in December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them.
The new GDPR (General Data Protection Regulation- see the full document here ) issued by the EU earlier this year raises many questions among compliance and privacy officers. Who is required to comply with the GDPR and are companies really expected to revamp the entire way they handle customer privacy?
It’s that time of the year when the data breaches are just everywhere. And again, our old friend Yahoo surprises us with another end-of-year-hack. Only this time, it’s not several million, but a Billion compromised accounts.
Unsurprisingly, the healthcare sector continues to be an attractive target as data stolen continues to provide value to a diverse threat actor set. Indeed, criminals and those actors associated with traditional cyber espionage activities have conducted some of the more news garnering incidents over the past few years. What’s more, depending on the actors’ intent, all types of information have been sought after and stolen by these groups and individuals to include financial and insurance-related information, personal identifiable information, and even the health records of patients. The targeting of these different types of data should demonstrate to the healthcare industry that there is no seemingly benign data when it comes to healthcare and that strategies must be designed to safeguard any and all types of data that relate to patients and their care treatments.
Cybersecurity is no longer a question about whether an employee should have access to Facebook. Information security teams are dealing with phishing attacks, access to business cloud applications, mobility and zero-second malware on a minute-by-minute basis. We live in a cyber world where we cannot control systems nor the people accessing them, nor can we lock down the same tools that make employees more efficient.
In late September and late October 2016 two massive distributed denial-of-service (DDoS) attacks successfully targeted and impacted the operations of their targets. In the October DDoS against Dyn, a cloud-based Internet Performance Management company, several high profile organizational websites (Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, to name a few ) for a substantial part of the day. While Dyn was ultimately able to mitigate the three-wave attack, it did impact users’ abilities to access these sites.
An August article suggested that the due to the large amounts of cyber breaches that have impacted both public and private sectors that have put millions of individuals personal identifiable information at risk, the general attitude toward breaches is becoming more mainstream and accepted. This is an unfortunate state of affairs when instead of compelling organizations to aggressively improve their network security practices, the public writ large is willing to accept credit monitoring for a period of time (usually 1-2 years) as a consolation prize. According to one source, the first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.
In my previous post on Cyber Threat Intelligence (CTI) I discussed at least one immediate benefit of CTI as a means of cutting the cost of vulnerability and patch management by potentially obviating the need to trigger a patch management exercise.
Hello Fellow Readers,
I would like to start by thanking CyberDB, the leading databank of Cyber technologies and products for inviting me as a guest blogger on their website. Thanks CyberDB!
You are constantly bombarded by them. Every single second, minute, and hour. Yes, I am referring to phishing emails! As you may know, phishing scams have become a very big problem for organizations of all sizes. In fact, The Anti-Phishing Working Group (APWG)observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004.
SMBs play a critical role in national economies- as they comprise about 97% of all commercial enterprises. Until very recently SMBs did not consider themselves a prime target of cyber threats and rightly so- all the high-profile hacks were aimed at large enterprise, and it was widely assumed that cybercriminals wouldn’t bother with small stake targets. But, as the economy becomes more connected SMB are taking center stage in cyber activities as well. As SMBs are connected to both customers and larger enterprises and governmental organizations, they now become a compelling target for cybercriminals. In addition, low cost, mass production cyber weapons now make it economically feasible for cyber criminals to successfully target SMBs and even individuals. Of these, Ransomware has one of the highest return-on-investments ratio for criminals, regardless of the victim’s occupation or annual turnover.
