The Healthcare Industry Cybersecurity Task Force’s report on healthcare cyber security echoes a similar study on medical device security issued by Synopsys and the Ponemon Institute. On the heels of a damning study by Synopsys and the Ponemon Institute, which provides a blow-by-blow accounting of the many problems with medical device security, a federal task… Read More
Four Important Lessons from the WannaCry Ransomware Attacks The recent WannaCry ransomware attacks put cyber security on the front page of every newspaper in the world. Now, everyone knows what ransomware is and how destructive it can be, but will anything change? Following are four critical lessons that both organizations and individuals should take away… Read More
Why Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage and ransomware are on… Read More
Hacked Companies Are Facing Data Breach Lawsuits Filed by Financial Institutions Data breaches aren’t cheap to clean up. Just ask Rosen Hotels, whose costs to clean up a 2016 breach could end up exceeding $2.4 million. Shockingly, that’s below the $4 million average cited by IBM. In addition to direct costs, such as fines, labor… Read More
“ClearEnergy” May Have Been Fake News, But Threats Against ICS / SCADA Security Are Quite Real Accusations of “fake news” rocked the cyber security industry last week after infosec provider CRITIFENCE implied that it had detected a brand-new “in the wild” ransomware variant called ClearEnergy that posed a clear and present danger to ICS and… Read More
Don’t depend on a cyber insurance policy to cover your losses after a ransomware attack. Hackers have discovered that there’s fast, easy money in holding enterprise systems hostage, especially in industries that process and store highly sensitive data, such as education and healthcare. The U.S. Department of Justice recently reported that ransomware attacks quadrupled between… Read More
New York State Cyber Security Law Heavy on GRC and Proactive Cyber Security The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect at the beginning of March. While the insurance and finance industries are already subject… Read More
Jackpotting! Are ATMs at the end of every rainbow? ATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as well as robberies,… Read More
How RegTech Simplifies Governance, Risk, and Compliance Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” mentioned as a solution. What is RegTech, and how can it help your… Read More
Education Cyber Security Vulnerabilities and What Schools Can Do About Them K-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. Additionally, educational institutions are frequently connected… Read More
Be Prepared for these New and Emerging Ransomware Threats Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had… Read More
Internet-connected smart toys, a popular holiday gift item, have vulnerabilities that put both children and parents at risk of data breaches and identity theft. Smart toys, which connect to the internet and offer children a personalized, interactive play experience, were a very popular gift item this past holiday season. However, the interactive features of smart… Read More
Both brick-and-mortar and ecommerce retail stores make attractive targets for hackers, especially during the holidays. The 2016 holiday shopping season is in full swing, and fortunately for retail stores, consumers are not hesitating to reach for their wallets: Cyber Monday sales hit a record of $3.39 billion, surpassing estimates, and Thanksgiving and Black Friday receipts… Read More
In a new report, UC Berkeley’s Center for Long-Term Cybersecurity offers suggestions to President Elect Trump Now that the election is over, the nation’s attention has turned to President Elect Donald Trump and what a Trump Administration will mean for cyber security. Notably, information security was the only tech-related topic Trump addressed directly on his… Read More
The recent Mirai botnet DDoS attacks were the largest on record – and they were likely masterminded by teenagers. In October, a massive DDoS attack on the Dyn DNS “Managed DNS” infrastructure brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, and Spotify. The attack was accomplished through the use of the… Read More
Cyber Security Due Diligence Has Become a Fundamental Part of M&A Transactions Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a massive data breach, which resulted in 500 million user accounts… Read More
Vote hacking is a legitimate concern, and election officials need to take it seriously. Right alongside immigration, healthcare, and the minimum wage, cyber security has emerged as a major – and contentious – issue in this year’s presidential election. First, the Democratic National Convention’s email server was hacked, and thousands of embarrassing emails were published… Read More
How quickly self-driving cars roll out is dependent on the industry addressing some very serious IoT cyber security issues. Now that Uber has commenced a pilot test of driverless vehicles in Pittsburgh, and competitor Lyft has predicted that most of its cars will be driverless by 2021, self-driving cars are what everyone is talking about.… Read More
The NSA Hack Proves that Much More Needs to Be Done to Protect Enterprise Data In the hit USA Network series Mr. Robot, a rogue group of hacktivists target major corporations and the government. In a recent episode, the group enlisted the help of a malicious insider to hack the FBI. Sound far-fetched? Maybe not:… Read More
PCI DSS compliance is serious business for anyone who processes or accepts major payment cards. Retailers or payment processors who are found to be in violation of PCI DSS can be fined millions of dollars, and they may even be stripped of their ability to accept major credit cards. However, PCI DSS compliance standards are… Read More
Baseball may be America’s favorite pastime, but from the Black Sox scandal to Pete Rose to the “Steroid Era,” cheating schemes have long tarnished the game. Sadly, it was only a matter of time before cheating went high-tech. Former St. Louis Cardinals executive Chris Correa has been sentenced to 46 months in prison for violating… Read More
Over the past few months, an international group of cyber bank robbers, possibly funded by the North Korean government, have stolen nearly $100 million, thrown the integrity of a decades-old banking industry messaging system into question, and remain at large. Sound like the plot of the latest James Bond summer blockbuster? Unfortunately, these hacks, utilizing… Read More
Wendy’s Data Breach: Forget the beef, where’s the data security? The Wendy’s data security breach, news of which first broke in January, is much worse than the fast-food company originally thought. Wendy’s first reported that the POS system breach impacted only about 5% — or approximately 300 – of its franchise-owned restaurants. However, after allegations… Read More
When contracting with a service provider, such as a data center, it is important for companies to ensure that their provider possesses the cyber security-related certifications and compliance standards that are applicable to the company’s industry. Data centers, as well as service providers who contract with data centers, sometimes claim to be “SSAE 16” certified.… Read More