If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!
Beyond Endpoint Protection – What is ITDR?
Your Microsoft 365 environment is where your business happens. It's also where attackers want to be. Most New Zealand businesses have invested in endpoint protection such as antivirus, EDR, or even MDR, but are they leaving a critical attack surface completely...
The Rise of The Machines
What OpenClaw and Moltbook Mean for Your Business If you've been following tech news lately, you've probably encountered OpenClaw. It's a viral AI agent that's sparking both excitement and anxiety across the business world. Originally called Clawdbot, then briefly...
AI Slop: The Rise, the Risk, and How to Stay Ahead
The Quiet Emergence of AI Slop As generative AI becomes part of everyday business workflows, a new challenge has begun to surface: AI slop. This refers to the growing volume of AI‑generated content that looks polished but adds little true value. It is the email that...
Manage My Health Data Breach – What We’ve Heard
What New Zealand Businesses Need to Learn from 126,000 Compromised Patient Records New Zealand's largest patient information portal confirmed a major cyber security breach on New Year's Eve, with up to 126,000 users potentially affected. The Manage My Health incident...
AI’s December Acceleration
6 Developments That Changed the Game (While You Were Planning for Christmas) December 2025 wasn't just about end-of-year planning. While New Zealand businesses were wrapping up 2025, AI platforms shipped features that fundamentally change how work gets done in...
Five Business IT Trends New Zealand Companies Should Watch in 2026
As we move into 2026, New Zealand businesses face a technology landscape where digital transformation is no longer optional.For NZ business managers preparing budgets and strategic plans for the year ahead, understanding the key IT trends will be critical to...
URGENT ADVISORY: We’re seeing a significant increase in authentication attacks this Christmas
Significant Hacking Trend Over this 2025/26 Christmas and New Year period, our Kinetics KARE security monitoring has detected a significant increase in sophisticated authentication attacks targeting New Zealand businesses. KARE Foundation clients are protected and...
Stop Wasting Time: Why Copilot’s New Memory Feature Is a Game-Changer
Microsoft Copilot Gets Smarter: Memory Management and Cross-Platform Integration Microsoft is rolling out significant updates to Copilot that fundamentally change how the AI assistant works with you and your data. Two key features are now becoming available: Memory...
Your Customers Need to Trust Your Emails: Here’s How DMARC 2.0 Helps
Yet another IT acronym: "DMARC" DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's an email authentication protocol that helps protect your domain from being used in email spoofing, phishing attacks, and other cyber...