As the world of cybersecurity expands, so too does its workforce, and an increasingly large number of professionals in the field belong to a generation that grew up with technology. But what does that mean for industry-wide practices?
Atlanta bank SunTrust recently announced that 1.5 million users have potentially been exposed to a criminal third party. Unlike most data exposures we’ve been hearing about, the source of SunTrust’s breach was not caused by cybercriminals, but rather a theft by an employee who gained access to sensitive client information without security clearance. Sources say the data theft could include information such as names, addresses, phone numbers and bank account balances of SunTrust customers. Simultaneously, SunTrust announced it will partner with Experian to offer identity protection for all consumer clients at no cost on an ongoing basis. Here’s what happened and how your organization can prevent falling victim to a similar scheme. An Untrustworthy Employee An ongoing investigation by SunTrust
Zero-day vulnerability is a futuristic sounding term – you can almost picture it as the name of a science fiction novel – but it presents a great threat to organizations across all industries. These vulnerabilities are holes in software which lack a patch or fix, meaning they can be exploited by clever cyber criminals to steal your information. Back in 2014, Anthem, a major US health insurer, suffered what was then the biggest healthcare breach ever. This attack was conducted by a group known as “Black Vine,” who used zero-day vulnerabilities in Internet Explorer to carry out the attack. Recently, RAND corporation, a research organization that develops solutions to public policy challenges to help make communities throughout the world safer
Much has been said about Sony, and much remains to be said. But the bottom line is that Sony was a cyber attack that was simply waiting to happen. This is a company that has been repeatedly hit by malicious hackers who, angered by Sony’s approach to Digital Rights Management, were determined to wreck havoc on Sony systems. And yet the company apparently did not encrypt personal data and other sensitive information. While blaming a victim is never nice, Sony could have done much more to protect itself. The successful attack on JP Morgan Chase is the attack that we should all be focused on and learning from. There were protections in place at JP Morgan. And yet hackers still
Predicting the future is easy – take a long look at what’s happening now and hit the mental fast forward button. But in 2015 the rewind button will be equally useful. We don’t have a fail-proof crystal ball but we suspect that old-school style hacktivisim will share the headlines with emerging threats against devices and virtual payment systems. And we think this might be the year when hackers and data scientists will wage their own personal war, with both sides using Big Data as their weapon of choice. Read on for the details and more of our predictions. Data Destruction Look for an increase in malware that extracts information and then destroys the systems that housed the data. This capability could be
A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and procedural documents to ensure they are current and comprehensive. Your documentation should cover the scope of your HIPAA compliance program and demonstrate how you have updated your policies and practices in
One of the largest retail hacks in the United States, the breach on Target caught the attention of the world. The event itself proved how common these types of attacks are no matter the size of an organization. Just recently, the restaurant chain P.F. Chang’s China Bistro found themselves in a similar position as Target. Unfortunately, they had been too late and the payments breach had taken place before they were able to discover any suspicious activity. The breach had led to payment card fraud and subsequent poor headlines for the chain. Once an organization has a breach it must spend a great deal of money to launch an investigation as to what happened. There’s a long list of negative
Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the nature of the merger, it may be difficult to work with people during the transition. The idea of bringing together two organizations under one leadership requires understanding the risks. This risk analysis requires multiple tasks to uncover any underlying vulnerabilities in the architecture. So where do you start to untangle the colliding technical environments? 1. Vulnerability Scanning 2. Firewalls 3. Remote Access 4. Compliance Audits We
We’re here to discuss your upcoming IT security assessment and compliance audit needs.
