As medical devices incorporate connectivity, they provide greater opportunities for convenience, service, and information for consumers and companies, but also are increasingly vulnerable to cyber threats. In this environment, Attivo Networks and Becton, Dickinson and Co. (BD) have validated a deception solution for medical technology cybersecurity threats through a partnership bringing Attivo’s Botsink solution to a select number of BD devices. The two firms collaborated through BD’s Product Security Partnership Program and created “mirror-match decoy authenticity” software for some of BD’s devices, a method designed to redirect an attack from reaching important information or networks.
cost of breach
Weebly, a San Francisco-based company that has allowed more than 40 million people create websites with since 2007; will start sending notification letters to all of their customers on Thursday, informing them of a data breach that occurred eight months ago.
The breach, affecting 43,430,316 customers, happened February 2016, but the root cause remains unknown. The compromised database is just now coming to the public’s attention after an anonymous source sent it to LeakedSource.
The cost of poor healthcare security might have just gotten more expensive.
Earlier this month, Phoenix-based Banner Health announced the largest data breach of any hospital so far this year. Hackers gained access to the system’s servers, including those processing credit card information for cafeteria sales, and others containing data from health plan members and beneficiaries, affecting more than 3.7 million patients overall. While reports of breaches such as this one can be embarrassing to a hospital’s senior executives and certainly have an effect on its reputation, those are both “soft” costs. It’s the “hard” costs, the money that can affect the bottom line, that should have hospital administrators and their boards paying closer attention to their security postures…and perhaps their overall cybersecurity budgets.
What makes this story interesting is that Banner Health not only suffered a huge breach, but they are being sued for it.
The aim of the study is to assess the economic impact of incidents that affect CIIs in EU, based on existing work done by different parties, and set the proper ground for the future work of ENISA in this area.
In detail, our aim is to:
Identify relevant studies in the field
Define a proper methodology for reviewing the studies
Extract relevant findings based on the proposed methodology
Deliver the results in form of a systematic review.
Monitoring and analytics firm Datadog has admitted to falling victim to a data breach and is recommending that all of its users change their passwords immediately.
The firm provides cloud metrics for cloud providers across a variety of services, apps and systems while offering a software-as-a-service (SaaS) that can easily integrate with Amazon Web Services (AWS), Microsoft Azure, Java and Google’s cloud platform. Though Datadog’s major partners are AWS, Slack, MongoDB and Fastly.
The firm sent out an email over the weekend in which it warned its users of data breach and recommended they change their passwords if they had been stored on the site. Google Auth and SAML users do not need to do so as they were unaffected by the breach. Datadog also sent a notice to admin users telling them to revoke or change any credentials stored in its system.
The Safe in Police Hands? report, based on freedom of information (FOI) requests, reveals that between June 2011 and December 2015 police officers and staff were responsible for at least 2,315 data breaches.
The greatest number of data breaches were by the West Midlands Police (488), followed by the Surrey Police (202), Humberside Police (168), and Avon and Somerset Police (163).
More than 800 employees accessed personal information for no policing purpose, while data was shared inappropriately or without authorisation almost 900 times, the report claims.
A million and a half customer records have strolled out the door of T-Mobile Czech Republic in an employee’s pocket.
The customer service staffer attempted to sell the datasets but T-Mobile refused to reveal further detailed information, citing an ongoing police investigation.
It is unknown how much of the usual name, e-mail address, account number and so on that the marketing database contained. T-Mobile Czech Republic says only that it did not include location, traffic, or other “sensitive data such as passwords”.
There was also no word on how a single staffer, since sacked, could have had access to 1.5 million records and been able to siphon it off en masse.
Hackers have stolen information relating to around 45 million accounts from VerticalScope, a Canadian media company that runs numerous support forums on various topics. Over 1,000 support forums and online community websites on home, tech and sports have been breached as a result of the hack, leaving millions of users’ records exposed.
The massive breach took place in February but is coming to light only now, thanks to data breach cataloguing site LeakedSource, which got hold of the data and recently analysed it. Popular domains such as Techsupportforum.com, MobileCampsites.com, Pbnation.com and Motorcycle.com were among the sites that were affected by the breach. However, the data stolen does not appear to have been put up for sale on the dark web, as of now.
When security executives design the slide decks for their board room presentation about the financial risks of data breaches, they’d better increase the numbers this year. In two separate studies out today by the Ponemon Institute and Deloitte Advisory, traditional data breach costs are on the rise and at the same time the hidden costs of data breaches are also proving to be far more expensive than experts initially anticipated.
The annual Ponemon Cost of Data Breach 2016 report established its yearly benchmark statistics once again, with evidence that breach costs are going up. Sponsored by IBM, the comprehensive study found that the average cost of breaches at organizations have jumped past $4 million per incident, a 29% increase since 2013 and 5% increase since last year. The study found that average dwell time for breaches stands at 201 days, with organizations requiring another 70 days to contain breaches once they’d been identified.
Among the 288,012 complaints the agency’s Internet Crime Complaint Center received from businesses and consumers (pdf), the most common were so-called Business Email Compromise crimes, scams based mostly around social engineering and computer intrusion: these 7,838 complaints amounted to losses of over $263 million. In many cases, the email accounts of the company’s CEO or CFO were “hacked or spoofed, and wire payments were requested to be sent to fraudulent locations.” (By comparison, DDoS attacks were attributed to just under $3 million in losses.)
Meanwhile, ransomware attacks, which represented $1.6 million in losses in 2015, are becoming increasingly common, reports Steven Melendez. “Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today,” security firm Symantec wrote last year. Overall, the true incidence of cybercrime is likely much higher: less than 15% of fraud victims report their crimes to law enforcement, the FBI notes. AP