Cyber Risk News

Watch On-Demand: How to Prepare for GDPR

GDPR, or General Data Privacy Regulation, will come into force on 25 May 2018. GDPR requires organizations to maintain a plan to detect data breaches, regularly evaluate the effectiveness of security practices, and document evidence of compliance.

read more

Managed SIEM with Security Monitoring Use Cases

Given different challenges facing security departments, security monitoring is vital. Security professionals now feel the deck is stacked against them as cybercriminals continue to attack. Many organizations are outsourcing to third-party vendors for faster and better detection.

read more

March 2018 Data Breach Update

The business sector was the leader for the number of breaches in March 2018 with 45 breaches. These are breaches that are confirmed through media sources and/or notifications from state governmental agencies. The medical/healthcare industry had the second highest percentage of recorded breaches at 21 percent (19 breaches).

read more

Patching the Meltdown Patch

Do you remember the Meltdown and Spectre vulnerabilities that exploited critical vulnerabilities in modern processors in January 2018? It turns out the patch that Microsoft created for Meltdown could be worse than the original Meltdown vulnerability. Ulf Frisk, a Swedish penetration tester, warns in his blog:

read more

SamSam Strikes Again

SamSam, a ransomware that hackers use in targeted attacks, strikes again – this time shutting down the City of Atlanta. Hackers using SamSam usually scan the Internet for computers with open RDP connections. Attackers break their way into large networks by brute-forcing these RDP endpoints and then spread to even more computers. Once they have a sufficiently strong presence on the network, attackers deploy SamSam and wait for the victim organization to either pay the ransom demand or boot them off their network.

read more

Healthcare Industry: Protected Healthcare Information Update

PHI data or Protected Healthcare Information data is a big deal for security people in the healthcare industry. Protected health information (PHI) under the US law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) and can be linked to a specific individual. 

read more

Defining Reasonable Cybersecurity

Have you considered the legal ramifications of a potential data breach if your organization is hacked? Let’s look at the Equifax breach. The most recent headline was about the insider-trading charges that were brought against a former employee. He sold stock and options after learning of the massive data breach at the credit reporting agency. What’s next for Equifax?

read more

2018 CyberCrime Stats

In Cybersecurity, we are always trying to prepare for the worst. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Best VPNs shared an infographic that displays the top stats about Cybercrime. Here are the top takeaways from their post:

read more

Common Cyber Threats and How to Address Them

Hacking is easy. And profitable. An average phishing attack could potentially cost a mid-sized organization $1.6 million. But, there are many other ways that organizations could be breached. Here are the top five ways that we see organizations could be breached:

read more

GDPR: Steps to Help Your Organization Prepare

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. If your business handles data on EU residents then you must abide by the GDPR regulation.

The Information Commissioner’s Office (ICO) has released a checklist to help organizations prepare for the GDPR:

read more

Top 2 types of attacks

According to HIPAA, all covered entities and their business associates are required provide notification following a breach of unsecured protected health information. According to the report that lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights, the top two types of attacks are hacking at 32.6 percent and unauthorized access at 21.3 percent.

read more

Think Beyond…

Prevention is possible with the right people, processes, and technology. Your security stack is swamping you in alerts, it’s time to think beyond today’s security approach and get out of the endless loop of chasing attackers. There is a better approach!

Find out more about how Cybriant works with Cylance.

read more

Getting More Value out of your SIEM

Once you have made the decision regarding your SIEM purchase, a key challenge is the skilled use of your SIEM tool. If you do not have the knowledge or expertise to utilize a SIEM correctly, your SIEM may not work optimally. We’ve heard complaints about an organization’s SIEM when it may the way it was implemented or managed on a daily basis.

read more

REPORT: January 2018 Breaches

The numbers are in! The Identity Theft Resource Center (ITRC) has captured 116 total data breaches in January 2018 in the 2018 ITRC Breach Report. The numbers are down a very small amount from January 2017. Educational and Medical industry breaches are down. But, the number of data breaches in the Business, Government, and Financial Services industries have all increased.

read more

State of the (Cybersecurity) Union

The state of the cybersecurity union today is that all businesses – large or small – should assume the worst and prepare for cybersecurity attacks. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Workforces are expanding and using more connected devices, which makes it even more difficult to maintain a human defense firewall.

read more

Your SIEM needs a Hedgehog!

At Cybriant, we are big fans of Jim Collins’s book, Good to Great. This is a classic book for business leaders that describes how Mr. Collins and his team researched 1,435 established companies to find common traits of those businesses that made a leap from average to great results. The principles that are discussed in the book include lessons on eggs, flywheels, hedgehogs, and other essentials of business.

Let’s talk Hedgehogs…

read more

FREE TOOL: Your users are “Phish-Prone”

First of all, you need to know your organization’s phish-prone percentage. We offer a phishing security test through KnowBe4. This free tool will test up to 100 users and will give you a PDF with your phish-prone percentage and charts to share with management.
Why? If you don’t do it yourself, the bad guys will.

read more

The “Human Factor” Important in Cyber Risk Prevention

As I read over the Kroll Global Fraud & Risk Report for 2017, the most common issue discussed is the threat that comes from within your organization. Current and ex-employees were the most frequently cited perpetrators of fraud, cyber, and security incidents over the past 12 months. Notwithstanding this finding, external parties were identified as active perpetrators as well.

read more

5 Reasons to Consider Security Awareness Training

The press can’t get enough of corporate data breaches. They delight in showcasing the latest horror story about a business that lost massive amounts of private records or millions in revenue to the latest hack. I would call that schadenfreude, but wait …you could be next.

read more

Message from Meltdown and Spectre: Create a Patching Strategy!

“Those who patch, prevail.” – Unknown

While patching may be the most boring, thankless job in the IT department, it could be the one that prevents the most cyber attacks. Hackers use known vulnerabilities to launch attacks on businesses. Having your systems updated and patched may be the best first line of defense.

read more

[Video] Backup vs. High Availability

Take a few minutes and watch this video with George Crump, Lead Analyst from Storage Switzerland, and Lilac Schoenbeck, Senior Director of Portfolio Marketing from Carbonite. They discuss the differences between data backup and high availability and how they can work together to form a complete data protection strategy.

read more

It’s Time to Move to a Proactive Cybersecurity Approach

AlienVault recently conducted a survey of 233 IT professionals about how their roles have changed since the WannaCry and NotPetya cyberattacks in 2017. As you can imagine, these IT professionals are experiencing increased workloads:

Two-thirds (66%) are more up-to-date with patching than they were previously.
Half (50%) say that they are now using threat intelligence more regularly, to stay ahead of emerging threats.
In addition, 58% carried out a review of their organization’s cybersecurity posture following the attacks.

read more

The Dark Web and What We Can Learn From It

The Deep Web contains an incredible amount of data – 7,500 terabytes, which, when compared with the surface web’s 19 terabytes, is almost unbelievable. Thanks to a sharp increase in cybercriminal activity in recent years, this shadowy portion of the internet encompasses as much as 550 times more public information than that of the surface web.

read more