September Cyber News Bytes
Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss topics ranging from a class action lawsuit to the impact of the COVID-19 pandemic on cyber threats.
Blackbaud Hit with Class Action Lawsuit
Following a network security breach and ransomware attack that was undetected for several months, Blackbaud, Inc. has been served a class action lawsuit. The cloud software vendor, which manages the data and servers of many educational and healthcare institutions, was hacked back in February before discovering the attack in May. The lawsuit claims, “The incident was not only caused by Blackbaud’s failure to properly secure clients’ information but also as a result of their employees’ failure to properly monitor the network and systems that housed the data.”
This lawsuit emphasizes the importance of proper cyber hygiene and training amongst all employees throughout an organization as well as maintaining appropriate cyber coverage. This lawsuit will be one to watch in the months to come. Recent articles from Classaction.org and InsureTrust share more details on the case.
This case represents not only a teachable moment for companies that may experience a massive data breach themselves, but also for organizations whose data may have been affected via a third parties breach. In a piece geared towards educational institutions, Schwartz Hannum PC outlines lessons learned from the incident and, for the future, some data management and data security suggestions that can be helpful to other organizations impacted by the experience.
Could Penetration Testing Prepare Your Organization for a Ransomware Attack?
Cyber penetration testing conducted by an outside third party vendor can help an organization test the strength and security of their network systems. A recent Q&A session from Net Diligence discusses the importance of penetration testing and what it can reveal to an organization. The session features several topics, such as the recommended frequency of testing and the top six problems that can be discovered by testing. As the cyber landscape continues to be threatened by ransomware attacks, penetration testing is something for all organizations to consider to combat being hacked.
Voice Phishers Targeting VPN’s
COVID-19 has been a unique challenge on all fronts as new cyber threats continue to emerge in its wake. Brian Krebs of Krebs On Security recently highlighted a new threat to employees accessing remote networks, a practice called “voice phishing.” Voice phishing uses a combination of one-on-one phone calls and custom phishing sites to steal employee credentials for financial reward. This article highlights factors behind these attacks, why the attacks are so effective and suggestions for how organizations can mitigate their exposure, suggesting that training alone may not be enough.
Cyber Risk & The Corporate Response to COVID-19
Throughout this year, we have discussed a number of organizations responding admirably to the abrupt changes thrust upon them resulting from COVID-19. With this in mind, the journey is not over. Organizations must remain vigilant and continue in their efforts to mitigate and manage cyber risk amid a larger remote workforce than ever before. A recent article from the Harvard Law School Forum on Corporate Governance highlights emerging threats that have presented themselves due to the digital transformation of many organizations and introduces dynamic approaches to address cyber risks.
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.