February 22, 2017
Nikhil Taneja, MD, Cxotoday.com, February 16, 2017
Cyber-attacks have become commonplace. In many ways, the only “news” is that they continue to grow in frequency and variety. When dealing with the day to day, it can be difficult to tally the mounting toll associated with this awful state of affairs—and even more challenging to predict what surprises lie ahead. Based on industry trends, legal framework changes, expert insights and technological evolution, we make seven cyber security predictions as follows.
Paul Brandau, Delta-risk.net, February 16, 2017
The Challenges of Network Segmentation
Many of the clients we conduct penetration tests for are larger organizations that have thousands of hosts on a completely flat network. A flat network in this context can be thought of as a network in which all hosts are routable to all other hosts within the network. Meaning, it allows any two computers in the organization to communicate with each other, regardless of their geographic location or business purpose. A flat network can make IT administration simpler, but it also drastically increases the organization’s internal attack surface.
Faith MacAnas, Scmagazineuk.com, February 14, 2017
When it comes to data breaches, insiders can be riskier than outsiders, even when they aren’t maliciously targeting your company. Since insider threats are responsible for 43 percent of data breaches, it is important for business owners to take the necessary steps to reduce the likelihood that an employee will be responsible for a cyber-security incident.
Bruce Schneier, Schneier.com, February 16, 2016
Duqu 2.0 is a really impressive piece of malware, related to Stuxnet and probably written by the NSA. One of its security features is that it stays resident in its host’s memory without ever writing persistent files to the system’s drives. Now, this same technique is being used by criminals.
Brian Krebs, Krebsonsecurity.com, February 19, 2017
A handful of readers have inquired as to the whereabouts of Microsoft‘s usual monthly patches for Windows and related software. Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its Flash Player software.
Lucian Constantin, Computerworld.com, February 20, 2017
The hackers behind a sophisticated attack campaign that has recently targeted financial organizations around the world have intentionally inserted Russian words and commands into their malware in an attempt to throw investigators off.
Jeremy Kirk, Bankinfosecurity.com, February 17, 2017
New York’s controversial new cybersecurity regulation will come into effect March 1, imposing new rules on the banking and insurance sectors with the aim of better protecting institutions and consumers against cyberattacks.
Jeremy Kirk, Databreachtoday.com, February 20, 2017
Would you leave a bank after an unauthorized charge on a credit card or a strange debit from an account? It’s a question for financial institutions evaluating the impact of a security breach.
A new study by Carnegie Mellon University researchers suggests that some customers will, in fact, leave even if they receive quick refunds of losses due to fraud. The study is one of only a few correlating the impact of a fraud incident on customer loyalty.
Insurancenewsnet.com, February 17, 2017
In continuation of its active beginning to the new year, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on February 1, 2017, that it imposed a HIPAA civil money penalty of $3.2 million on a Texas medical center (“Medical Center”). OCR issued the penalty for wrongful disclosure of unsecured electronic protected health information (“ePHI”) and for extended non-compliance with HIPAA requirements.
Insurancenewsnet.com, February 17, 2017
The U.S. Department of Health & Human Services issued the following news release:
Memorial Healthcare Systems (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a robust corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities throughout the South Florida area. MHS is also affiliated with physician offices through an Organized Health Care Arrangement (OHCA).
Marianne Kolbasuk McGee, Databreachtoday.com, February 20, 2017
Plans to launch some onsite HIPAA compliance audits are now on hold while the agency that enforces HIPAA completes more than 200 desk audit reports, says Deven McGraw, deputy director of the Department of Health and Human Services’ Office for Civil Rights.