Why an overhaul of your business continuity plan is needed, and more.
Welcome to Cyber Security Today. It’s Friday, October 7th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Think you have a good business continuity plan for surviving a cyber attack? You probably don’t, according to James Arlen, chief information and security officer at Aiven [IVAN]. He gave that message in a keynote address at Thursday’s SecTor conference in Toronto. Most IT and security leaders don’t understand the interconnections of today’s applications, he said, especially cloud apps. That’s why when something breaks you may not know what do to. How to fix this? Start your plan all over again. Use the existing plan as a resource, Arlen said, but go back to square one and find all the dependencies — the software that depends on other software — in your all your applications. I wrote a more detailed version of his presentation here.
By coincidence BlackBerry released a survey this week of 405 senior IT, networking, and security decision-makers in the U.S., Canada and the U.K. It asked, among other things, about incident response plans. Just under 80 per cent of respondents said they have an incident management process. Of those, however, half think they lack the teams and tools for the plan to be effective around the clock.
A 19-year-old Australian man has been arrested for allegedly trying to use customer data recently stolen from the country’s second-largest wireless carrier. Australian police said Thursday the arrest came after a person texted 93 customers of cellphone provider Optus and demanded they transfer roughly $2,000 to a bank account. If they didn’t, their personal information would be used for financial crime. The data seems to have been some of the stolen information of 10,000 Optus customers. Police said the accused isn’t suspected of being the hacker.
Separately, Australia’s largest telecom company acknowledged a data breach at a third-party provider resulted in the theft of personal information of some staff dating back to 2017. The data stolen comprised names and email addresses of people who signed up for Telstra’s employee rewards program. Telstra didn’t say how many people were on the list.
As I told you in Wednesday’s podcast there were questions raised about the advice Microsoft gave to administrators of on-premise Exchange email servers in the wake of the discovery of several zero-day vulnerabilities. Microsoft has now updated that guidance. Administrators should check Microsoft’s Security Response Center for the latest advice.
Finally, an American non-profit hospital chain with facilities across the country is still dealing with what it calls an “IT security issue.” The chain is CommonSpirit Health. According to the Washington Post, hospitals in Iowa, Nebraska, Tennessee and Washington State have had service disruptions. In a statement Wednesday the institution said as a result of the security issue some IT systems have been taken offline. News reports said some surgeries had to be rescheduled.
That’s it for now. But later today the Week in Review podcast will be available. Guest commentator David Shipley of Beauceron Security and I will talk about the meaning of Cybersecurity Awareness Month.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.