Today’s already vast cyber threat landscape is growing rapidly. Developments in the state of business, commerce, and big data have caused security and compliance challenges—historically concerns for large enterprises—to apply to the small and mid-market. What’s more, data breaches have a growing business impact, as 60 percent of SMBs fail within 6 months of a data breach. This is causing security spending, fueled by the SMB market, to rise to a projected $81 billion just this year.Read More
The healthcare industry just keeps getting hammered by cybercriminals in 2016. The reality for healthcare organizations is that cyber attacks are now part of their everyday business and that the best option is to improve their cyber defenses in order to better protect themselves.
According to the third annual Experian 2016 Data Breach Industry Forecast report, 91% of all healthcare organizations reported at least one data breach in the last two years. What makes them such prime targets is the price of the valuable information they have. According to this same report, “medical records are worth up to 10 times more than credit card numbers on the black market.”Read More
One need only read the headlines to know how insecure company data and networks are these days. Just a few weeks ago, U.S. health insurer Banner Health informed 3.7 million customers and healthcare providers that their data may have been stolen. This has become a fairly common scenario as healthcare records and private data are traded openly on the black market. Thinking through all of the likely attack vectors, it seems almost impossible for organizations to completely secure their intellectual property, customer data, and other corporate records. For example, employees might not know that malware need not be downloaded in a file or executable but simply through clicking on an infected banner ad or even a link in social media. If an organization has a “bring your own device” to work policy, a mobile phone or tablet infected at home can spread easily malware to the corporate network.Read More
Another big name gets added to the list of 2016 data breaches. Yahoo, the multinational technology company, has its hands full as it deals with trying to confirm the possibility of a data breach. The infamous hacker that goes by the tag of “Peace” has listed a cache of what allegedly appears to be 200 million stolen Yahoo user accounts for sale on the Dark Web. Yahoo has already begun a thorough forensic analysis investigation to the determine the validity of the hacker’s claims and promises that it’s taking this breach "very seriously.” According to reports by Motherboard, the cache supposedly contains usernames, passwords, and dates of birth. At this time, the stolen user data is currently being sold for 3 Bitcoins, or around $1,860, and apparently contains records from “2012 most likely,” according to hacker Peace. Peace has also provided a way to unscramble the hashed credentials, making it easier for buyers to use the stolen information once they get their hands on it.Read More
Cybersecurity standards are sets of best practices for protecting organizations from cyber attacks. There are many groups across the world that establish and promulgate their recommended cybersecurity standards. These range from nondecision-making bodies of experts sharing information to treaty-based governmental associations.
The various frameworks each have their own advantages and disadvantages. Starting with the familiar U.S. federal government's approach and then moving on to other standards around the globe, the following introduces three cybersecurity standards or approaches to standards and why they matter for small- to medium-sized businesses.Read More
Silicon Valley is a nickname for the southern part of the San Fransisco Bay Area, a region that hosts many of the world's biggest technology companies, including giants like Facebook and Google. The area increasingly finds itself the target of consumer ire for violating privacy expectations, changing product performance in uncomfortable ways, and more.Read More
In June 2016, Facebook CEO Mark Zuckerberg made The New York Times for covering his laptop camera with tape. The following explains why individuals choose to block their webcam lenses, and why this cybersecurity technique is not enough.Read More
We’ve recently written a number of posts about the role that passwords and strong authentication methods play in security. Locking down logins and implementing access controls has long been a cornerstone of information security. Most information security professional understand the factors that make passwords strong. For a quick refresher, check out our recent post on the subject. In short, a strong password is typically very long; includes numbers, mixed case, and special characters; includes no words or discernible patterns and is definitely not your pet’s name. You should also never reuse the password or use the same password across multiple systems.Read More
CISOs (Chief Information Security Officers) or others who are in charge of a company's cybersecurity face a huge responsibility: they have to keep their firms' IT assets safe not just from malicious insiders and accidental leaks, but also from every hacker around the globe—at a time when more hacking scandals happen all the time.
EiQ has previously discussed the technical, interpersonal, and leadership skills required for CISOs to meet this challenge, and today we add three tips they can follow in order to perform at their best and manage the responsibility of their role.Read More
Passwords may be one of the most misunderstood elements of network security. The critical importance of the role passwords play in thwarting cybersecurity breaches cannot be downplayed or understated. Weak passwords undermine a company’s network. One of the key points of security tools, such as network security monitoring, is to flag unusual (and therefore suspicious) activity on an organization's computer systems. If passwords are so simplistic that hackers can guess them correctly in a normal number of attempts, then cybersecurity software is much less likely to notice and flag these cybercriminals' efforts.Read More