Electronic Data Security

Not long ago, phishing attacks were easy to spot.

They’d be rife with misspellings or link to suspicious looking login pages. That’s changing, writes internet security expert Brian Krebs.

Hackers are getting more sophisticated, sending potential victims to legitimate looking web pages, sometimes hosted on the “secure” HTTPS domain. Web security firm PhishLabs recently reported that the number of phishing sites hosted on HTTPS has doubled in the past year.

That means companies and individuals need to keep on their toes. Krebs’ article offers some useful tips on how to thwart these new techniques.

Cybersecurity professionals must work diligently to help business leaders understand that their work is more than just technology implementation, says Greg Touhill, the federal government’s first Chief Information Security Officer. It’s risk management.

“I keep on hearing executives talk about cybersecurity being a technology problem, and they keep pouring money into buying new stuff,” rather than focusing on risk management, Touhill said in a speech to a gathering of cybersecurity pros this week in Washington DC. Instead of buying the hottest new cybersecurity tools, companies should focus on remaining current and understanding the true value of their data.

Touhill made the remarks November 29 during a presentation to attendees of the INSecurity conference, a cybersecurity gathering sponsored by industry publication Dark Reading, which reported on his speech.

 

The Financial Times reports that many nonprofits are vulnerable to cyberattacks.

Many charities simply don’t want to invest time and money defending against hackers. A 2016 study found about half of nonprofits had not conducted a cyber risk assessment, and two thirds had no plans to increase spending on data security. But hackers don’t give nonprofits a pass. The article tells the story of a small, Indianapolis, Indiana-based cancer charity that lost all its client data in a ransomware attack.

“While it is not surprising that charities want to spend scarce resources on housing the homeless or feeding the hungry, some argue that those very services could be at risk if they fail to invest in cyber security tools and practices,” according to The Financial Times report.

Cloud computing offers greater flexibility, speed, and convenience, but some businesses were hesitating to take advantage of the technology due to fears of increasing vulnerability to cyberattacks.

But a recent study reveals a marked increase in moving sensitive data to the cloud as a result of increased confidence in security – and despite continuing struggles to monitor and manage the data once it’s there.

In a post on the Dark Reading blog, Kelly Sheridan reports that fewer than 25 percent of businesses had their applications, data, and infrastructure in the cloud two years ago, but that 44 percent are cloud-based today, and 65 percent are expected to be two years from now.

Read more:

https://www.darkreading.com/cloud/security-forecast-cloudy-with-low-data-visibility/d/d-id/1330239

 

Physicians have their hands full on the best of days. It’s not difficult to imagine why using a voice assistant such as Amazon’s Alexa or Apple’s Siri might be attractive.

In fact, a recent survey showed nearly one in four physicians uses the assistants for work-related purposes, such as researching prescription drug dosing. It’s likely many are unaware of the information security dangers they pose.

In an interview with SCG Health Blog, Fox Rothschild attorneys Elizabeth Litten and Michael Kline explain that the labor-saving devices pose a bevy of data privacy and security risks, and offer doctors six helpful tips for protecting their practices.

The Federal Trade Commission is investing nearly $3 million in technology to support an increasing need for e-discovery driven by massive data breaches such as the one disclosed recently by Equifax.

The news comes from the National Law Journal, which reports that the FTC awarded a one-year contract to Innovative Discovery LLC of Arlington, Virginia for a secure litigation support service. The agency awarded the contract without competitive bids because it “faces usual and compelling circumstances that require the immediate initiation of this pilot,” the Law Journal reported.

“The FTC is entering into an unprecedented year of investigations and litigation, including its investigation into the Equifax data breach and an usually high number of forensic data acquisitions in fraud cases,” agency officials wrote. The contract, they added, “is essential to enabling the FTC to successfully conduct investigations and litigation to stop consumer harm, thus enabling the agency to accomplish its mission.”

A new study notes that despite record spending on cybersecurity, overconfidence may be hurting companies’ ability to protect against data breaches.

Tech publication Information Week reports that the survey of IT professionals, by security firm Gemalto, showed that while 94 percent of respondents said their perimeter security was effective, nearly a third reported breaches within the last 12 months. Surprisingly, 14 percent said they would not trust their own organization to safeguard their personal data.

Why the disconnect? Experts interviewed by Information Week chalked it up to a lack of understanding of cybercrooks’ motivations, and a general lack of knowledge about cybersecurity in corporate C-suites. Click here to read the full story.

For small and medium-sized businesses, the most dangerous cyberthreat may come from within.

IT industry publication TechRepublic reports that a newly released study by Keeper Security and the Ponemon Institute suggests careless employees are at fault for the majority of data breaches at small and mid-sized businesses. The study surveyed 1,000 information technology professionals in the United Kingdom and North America. Some 54 percent listed employee negligence as the root cause of cybersecurity incidents, followed by insufficient password policies.

A stunning 50 percent said they had suffered ransomware attacks in the past year. Of those, 79 percent said ransomware entered via a phishing or social engineering attack.

Click here for TechRepublic’s full coverage of the study.

It wasn’t a good week for credit reporting agency Equifax, which admitted to a major data breach affecting more than 143 million people.

Consumers’ data was exposed over three months via a vulnerability in a web application, the company said in a press release announcing the breach.

The breach was covered by every major news outlet, but Data Breach Today‘s Jeremy Kirk raises some interesting questions about Equifax’s notification strategy in this piece.

For the latest in breach response protocol in all 50 states, download Data Breach 411, a free app developed by Fox Rothschild’s Privacy & Data Security practice, available in the iTunes Store.

Cybercrooks’ preferred path to critical data is through privileged accounts, those held by users who have broad access and powers within the target’s network.

That’s according to a recent survey conducted by the cybersecurity firm Thycotic at the recent Black Hat conference in Las Vegas, reported Infosecurity Magazine.  About a third of respondents named privileged accounts the fastest and easiest path to critical data, while user email accounts were a close second at 27 percent.

Some 85 percent said human error, not inadequate security or unpatched software, was most to blame for security breaches.

Hackers’ biggest headaches? Multifactor authentication and encryption, according to the survey.