As the COVID-19 pandemic persists, cybersecurity threats and related risks continue to grow, including ransomware, external threats and especially those involving healthcare insiders, says Denise Anderson, president of the Health Information Sharing and Analysis Center.
In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.
A compromise of sensitive health information affecting nearly 38,000 individuals discovered nearly a year after a terminated company executive accessed the data spotlights some of the top security and privacy challenges covered entities and business associates face with insiders.
A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The agency also indicated this week it will keep its "rumor control" website active ahead of the 2022 midterm elections.
The Department of Defense did not effectively control access to the health information of high-profile personnel, says a new watchdog agency report, which hints that the findings also may indicate ineffective access control over other DoD employees' health records.
Cyber criminals are getting bolder and more sophisticated with their threats. No matter what kind of business you are in, you are likely to run into ransomware threats. During a ransomware attack, organizations - big and small - struggle to maintain productivity, preserve brand reputation and come up with a payment...
A Nigeria-based ransomware gang is conducting a campaign that dangles a $1 million bribe - or a portion of any ransom collected - to employees of targeted organizations if they will install DemonWare ransomware on their corporate network.
Security leaders face numerous challenges, including software vulnerabilities, third-party supplier liabilities, and distracted employees who may not realize their security behaviors are putting the company at risk. While many organizations focus on mitigating external threats, 30% of data breaches actually involve...
Global research uncovers IT security leaders’ key strategies for cloud complexity, remote work and supply chain attacks.
Security organizations have always been hard-pressed to keep up with the rising tide of data, the ever-expanding perimeter, and the increasing frequency and sophistication of attacks. Our...
A 30-year-old Greek national has been indicted on charges of selling insider trading tips and other proprietary financial data on darknet sites. Apostolos "The Bull" Trovias faces securities fraud and money laundering charges.
The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, compromising the data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. If convicted, She now faces a possible 20-year sentence.
A government watchdog is urging NASA to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency's network, infrastructure and data. NASA, in turn, is working toward making some security improvements outlined by the GAO by the end of this year.
This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.
Cybercriminals and nation-states are attempting to recruit insiders at companies around the world to help steal credentials and intellectual property, says Joseph Blankenship, vice president and research director at Forrester, who offers risk mitigation insights.
A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.