• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Security

Ikea Canada tight-lipped on details of breach of security controls

Howard Solomon by Howard Solomon
May 11, 2022
in Security
0 0
0
Ikea Canada isn’t saying exactly how it discovered an employee had searched a customer database without permission, or whether their searches were saved in an unsecured file. Reports of the breach of security controls emerged last week when Global News said a customer of the furniture retailer said he had been notified of a data incident. Ikea Canada said 95,000 customers are being notified. On Monday, Ikea Canada public relations leader Kristin Newbigging told ITWorldCanada that the company was made aware that some of customers’ personal information appeared in the results of a generic search made by a co-worker between March 1st and March 3rd. Asked by email specifically how the company found out, whether the employee saved searches, and if so, was the information not secured by a password and open on the internet, Newbigging would only say that the incident was discovered during an investigation. “We have taken actions to remedy this situation, including steps to prevent the data from being used, stored, or shared with any third parties,” she wrote. “We can confirm that no financial or banking information was accessed,” she also said. “No action is required by our customers. “We have proactively notified the Office of the Privacy Commissioner of Canada about this incident, as well as any applicable customers. We have also reviewed and updated internal processes to prevent such incidents in the future.”

Related content: How to lower the risk of insider threats

To Ikea Canada’s credit, said Erich Kron, security awareness advocate at KnowBe4, it spotted the kind of data access that many organizations would not have noticed, and by furnishing the information to the Office of the Privacy Commissioner of Canada, allowed potential victims to take steps needed to protect themselves. “Like with their store layouts, spotting when and where data may have been accessed, especially by an internal employee, can lead down an ever-twisting path full of false flags and pointless distractions, often resulting in nothing useful being found.

“Organizations should be careful to periodically confirm the type of data employees can access and should limit it to the least amount needed to perform their job. In addition, penetration tests should be performed to look for vulnerabilities within the network and Data Loss Prevention (DLP) controls enabled to reduce the chance of sensitive data being removed from the network.”

Related content: How a Canadian hospital faces insider threats

The incident accentuates the threat posed by the “inside job,” said Erfan Shadabi, cybersecurity expert with data security specialists comforte AG. “When we hear of careless handling of sensitive information, we begin to wonder just how secure our own data is within the many different data ecosystems housing and processing it. Employees are usually granted a certain level of trust with enterprise data, even if they don’t have access and rights to all information within the organization. Working from the inside with an implied level of trust means that the inside job has more time to develop and execute an effective exfiltration strategy.

“The answer to counter this threat,” he said, “is to recognize how vulnerable businesses are from the inside and to adopt security stances like Zero Trust, which denies implicit trust to users, devices, and other entities regardless of their location within the network.

“Also, protect all sensitive enterprise data with more than just perimeter security, even if you feel that the impenetrable vault you’ve stored it all in is foolproof. Make sure that data-centric protection such as tokenization or format-preserving encryption effectively obfuscate sensitive information in case internal or external threat actors find their way into your data ecosystem.”

The post Ikea Canada tight-lipped on details of breach of security controls first appeared on IT World Canada.
Tags: data breachDIIKEAinsider threatpostmediasecurity strategies

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Mobility
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00