fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Shopify Data Breach Illustrates the Danger of Insider Threats

Shopify Data Breach Illustrates the Danger of Insider Threats

A recent data breach at Shopify that affected almost 200 merchants has been attributed to insiders.

The incident did not result from a technical vulnerability, but from two “rogue” support team employees involved in a scheme to procure customer transactional records and sensitive data.

Shopify conducted an investigation into the incident and found the breach impacted under 200 Shopify merchants. FBI was also made aware of the findings.

Also Read: Website Ownership Laws: Your Rights And What It Protects

“We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts,” the company stated in a statement.

As of now, there is no evidence as to how this data may have been misused.

It may be a relief for everyone to know, sensitive information such as complete payment card numbers and sensitive personal and financial information was not exposed as a result of this incident.

The exposed “data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased,” the statement acknowledged.

Shopify is continuing its investigation into the incident and is in touch with the impacted merchants and their customers.

The company said, “We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”

“To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”

Not all insider threats are malicious

Although the term, “insider threats” has a negative connotation to it, some insider threats are unintentional and simply exploited.

For example, in July 2020, a large scale Twitter data incident had occurred because unsuspecting employees were exploited via social engineering tactics.

Regardless, the end result was a heavy impact on prominent Twitter users.

“Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,” stated Twitter.

Insider threat monitoring software company Code42 shared insights on data exfiltration incidents with BleepingComputer stating that 45% of all detected file exposures involved business files or source code, which is high-value data.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

“On average, a typical employee causes 20 file exposure events per day. The numbers don’t lie. We found that in the past 30 days alone, literally millions of files were exposed,” they continued in a report.

Additionally, data exfiltration can occur outside of a typical work week too.

For example, according to Code42, “more than one-third of weekend file exposure events happened via removable media, a surprising – and suspicious – choice of vector for employees working from home.”

Increasing reports of insider threats at prominent organizations have sprung up in recent times when data security has become an issue of paramount importance, as demanded by privacy legislation.

Last month, a Russian national tried to recruit a Tesla subsidiary employee in an extortion effort, “to convince him to deploy an unknown malware strain on the company’s computer network.”

The attacker’s plans thankfully foiled in time.

Earlier this year, a Roblox employee was bribed so that attackers could access the information of over 100 million users.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us