Security News > 2021 > May

India's flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation. A new statement [PDF] from the airline says that personal data describing around 4.5 million of its customers leaked when SITA revealed it had been breached in March 2021.

Report the hack to your customers and business stakeholders. The disaster recovery plan outlines the steps needed to operate the business with degraded systems or missing business-critical data.

We still talk about strategies for protecting the enterprise vs cloud infrastructure, or access management for branch offices vs remote workers. We need to stop talking about places and start focusing on a goal like location-agnostic access.

A data poisoning attack aims to modify a model's training set by inserting incorrectly labelled data with the goal of tricking it into making incorrect predictions. We decided to study data poisoning attacks against example scenarios similar to those that might be used in a fraud detection system on an e-commerce website.

Organizations need to revisit their privileged access permissions and double down on their security strategy to protect their data and people from being exposed in the next big data breach. As companies move to a hybrid model, it's important to look closely at which employees may have been granted additional access during the shift to working remotely and reassess who has privileged access now to minimize this threat.

How does the order apply to today's modern application networks and cloud-first technologies? The rise of hybrid and multi-cloud environments, distributed microservices applications, and container orchestration with Kubernetes all imply a need for zero-trust application networking that operates consistently and comprehensively in diverse heterogeneous environments. It is imperative that all private businesses and governmental organizations collaborate to secure connectivity for distributed, containerized, microservices applications, which makes perfect sense since attackers probe the entire digital supply chain and its implementation, not restricting themselves to any one element of the total technology stack.

While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold, a ZeroNorth survey of 250 global security, DevOps and IT professionals reveals. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

Emerging technologies can bring the potential for increased efficiencies, cost savings and improved security for enterprises, among other benefits-but also risk that must be weighed when considering adoption. The top three characteristics classifying a technology as emerging, per respondents, are technologies with significant disruptive capabilities, technologies with significant problem-solving capacity, and technologies that are recent discoveries.

Where does the tip of the spear turn to for a helping hand? One popular avenue is to turn to a virtual CISO, an external consultant who can offer strategic advice, suggestions, and help find insights that can be instrumental in building better security systems. With that in mind, Chris Roberts, Cynet's chief security strategist is offering a new program to give InfoSec leaders a new avenue for support, advice, and valuable insights.

Indonesia's government has admitted to leaks of personal data from the agency that runs its national health insurance scheme. On May 20th Kominfo, Indonesia's Ministry of Communication and Information Technology, acknowledged it was aware of a post on notorious stolen-data-mart Raidforums offering to sell a million records leaked from the Badan Penyelenggara Jaminan Sosial, an agency that runs national health insurance scheme Jaminan Kesehatan Nasional.