At a glance.
- New Mexican government cyberincident under investigation.
- Report indicates businesses are overly confident when it comes to data security.
- NHS patient data possibly stolen in ransomware attack on service provider.
- The billboards have eyes.
New Mexican government cyberincident under investigation.
The Regulation and Licensing Department (RLD) of the US state of New Mexico suffered a security incident which is currently being investigated by the state’s Department of Information Technology’s (DoIT) Cybersecurity office. The Los Alamos Daily Post explains that an intruder gained unauthorized access to the department’s network, but the state says it has enlisted the help of cybersecurity experts to ensure that personal identifiable information of employees and RLD customers are not compromised. RLD is notifying anyone who might have been impacted, and the department will be fully operational throughout the investigation. State Chief Information Security Officer Raja Sambandam stated, “Cybersecurity is of utmost importance to the State of New Mexico. We are working diligently with RLD and all other state agencies to continuously improve their cybersecurity posture to protect the state and the people of New Mexico.”
Report indicates businesses are overly confident when it comes to data security.
Observability data firm Crib has released its State of Security Data Management 2022 Report, an industry-wide survey asking one thousand senior-level IT and security decision-makers about the cybersecurity challenges their companies are currently facing. The report shows that IT professionals feel their organizations are lacking when it comes to data management strategies, with two-thirds of respondents saying their data management strategy isn’t sustainable beyond three years, and one-third saying it’s sustainable for less than one year. Despite this, 92% of organizations state that they are confident in their current strategy. 63% use over twenty-five tools for data visibility and control, and more than 40% plan to increase their tools in the next two years. Clint Sharp, CEO and co-founder of Cribl, commented “Practitioners are drowning in a deluge of data while managing dozens of tools and external vendors, limiting organizations’ visibility and hindering their ability to swiftly respond to potential threats.” On a more positive note, 90% of respondents say their IT and security teams are working hand-in-hand, sharing information and tools and collaborating on cybersecurity efforts.
NHS patient data possibly stolen in ransomware attack on service provider.
IT service provider Advanced, which supports the UK’s National Health Service (NHS) and suffered a ransomware attack in August, has confirmed that the attackers exfiltrated some of their data, but has declined to say whether NHS patient data was compromised. The attack shut down a number of the NHS’s services, TechCrunch explains. Advanced has disclosed that the malware used in the attack was from ransomware-as-a-service operation LockBit 3.0. Advanced says the attackers gained initial access to its network by using “legitimate” third-party credentials (made easier by the lack of multi-factor authentication) to establish a remote desktop session to a server used for powering Advance’s caregiver’s scheduling and rostering system. Once they were in, the threat actors obtained data pertaining to sixteen customers before encrypting the system. However, Advanced says there is “no evidence” the data exists anywhere outside of the company’s control and that “the likelihood of harm to individuals is low.” Advanced added, “We are, however, monitoring the dark web as a belt and braces measure and will let you know immediately in the unlikely event that this position changes.”
The billboards have eyes.
London-based civil liberties group Big Brother Watch says digital billboards are using high definition cameras to harvest information from passers-by without consent. Working like physical ad trackers, the cameras have the ability to identify an individual’s gender, age, and even mood and outfit, while also gathering data from any mobile devices they might be carrying. Advertisers can then use the data to create customized profiles of pedestrians based on their GPS position, demographic info, and their engagement with various apps on their phones. Jake Hurfurt, head of research and investigations at Big Brother Watch, told Computing, "We've uncovered new ways in which millions of people's movements and behaviors are tracked to target us with ads on the streets, resulting in some of the most intrusive advertising surveillance we've ever seen in the UK.”
Billboard operators Ocean Outdoor and Clear Channel use face recognition software produced by French firm Quividi, which says its technology is able to scan up to one hundred faces and, in addition to gathering demographic info, can calculate the amount of time an individual engages with a digital billboard advertisement, and the data can then be used to tailor billboard ads to the people most likely to pass by them. Big Brother Watch says the tech raises major concerns about privacy and blanket consent. The report reads, "Consent cannot be meaningfully given to any of these data processes, as an individual is often in the sight of the cameras linked to the billboards or tablets before they are alerted to the processing and have the option to walk away," the report reads. This data is being gathered not just to work out if an ad campaign was successful but to alter how people experience reality without their explicit consent, all in an attempt to make more sales."