As we’ve recently covered, cybersecurity in financial services is having a challenging time keeping up with the rate of technological change. A survey conducted by the Ponemon Institute (on behalf of electronic design automation and software security company Synopsys) found that more than half of the financial services companies they surveyed suffered data breaches or system downtime due to attack.
Periodically the Cloud Security Alliance publishes a report of the top threats to cloud computing. These reports hope to increase the awareness of risks to cloud computing. What’s interesting this year is that certain threats, including denial of service, shared technology vulnerabilities, and cloud service provider data loss and system vulnerabilities were ranked so low in a survey that they didn’t make the new report. They were all included in the Cloud Security Alliances previous report, the Treacherous 12.
There have been plenty — too many — breaches involving federal agencies over the years. Way back in 2006, a breach at the U.S. Department of Veterans Affairs affected 26.5 million people. In 2009, it was the National Archives and Records Administration that was hit and that breach affected 76 million. In one of the worst and most damaging breaches of all time, the U.S. Office of Personnel Management (OPM) affected 21.5 million federal employees and contractors, and breached the information included in security clearances, such as background investigation data and associated person data. Most recently, the U.S. Customs Agency fell victim to an attack and photos and other personal information collected by U.S. Customers and Border Patrol was leaked.
One might think financial institutions, such as banks, would have formidable levels of application security. Unfortunately, if one thought that, one would be wrong. According to an analysis by application security vendor ImmuniWeb, a startling 97 out of 100 of the world’s largest banks are vulnerable to web and mobile attacks.
Commercial law firm Reynolds Porter Chamberlain LLP says that the average fine levied by the Information Commissioner’s Office rose 14% in the year since the introduction of GDPR, increasing from £125,000 in 2017/18 to £143,000 in 2018/19.
Risk management firm LexisNexis Risk Solutions, in conjunction with Information Security Media Group (ISMG), recently announced the results of an online survey they conducted to identify current trends in healthcare cybersecurity. The survey is based on responses from more than 100 participants working within including hospitals, physician group practices and payers. The survey was conducted over the spring of 2019.
Phishing attacks strike again. Last week, Nemadji Research Corp., which does patient eligibility and billing services work for the Los Angeles County Department of Health Services, discovered that they’d been breached by a phishing attack. The attack enabled the criminals to gain access to the medical records of nearly 15,000 patients.
No one wants to go to the doctor’s office. Well, I guess some people do. I’m certainly not one of them. But imagine going to the doctor and then watching in horror as the medical equipment or computers the teams of doctors are working on aren’t working. That, suddenly, the come under attack just as you are “going under the knife.”
The market for AI in cybersecurity is expected to soar. According to the market research firm Markets and Markets, sales and support of AI software and services will reach $38 billion by 2026 — up from nearly $9 billion this year.
As we established in the previous post, when it comes to threat intelligence, most enterprises are neither where they want or need to be. They’re not getting value out of their efforts and they often are not focused on what they need to attain actionable threat intelligence.
Threat intelligence enables enterprises to better understand, detect and respond to threats. To mount a successful defense, enterprises need to know their enemies and anticipate their next move. So far, the defenders have been losing.
