A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
IT Security
How a company’s culture can limit data breaches
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
NHTSA Issues Cybersecurity Best Practices For Automakers
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Dyn DDoS attack exposes soft underbelly of the cloud
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
Yahoo Admits Half a Billion Users’ Info Hacked
Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users. The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords. Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.
Dropbox Acknowledges Leak of 68 Million Passwords
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
Newly Announced Chipset Vulnerability Affects 900 Million Android Devices
Over 900 million Android devices are at risk of compromise due to a dangerous grouping of vulnerabilities recently discovered. The vulnerabilities have folded directly into the Android operating system developed for each original equipment manufacturer (OEM) that uses the affected chipsets within their devices, including Samsung, HTC, Motorola and LG.
‘No More Ransom’ Portal Offers Respite From Ransomware
Kaspersky Lab and Intel Security worked with officials around the world to help develop decryption tools for popular ransomware variants. Ransomware victims in Europe and the United States have also been given the tools notify authorities of infections in an effort to better track and combat ransomware.
China Suspected in FDIC Breaches
A new congressional report indicates the Chinese government was likely responsible for hacks at the FDIC in 2010, 2011 and 2013. A total of 12 workstations were compromised and 10 servers were penetrated and infected with a virus.
$55 Million in Digital Currency Stolen from Investment Fund
The $150 million experimental investment fund known as Decentralized Autonomous Organization has been hacked, resulting in a loss of $55 million in digital currency. The June 17th hack resulted in a loss of 3.6 million ethereum coins as attackers created an identical fund and moved the money into it.
TeamViewer Bolsters Security After Account Takeovers
TeamViewer, which provides remote support and access, has announced that it is strengthening security controls after a rise in corporate account takeovers. A company spokesman noted that many consumer accounts used “the same account credentials across multiple internet accounts.”
Vietnamese Bank Blocks $1 Million SWIFT Heist
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
Invest Bank UAE Appears to be Victim of 10GB Breach
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
Anonymous Threatens Bank DDoS Disruptions
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
California Hospital’s Systems Held Ransom for $3.6 Million
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
Obama Signs Cyberthreat Information Sharing Bill
On December 18, both houses of Congress enacted the Cybersecurity Information Sharing Act (CISA), which will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program. President Obama has signed the legislation.
FFIEC Releases Statement on Cyber Attacks Involving Extortion
Members of the Federal Financial Institutions Examination Council issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement includes steps financial institutions should take to respond to these attacks and highlights resources that can be used to mitigate the risks posed by such attacks.
First BSIMM Study of Healthcare Industry Returns Poor Results
The new Building Security in Maturity Model (BSIMM) study, BSIMM6, found healthcare organizations scored much lower than their counterparts in the financial services, independent software vendor and consumer electronics industries, when it comes to internal software security programs and practices.
Technical Alert on Dridex P2P Malware Released
The FBI, DOJ and DHS have released a Technical Alert on the Dridex P2P Malware. A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks and harvest users’ credentials for online services, including banking services.
E*Trade, Dow Jones Issue Breach Alerts
E*Trade and Dow Jones have issued separate warnings to customers and subscribers about possibly compromised personal information, including payment card data. E*Trade has alerted about 31,000 customers about the compromise of personal data in late 2013, while Dow Jones issued a warning of a possible breach from August 2012 until July 2015 that it claims affected less than 3,500 individuals.
Lisa discusses a few of the latest threats and security tips
Cyber Security – Risk Is In Your Future
Lisa Traina discusses a few of the latest threats and tips on proactively addressing these threats in the latest issue of the Society of Louisiana CPAs Lagniappe magazine.