Early in the morning of March 22nd a threat group known as LAPSUS$ posted screenshots on their Telegram account that allegedly show access to Okta internal systems such as Slack, Cloudflare, Jira, Salesforce and other “Okta cards.” Okta’s CEO Todd McKinnon apparently confirmed an event in January in a tweet:: “In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.

Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of requirements to satisfy regulators or auditors which could short-change their business. At the same time, the pandemic has highlighted the necessity of risk management for every organization, and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today.

The average company can’t do business without their third parties. Vendors, suppliers, partners, distributors, and contractors — third parties make it so much simpler to build, distribute and sell a product or service.

ISO 27001 compliance provides greater assurance that an organization is adequately managing its cybersecurity practices, such as protecting personal data and other types of sensitive data. Third-party risk management (TPRM) programs can benefit immensely from implementing the relevant ISO 270001 controls to mitigate the risk of significant security incidents and data breaches.

Senior-level executives handle sensitive data and information daily – making them an enticing target for cybercriminals. One of the most complex schemes to date is the whaling attack, in which hackers impersonate high-ranking employees to gain access to computer systems and networks. Whaling attacks have seen a dramatic 131% increase between Q1 2020 and Q1 2021, costing enterprises around $1.8 billion in damages.

It’s out there. In the deep, dark corners of your IT estate, it’s been hiding. Maybe it’s that “killer app” one of the department heads brought back from a trade show. Or maybe it’s that campaign microsite that marketing had a contractor develop for a “skunkworks” launch. Shadow IT is more than an asset management problem. It’s a security problem because you can’t secure what you can’t see.

SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine. Details of these DDoS attacks have not yet been publicly identified.