The 6th annual “Ponemon Institute Benchmark Study on Privacy & Security of Healthcare Data” reflects the sector’s escalating security issues as a primary target for malicious actors. The study finds that 89% of healthcare institutions and organizations surveyed had a data breach in the past two years, with 79% reporting two or more in 24 months, and nearly half (45%) reporting more than five. Also, a full 60% of 3rd party business associates have also been breached in the last two years. In addition to the potential impacts on privacy and even (in the case of ransomware attacked) quality of care,…
Author: Information Security Buzz Editorial Staff
A paradigm shift In recent years there has been a significant shift in an employee’s technology preferences at work, in part shaped by how they are using technology in their personal lives and the increasing trend for bring your own devices (BYOD). We are seeing employees gravitating toward multiple devices for both work and play. In fact, recently Juniper has revealed that the number of IoT (Internet of Things) connected devices will number 38.5 billion in 2020[1]. Likewise IDC reports that employee‐owned devices in the workplace will grow to more than 5.25 billion[2]. Gartner predicts[3]that by 2018, employee-owned devices in…
Industry leader evaluates confidence in seven key security controls required to detect cyber attacks on endpoints Tripwire, Inc., a leading global provider of endpoint detection and response, security and compliance solutions, today announced the results of an extensive study conducted for Tripwire by Dimensional Research. The Tripwire study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 134 participants from financial services. According to the Identity Theft Resource Center’s 2015 Breach List report,…
Following the discovery of a critical zero-day vulnerability in Adobe’s Flash Player which is being actively exploited in real-world attacks to infect unsuspecting internet users with malware, experts from Lieberman Software and ESET discuss whether anyone should still be using Flash Player at all. Jonathan Sander, VP of Product Strategy at Lieberman Software: “If you’re strictly a business user who uses email, documents, and Web, then you could likely never want or need to install Flash. However, if you play even one game on the web, then you likely use Flash. And if you have a kid that plays lots of games…
Dear Editor, It is not surprising to hear that another business has suffered the fate of a data breach, and unfortunately, at the point when a business discovers it has been compromised, the damage is usually already done. Learning from the recently disclosed Kiddicare data breach, it is imperative for businesses to understand that it is not enough to solely rely on Information Security teams to advise if a breach has occurred. Research publicised this week from the Cyber Security Breaches Survey 2016 revealed that 65% of large firms have detected a cyber security breach or attack in the last year; with…
Malvertising campaign has hit the popular celebrity gossip website, PerezHilton.com, potentially affecting millions of users. Here to comment on this news is Dr Malcolm Murphy, systems engineering manager, Infoblox on the threat posed by these types of attacks, and what organisations can do to stop them. Dr Malcolm Murphy, systems engineering manager, Infoblox “This attack is the latest in what seems to be a growing trend for so-called “malvertising” attacks, in which compromised ad servers are used to display fake ads which expose consumers to malware. The BBC, MSN and AOL, among other popular websites, were hit with a similar attack just last month,…
All of the top 10 apps fail to use secure data storage to protect Personally Identifiable Information All of the top apps contain at least 5 weaknesses of the 28 in total tested All of the apps tested are vulnerable to at least three of the OWASP Top 10 Mobile Risks 90% of the apps are vulnerable to Man-in-the-Middle attacks due to Certificate Pinning Wandera, the leader in mobile data security and management, today announced the findings of its comprehensive security assessment of the most popular business apps used on corporate liable devices by enterprise customers across North America, UK,…
ManageEngine Releases Results of Global Active Directory and Windows Server Security – Trends and Practices Survey, 2016 IT admins report heightened interest in visibility: configurations, settings and standards Access the ManageEngine survey results at http://ow.ly/10hVri ManageEngine, the real-time IT management company, today announced the results of the global ManageEngine Active Directory and Windows Server Security – Trends and Practices Survey, 2016. Among the critical findings is that 70 percent of IT administrators across the globe say that their Windows environments are at risk of malicious attacks. Over the past few years, the success rate of attacks, both internal and external, on…
Today, Wendy’s announced that malicious software affected POS devices in around 300 of the company’s 5,500 franchised stores, about 5% of all company restaurants. Tod Beardsley, Security Research Manager at Rapid7 has provided his comments on the breach below. Tod Beardsley, Security Research Manager at Rapid7 “The Wendy’s breach illustrates a number of recurring themes that we see with point-of-sale (POS) system-based financial crime. The criminal activity was ongoing, lasting at least six months from detection to containment. The length of time the compromise went undetected, then unmitigated, is troubling news for any retailer that depends on a third party POS vendor for security. The fact that…
Following a security breach like the recent ‘Kiddicare.com’ hack, the security impact of such exposure isn’t limited to an individual’s personal details; it can also have serious financial and reputational implications for the company. Customers that entrust their private information to an online provider should be able to rest safely in the knowledge it is kept in a secure manner; and all companies who handle private data have a duty to secure it. In this particular case, the leaked data contains information such as customer names, delivery addresses, phone numbers and e-mail addresses. Cybercriminals have the opportunity to use this…
