Weekly Comments

27 November - 4 December 2018

How did your businesses fare security-wise over Black Friday and Cyber Monday?
Some companies do not detect cyberattacks quick enough, causing them to incur more damages over time. The slower a company detects an attack, the more losses it will suffer as threat actors maximise the theft of valuable corporate and financial information.

For instance, it has been revealed over the week that Marriott’s Starwood reservation system had been breached since as early as 2014. Close to 500 million customer data were exposed as a result. In addition, the New York-based website of art dealer company Sotheby had been infected by the Magecart skimmer since at least March 2017. Threat actors pilfered customer information disclosed on the payment forms on the website, including names, addresses, email addresses, payment card numbers, expiration dates, and CVV codes.

Detecting a cyberattack early is important. We recommend companies to subscribe to our managed security service, which provides impactful threat intelligence and 24x7 proactive monitoring of your environment. We can also help our customers create a clear picture of the latest cyber threats and develop a comprehensive step-by-step remediation plan. Together we can prevent, detect, and mitigate cyberattacks quickly and efficiently. 

References:
[1] Magecart fiends punch card-skimming code in Sotheby's Home website
[2] Marriott Announces Starwood Guest Reservation Database Security Incident
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence