Improving diversity in the cybersecurity industry by doing more to hire people from different backgrounds can help improve online defences for everyone because it will enable information security teams to think about – and defend against – concepts and attack techniques they may not have considered before.Figures from an NCSC report on diversity detail how over 85% of professionals working in cybersecurity are white, compared to under 15% from black, Asian or mixed ethic groups. Two-thirds of the industry identifies as male, compared to 31% identifying as female, while over 84% of those surveyed identify as straight, compared with 10% who identified as LGBT. But diversity is – gradually – increasing.

ZDNet Recommends

“I feel like from a diversity and inclusion standpoint in the cybersecurity industry we’ve honestly come a long way,” Christine Izuakor, founder and CEO of Cyber Pop-up told ZDNet Security Update.SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  “There’s definitely some work to do, but I’m so happy to see so many initiatives around building diversity in the industry, bringing more women into the industry, more people of colour people from all these different backgrounds. I think that’s huge”.Not only does diversifying the cybersecurity industry help it better reflect the population, it can bring different ways of thinking and different skills to the table – and it could also help cybersecurity teams gain a better idea of how the malicious hacking operations they’re trying to defend networks again work.

“The people who are carrying out these attacks, don’t look one kind of way or come from one different background. They come from so many different backgrounds across so many different parts of the world,” Izuakor explained.”You can’t defend against that, by having one train of thought, you need those different perspectives, you need the people who are defending against these attacks to look just like the people who are attacking and that looks like a variety of different people,” she added.Improving diversity in cybersecurity teams should, therefore, be a key aim for organisations across the industry, because it can help protect people and businesses from a wider range of cyber threats.”I truly believe that we cannot adequately defend against attacks or develop the solutions and the methods and things that we need if we keep a one-track mind – we have to have diversity in the space, otherwise we will fail,” Izuakor said. SEE: This new ransomware group claims to have breached over 30 organisations so farIt’s also important to recognise that people can take different routes into cybersecurity – some might get qualifications from university or information security certifications, others might learn skills via online courses, some might even teach themselves entirely. “It’s important to acknowledge that people have different learning modes and different paths, and that is OK, as long as the job is getting done right and as long as we’re defending against these attacks and being more secure,” said Izuakor.MORE ON CYBERSECURITY More

MyRepublic says almost 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The affected system had contained identity verification documents needed for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.  The “unauthorised data access” incident was uncovered on August 29 and the relevant authorities had been informed of the breach, said MyRepublic in a statement Friday. It pointed industry regulator Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission, which oversees the country’s Personal Data Protection Act (PDPA).  MyRepublic said personal data of its mobile customers were stored on the affected system, adding that “unauthorised access to the data storage facility” since had been plugged. The incident had been “contained”, it said. Asked how long it had used the third party’s data storage service and whether it was a cloud-based service, MyRepublic told ZDNet it was unable to share these details, citing confidentiality. It also declined to say “for security reasons” if it was the only customer affected by the breach at the data storage facility. 

Asked when it last assessed security measures implemented by the data storage vendor, MyRepublic did not specify a date, saying only that it “regularly” reviewed such measures for both its internal and external systems, including that of the third-party vendor implicated in the breach.  MyRepublic also declined to reveal further details about how the data breach was discovered, saying only that it was informed of the incident by “an unknown external party” on August 29. It reiterated that the data storage facility since had been secured.  It said it was contacting all mobile customers via email about the breach, but did not confirm when this would be completed. 

In its statement, MyRepublic noted that an incident response team had been activated, which included external advisers from KPMG in Singapore, and would work with the broadband operator’s internal IT and network personnel to resolve the incident.  Its own investigations determined that the unauthorised data access affected 79,388 of its mobile subscribers in Singapore. Apart from details of local customers’ national identity cards, information from documents required to verify foreign workers’ residential address, such as copies of utility bills, also were affected. The names and mobile numbers of customers porting an existing mobile service also were compromised.  MyRepublic said there were no indications other personal data, such as payment details, were affected. It added that none of its systems were compromised. It said affected customers would be offered a complimentary credit monitoring service, provided by Credit Bureau Singapore, which would monitor customers’ credit report and send out alerts of suspicious activities.  MyRepublic CEO Malcolm Rodrigues said in the statement: “My team and I have worked closely with the relevant authorities and expert advisors to secure and contain the incident, and we will continue to support our affected customers every step of the way to help them navigate this issue. “While there is no evidence that any personal data has been misused, as a precautionary measure, we are contacting customers who may be affected to keep them informed and provide them with any support necessary,” Rodrigues said. “We are also reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.” In a recent interview with ZDNet, MyRepublic said it was looking for new revenue in Singapore’s enterprise space, and planned to ramp up its service offerings with particular focus on cybersecurity, where it might look to make acquisitions to plug product gaps.  RELATED COVERAGE More

Image: Getty Reddit has confirmed its systems were hacked last weekend as the result of a sophisticated and highly targeted phishing attack: the attackers gained access to documents, code, and some internal business systems. Late on February 5, Reddit became aware of the phishing campaign that targeted its employees. The attacker sent out “plausible-sounding prompts”, […] More

Compromised passwords are a fast track to all sorts of online headaches. But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.And it’ll take you less than five minutes.Here’s how.Tap on Settings and go to Passwords. There, if you have compromised or reused passwords, you’ll see an entry called Security Recommendations. Security Recommendations in IOS 15Tap on that to see the accounts that have problems with the passwords, and you’ll get the chance to either change the password on the website or service, or delete the entry (only do this if you’ve already changed the password, ot it’s an old, obsolete account for a service you’ve deactivated).It’s quick.

It’s simple.For most people, they’re done in less than five minutes.But it can save you a whole heap of headaches.Note: The same trick will work for the iPad. On the Mac, fire up Safari, click on Safari in the menu bar and click Preferences… then go to Passwords, and if there are any security recommendations, you will see a notice at the bottom of the window.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More More

There is a misconception that all hacking is illegal. However, hacking is simply identifying weaknesses in a device — whether it is a PC, smartphone, or another physical object — and software, including apps, and attempting to exploit them.This could include a computer network, old tech equipment, or a website’s backend control system. Hacking, in itself, doesn’t automatically mean unauthorized entry. There are companies out there that ask for ethical hackers to test their software for weaknesses and will reward them financially for their findings.It is only when a hacker uses their skills for unauthorized and criminal purposes, theft, or destruction that it becomes illegal. This could include breaking into a network to deploy malware or stealing confidential information. More