Plus: Ready to be NASA CISO?
| | | | | | | | | | Some VC and PE Firms Sidestep Cyber Issues | | | | | | | | Hello. Private-equity investors are well aware of cyber risk in their portfolio companies but they might not be doing enough about it. Just 70% of PE firms conduct cyber due diligence on every acquisition, pre-deal, according to new research from S-RM Intelligence and Risk Consulting, which surveyed 100 PE firms in the U.S., Europe, Middle East and Africa. This surprises me. Not 100%? And 4% said they never conduct such inquiries. On a related note, as we recently covered, startups are a prime target for hackers because of the deep pockets of their venture investors. There's a bigger role for VC and PE to play in improving the defenses of the businesses they want to profit from. Other news: - Texas flood prompts scams
- Qantas said hacker made contact
- Major Massachusetts health plan data breached
- Could you be NASA's next CISO?
| | | | | | CONTENT FROM: Zscaler |  | | Why Ransomware is Winning Despite Billions Spent on Security | | Zscaler CEO Jay Chaudhry shares insights on how embracing Zero Trust AI stops ransomware at all four stages of an attack. Like a bank robbery, ransomware attacks find weaknesses, break in, move laterally, and steal or encrypt data. Attacks succeed because companies rely on firewalls as their primary defense. Firewalls expose public IPs, inviting attacks. Take back control of your security. Watch Now | ![]() | | | | | | |  | PHOTO: SAM OWENS/SAN ANTONIO EXPRESS-NEWS/ZUMA PRESS | | | | | Flood fraud: Watch out for charity scams, via phishing email and other means, Texas Attorney General Ken Paxton warned Monday. Bogus charities, fake contractors and other scammers come out after natural disasters, seeking money and personal data. | | | | Qantas says hacker made contact. The Australian airline, one of whose call centers was breached last week, didn't provide details of the contact, saying it is working with the Australian Federal Police. - The personal data of up to six million Qantas customers could have been stolen. (Reuters)
- "This week, we will be in a position to update impacted customers on the types of their personal data that was contained in the system. This will confirm specific data fields for each individual, which will vary from customer to customer," the company said Monday.
| | | Healthcare data at risk after hack on a contractor's business partner's software. Patients of Blue Cross Blue Shield of Massachusetts are being notified that their data was breached when the file-transfer software used at a direct-mail marketing company was exploited. Cierant, a marketing company that sends letters for the Massachusetts health plan, said it discovered in December that its Cleo VLTrader file-transfer tech was hacked, exposing the data. - Cierant has stopped using the Cleo software, it said in a letter to state regulators.
- Information at risk, Cierant said in a notice on its website, can include: name, address, date of birth, treatment-related dates, a generic description of services received, provider name, medical record number, health plan beneficiary number, claims number, plan member account number and premium information.
| | | NASA is looking for a CISO. The space agency is asking for a lot of experience and skills, naturally, and wants applicants to describe it all in a resume of just two pages. (The job description says this no less than three times, adding: "Your uploaded resume may take several hours to clear the virus scan process.") | | | | | | | | | | | | | | |
