Risk

Cyber Threats to Healthcare on the Rise

Hospitals are set up to fight infections, but not necessarily the kind that has been plaguing healthcare institutions lately – malware. A new report estimates that cyber threats against healthcare targets increased 60% since January, surpassing the total number of threats identified in all of 2018. The most common threat targeting the healthcare industry is Trojan malware, which increased 82% in the third quarter from Q2, according to the report by Malwarebytes, Cybercrime Tactics and Techniques: The 2019 State of Healthcare. Most of the Trojan attacks involved Emotet and TrickBot, which are the two most dangerous Trojans around since 2018….

Cybersecurity Is the Top Concern for Midmarket Executives

Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row. The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S….

#ISC2Congress: Global Factors Driving Data Privacy Regulation (Part 2)

By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. In the previous post, we discussed the growing influence of digital authoritarianism, which has now contributed to nine consecutive years of a decline in internet freedoms across the globe. We’ll now turn to two other competing global influences that are further shaping data…

#ISC2Congress: Global Factors Driving Data Privacy Regulation (Part 1)

By Andrea Little Limbago, Chief Social Scientist, Virtru Limbago presented during the Governance, Risk and Compliance track at the 2019 (ISC)2 Security Congress in Orlando. The session, Global Factors Driving Data Privacy Regulation, explained data localization, how it is progressing and what that means for organizations. In two parts, Limbago recounts the information covered in her session. On October 29, the internet turned 50. Despite original aspirations of a free and open internet, the modern internet is increasingly segmented and shaped by political boundaries. Included within broader technological shifts such as 5G, artificial intelligence, and the internet of things, these…

SSCP vs. CISSP Exams: How are they different?

You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation? These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives. In many ways, the…

CEOs: Cybersecurity Will Be a Major Challenge in the Coming Decade

Cybersecurity concerns remain top of mind for global CEOs as they weigh the challenges their organizations will face in the next five to 10 years. A new report by global management consultancy EY reveals that cybersecurity tops the list of concerns for CEOs, along with income inequality and job loss caused by technology advances. The findings in EY’s 2019 CEO Imperative Study confirm earlier research showing that chief executives view cybersecurity threats as one of their most daunting challenges. Adding to the problem, the EY study reveals that CEOs lack confidence in the C-suite’s ability to address these challenges. Only…

Small Businesses Need New Security Solutions but Aren’t Always Sure Which Ones

Small businesses have a real hunger for new cybersecurity technologies, but they don’t always know what they need, according to a new (ISC)² study. When asked what they would invest in if they had the budget for it, some respondents alluded to “better” and “new” solutions but weren’t exactly sure what they would be. (ISC)²’s Securing the Partner Ecosystem report reveals a concern among small businesses about running outdated technology. A comment from one respondent about what the company needs puts it all in perspective: “Phishing attack awareness, and more malware services that are up to date and cutting edge.”…

The Challenges of Raising User Security Awareness

One of the toughest challenges of cybersecurity is to raise awareness among users. Technology solutions are instrumental in achieving a solid security posture, but they only get you so far. There’s always the risk a user will make a split-second bad decision and open the door to attack. User awareness was the topic of a recent (ISC)² webcast, Delivering Security Awareness that Works. Participants shared their experiences in modifying user behavior and the challenges they face on a daily basis to save users from their own potentially harmful actions. User Risks One theme quickly emerged: Cybersecurity teams must be on…

Small Businesses Not the Weakest Link in the Supply Chain, Study Shows

A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business. The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only…