The week in security: Equifax’s billion-dollar breach settlement continues string of massive fines

Credit: ID 50935142 © Ominaesi |

The series of judgements for high-profile privacy breaches continued, with credit-rating firm Equifax reaching a $US700m ($A1b) settlement over its massive 2017 data breach.

Even that paled beside the $US5 billion ($A7.2b) fine for Facebook, which despite its size is being seen by many – including two US FTC commissioners – as a slap on the wrist.

While big businesses wrestle with the consequences of losing control of their data, cybercriminals continue to look for ways to get more of it. Symantec figures, for example, suggested that scam email volumes increased by 50 percent during the first quarter of this year.

Not everything is producing dividends for the scammers, however, with Microsoft using AI techniques to improve the way it evaluates malware – potentially stopping the digital-certificate manipulation that made the LockerGoga ransomware attack on Norsk Hydro possible.

Other cybersecurity researchers are taking a different approach, releasing an intentionally flawed blockchain implementation that they hope will encourage people to reconsider – and improve – security in the emergent technology.

Better security would be a blessing for security executives who are getting increasingly stressed about the unrelenting flood of email threats, new research has suggested.

Meanwhile, education startup Saasyan has been enjoying rapid business growth thanks to a decision to get access to a scalable and secure application foundation built in the cloud.

Yet while cloud platforms provide access to strong and scalable capabilities, they’re not impervious if their users aren’t careful: in one recent audit, over a quarter of cloud workloads were found to have been compromised by cryptojackers that had hijacked resources – and increased victims’ cloud bills – to mine cryptocurrencies.

That’s yet another reason why end users need to remember that security compliance is just the start of compliance efforts – not the end.

Security executives must consider the IT security risks of shifting to SD-WAN, of course, but must also remember to address issues such as the security of Internet of Things.

Those with bigger-picture worldviews may want to consider how cloud platforms can be leveraged to support environmental objectives, while also supporting objectives around ensuring the protection and integrity of Australians’ data.

Tags Equifaxcybercriminals

Show Comments