Heightened attention to cybersecurity offensive countermeasures. Cybersecurity has been mostly defense-oriented, but this has never been sufficient. Moving forward, we will see more companies spring up along the lines of Attivo Networks, a leader in deception solutions. Attivo applies deception-based decoy and luring technologies within networks to misdirect attackers and deceive them into revealing themselves. (Disclosure: My firm has invested in Attivo.)
Another key way to restack the deck in favor of organizational victims of cyber breaches is for them to embrace an offensive, as well as defensive stance against threat actors. Among the interesting players in this space is Attivo Networks, a leader in deception solutions for cybersecurity defense. Attivo develops traps and lures – called “honey nets” – to attract an attacker, which can be a human or a bot or an advanced persistent threat. Then it locks up the perpetrator in quarantine within the system and records actions and details for forensic analysis.
Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards from 2017, with them being one of our winners, receiving an overwhelming positive vote from the judges, I wanted to dig into what they are up to a little further and look at them within the purview of the Time-based Security model – could a solution like the Attivo ThreatDefendTM Deception and Response Platform actually deliver a way to slow down the breaches, because, frankly, we’re not yet going fast enough to stop them?
Healthcare data breaches are continuing at an alarming pace, with the second half of 2016 shaping up to have more breach incidents per month, so far, than in the first half of the year.
According to the Protenus Breach Barometer report, while the first six months of 2016 averaged 25.3 breaches per month, the second half thus far has had an average of 39.3 incidents per month, an over-55 percent increase. “While the number of months in this total is small, this trend over the last quarter provides some cause for alarm,” the report authors stated. There were 152 incidents involving protected health information (PHI) or medical health information in the first half of 2016, and so far, in the second half, there have been 118 incidents.
The latest count from the Identity Theft Resource Center (ITRC) reports that there have been 227 data breaches recorded through April 5, 2016, and that more than 6.2 million records have been exposed since the beginning of the year. The total number of reported breaches has increased by 50 in the past two weeks.
The biggest share of the huge jump in exposed records is due to a breach at a division of Verizon Communications Inc. (NYSE: VZ) that provides services to large companies whose data has been stolen. Some 1.5 million records were involved and the data were stolen and resold. According to data security website KrebsonSecurity, the thieves price the entire package at $100,000 and selected chunks for $10,000.
U.S. data breaches in 2015 dropped only slightly below 2014’s record high, with hacking incidents accounting for more than one-third of the breaches, according to a new survey.
Organizations reported 781 breaches last year, the Identity Theft Resource Center said, compared with 783 in 2014. The ITRC, supported by information security firm IDT911, has been tracking breaches since 2005.
Hacking incidents rose 8.4% to a nine-year high of 37.9% in 2015. The next largest category, employee error or negligence, accounted for 14.9% of breaches.
The UK’s Ministry of Defence saw a significant spike in security breaches last year, the government has confirmed.
Figures released in Parliament on Friday revealed that security incidents—including “cyber attacks”—had rocketed almost 40 percent in 2015. Defence minister Mark Lancaster said that the MoD had recorded 2,145 breaches last year, compared with 1,547 in 2014.