The insurance industry has been consistently targeted for cyber attacks as of late, for good reason: sensitive data is at the heart of every process—from handling health insurance claims to archiving medical histories. And because medical records are worth ten times more than credit card information on the black market, firms handling said data are required to take extra precautions in bolstering information security. However, every once in a while hackers are granted freebies—as was the case recently with Systema Software, a small insurance claims management solution provider.
There's no arguing that internet retailers have it tough these days: web server vulnerabilities, expiring SSL certificates, PCI DSS compliance, and a host of other issues keep the most vigilant of etailers on their toes—all this, mind you, against a harsh backdrop of increasing cyber threats. Even still, a handful manage to slip up when it comes to the most basic security measures, putting both their infrastructures and the data security of customers at risk. The following is a list of 11 online retailers who should know better.
When it comes to Flash, the only thing you hear more about than its ubiquity are its problems. Despite denunciations from some of technology’s biggest names, Adobe’s Flash player still seems to be everywhere. For almost ten years now, people have been dealing with the security warnings, critical updates and browser incompatibilities for which Flash is infamous. Yet even now, 0-day exploits of Flash’s seemingly unending vulnerabilities threaten users as third-party Flash ads on otherwise trusted websites are used to breach security.
Cyber attackers are, above all else, opportunists—malware and viruses require time and resources to develop and are therefore created with the greatest returns in mind. In terms of operating systems, Windows typically gets a bad rap for security—the price of popularity, as it were. But as other OS platforms have whittled down Windows' market share in recent years, cyber attackers have had an increasingly broad playing field for exploitation.
If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself. However, if you're one of the customers whose credit card and personal information was stolen, the difference is negligible.
Fortune recently published an article listing the airlines with the best in-flight wifi service. Coming in at the top of the list with the most onboard wifi connections globally were 3 American carriers: Delta, United, and American Airlines, respectively. But what defines best? Security is clearly not part of the equation, as one journalist famously discovered last week on a domestic American Airlines flight. But then again, if we're talking about wifi and commercial aircraft, all airlines get a failing grade.
When we think of protecting our information online, it’s usually in the context of traditionally sensitive data-- credit card numbers, addresses, SSNs, and so on. But as anyone who has taken a picture of themselves wearing nothing but a smile can tell you, the information exchanged during online dating can be just as personal. I haven’t done that, though. Ever. I have never done it.
The answer is simple: because it's highly profitable. Credit card numbers are still the best we've got for transacting digitally and health records are 10 times more valuable on the black market. And despite efforts from the infosec community at large, cybercrime continues to increase in frequency and severity. The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?
With the rate of data breaches increasing along with the complexity of modern IT infrastructures, the cyber insurance industry has been experiencing significant growing pains. Cyber risk determination had historically been done with employee surveys or contextual information about industries at larger. Without reliable data on an organization’s actual working state, many insurers came to realize there was no way to formulate a fair and accurate cyber insurance policy, especially for more complex and ever-changing IT environments.
For as much as "cyber risk" sounds like a 1990's board game involving robots, cyber risk is actually serious business—in fact, it is continually becoming more important as organizations old and new find themselves relying on a variety of connected technologies and services. And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation. So what is cyber risk, and what can be done about it?
In what is being described as a landmark case, Nevada-based casino operator Affinity Gaming is suing cybersecurity firm Trustwave for inadequately investigating and containing a 2014 data breach. The lawsuit not only marks the first time a security firm is sued over post-breach remediation efforts—it also highlights the complexities around managing cyber risk for high risk organizations in today's threat landscape.
Yes, it's that time of the year again. Time for global electronics vendors and eager enthusiasts from far and wide to converge at the world's largest annual consumer electronics/technology tradeshow. CES 2016 is in full swing, and IoT innovations have unsurprisingly taken center stage once again. Of course, who can forget the debut of Samsung "Smart" Fridge at last year's show, followed by the publicized hacking of the device soon thereafter. Judging by this year's exhibitor turnout, consumers can expect to see more hacked IoT devices making headlines in 2016. The following are the top 7 hackable IoT devices to watch out for at CES this year.
2015 may have come and gone, but the effects of last year's data breaches are far-reaching—for both millions of consumers and internet users as well as the companies and organizations whose systems were breached. Such events are no less devastating in terms of brand damage, and 2016 will undoubtedly bring forth a heightened collective security awareness in both organizations as well as consumers.
It's been barely a month since the VTech data breach resulted in the theft of over 6.4 million children's records, and yet another massive compromise affecting kids' data privacy is upon us—this time involving venerable children's toy and accessory brand Sanrio (of Hello Kitty fame). The data leak resulted in the exposure of details from more than 3 million user accounts: first/last names, birth dates, genders, countries, and email addresses, all openly available to the public. With children becoming prime targets for cyber criminals seeking low hanging fruit, companies that deal with and manage minors' data are increasingly under pressure to bolster their security controls and practices.
In a news flash buried beneath a slew of other notable security news items, UCLA Health revealed last week it was the victim of a massive data breach that left 4.5 million patient records compromised. Like previous attacks on Anthem and Premera Blue Cross, the intrusion gave hackers access to highly sensitive information: patient names, addresses, date of births, social security numbers, medical conditions, and more. And while matters around healthcare IT have taken center stage as of late, the ineffective security at leading institutions of higher education and research is equally distressing.
For those of you harboring secrets behind a website paywall, a word of warning: your skeletons are now easy targets for cyber criminals and nefarious 3rd parties around the globe. The recent data breach and compromise of 3.5 million Ashley Madison user accounts may turn out to be largest case of broad-scale extortion the world has ever seen, but for many—the outcome is hardly surprising.
Every year, Verizon compiles data from a list of prominent contributors for its annual report highlighting trends and statistics around data breaches and intrusions from the past year. The 70-page Data Breach Investigations Report (DBIR) covers a myriad of data points related to victim demographics, breach trends, attack types, and more. Reviewing these shifting security trends can give indications as to how well-postured one’s organization is against future threats. And just in case you’ve got your hands full patching server vulnerabilities, we’ve done the legwork of expanding on a few critical key points from the report.
In a widely publicized report released last week titled "FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen," the US Government Accountability Office (GAO) details the potential vulnerabilities and dangers of offering in-flight wifi services during air transit. By essentially granting customers IP networking capabilities for their devices, airlines may be opening up their avionics systems for attacks:
Cyber resilience is a fundamental change in understanding and accepting the true relationship between technology and risk. IT risk (or cyber risk, if you prefer) is actually business risk, and always has been. And the cybersecurity industry, for what it's worth, has generally avoided this concept because it goes against the narrative that their respective offerings—whether it's a firewall, IDS, monitoring tool, or otherwise—would be the one-size-fits-all silver bullet that can keep businesses safe. But reality tells a different story.