A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
cybersecurity
How a company’s culture can limit data breaches
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
NHTSA Issues Cybersecurity Best Practices For Automakers
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Dyn DDoS attack exposes soft underbelly of the cloud
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
Yahoo Admits Half a Billion Users’ Info Hacked
Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users. The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords. Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.
Ransomware: Is Your Accounting Firm At Risk?
The rising threat of ransomware gives evidence to the fact that vulnerability assessments are important to overall cybersecurity protection. Is your organization at risk?
Dropbox Acknowledges Leak of 68 Million Passwords
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
‘No More Ransom’ Portal Offers Respite From Ransomware
Kaspersky Lab and Intel Security worked with officials around the world to help develop decryption tools for popular ransomware variants. Ransomware victims in Europe and the United States have also been given the tools notify authorities of infections in an effort to better track and combat ransomware.
Leaked DNC Emails Show Lax Cybersecurity
More information on the DNC breach shows us that no organization is too big to follow the most basic cybersecurity practices. The most glaring issues identified include the transfer of personally identifiable information and passwords via unencrypted email.
China Suspected in FDIC Breaches
A new congressional report indicates the Chinese government was likely responsible for hacks at the FDIC in 2010, 2011 and 2013. A total of 12 workstations were compromised and 10 servers were penetrated and infected with a virus.
Does the Booming Short-Term Rental Market Pose a Security Threat?
In short, yes. Guests of short-term rentals, like the popular Airbnb, can reset home routers and gain full control of network traffic. What’s more, the potential hacker needs only one thing: a paper clip.
FDIC IT Exam Update
The FDIC has updated their IT Examination procedures. On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions. The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place. Contine reading
TeamViewer Bolsters Security After Account Takeovers
TeamViewer, which provides remote support and access, has announced that it is strengthening security controls after a rise in corporate account takeovers. A company spokesman noted that many consumer accounts used “the same account credentials across multiple internet accounts.”
Ransomware: Malware in its cruelest form
Ransomware is another type of malware, but this one carries a bit of a sting. Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s. Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box. Ransomware has been the headline for 2016. If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading
Vietnamese Bank Blocks $1 Million SWIFT Heist
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
Invest Bank UAE Appears to be Victim of 10GB Breach
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
Anonymous Threatens Bank DDoS Disruptions
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
Verizon Data Breach Investigations Report 2016
It’s that time of the year again!
Verizon released its Data Breach Investigations Report for 2016. For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches. The current report analyzes over 100,000 incidents that occurred in 2015. It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading
Bangladesh Bank Attackers Hacked SWIFT Software
A Bangladesh Bank was a victim of a malware attack that allowed hackers into the bank’s SWIFT software to transfer money and even hide their tracks in the process. $81 million were stolen.
‘Panama Papers’ Spill Insider Secrets
The 11.5 million leaked documents reveal alleged money laundering, tax avoidance and sanctions dodging by heads of state, politicians, celebrities and other fraudsters.
5 Steps CPAs Can Take to Fight Hackers
Big or small, every organization is at risk. Here I discuss ways to protect yourself and your clients.
Verizon Confirms Breach Affecting Business Customers
Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.” Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.
California Hospital’s Systems Held Ransom for $3.6 Million
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
Zero-Day Flaw Found in Linux
A zero-day flaw has been found in the Linux kernel that runs millions of servers, desktops and mobile devices that use the Android operating system. At least 66 percent of all Android mobile devices and tens of millions of Linux PCs and servers are expected to be affected.
Obama Signs Cyberthreat Information Sharing Bill
On December 18, both houses of Congress enacted the Cybersecurity Information Sharing Act (CISA), which will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program. President Obama has signed the legislation.
Hackers Claim FBI Information-Sharing Portal Breached
A group of hackers claims to have breached the FBI’s Law Enforcement Enterprise Portal (LEEP), which includes records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.
FFIEC Releases Statement on Cyber Attacks Involving Extortion
Members of the Federal Financial Institutions Examination Council issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement includes steps financial institutions should take to respond to these attacks and highlights resources that can be used to mitigate the risks posed by such attacks.
Cybersecurity Awareness Month – Industry Teleconference
I hope everyone enjoyed October’s Cybersecurity Awareness Month as much as I did. To end the month, the FDIC held an industry teleconference on October 28th. The teleconference included updates on the cybersecurity landscape, cybersecurity assessment tool (CAT) and information sharing with a brief Q&A that followed. Contine reading
Technical Alert on Dridex P2P Malware Released
The FBI, DOJ and DHS have released a Technical Alert on the Dridex P2P Malware. A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks and harvest users’ credentials for online services, including banking services.
Dell Acquisition of EMC Has Big Cybersecurity Implications
The $67 billion acquisition makes it the largest the technology industry has ever seen. Dell will ramp up its existing powerhouse of security components (SecureWorks, SonicWALL and Quest Software) with the addition of EMC’s RSA product offerings.