April 11, 2018
While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.
[New White Papers] Law Firms Face Cyber Security Challenges Around Client Confidentiality and Due Diligence
Devesh Panchwagh, deltarisk.com, April 9, 2018
Law firms and law departments have a fiduciary duty to protect client data. However, their mission to maintain the confidentiality of this sensitive information is challenged every day by emerging cyber threats. Law firms are an attractive target for cyber criminals because their client data is a treasure trove for personal healthcare information, financial information, business information (like mergers and acquisitions), patent and trade secrets, litigation plans, and all confidential information between clients and attorneys.
Joshua Goldfarb, darkreading.com, April 10, 2018
I am a big fan of efficiency. Why do I love efficiency? Mainly because introducing efficiencies into processes saves time and money. There are other benefits as well, such as decreased chance for human error, improved accuracy, and increased productivity. Unfortunately, in the incident response world, the overall state of inefficiency still reigns supreme.
Help Net Security Staff, helpnetsecurity.com, April 11, 2018
Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm. The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the U.S., U.K. and Asia-Pacific, also revealed that a majority of organizations are only moderately confident in their ability to protect their companies against hackers.
Maria Karolov, csoonline.com, April 10, 2018
Verizon released its Data Breach Investigations Report (DBIR) this morning, the massive, in-depth analysis of last year’s security breaches, based on 53,000 security incidents from 67 contributing organizations around the world, including security researchers and law enforcement agencies. The most common types of attacks that resulted in breaches involved the use of stolen credentials, followed by RAM scraper malware, then phishing, and then privilege abuse.
Health Data Management Staff, healthdatamanagement.com, April 10, 2018
A new report from healthcare data security firms Trend Micro and HITRUST examines the supply chain, which the organizations believe is an overlooked part of hospital and clinic operations that hackers can use to establish a foothold in the organization. “We strongly recommend a blend of security technology and employee/partner awareness and education, including a threat response protocol,” they caution.
Dave Mistich, npr.org, April 9, 2018
Election officials concerned about malign forces hacking voting-related systems have an unexpected resource to draw upon: the National Guard. Guard soldiers in several states are using their cybersecurity skills to protect the 2018 elections. Cybersecurity has taken center stage in American elections. In the past, the job of an election official meant making sure there are enough ballots and keeping lines of voters moving along at polling places.
Josephine Wolf, wired.com, April 6, 2018
In the aftermath of the Equifax data breach last year that exposed personal information of more than 145 million people, analysis firm Property Claim Services estimated that cyberinsurance would cover roughly $125 million of Equifax’s losses from the incident. It’s uncertain whether Equifax will actually receive that much money; insurance claims can take a long time to investigate, process, and pay out.
Warwick Ashford, computerweekly.com, April 4, 2018
Cyber attackers switched focus to ransomware attacks in 2017 putting pressure on incident response, while human error was responsible for two-thirds of compromised records, a study shows the number of records breached dropped nearly 25% in 2017 as cyber criminals shifted focus to launching ransomware attacks, a study has revealed. Although more than 2.9 billion records were compromised, this figure is down 1.1 billion compared with 2016, with ransomware the dominant attack type, including pseudo-ransomware that is essentially designed to be destructive, according to the 2018 IBM X-Force Threat intelligence index report.
Roger A. Grimes, csoonline.com, April 5, 2018
Whatever the threat, it is arriving to your computer in one of two ways: human adversary or malware. Human attackers can use any of the hundreds of thousands of known computer exploits and attack methodologies to compromise a computer or device. People are supposed to run patching routines, and many devices and software programs try their best to automatically update themselves, yet many computers and devices are left vulnerable for long periods of time even after the patches are available, a fact that hackers love.