In its sixth annual Data Security Incident Response (DSIR) Report, BakerHostetler found that phishing attacks ranked as the leading cause of data incidents among the 959 cybersecurity incidents the law firm helped clients manage last year. This is the fifth year in a row phishing proved to be the top cause of data security incidents in the law firm’s report.
While some of the impacts of the current global pandemic could be predicted, such as the move to work from home, cloud computing, and other technological change, one of the changes that one might not consider until in the thick of the pandemic would be biometrics.
There has been a steady rise in COVID-19 scams and attacks since the novel coronavirus pandemic went global in February. Traditional cybercriminals, as well as APT groups, have been exploiting the situation and will likely continue until COVID-19 is no longer a front-page news item. The attack techniques look familiar: phishing, vishing, malicious apps, malicious domains, and crafty SEO techniques, along with social engineering techniques designed to entice people to click on links or attachments to install malware or steal login credentials.
According to the Protenus Breach Barometer report, there’s been a steady increase in healthcare related data breaches over recent years. Last year, there were 572 healthcare data breaches within U.S.-based healthcare industry. That’s up from 450 in 2016. When it comes to patient records leaked, they rose as well, reaching 41 million in 2019 from 15 million in 2018. According to the report, at least since 2016, there has been one healthcare data breach reported a day.
Enterprise governance, risk, and compliance programs are designed, in important part, to ensure that companies stay on track and manage risk and uncertainty. Many organizations, due to the COVID-19 pandemic, are now finding whether their risk management and cybersecurity plans will work as intended.
Let’s face it: CIOs are quite busy as they drive forward with their digital transformation efforts, build their DevOps teams, and continue their work to ensure that their business-technology systems are aligned with business needs — and somewhere within all of that work they have to find a way to keep these systems secure.
As healthcare providers and public health agencies around the world find themselves pressed at capacity to deliver care during the novel coronavirus pandemic, attackers show no signs of mercy as they still target healthcare websites and IT systems — further stressing a system already taxed as patients seek critical care.
One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.
Since 2007, security services provider Unisys has measured the level of security concerns among consumers. Unisys claims its “Security Index” is the longest-running snapshot of consumer views regarding security from around the world.
When it comes to critical infrastructure, there are few more essential than electricity generation and distribution. Without electricity, nothing else works. According to a report from cybersecurity firm Dragos, groups have shown that they have the capability to impact power operations and network connectivity detrimentally. "Electric utilities remain at risk for a disruptive – and potentially destructive – cyberattack due to the political and economic impact such an event may cause,” the firm wrote in its report North American Electric Cyber Threat Perspective.
While software developers are showing signs of high apprehension when it comes to the security of their software, their organizations however have considerable work ahead of them getting developers the tools they need to succeed.
What is security culture? There’s lots of talk about how important security culture is to a security program, but security culture is a nebulous concept to attempt to define — and harder still to measure. It’s also, apparently, difficult to achieve: a survey from the IT governance professional’s organization ISACA found that nine in ten enterprises said they have a gap between the security culture they want to have and the actual culture they have in place.
