As you have probably heard, 3G is phasing out. On February 22, AT&T shut down its 3G network. T-Mobile Sprint will retire its 3G network next week on March 31, 2022. Verizon, the last of the pack, will retire 3G by the end of 2022. What does this mean for your business and your security? The obvious answer is that older phones should be replaced as soon as possible, but the 3G shutdown’s impact will reach beyond phones, and that reach may affect your organization’s security.
Early in the morning of March 22nd a threat group known as LAPSUS$ posted screenshots on their Telegram account that allegedly show access to Okta internal systems such as Slack, Cloudflare, Jira, Salesforce and other “Okta cards.” Okta’s CEO Todd McKinnon apparently confirmed an event in January in a tweet:: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.
The average company can’t do business without their third parties. Vendors, suppliers, partners, distributors, and contractors — third parties make it so much simpler to build, distribute and sell a product or service.
ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.
Senior-level executives handle sensitive data and information daily – making them an enticing target for cybercriminals. One of the most complex schemes to date is the whaling attack, in which hackers impersonate high-ranking employees to gain access to computer systems and networks. Whaling attacks have seen a dramatic 131% increase between Q1 2020 and Q1 2021, costing enterprises around $1.8 billion in damages.
It’s out there. In the deep, dark corners of your IT estate, it’s been hiding. Maybe it’s that “killer app” one of the department heads brought back from a trade show. Or maybe it’s that campaign microsite that marketing had a contractor develop for a “skunkworks” launch. Shadow IT is more than an asset management problem. It’s a security problem because you can’t secure what you can’t see.
