It’s the heart of summer: the time of year when we spend our weekends and evenings relaxing and spending time with our families. It’s the most vacation-heavy time of year for most American companies. Information security news, on the other hand, doesn’t rest or take vacations. It remains critical that we understand the trends in the industry so we can continue to prepare our businesses (and our own selves) for potential threats and risks. The month of June saw some jaw-dropping stories, mostly in banking and government, but we’re also continuing to see healthcare heavily impacted. We’ve compiled some stories to serve as a reminder that information security does impact business, and we should be treating it as such in our training and response. Here is a snapshot of what June had to offer for information security news.
- Mobile users are often completely unaware of the dangerous permissions they are allowing certain apps, the NY State Cyber Command warns. The live demo showed that downloading shady apps can almost immediately give attackers control over your device. Training employees on the inconsistencies to look out for can help prevent people from risking compromise.
- A recent study found that more than a third of organizations would pay a ransom put in place by hackers than spend more on security measures. An additional 16% mentioned that they weren’t sure what they would do if they were put in that situation. It’s clear that we still have a lot of work to do in terms of thinking about information security as a business issue.
- Despite security starting to gain traction as an important issue and more companies offering training, 25% of U.S. employees in a recent survey admitted to using the same password for all of their accounts. Of those employees, a staggering 81% said they do not password-protect their computers or phones at all. Having strong passwords is one of a few simple ways to increase your personal security.
- Are breaches a death sentence for the organization that gets compromised? Not necessarily. We’ve seen organizations take significant financial and reputational hits, which could be detrimental for some. Other organizations have taken these situations and turned the narrative around. Here are some takeaways from some recent high-profile breaches and how the businesses involved were affected.
Information Security in Government
- Journalists covering President Donald Trump’s meeting with North Korean leader Kim Jong Un in Singapore this week were given free USB-powered fans as gifts. While an understandable gesture given the temperatures in Singapore, security experts are concerned these devices could be infected. There is no word if any journalists were compromised from the gifts.
- In an attempt to limit espionage, the United States House of Representatives has passed a bill that will ban the U.S. government from buying Chinese-made surveillance cameras and OEM gear.
- Google and Apple have made separate adjustments to their products that will harden their security against unauthorized parties. As the two organizations begin to understand government and criminal techniques, they’ve adapted to increase consumer protection.
- A researcher has successfully found a way to hack into airplane WiFi systems from the ground. This discovery could make it possible for satellites to be weaponized and could have a dramatic impact on military security measures.
Banking and Credit News
- A massive attack on the largest financial institution in Chile turned out to be a cover-up. The attack, which rendered an impressive 9,000 workstations useless, was simply a decoy so that the attackers could hide $10M worth of illegal transactions to Hong Kong.
- Banks are asking the SEC for guidance on the appropriate response time to reach out to shareholders post-breach. There have been challenges surrounding the vagueness with the guidelines on both response time and what they are supposed to disclose, though.
- Ransomware continues to prove challenging for many businesses and banks. Small banks are starting to fight back, however, implementing full IT-resilience plans including backup, disaster recovery, and cloud mobility, which will allow them to withstand both planned and unplanned disruptions.
- Industry stakeholders are pressuring the Food and Drug Administration (FDA) to consider some sort of measuring stick when assessing a vendor’s cybersecurity culture to determine if it qualifies for the agency’s proposed fast-path program for premarket approval of “software as a medical device” products. You can learn more about measurements here.
- A lack of device encryption will cost a Texas-based cancer treatment center a massive $4.3 million in civil monetary penalties from the Department of Health and Human Services. The financial penalty is the fourth largest amount ever secured in a settlement for HIPAA violations.
- Dignity Health has discovered multiple data breaches and violations of HIPAA Rules recently. The breach affected 55,947 patients of the health system that operates 39 hospitals and 400 care centers in California, Nevada, and Arizona. In a rare and peculiar move, they even asked patients to “help” mitigate the damage by deleting emails that were mistakenly received.
An easy way of preventing falling victim to attacks is to understand the trends so you can recognize and avoid them. Help yourself do so by following FRSecure’s Twitter and LinkedIn for consistent updates on information security news stories like the ones above, and visit our site to learn how your organization can continue to make improvements to its security measures.