As attacks evolve and become more sophisticated, the industry's response has been to adopt the zero-trust architecture. However, with the rise of zero-trust architecture, we've also seen an unexpected, unwelcome guest: complexity.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The new New York cybersecurity regulations require healthcare facilities to appoint a CISO, implement incident response plans, and to face new breach reporting requirements. They will also have access to a total of $500 million in new funding from the state.
Third party data breach of two relocation services providers may have exposed the passports, financial information and other personal information of Canadian government employees dating back to 1999.
Due to their large membership pools, the rewards programs offered by top brands represent sizable assets. Attacks against rewards programs are becoming more frequent as these customer accounts often fly under the radar as potential targets for cybercrime.
Samsung has disclosed a year-long data breach impacting UK online store customers. The cybersecurity incident which took placed in July 2019 - June 2020 was only disclosed in November 2023.
While cybersecurity practitioners have uncovered many ways that the predictive technology can benefit security teams, threat actors have also been swift to adopt generative AI as the newest tool in their arsenals for launching sophisticated attacks.
New FCC rules will essentially force a new set of procedures and checks on the customer service employees that are targeted by the criminal hackers that engage in SIM swapping.
CISA has released a roadmap establishing four overarching broad goals, with five more specific lines of effort that appear to indicate concrete immediate priorities. Defensive AI cybersecurity measures and plans for critical infrastructure adoption are repeating themes.
Postmeds’ Truepill data breach impacted over 2.3 million individuals and is the subject of a class-action lawsuit alleging the digital pharmacy's negligence.
The McLaren Health Care data breach impacted nearly 2.2 million patient records. The company confirmed the intrusion and unauthorized data access occurred in July-August 2023 and was discovered in Oct 2023. The ALPHV/BlackCat ransomware group claimed responsibility for the apparent ransomware attack.