It’s a new year, but the same thing is true: information security news is as prevalent as ever. With each year that passes, attacks get bigger and attackers get more sophisticated. Thankfully, we’re also getting better at thinking of information security as a critical business issue. Here are some of the first big stories of the year, so we can stay vigilant and start 2019 on the right foot!
A Growing Industry
- Two professors from Pennsylvania are working diligently at the capitol to get cybersecurity training in more high school classes around the country. The message is simple: More high schoolers need to start learning advanced cybersecurity skills if the nation has any hope of protecting itself against a rising wave of cybercrime.
- Venture capitalists invested nearly $5.5B in cybersecurity companies in 2018— double the amount invested just two years prior. It’s expected that these investments (along with those related to technologies that automate security measures) will continue to boom in 2019 and beyond.
- January 28 was Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA), focused around the theme, A New Era in Privacy.
- A group created by people who have been victims of SIM swapping crimes has launched an initiative to raise awareness about the fast-growing problem of SIM crimes.
Government & Policy
- Russian attackers consistently probe small businesses in the United States with the end goal of getting to the U.S. power grid. The attackers are utilizing supply chain attacks of contractors to get at utilities.
- A bill in North Carolina was introduced that would require organizations to disclose ransomware attacks to affected individuals— a breach notification that’s currently not required. If passed it would reduce the required notification time to 30 days, allow free credit freezes, monitor credit free, and require companies to obtain consent when seeking credit scores.
- France’s data protection regulator, CNIL, has issued Google a €50 million fine (around $56.8 million USD) for failing to comply with its GDPR obligations. This is the biggest GDPR fine yet to be issued by a European regulator.
- The United States government shutdown may be over, but the effects were certainly felt. The FBI said the shutdown impeded their investigations. The lack of funding decreased their ability to pay informants and cybersecurity probes.
- The Department of Health and Human Services (HHS) released new guidance to help healthcare organizations protect themselves against data theft. The publication focuses on common vulnerabilities like phishing and gives basic best practices for avoiding and mitigating their risks.
- Protecting your private information is challenging enough as it is, but healthcare organizations aren’t helping. In a study of 703 patients by the Patient’s Association, six out of ten respondents said their local practice was too small to allow for private conversations.
- A federal jury found an attacker in Massachusetts guilty of cyber attacks on the Boston Children’s Hospital that put patients’ lives at risk in April of 2014. The attacker is set to face 10 years in prison and close to a half-million-dollar fine.
- A healthcare sector advisory council on released a new voluntary framework for improving the cybersecurity of medical devices throughout their lifecycle— an area that has proven to be very susceptible to attacks.
- As if the Marriott breach from the end of 2018 wasn’t bad enough, the company announced in January that it also believes hackers were able to retrieve passport numbers of 5 million guests. Marriott has offered to pay for new passports for affected guests.
- Microsoft has been working behind the scenes to create a “data bank” where users can store and control all of the data they’re generating online. The project, Bali,
will allow the user to visualize, manage, control, share and monetize their personal data.
- Privacy concerns are growing at the consumer level. Ring, who makes video doorbells, left databases of video unencrypted despite giving access to contracted staff. Smart devices continue to pose security threats constantly.
- You may want to turn off your FaceTime while Apple works out a bug. It was discovered that a flaw in the system may allow people to spy on your FaceTime conversations.
Understanding information security trends is important. It gives you an idea of what’s going on in the industry so you can continue to protect yourself and your business. Follow FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.