Unsurprisingly, the healthcare sector continues to be an attractive target as data stolen continues to provide value to a diverse threat actor set. Indeed, criminals and those actors associated with traditional cyber espionage activities have conducted some of the more news garnering incidents over the past few years. What’s more, depending on the actors’ intent, all types of information have been sought after and stolen by these groups and individuals to include financial and insurance-related information, personal identifiable information, and even the health records of patients. The targeting of these different types of data should demonstrate to the healthcare industry that there is no seemingly benign data when it comes to healthcare and that strategies must be designed to safeguard any and all types of data that relate to patients and their care treatments.
Continue reading
In late September and late October 2016 two massive distributed denial-of-service (DDoS) attacks successfully targeted and impacted the operations of their targets. In the October DDoS against Dyn, a cloud-based Internet Performance Management company, several high profile organizational websites (Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, to name a few ) for a substantial part of the day. While Dyn was ultimately able to mitigate the three-wave attack, it did impact users’ abilities to access these sites.
Continue reading
In my previous post on Cyber Threat Intelligence (CTI) I discussed at least one immediate benefit of CTI as a means of cutting the cost of vulnerability and patch management by potentially obviating the need to trigger a patch management exercise.
Continue reading
The general notion in the cybersecurity industry is that antivirus is an antiquated product, which does not provide enough security against today’s advanced threats. Symantec CEO even went further and declared the demise of the Anti-Virus (read the article Here).
Continue reading
Some months ago I had the pleasure of attending a GDS Engagement Evening hosted by Admiral Patrick Walsh (ret) from iSIGHTPARTNERS (prior to its acquisition by FireEye). It was fascinating to hear from Pat the role that threat intelligence played from his direct experiences in the Navy and I think I can speak on behalf my peers on our table when I say that we could all benefit from those insights in our own work.
Continue reading
