Following the news that in 2016 the healthcare industry suffered on average one breach a, Jason Allaway, VP of UK and Ireland at RES commented below. Jason Allaway, VP UK & Ireland at RES: “The news that the healthcare industry suffered on average one data breach a day in 2016 should serve as a stark warning to organisations. The industry has been a hot target for cyber criminals and in 2017 this will only escalate. The reason the healthcare sector saw such high levels of data-related attacks is the value of the data that is being targeted. Rather than the monetary value…
ISBuzz Team
After days of wreaking havoc among MongoDB servers, a group of crooks has moved on to hijacking ElasticSearch servers and asking for similar ransoms. The first wave of attacks hit ElasticSearch server owners yesterday, with some of the victims complaining on the ElasticSearch forums. IT security experts from Imperva and AlienVault are commented below. Terry Ray, Chief Product Strategist at Imperva: “After 14 years in data security, I’m no longer surprised when speaking to organizations at the limited visibility that security, database administrators, and risk teams have as to who, how, and why entities touch their data. There is no reason…
Social media started life as a way of staying in touch with friends and sharing happy memories. However, the results of the latest study from Kaspersky Lab indicate that social media now leaves many people feeling negative instead. The hunt for likes plays a central role in this, with the majority of people feeling down or upset when they don’t get as many likes as they expected for a post, and with 42 per cent saying they feel jealous when their friends get more likes than them. Research from Kaspersky Lab also shows that one-in-ten people would bend the truth…
Reports are surfacing that the largest NHS hospital trust in England has been hit with ransomware, affecting thousands of sensitive files. Security experts from Varonis, NSFOCUS and Lastline commented below. David Gibson, VP of Strategy and Market Development at Varonis: “The reported ransomware attack on the largest NHS hospital trust in England affecting thousands of sensitive files is another canary-in-the-coal mine incident raising awareness for how much sensitive data is overexposed and at risk within organisations. When a user with excessive access to data across the network is infected with ransomware, organisations cannot ignore the crippling effects of hijacked data – in…
A flaw in GoDaddy’s code meant that nearly 9,000 SSL certificates have had to be revoked. Any website affected by the issue will still have working HTTPS encryption, even if the GoDaddy-issued certificate is revoked. However, visitors to the website might see error messages or warnings in their browser until a new certificate is installed. IT security experts from Venafi commented below. Kevin Bocek, Chief Cybersecurity Strategist at Venafi: “Unfortunately, this is not an isolated incident for the CA industry: Recently, an error by GlobalSign locked out traffic to their customers’ websites for days and Symantec discovered to be issuing…
Dyn, the internet performance management company, today publish new findings into the impact internet disruptions have on UK organisations, as well as revealing how prepared UK businesses are in mitigating the risks these disruptions pose. The survey, which questioned 100 senior-level IT professionals in UK organisations, revealed that the majority of internet disruptions occur outside a company’s network, and a lack of visibility beyond company ‘walls’ has made it difficult for businesses to pre-empt and resolve any issues as quickly as they need to. Key findings include: Over half (57%) of the internet disruptions UK organisations experienced in the past…
ESET Ireland is warning about the latest phishing scam, targeting Eir customers. A poorly spelled email pretending to come from Eir is trying to catch the Irish unaware, claiming there’s a problem with Direct Debit payment and threatening to suspend their “eir Broadband and eir TV services within the next 24 hours” Subject: eir Unable to retrieve payment for your latest bill Dear nod32 Your bank has let us know that there isn’t a valid Direct Bebit instruction set up between eir and your card number xxxx-xxxx-xxxx-xxxx (not shown for security purposes). We were unable to retrieve payment for your latest…
Following the news that GoDaddy was obliged to revoke 8,850 SSL certificates as the result of an unspecified software bug, Mark James, IT Security Specialist at ESET commented below. Mark James, IT Security Specialist at ESET: “SSL certificates are used to secure and protect data sent from one computer to another, this may include credit card numbers or other private information you may not want others to read or indeed steal. If you are using your credit card to pay for items or services on websites then you would normally look for a padlock icon to visually assure you it’s safe and secure. If this…
For every problem, there is a solution. In the world of cyber security, however, if each and every problem is solved by a different solution, solution fatigue can quickly become a new problem. Recent attendance at any major security conference is an excellent barometer of the state of the cybersecurity market. As Gartner analyst Anton Chuvakin noted in his post-RSA Security Conference blog, “A lot of the tools firmly target the security one percenters, not the mainstream. These tools can only be utilized by people with large and experienced teams.” Solution fatigue is caused by the use of numerous disparate…
No one can predict when the next cyber breach will happen – so it’s all about pre-emptive strategy. But you can only build defences if you understand the threat. And, even on this initial front, most UK organisations are vastly outmatched. The resources cyber criminals can deploy are totally disproportionate to those that companies can utilise. And they only need to succeed once to breach. Those at the leading edge have moved from reactively responding to incidents to proactively using analytics and AI to predict attacks and head them off before they start. Part of the problem is a lack of home-grown…