary purposes in safeguarding an organisation’s digital Assets.
Vulnerability scanning helps identify potential security weaknesses in a system by systematically probing for known vulnerabilities, allowing organisations to address issues before they can be exploited. Additionally, it assists in maintaining compliance with industry standards and regulations by providing continuous monitoring and assessment of security controls. Vulnerability scans are automated processes that identify known vulnerabilities in a system by systematically scanning for security weaknesses, providing a broad overview of potential issues. In contrast, penetration testing involves manual and automated techniques where ethical hackers actively exploit vulnerabilities to assess the effectiveness of security measures, offering a deeper and more comprehensive analysis of the system’s defenses.
Recent Breaches
New Zealand – Squirrel – Financial Services
Exploit: Hacking
Risk to Business: Severe: New Zealand-based mortgage broking and investment firm Squirrel experienced a data breach that exposed the passport or driver’s license details of 600 peer-to-peer investors. Squirrel informed clients that an unauthorised user accessed a third-party system used in their investor registration process. This breach allowed the extraction of personal information, specifically passport or driver’s license details, for customers who registered in the 30 days prior to July 21, 2024.
India – Taj Hotels – Hospitality Chain
Exploit: Hacking
Risk to Business: Severe: India-based Taj Hotels experienced a data breach that potentially compromised the sensitive personal information of about 1.5 million guests, according to the Economic Times. Tata Group’s Indian Hotels Company (IHCL), which operates Taj Hotels, is investigating the incident. The hacker, known as “Dnacookies,” is demanding $5,000 for the dataset, which includes mobile numbers, addresses, membership IDs and other personal information. The company’s spokesperson stated there are no signs of ongoing security issues or disruptions to operations.
Talk to a TCT team member today about implementing cyber security plan for your business.
Robert Brown
2/08/2024
Related Articles:
Vulnerability Management
Using Threat Modelling to Reduce Your Cybersecurity Risk