February 1, 2017
Riskbasedsecurity.com, January 25, 2017
Risk Based Security today announced the release of the annual Data Breach QuickView report that shows 2016 broke the previous all-time high, set back in 2013, for the number of records exposed from reported data breaches. The 4,149 data breaches reported during 2016 exposed over 4.2 billion records.
Tara Seals, Infosecurity-magazine.com, January 26, 2017
2016 saw approximately 82,000 cyber incidents that negatively impacted businesses and organizations around the globe; or, more than 225 organizations affected per day. It’s higher when accounting for unreported incidents.
Kelly Sheridan, Darkreading.com, January 31, 2017
Cybercriminals are ramping up efforts to recruit employees with access to corporate networks. The Dark Web, which promises anonymity to rogue insiders, is driving that trend.
Chris Evans, Delta-risk.net, January 27, 2017
We recently spent some time with a client who is at the tail end of response and recovery from a data breach. Although the past few months have taken their toll on the security team, there is finally a light at the end of the tunnel. However, that light is going to dim quickly as the task of preparing for the next breach approaches like an incoming train.
Graham Cluley, John Bruce, Darkreading.com, January 31, 2017
As attacks become more complex, more damaging, and more frequent than ever, the quality of your response becomes critical to limiting the impact. In fact, a strong incident response (IR) function saves an average of $400,000 in damages per data breach, according to the Ponemon Institute, in research sponsored by IBM Resilient.
Marvin Marin, Gcn.com, January 26, 2017
As cybersecurity professionals, I’m sure you’ve had this experience: you find a risk to your organization’s systems, data and reputation, and you want to take action — recode, deploy a web application firewall or maybe even disconnect the system.
Jeremy Kirk, Galina Antova, Darkreading.com, January 27, 2017
The red lines once thought to be unapproachable by cyber adversaries have dimmed significantly in industrial control systems (ICS) over the past year. While not yet commonplace, these disruptive and destructive attacks are no longer the thing of fiction. Even if we abandon the “cyber war” scenario, ICS attacks may become attractive to the new wave of ransom-driven cybercrime actors or shift towards the operational technology (OT) networks and systems that support the world’s most critical physical and virtual infrastructure.
Brian Krebs, Krebsonsecurity.com, January 27, 2017
Several readers have called attention to warnings coming out of Canada about a supposedly new form of card skimming called “shimming” that targets chip-based credit and debit cards. Shimming attacks are not new (KrebsOnSecurity first wrote about them in August 2015), but they are likely to become more common as a greater number of banks in the United States shift to issuing chip-based cards. Here’s a brief primer on shimming attacks, and why they succeed.
Mathew J. Schwartz, Bankinforsecurity.com, January 31, 2017
Progeny of the venerable Zeus banking Trojan live on. That’s thanks, in part, to the source code for Zeus leaking via underground forums in 2011. Since then, enterprising developers have continued to refine the banking Trojan to help them steal online banking customers’ credentials as well as to infect point-of-sale devices and harvest payment card details.
Marianne Kolbasuk McGee, Healthcareinfosecurity.com, January 26, 2017
The Trump administration likely will continue “reasonable enforcement” of HIPAA, following the same strategy as the Obama administration, predicts privacy and security attorney Kirk Nahra.