While we are still in the midst of enjoying summer by relaxing in the sun or by staying inside to avoid the heat, information security news stories have continued to pile up. The month of July saw a wide variety of stories breaking within the banking and healthcare industries, as well as new information on older stories relating to government and politics. While these were the hardest hit industries, it’s important to remember that breaches continue to be a dangerous threat to all industries, and we should be treating them as such. To help prevent breaches and data leaks, it is crucial to understand current patterns and trends hackers and other malicious individuals are using to compromise our data. Here is a brief overview of information security news and trends from July.
Banking and Credit News
- The National Bank of Blacksburg is suing Everest National Insurance company over payouts related to two phishing attacks within just a few months of each other which saw hackers steal more than $2.4M.
- Governor Dannel P. Malloy of Connecticut signed into law a bill that will take effect in October. This bill will double the window under which businesses suffering data breaches must provide services to consumers to help mitigate the risk of identity threat from one year, to two years.
- The popular app Venmo, which allows users to send and receive money directly to or from the user’s bank account has experienced attempts at fraud. One issue with Venmo is by default, the user’s transactions are made public for anyone to see. Luckily, there’s an easy way to fix this.
- A massive breach in Singapore has exposed on about 1.5M patients, more than 25% of the country’s residents. Authorities believe this was a deliberate and planned attack but was principally designed to steal medical information pertaining to the country’s prime minister, Lee Hsien Loong.
- A ransomware attack forced a Missouri county medical center to divert ambulances carrying trauma and stroke patients to other facilities. The attack impacted the enterprise IT infrastructure which includes the electronic health records system. The medical center, Cass Regional Medical Center has continued to provide inpatient and outpatient service for less urgent matters.
- The Food and Drug Administration (FDA) has issued a new guidance on its policy for organizations using electronic health record (EHR) data. Among other criteria, the EHRs need to contain certain privacy and security controls, the FDA says.
Information Security in Government
- U.S. intelligence chief, Dan Coats, warns that the threat is growing for a devastating cyberattack on critical U.S. infrastructure. Coats goes onto say Russia, China, Iran, and North Korea are conducting daily cyberattacks on U.S. digital infrastructure, with Russia being the most aggressive by far.
- The 2016 hacking of the Democratic National Committee has continued as an ongoing investigation. It was found that Russian operatives gained access to Hilary Clinton’s campaign by using a spearphishing tactic. After gaining access, these operatives leaked more than 50,000 emails.
- These Russian operatives were able to hide behind virtual currency such as Bitcoin to pay for a website where they would later post the leaked emails to. The transactions were detailed in an indictment from the Justice Department.
- A recent survey conducted by Gartner, Inc. shows that only 65% of organizations currently have a cybersecurity expert, despite 95% of CIOs expecting cyberthreats to increase over the next three years.
- The 2018 Cost of a Breach Study found that the average cost of a data breach has reached $3.86M, a 6.4% increase from the 2017 report.
- The study also identifies some “hidden costs” most companies fail to consider while dealing with data breaches such as lost business, negative impact on reputation and employee time spent on recovery. The study found that one-third of the cost of “mega breaches” (over 1 million lost records) were derived from lost business.
Additional Information Security News
- While this didn’t happen in July… some stories are too important to wait until next month’s recap to be shared.
- The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs of their holdings, pivoting off a data breach at an “unknown card issuer.”
- The criminals would use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
- Small-to-medium size financial institutions would likely be the main targets due to “less robust implementations of cybersecurity controls, budgets, or third-party vendor vulnerabilities.
One of the best ways to prevent becoming a victim of attacks is to understand the trends and the tendencies so you can recognize and avoid them. Help yourself and your organization by following FRSecure on Twitter and LinkedIn for consistent updates on information security news like this, and visit our site to learn how your organization can continue to make improvements to its security measures.