Global CIO. IT Leaders Community

1,900 Signal users exposed The security breach affected users of the messaging app which is considered to be one of the better secured. Signal claims that an attacker got 1900 numbers but didn’t have access to the profile information, messages, or contact lists. The breach happened on the side of Twilio, a company providing SMS and two-factor verification services for 250 000 customers worldwide. It appears that an attacker gained access to the customer support system, whereby they could send phishing messages asking users to re-register phone numbers. Exposed accounts were transferred to other devices controlled by malefactors. They got access to the Twilio customer due to a well-designed phishing attack that happened last month. Employees received e-mails from the "IT Department" requesting to log in and change their password and linking to a sing-in page look-alike. Leaked credentials were used to get access to Twilio’s internal data. In the security note, Signal claims that an attacker targeted specific users. However, they were hardly able to steal personal information, because it is stored on the devices and the messenger has no access to them. It is also protected with a private Signal PIN code. #CyberSecurity

The Register released an inspiring interview with Tarah Wheeler, an advisor to the US Council of Foreign Relations and CEO of security startup Red Queen Dynamics. In conversation, she mentioned that the cyber security industry should stop contempt ordinary users for their lack of knowledge and change the approach to its failure. Firing employees is the most typical reaction of businesses to massive hacks or breaches. Companies blame not a system, but a small group of specialists that seems to fail. In the aircraft industry instead, every incident requires a lengthy investigation to backtrace all the circumstances of the crash. Wheeler says that it’s time for cyber security to refocus from blaming to analyzing system flaws. What the full interview by the link: https://vimeo.com/738428698 #CyberSecurity

On Wednesday, IBM released the annual Cost of a Data Breach Report. The average cost of a data breach increased 13% over two years and reached $4,35 million. IBM surveyed 550 companies worldwide and found that 83% of organizations encountered more than one data breach during their existence and 50% of their costs incurred more than a year after the incident. Furthermore, the report showed that 60% of companies raised product prices due to the data breach, so the cost of cyberattacks were passed onto customers. Read the full report by the link. https://www.ibm.com/security/data-breach #CyberSecurity