In its 2018 Strategic Security Survey (registration required), Dark Reading polled some 300 IT and security leaders and found that more organizations, not fewer, expect to face data breaches in the coming year compared with the previous year’s survey. Moreover, the companies believe they’re not fully ready to protect their data against intruders.
A large proportion of respondents expect that staffers with privileged access might be the source of a breach, but they’re also wary of attackers from outside mounting one of many sophisticated new attacks. A growing attack surface, distributed denial-of-service extortion, targeted attacks, and ransomware are contributing to the unease that many organizations sense.
Read more about the findings of the new survey on DarkReading.
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment. Results found that while physicians and hospital administrators view cybersecurity as a priority, the majority of them feel underprepared to combat cyber risks in the connected hospital.
“Cybersecurity is a shared responsibility across all of us working in today’s healthcare system,” said Chris Tyberg, Divisional Vice President, Product Security, Abbott. “It is important for us to understand the challenges hospitals face and how we can collaborate on potential solutions.”
Shopify predicts that online holiday sales in 2018 will be $23 billion greater than in 2017. As the number of online shoppers increases, the appeal for cybercriminals to target them grows as well, leading to the development of new tactics to circumvent antivirus software, beat web filters, and confuse targets into giving up secrets.
It’s easier than ever to fall prey to cyber scams—even the most well-trained can fall for a perfectly executed attack. Hackers move fast—potential victims need to be faster.
Read eight security tips for online shoppers on TechRepublic.
Smartphone access is integral for many employees to perform their jobs, and giving workers the freedom to choose their own devices as well as permitting the use of personal devices for work purposes are now concessions made by IT departments nationwide.
A recent report from security firm Bitglass surveyed IT experts, and found that 85% of organizations enable BYOD policies, citing employee mobility (74%) and employee satisfaction (54%) as the top two reasons for allowing BYOD. However, the convenience of BYOD creates a particularly large attack surface for malicious actors to harvest information from these organizations.
Read more about the findings of the Bitglass survey on TechRepublic.
Everyone has seen them: applications that come on many new systems offering services with unfamiliar names, or apps that have familiar names but are offered on sites that aren’t from their publishers. They’re grayware – or “potentially unwanted applications” – and they’re an ongoing issue for computer security.
Grayware’s nature makes it difficult for organizations to keep it away from their systems. “It’s not a technical problem, it’s a classification problem. There is a thin line being malicious or not and the operators play with the line. Which limits what researchers and law enforcement can do,” says Vitor Ventura, senior security researcher at Cisco Talos.
Read everything you need to know about grayware on DarkReading.
A new survey of cybersecurity decision-makers shows that most companies lack adequate safeguards against phishing threats and many don’t fully understand the risks or how widespread the threat is. The survey from phishing site detection company SlashNext reveals that 95 percent of respondents underestimate how frequently phishing is used at the start of attacks to successfully breach enterprise networks.
Only five percent of respondents realize that phishing is the at the start of over 90 percent of successful breaches. And despite multi-level security controls and phishing awareness training for employees, most organizations remain unaware of their increasing vulnerability to these threats.
Read more about the findings of the SlashNext survey on BetaNews.
For most organizations, it’s time to put modern hardware threats into perspective. This year has had its share of hardware scares. We kicked off 2018 with the Spectre and Meltdown attacks; most recently, a Bloomberg BusinessWeek report detailed how Chinese plants implanted network monitoring and control chips on motherboards made for Supermicro.
Hardware technology – and, consequently, hardware attacks – have come a long way as devices have grown smaller, faster, cheaper, and more complex. Attacks that used to cost thousands of dollars can be done for a few hundred bucks or less. Now people panic when a report describes an implant the size of a grain of rice, one which is allegedly everywhere but nobody can find it.
Read how to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex on DarkReading.
As the business world embraces digital transformation, it is simultaneously embracing the power of data and its impact on employees, end users, and customers. However, many organizations are seeking to leverage data without understanding its full implications, thereby putting their company at risk.
A recent PricewaterhouseCoopers (PwC) report sought to examine the current state of the enterprise in regard to issues like cybersecurity, privacy, and digital trust. The report found some key trends that can help business leaders stay safe in the digital age.
Read about 10 areas where companies can improve their processes and workflows to boost the security of their organization when undergoing digital transformation on TechRepublic.
If data breaches were a film genre, third-party cyber-risk would be the talk of producers and casting agents; it’s where the money is. Third-party breach scenarios dominate the headlines. The scares are all different — compromised health records, weapons designs, or automakers’ trade secrets — but the plot is the same: leaked and stolen files via compromised contractors, supply chains, or business partners.
The ephemeral specter of third-party cyber-risk haunts the C-suite. Leaders complain they can spend untold sums and time ratcheting down their company’s internal security measures only to see their data and reputation suffer the consequences of errors and carelessness at other companies.
Read about how to confront third-party risks on DarkReading.
There are two types of organizations: those that have been compromised and know it, and those that have been compromised and don’t know it. That (and the anxiety of whether data is being stolen or changed) keeps CIOs awake at night. As recent ransomware attacks are making news globally for their mounting costs, it’s obvious that once they’ve been hacked, these organizations discover there are deeper problems in their infrastructure or security hygiene that ransomware has exploited.
Avoiding ransomware problems boils down to three basic approaches that apply in general to both private and public sector organizations: good cyber hygiene and user training, best practices, and routine testing of backup and recovery plans.
Read more about how to reduce the threat of ransomware on DarkReading.