May 17, 2017
Ryan Clancy, Deltarisk.com, May 14, 2017
Over the past few days, news agencies around the world started reporting on WannaCry ransomware (WCR), aka WanaCrypt0r 2.0. It’s estimated that WCR has already affected more than 75,000 users in 150 countries, ranging from hospitals, businesses, governments, railways, and universities to home computer users. As of today, more than 200,000 systems are believed to be compromised. Although the attack was slowed by a 22-year-old UK security researcher who registered a domain name associated with the ransomware, experts warn that there are other variants of the malware that will continue to spread.
Mark Sangster, Darkreading.com, May 16, 2017
One of the harshest cybersecurity regulations to hit companies in the US recently went into effect in New York. The state regulator, the New York Department of Financial Services, introduced its Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), a regulation designed to tighten cybersecurity practices across a wide selection of companies, which became effective on March 1, 2017.
Ryan Francis, Csoonline.com, May 15, 2017
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned. CEOs don’t want to be caught off-guard, so they are asking pointed questions to ensure they know what security precautions are being taken.
Alfred Ng, Cnet.com, May 15, 2017
In the same way that bacteria mutate to become resistant to antibiotics, so has the WannaCry virus. That malware was behind the massive ransomware attack that started Friday, hitting more than 150 countries and 200,000 computers, shutting down hospitals, universities, warehouses and banks. The attack locked people out of their computers, demanding they pay up to $300 worth of bitcoin apiece or risk losing their important files forever.
Colleen Huber, Helpnetsecurity.com, May 15, 2017
A little more than a year out from its effective date of May 25, 2018, the General Data Protection Regulation (GDPR) is undoubtedly on the minds of many of privacy professionals whose organizations handle the data of EU citizens. In a nutshell, the GDPR is designed to strengthen and unify data protection for individuals within the European Union (EU). Perhaps more significantly, it also addresses the export of EU citizens’ personal data outside the EU.
Zeljka Zorz, Helpsecurity.com, May 12, 2017
A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are paying for the privilege to test them out against many online services. Their hope is that some of these combinations will work and they will be able to hijack and misuse legitimate accounts. That hope is not in vain: it is a well-known fact of life that too many users reuse the same login credentials for too many services.
Matthew Kuznia, Deltarisk.com, May 11, 2017
In our previous blog in the series, “5 DIY Cyber Security Skills Every IT Professional Needs to Master,” I discussed the importance of nmap as a critical command line tool that improves network visibility and overall security. Today, I’ll cover some essentials of programming structure basics and coding concepts. Being a resident cyber handyman isn’t easy. Not only are you often asked to accomplish what’s beyond your skill range, many times you don’t have proper resources to complete the task. Basic programming skills can help close the gap, but it is no simple task.
Dell Cameron, Gizmodo.com, May 13, 2017
Patient demographic information, social security numbers, records of medical diagnoses and treatments, along with a plethora of other highly-sensitive records were left completely undefended by a medical IT company based in Louisville, Kentucky. The files, which belong to at least tens of thousands of patients, originate from Bronx-Lebanon Hospital Center in New York.
Dante Disparte and Chris Furlow, Hbr.org, May 16, 2017
As the scale and complexity of the cyber threat landscape is revealed, so too is the general lack of cybersecurity readiness in organizations, even those that spend hundreds of millions of dollars on state-of-the-art technology. Investors who have flooded the cybersecurity market in search for the next software “unicorn” have yet to realize that when it comes to a risk as complex as this one, there is no panacea — certainly not one that depends on technology alone.