Archive for the ‘Data Protection’ category

Seventy four countries hit with WannaCry ransomware

May 14th, 2017

Kaspersky researchers mentioned that tens of thousands of computers are infected in 74 countries worldwide by WannaCry ransomware.

“It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the researchers mentioned.

MalwareTech has published live map for the area affected in the world.

“Russia, Ukraine and Taiwan leading,” Avast researcher Jakub Kroustek tweeted on Friday. “This is huge.”

Major company affected included FedEx, the Spanish phone company Telefonica, the Russian mobile phone operator MegaFon, and the UK’s National Health Service (NHS).

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” NHS mentioned.

Joshua Douglas, chief strategy officer at Raytheon Foreground Security mentioned that the target was vital services like healthcare.

“Organizations are beginning to fully appreciate their exposure to risk, whether from negligent or malicious insiders, the growing attack surface are represented by the Internet of Things, or from the growing number of sophisticated attackers,” Douglas said.

“Healthcare, an industry with mountains of sensitive personal data and lives at stake, should consider security measures that take into account network users in addition to outside threats,” Douglas added. “When dealing with ransomware, advance security protections, basic cyber hygiene, tested disaster recovery plans and employee training are critical to protecting data.”

The attack has devastating impact on the services and systems.

“This is the first time that a worm-link tool has been used in conjunction with ransomware that has created devastating impact against entire organizations,” Fidelis Cybersecurity threat research manager John Bambenek said by email. “Strong and swift patching would have helped mitigate this threat. It has undoubtedly captured the imagination of criminals who don’t want to hold individual machines ransom but to take entire organizations hostage, and surely we will see much more of this in the coming weeks.”

“The fact that a vulnerability developed by the NSA was used in this attack shows the dangers that can happen when this knowledge gets out into the wild even after a patch has been developed,” Bambenek added. “Intelligence agencies will always be developing zero-days, but unlike traditional weapons, these tools can be repurposed quickly for devastating criminal attacks.”

“The intelligence community should develop strong procedures that when such tools leak, they immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild,” Bambenek said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Privacy and Security for Americans

May 12th, 2017

A Recent survey conducted by AnchorFree shows that more than eighty percent of Americans are worried about online privacy and security as compared to previous year.

The bill is passed which allowed companies to collect personal data without permission through ISPs. Ninety-five percent of respondents are concerned about this bill. More than fifty percent people are looking to increase their security for personal data.

The survey also shows that more than 70 percent are employing more ways to protect their data as compared to previous year.

“Our survey finds that the majority of consumers are concerned in the aftermath of the Federal Communications Commission’s rollback of Internet privacy protections,” AnchorFree founder and CEO David Gorodyansky said in a statement.

“As more connected devices emerge and threats to Internet freedom persist, it’s imperative for Americans to learn about online privacy protection options and take personal responsibility for safeguarding their health, wealth and family,” Gorodyansky added. “They otherwise risk the misuse of this data by hackers and third party companies.”

Another survey by TeleSign survey shows that thirty-one percent of consumers have their online life worth of $100,000 or more. Fifty percent believe that businesses are primarily responsible for security.

“Companies make plenty of money with the time and money we invest in them and they should do the same to protect our accounts and personal identity,” one survey respondent said.

A survey conducted by Lawless Research shows that 51 percent faced data breach in the previous year. Forty-two percent suffered financial loss. One-third of the respondents stopped doing business with that companies.

Almost 61 percent changed their password after it was compromised. Seventy percent said that they use reused passwords.

Another survey conducted by EyeVerify mentioned that eighty-six percent believes that biometrics makes logging in apps easier. Also, seventy percent believe mobile apps are more secure with biometrics authentication.

“Most people use some form of biometrics every day, but they want more opportunities to use it to make their lives easier and more secure,” EyeVerify CEO and founder Toby Rush said in a statement.

 ___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Corporate Security Survey

May 10th, 2017

Bromium conducted a survey of 210 security professionals which showed that thirty-five percent have bypassed their own corporate security one way or the other. Ten percent have paid a ransom or hid a breach without letting the team know.

“While we expect employees to find workarounds to corporate security, we don’t expect it from the very people overseeing the operation,” Bromium co-founder and CTO Simon Crosby said in a statement. “Security professionals go to great lengths to protect their companies, but to learn that their decisions don’t protect the business is frankly rather shocking.”

“To find from their own admission that security pros have actually paid ransoms or hidden breaches speak to the human factor in cyber security,” Crosby added.

Another survey conducted by ESET shows that one-third respondents among 400 have not received any form of cyber security training at their organization.

A recent ESET survey of over 400 U.S. adults found that third of respondents hadn’t received any form of cyber security training at their organization. Sixty-two percent said they don’t receive recurring cyber security training.

Participants also provided insights about the cyber security knowledge gaps which includes as below –

Email Threats – 30%

Protecting Mobile Devices – 30%

Smart Device – 29%

Strong Passwords – 16%

A survey conducted by MediaPro shows that seventy percent of cybersecurity risks or novices can be reduced with increased awareness. The study also shows that respondents have less knowledge of reporting, identifying personal information, working remotely, cloud computing, and acceptable use of social media.

“The results of this survey strongly suggest retailers need to rethink cyber security and data privacy as matters of overall risk management, not just check-the-box compliance based on PCI standards alone,” the MediaPro report states. “Retailers limit their employee education to PCI training at their own risk, as threats to an organization’s financial and reputational well-being exist beyond the typical coverage of this training.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Stolen laptop leads to data breach

May 2nd, 2017

Lifespan Corporation recently suffered a possible data breach due to stolen laptop. The device belongs to Lifespan employee. An individual broke into employee’s car and stole laptop along with other items. The employee immediately reported the incident to law enforcement & Lifespan.

As per the website, “Lifespan, Rhode Island’s first health system, was founded in 1994 by Rhode Island Hospital and The Miriam Hospital. A comprehensive, integrated, academic health system affiliated with The Warren Alpert Medical School of Brown University, Lifespan’s present partners also include Rhode Island Hospital’s paediatric division, Hasbro Children’s Hospital; Bradley Hospital; Newport Hospital; and Gateway Healthcare. “

To reduce unauthorized access to the laptop, Rhode Island health organization changed the login credentials for accessing Lifespan system information. Facility found out the stolen MacBook was not encrypted. Password protection was also not present on the system.

The laptop included information of 20,431 patients. Affected information included emails containing patient names, medical record numbers, and demographic information. Lifespan has started notifying the affected patients. Call centre is also established to answer the queries.

Facility mentioned that there is no suggestion or information of data misuse. Also, patient medical records or Social Security numbers were not included in the breach.

Facility is retraining the employees to avoid such incidents in future.

“Lifespan is committed to protecting the security and confidentiality of our patients’ information, and we deeply regret this incident occurred.”

How can you protect data when the laptop is stolen?

Encryption

 Encryption can play a major role in securing your data in case of stolen laptop.

Authentication

Biometrics and two-factor authentication (2FA) increases the security level of your device.

Email security

Your email contains a lot of sensitive information. Emails are auto-opened in the system due to stored password. Remember password or use alternative methods to open email accounts.
Find My Device

Activate Find My Device software on your laptop. It will help you to track the laptop.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Companies planning to implement security-as-a-service model

April 29th, 2017

OPAQ Networks sponsored the recent survey of 301 US-based IT professionals. It shows that 87 percent of participants are planning to use security-as-a-service model. Survey also mentioned that 40 percent of companies manage security through part-time employees, contractors and Managed Security Service Providers (MSSPs).

According to eight two percent participants, the in-house staff spends 20 to 60 hours a week for procuring, implementing and managing a variety of security products.

“The security challenge for mid-tier businesses is multi-dimensional,” 451 Research analyst Daniel Cummins mentioned in a statement. “For these businesses, everything seems to be increasing — attack frequency, compliance requirements, complexity, costs, and the number of security products that need to be managed.”

Three-fourth of participants said that they dedicate between three to five full-time employees to security. The total cost incurred is $178,000 a year. Forty percent believe that the security spending is going to increase by 10 to 20 percent within one year. Seventy-two percent prefer security as service.

“We thought there would be a preference for the ease and simplicity of security-as-a-service solutions, but we were genuinely surprised by both the degree and urgency of the market demand,” OPAQ chief strategy and technology officer Ken Ammon mentioned in a statement.

“MSSPs are and will continue to play an important role in advising and supporting incident response, but this study reveals that MSSPs should look to leverage cloud-based solutions in order to deliver what the market is demanding,” Ammon added.

Survey participants mentioned that they seek cloud-based security functionality which includes data loss prevention, network access control and encryption.

Other survey conducted by Spiceworks and undertaken by Carbonite shows that only  11 percent of IT pros’ time is utilized on IT planning and strategy while 13 percent is utilized on modernizing technology.

“In a time when data threats are more prevalent than ever, it’s important IT teams have the capacity to focus on mission-critical tasks as well as proactively preparing for threats and strategizing ways to innovate their existing technology in order to facilitate a safe and secure organization,” Carbonite chief evangelist Norman Guadagno said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Security Survey For Mobile Data Breach

April 25th, 2017

According to the recent survey by Dimensional Research, Sixty-four percent of security professionals feel that their organisations cannot prevent a breach to employees’ mobile devices.

Highlights of the survey are as below:

Twenty percent had suffered mobile breach incident

Twenty-four percent are not sure of the breach or they can’t tell about it

Fifty-one percent believe that breach to mobile is equal to that of PCs

“Perhaps the high level of concern is based on the frequency of mobile device loss or theft, as well as the limited security measures companies use to protect enterprise mobile devices,” the report states.

More than a third of companies fail to secure mobile devices as required and only thirty-eight percent take help of mobile security solution. Fifty-three percent says that lack of budget leads to a less secure environment. Forty-one said the shortage of resources is the reason.

“The dichotomy of management trying to control costs and security professionals struggling with insufficient tools to repel attackers is not a new story line in most enterprises,” the report notes. “Unfortunately, the story usually ends sadly with a huge, embarrassing event with the press blazing headlines of a costly hack and the company suffering brand damage and loss of customer confidence.”

Ninety-four percent feels that mobile attack will increase in coming time

Seventy-nine percent expect that complexity of mobile security will increase

Twenty percent said that mobile breach can cost $500,000 and 11 percent said it will cost more than $1 million for the companies

“The research consistently revealed that the overall focus and preparedness of security for mobile devices is severely lacking,” Dimensional Research principal David Gehringer said in a statement.

“Security professionals identified the risk of mobile devices, but focus and resources assignment seem to be waiting for actual catastrophes to validate the need to properly prepare their defenses,” Gehringer added. “It’s unfortunate that so many companies have not learned from the past and are doomed to repeat wasted costs and the customer outrage of being breached.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security software, the market leader in the field of mobile data protection. Encryption is performed with the AES 256 bit encryption algorithm.

Illegal Access of Health Records

April 23rd, 2017

Virginia Mason Memorial Hospital employees accessed data which was not included in their job responsibility. Facility found out that 21 hospital employees were involved. The incident has affected 419 emergency room patients.

Facility has immediately sent the notification letters to affected patients. Also, patient record access to the employees is revoked. Hospital conducted an investigation and third party forensic firm is hired to determine whether the data is available in the black market.

Till now there is no indication of information misuse. The hospital’s chief compliance and privacy officer Trent Belliston mentioned that investigators did not find any evidence to believe that employees had any malicious intent.

“No evidence that the information’s being used in an improper way,” said Belliston. “We believe this to be a case of snooping, or individuals who were bored.”

Belliston also mentioned that there is no evidence suggesting this was a targeted attack.

“It was a wide array of patients and information,” Belliston said.

Twenty-one employees are disciplined or terminated based on their extent of involvement. Hospital CEO Russ Myers mentioned that labor and confidentiality laws stop him from naming which employees were part in the security breach or how the employees were disciplined.

Patient medical and demographic information were viewed by the employees. Financial information was not seen.But Belliston mentioned that patient Social Security numbers may have been viewed as it was present on the patient records.

Facility is providing free credit monitoring for all potentially affected patients for two years. Also, a call centre is set up to answer queries.

“There’s the potential for this to happen in a hospital at any point in time,” said Belliston.

“Similarly to how important the safety of the patient is from a physical standpoint, likewise, the security of their information is also of great importance to us, making sure their information is safe,” he added.

____________________________________________________________________________________________

Alertsec is a one-stop provider that offers a cloud-based all-inclusive, pre-configured, ready-to-use computer security service, which also includes comprehensive 24/7 support for all users.

Firms to spend more on cyber security

April 21st, 2017

As per the recent Duff & Phelps survey, eighty-six percent of financial services firms are planning to spend more time and resources on cyber security in this year. In 2016, only 60 percent said they planned to spend more. Also, thirty-one percent mentioned that the cyber security is the top priority.

“Cyber security is at the top of the agenda for financial services firms today,” Jason Elmer, managing director for compliance and regulatory consulting at Duff & Phelps, said in a statement. “In the wake of high-profile cyber attacks, many are anticipating clearer and more punitive cyber security regulation to be implemented.”

“Firms are proactively looking to strengthen cyber defenses as a result, and this is an opportunity for regulators to collaborate with financial institutions to form new rules,” Elmer added. “What’s also clear is that commercial pressures from investors concerned about the security of their sensitive data will accelerate any attempt to improve cyber security measures.”

There is a high cost involved in the case of a breach. Kaspersky Lab conducted a survey of financial institutions. It mentioned that cost of even a single cyber security incident to a financial institution in the U.S. can rise up to $1,165,000.

Other findings of survey include-

Fifty-three percent believe that their top concerns are phishing/social engineering attacks on customers

Thirty-three believe that attack can happen on local/branch office

Thirty-one percent believe that digital banking services can be the target

“Given the substantial monetary losses from cyber attacks, it is not surprising that financial organizations are looking to increase spending on security,” Kaspersky Lab vice president for enterprise business Veniamin Levtsov said in a statement.

“We believe successful security strategies for financial organizations lie in a more balanced approach to allocating resources — not just spending on compliance, but also investing more in protection from advanced targeted attacks, paying more attention to personal security awareness and getting better insights on the industry-specific threats,” Levtsov added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Encryption strategy for enterprises

April 18th, 2017

A Recent survey of Thales’ 2017 Global Encryption Trends Study shows that only 41 percent of enterprises have an encryption strategy which has consistency throughout the company.

Other findings of the reports are as follow-

Forty-six encrypts data on-premise before sending to the cloud

Twenty-one percent encrypts data in the cloud

Thirty-seven percent gave control of keys and encryption processes to cloud service providers

Fifty-five percent believe that compliance is the most important driver for encryption

“The accelerated growth of encryption strategies in business underscores the proliferation of mega breaches and cyber attacks, as well as the need to protect a broadening range of sensitive data types,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

“Simply put, the stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy,” Ponemon added. “Encryption and key management continue to play critical roles in these strategies.”

A different survey conducted by Venafi of more than 1,540 information security professionals shows that twenty-three percent have no idea the extent of decryption and inspection of encrypted data.

“Encryption offers the perfect cover for cyber criminals,” Venafi chief security strategist Kevin Bocek said in a statement. “It’s alarming that almost one out of four security professionals don’t know if his or her organization is looking for threats hiding in encrypted traffic.”

“It’s clear that most IT and security professionals don’t realize the security technologies they depend on to protect their business are useless against the increasing number of attacks hiding in encrypted traffic,” Bocek added.

This survey also showed that 41 percent companies encrypt at least 70 percent of internal network traffic.

“Although the vast majority of the respondents inspect and decrypt a small percentage of their internal encrypted traffic, they still believe they can quickly remediate a cyber attack hidden in encrypted traffic,” Bocek said. “The problem is that attackers lurking in encrypted traffic make quick responses even more difficult.”

“This is especially true for organizations without mature inbound, cross-network, and outbound inspection programs,” Bocek added.

“This overconfidence makes it very clear that most security professionals don’t have the strategies necessary to protect against malicious encrypted traffic.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Hacking of Amazon third-party sellers’ accounts

April 16th, 2017

Hackers use passwords for high-profile breaches to compromise Amazon third-party sellers’ accounts. The attackers stole tens of thousands of dollars from sellers’ accounts. They also posted nonexistent items for sale in order to get more funds.

The incident has affected two million seller accounts on Amazon.com account which counts for more than half of its sales. As per the reports, over 100,000 sellers earn more than $100,000 a year.

Amazon seller Margina Dennis told NBC News about the fraud. She got 100 emails from customers. They were complaining of not getting a Nintendo Switch. The product was uploaded on site through her account by hacker. They also changed the accounts password.

An Amazon spokesman said “There have always been bad actors in the world; however, as fraudsters get smarter so do we. Amazon is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence on Amazon.com.”

Third-Party Risk

CyberGRX CEO Fred Kneip mentioned that hackers are targeting Amazon’s third-party ecosystem for financial gain.

“Amazon is a high-profile example of how increasingly connected businesses have become, but organizations across the world in every industry are undergoing a similar transformation as outsourcing, globalization and the digitization of business expand their digital ecosystems exponentially,” he said.

“Whether it’s one of the world’s largest retailers or a small business, companies need to approach third-party cyber risk as a real threat to their business that needs to be continuously managed,” Kneip added.

AlienVault security advocate Javvad Malik mentioned that third party vendors should look for their own security.

“It is therefore, important that all companies of all sizes have at least a basic level of threat detection controls in place that can alert when unexpected changes occur, or when systems start behaving in an unusual manner,” he said.

“Compromised credentials are the leading attack vectors in cyber breaches, as hackers target networks through trusted third-party suppliers and contractors who likely have less rigorous security than the ultimate target,” Centrify senior director of products and marketing Corey Williams said.

“This certainly won’t be the last time we see third parties being hacked — organizations need to up the security stakes with multi-factor authentication, which requires more than one method of authentication to verify the user’s identity for a login or other transaction, in order to stop the use of stolen credentials,” Williams added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.