The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss how to start an insider threat program in a presentation at Information Security Media Group's Security Summit: London, to be held Oct. 23.
Scan4You, a notorious cornerstone of the cybercrime-as-a-service economy that allowed malware developers to more easily create code to bypass anti-virus defenses, has been dismantled, and its Latvian technical administrator has been slammed with a 14-year U.S. prison sentence.
In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.
With the abundance of PII available on the dark web, there has been an explosion of synthetic identity fraud. Michael Lynch of InAuth discusses how device and user data can be leveraged to combat the fraudulent opening of new accounts.
Those of you who are CISOs and have been conducting awareness programs for years realize that ''the devil is in the details" when building a successful program. Initial attempts to get an awareness program started are usually done by trial and error- but this hit-and-miss approach is often ineffective or frustrating....
Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month. Security firms have traced the heist to Magecart, a loose affiliation of cybercrime gangs also tied to payment card data breaches at British Airways and Ticketmaster.
A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.
As healthcare records have steadily gone digital, the industry
has had to play catch-up with cybersecurity. But that is starting
to change as healthcare companies pay a steep toll in data
breaches: records replacement, remediation, downtime, bad
reputation, fines and even stock prices. The damage happens
It was a cunningly crafted phish...
Employees at a healthcare company were going about their day when they received an email from their CEO - and it wasn't a typical meeting invitation. The email asked them to read and agree to a company policy. Simple. Just click on a link, login with their credentials and go to...
Want to Avoid Attacks? Think Like a Marine
The Marines are tough and they're smart, too. That's why they anticipate risks to stay "left of bang" on the battlefield and reduce their losses. This eBook uses similar thinking to help strengthen your phishing defense and keep your company "left of breach."
Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.
The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.