Verizon, Trump Hotels, and the RNC are Among the Recent Victims of Third-Party Breaches Even if your own cyber security is up to snuff, your organization could be at risk of third-party breaches if your business partners are not as diligent as you are. Verizon just learned this lesson the hard way after one of… Read More
The NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack. It’s looking more and more like last week’s NotPetya malware attacks, which infected computers around the world but hit Ukraine particularly hard, were designed to cause widespread damage and disruption, not make… Read More
White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment… Read More
The cybersecurity skills gap is real and growing; there simply aren’t enough cybersecurity employees to go around. Cybercrime is rapidly escalating, and boardrooms are taking notice. KPMG’s 2017 U.S. CEO Outlook survey shows cybersecurity risk to be among CEOs’ top concerns, yet only 40% of them feel that their organizations are fully prepared to handle… Read More
White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment… Read More
Cryptocurrency mining malware may end up being a bigger problem than WannaCry Organizations that think they dodged a bullet when their older systems did not fall prey to the WannaCry ransomware may want to think again. Weeks prior to the WannaCry attacks, a group of hackers was taking advantage of the same Windows vulnerabilities that… Read More
If you are in need of a HIPAA compliant Business Associate Agreement (BAA), we can provide one to you for free. Create an account in the ITAM demonstration system and subscribe to the HIPAA Business Associate Contract. After answering a few simple questions you will be able to immediately download a perfectly prepared HIPAA Business… Read More
The Healthcare Industry Cybersecurity Task Force’s report on healthcare cyber security echoes a similar study on medical device security issued by Synopsys and the Ponemon Institute. On the heels of a damning study by Synopsys and the Ponemon Institute, which provides a blow-by-blow accounting of the many problems with medical device security, a federal task… Read More
Four Important Lessons from the WannaCry Ransomware Attacks The recent WannaCry ransomware attacks put cyber security on the front page of every newspaper in the world. Now, everyone knows what ransomware is and how destructive it can be, but will anything change? Following are four critical lessons that both organizations and individuals should take away… Read More
Why Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage and ransomware are on… Read More
Hacked Companies Are Facing Data Breach Lawsuits Filed by Financial Institutions Data breaches aren’t cheap to clean up. Just ask Rosen Hotels, whose costs to clean up a 2016 breach could end up exceeding $2.4 million. Shockingly, that’s below the $4 million average cited by IBM. In addition to direct costs, such as fines, labor… Read More
Who should be held responsible when a company’s systems get breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don’t happen in vacuums, and CIOs and CISOs… Read More
“ClearEnergy” May Have Been Fake News, But Threats Against ICS / SCADA Security Are Quite Real Accusations of “fake news” rocked the cyber security industry last week after infosec provider CRITIFENCE implied that it had detected a brand-new “in the wild” ransomware variant called ClearEnergy that posed a clear and present danger to ICS and… Read More
Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making its way into works of fiction: A ransomware attack on a hospital in a major city is the focus of an upcoming episode of the NBC drama Chicago Med.… Read More
Don’t depend on a cyber insurance policy to cover your losses after a ransomware attack. Hackers have discovered that there’s fast, easy money in holding enterprise systems hostage, especially in industries that process and store highly sensitive data, such as education and healthcare. The U.S. Department of Justice recently reported that ransomware attacks quadrupled between… Read More
Cyber Insurance Coverage: a Brave, Uncertain New World for Insurers and Policyholders Despite the escalating intensity and frequency of cyber attacks, fewer than 1/3 of U.S. businesses have purchased cyber insurance policies. A recent report by Deloitte provides insight into why organizations are deciding to go without cyber coverage, as well as why many insurers… Read More
New York State Cybersecurity Regulations for Financial Institutions Could Be Model for Other States The first phase of the New York state cybersecurity regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect on March 1. While the insurance and finance industries are already highly regulated, New… Read More
Jackpotting! Are ATMs at the end of every rainbow? ATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as well as robberies,… Read More
As compliance costs skyrocket, standards grow increasingly complex, and the cyber threat environment evolves, organizations are turning to RegTech solutions to automate their compliance processes and improve their overall cybersecurity posture. Compliance with regulatory and industry standards, such as HIPAA, PCI DSS, FedRAMP, and SSAE 16 SOC reporting, are a burdensome yet necessary part of… Read More
How RegTech Simplifies Governance, Risk, and Compliance Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” mentioned as a solution. What is RegTech, and how can it help your… Read More
Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as more brick-and-mortar stores implement card chip technology to defeat skimmers and other forms of POS system fraud, thieves are gravitating toward card-not-present (CNP) ecommerce… Read More
Education Cyber Security Vulnerabilities and What Schools Can Do About Them K-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. Additionally, educational institutions are frequently connected… Read More
Back to School: Education Cyber Security K-12 school systems, colleges, and universities are being increasingly targeted by hackers, yet education cyber security is as woefully lacking as other industries, as these recent incidents illustrate: In November 2016, Columbia County School District in Georgia admitted to a breach of personal information belonging to its employees and… Read More
Be Prepared for these New and Emerging Ransomware Threats Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had… Read More