Welcome to This Week in Cloud, a weekly digest of the most important cloud and cybersecurity stories. In this installment, we examine the aftermath of the Yahoo data breach and new disclosures from the international bank transaction system, SWIFT.

Yahoo’s Historic Hack

Yahoo’s breach of 500 million customer accounts set the record for the biggest data breach ever in terms of accounts exposed. While many on social media mocked the triviality of stealing login information for Yahoo’s mail service, Yahoo’s portfolio services represent three of the top 20 consumer cloud services used in the workplace. The breach illustrates the cybersecurity factor of mergers and acquisitions, as the acquirer prepares to integrate systems and take inventory of sensitive information. Verizon certainly has their work cut out for them.

Yahoo Hack Throws Internet Insecurity into Sharp Relief | Jaikumar Vijayan, Christian Science Monitor

US Senator Seeks SEC Probe of Yahoo Disclosure on Hacking |Reuters

Global Banking Network Gets Desperate

Potential vulnerabilities in the configuration of a global banking technology from SWIFT first came to light when the Bangladesh central bank fell victim to cybertheft. SWIFT provides the technology that authorizes transactions  at major banks. At the time of the Bangladesh hack, SWIFT released cybersecurity best practices to customers. Now, SWIFT revealed three additional banks were targeted and has come out with mandatory security guidelines for customers. While banks do not take cybersecurity lightly, the new compliance framework acknowledges SWIFT has become a target for cybercriminals and forces banks to take action.

Swift Reports Summery Cyber Attacks on Three Banks | Katy Burne, The Wall Street Journal

SWIFT Toughens Customer Security with New Mandatory Rules | Darkreading

Patch Roundup

OpenSSL and Siemens both released software patches this week, highlighting the need for quick responses from security teams. From the enterprise perspective, the response should go beyond just patching internal systems. Vulnerable third party business partners frequently provide cybercriminals with a path into the network of larger companies. Organizations should have a plan for ensuring their vendors and partners implement critical patches, especially for vendors with sensitive data like cloud providers.

OpenSSL Patches 14 Vulns Including High Severity Flaw that Can Be Exploited for DoS Attacks | Jeremy Seth Davis, SC Magazine

Siemens Patches Flaw in SCALANCE Products | Eduard Kovacs, SecurityWeek

By the Numbers

1/3

One out of three SMBs have no idea what ransomware is, despite its rise to become a top threat to businesses in 2016.

61%

The rate of password reuse among end users reported by Last Pass is higher than previous estimates, despite the fact that 91% of users admit it is a risky practice.

185 million

The number of threats that bypassed perimeter defense detection numbered in the hundreds of millions, even though many of the threats have been present for years.

Cloud Guidance for Financial Services Companies

Britian’s financial regulator released a security guidance that’s useful for all companies using cloud

Download Now