A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users. The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords. Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
Over 900 million Android devices are at risk of compromise due to a dangerous grouping of vulnerabilities recently discovered. The vulnerabilities have folded directly into the Android operating system developed for each original equipment manufacturer (OEM) that uses the affected chipsets within their devices, including Samsung, HTC, Motorola and LG.
Kaspersky Lab and Intel Security worked with officials around the world to help develop decryption tools for popular ransomware variants. Ransomware victims in Europe and the United States have also been given the tools notify authorities of infections in an effort to better track and combat ransomware.
A new congressional report indicates the Chinese government was likely responsible for hacks at the FDIC in 2010, 2011 and 2013. A total of 12 workstations were compromised and 10 servers were penetrated and infected with a virus.
The $150 million experimental investment fund known as Decentralized Autonomous Organization has been hacked, resulting in a loss of $55 million in digital currency. The June 17th hack resulted in a loss of 3.6 million ethereum coins as attackers created an identical fund and moved the money into it.
TeamViewer, which provides remote support and access, has announced that it is strengthening security controls after a rise in corporate account takeovers. A company spokesman noted that many consumer accounts used “the same account credentials across multiple internet accounts.”
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
On December 18, both houses of Congress enacted the Cybersecurity Information Sharing Act (CISA), which will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program. President Obama has signed the legislation.
Members of the Federal Financial Institutions Examination Council issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement includes steps financial institutions should take to respond to these attacks and highlights resources that can be used to mitigate the risks posed by such attacks.
The new Building Security in Maturity Model (BSIMM) study, BSIMM6, found healthcare organizations scored much lower than their counterparts in the financial services, independent software vendor and consumer electronics industries, when it comes to internal software security programs and practices.
The FBI, DOJ and DHS have released a Technical Alert on the Dridex P2P Malware. A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks and harvest users’ credentials for online services, including banking services.
E*Trade and Dow Jones have issued separate warnings to customers and subscribers about possibly compromised personal information, including payment card data. E*Trade has alerted about 31,000 customers about the compromise of personal data in late 2013, while Dow Jones issued a warning of a possible breach from August 2012 until July 2015 that it claims affected less than 3,500 individuals.
With the release of Microsoft Windows 10, patches will be released as soon as they become available. IT Administrators will still have the ability to control installation of the patches.
Cyber Security – Risk Is In Your Future
Lisa Traina discusses a few of the latest threats and tips on proactively addressing these threats in the latest issue of the Society of Louisiana CPAs Lagniappe magazine.