breach

Home/Tag: breach

Losses due to recent strains of ransomware; Option A= $62million? or Option B = $310million?

Both sound like bad options, but the choice is obvious. The recent reports of “Bad Rabbit” attacks have put ransomware top of mind in the cybersecurity world. Bad Rabbit is certainly not the first of its kind; in fact, it’s not even the first this year. The ransomware dubbed “Petya” was first discovered in 2016 and morphed into the still more dangerous “NotPetya” in March of 2017. NotPetya wreaked havoc for thousands of users worldwide, taking advantage of weaknesses in [...]

What should you do right before you’re breached?

“I am convinced that there are only two types of companies: those that have been hacked and those that will be.”         -Robert Mueller, Former FBI Director There is a simple first step to preparing your company for a breach at no cost. Malicious cyber techniques are becoming more and more sophisticated every day, and as they do, incident prevention becomes more and more difficult. The likelihood of experiencing a breach is higher than ever. Incident Response is a [...]

Is Cyber Risk Management Like Seat Belts of the 70’s?

In light of the recent string of large-scale cyber attacks we’ve been hearing about in the news, there is an important conversation to be had. Do we care enough? Why have Equifax, Deloitte, and others been able to continue about their business with relatively little consequence amidst devastating security breaches? Has the increasing frequency and scale of cyber attacks desensitized us to the gravity of such breaches? For every cyber attack we see in the news, there are thousands more [...]

Breach Notification Laws Are Being Enforced

First HIPAA enforcement action for lack of timely breach notification settles for $475,000 In a landmark case, federal regulators have issued a $475,000 financial settlement and corrective action plan for Presence Health regarding its tardy notification for a paper records breach that affected approximately 800 individuals. The Director of the Department of Health and Humans Service's Office for Civil Rights (OCR), which enforces HIPAA, noted that companies "need to have a clear policy and procedures in place to respond to [...]

The BEC – Not Your Grandfather’s Phishing Scheme

The BEC - Not Your Grandfather’s Phishing Scheme The FBI has reported cyber criminals are using new tactics to steal millions from US companies. The schemes target companies that do business overseas, and use wire transfer of funds on a regular basis. The schemes is called a Business Email Compromise. As the name implies legitimate business emails are compromised through social engineering or direct cyber attack. This information is then used to make fraudulent wire transfers to banks, usually in [...]

2017-06-22T20:19:37-04:00By |Tags: , , , , , |

Police Pay Ransom

Looks like CNN’s prediction that 2016 will be ‘The Year of the Ransomware’ is coming true, and in spectacular fashion. Cyber criminals are targeting the most unlikely of victims: local U.S. police departments!  (http://www.nbcnews.com/news/us-news/ransomware-hackers-blackmail-u-s-police-departments-n561746)   The attacks are based out of Eastern Europe. Since 2013 departments in seven states have reported attacks. NBC News reports that five Maine police departments were locked out of their records management systems last year. Departments in Alabama and New Hampshire were also breached, but [...]

How much does a cyber breach cost?

How much does a data breach actually cost? IBM sponsored the Ponemon Institute to research (the report can be viewed at http://www-03.ibm.com/security/data-breach) and answer the question "What is the cost of a cyber breach in 2015?" The research encompassed over 350 organizations across 11 countries. The question is a complex one, with many interconnected factors such as: Size of the company: small, medium, large, enterprise Industry of the company: retail, healthcare, manufacturing, etc. Regulations that apply to the specific industry [...]

2016-03-14T18:10:14-04:00By |Tags: , , , |

Main Line Health Victim of Spear Phishing Attack

Main Line Health was reported to be the latest victim of a spear phishing attack that resulted in the exposure of its employees’ personal information. On February 16th, a Main Line Health employee received an email that appeared to be from a sender they recognized. This is what prompted the response that led to the current investigation. Layer 8 Security spoke with NBC 10 Philadelphia yesterday to provide more input around the situation and what people can look for to avoid [...]

2017-06-22T20:19:40-04:00By |Tags: , , , |

Identity Protection for Those Affected by the OPM Data Breach

Layer 8 Security specializes in improving the cybersecurity posture of companies big and small, but we also strive to protect individuals as well. In keeping with our "sheepdog" mentality, I want to broadcast some important information to individuals affected by the Office of Personnel Management (OPM) data breach. If you were not one of the 21.5 million individuals targeted in the widely publicized OPM data breach announced this past June, there is a high chance that you are related to or [...]

What’s the deal with LifeLock?

I often get questions from friends and family about LifeLock, an identity theft protection service - what it's all about, whether I use it (I don't), how effective the LifeLock services are, etc. Ironically, about a week and a half ago, LifeLock agreed to pay $100 million (see here) for allegedly breaching a FTC order by: "Failing to establish and maintain a comprehensive security program to protect its customers' sensitive personal information, including Credit Card, Social Security, and bank account [...]