12 Days of Cyber Security
Cyber Security Hub looks back at 2018 with 12 pieces of content that will inspire your cyber security journey
Cyber Security Hub: Best of 2018
2018 was a busy year for cybersecurity and 2019 will be no different. From rampant company-wide data exposures to alleged Russian grid hacking, and successful spearfishing attempts against top US Universities. It seems corporate and critical infrastructure cyber defense isn't improving fast enough.
Indeed, it has been a year fraught with cybersecurity drama. Fortunately, the Cyber Security Hub has been following the biggest stories, providing exclusive commentary and analysis on global cyber issues, through interviews, whitepapers, webinars and more.
So, we've rounded up 12 of our best pieces of content from 2018. Whether you missed an article from our "Incident of the week" series, or if you want to re-visit one of our most viewed reports, this run-down of CS Hub's best content of the year will be instrumental for your cyber security plans.
Day 1: 90% Of Healthcare IT Pros Raising Cyber Security Budget
Yet again, cybersecurity has made its presence known in the health sector as a high priority. Infact, Health systems executives placed it as a top priority for 2018, ahead of artificial intelligence (AI) and other burgeoning technologies.
The results come from a survey called “Top of Mind for Top U.S. Health Systems 2018,” carried out by the Center for Connected Medicine in partnership with the Health Management Academy. In the report, nine out of 10 leaders in healthcare indicated that they will increase the cybersecurity technology spend in the new year, a move which will allow them to stay ahead of new and evolving threats.
Outside of cyber security, the report also polled: consumer-facing technology, predictive analytics, virtual care and AI. Check out the full article for more insight.
Day 2: Budgetary Foresight: 3 Essential Cyber Security Programs For 2019
Unfortunately, according to Willis-Tower-Watson, “Among executives, there is little consensus on how to allocate cyber budgets” – but very close responses were given between "technology to harden cyber-defenses" and "IT talent acquisition and skills training/development.”
Be ready for 2019 budgetary questions and planning by starting early and investigating essential cyber security technologies, instead of a panicked, late-night whirlwind of RFPs and industry reports. This article delves into a proactive & practical preparation for next year with three top priorities and a guide on how to approach each one:
- Mitigating Insider Threats
- Quickly Identifying Breaches
- Securing Application Passwords
Day 3: Incident Of The Week: British Airways Breach Leaks 380K Transactions
In this edition of “Incident of the Week,” we examine a recent data breach at British Airways (BA), which is the flag carrier and largest airline in the U.K.
A reported 380,000 transactions made on the BA website and mobile app from Aug. 21 – Sept. 5 were compromised in the recent incident, prompting industry leaders and cyber security experts to warn consumers and enterprises about the threat of attacks across a number of industries. Check out the full article for more analysis on this incident.
Day 4: Incident Of The Week: Phishing Scam At Pa. Bank Exposes 50K Accounts
In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent. This edition of “Incident of the Week” brings us to Shippensburg, Pa., in the state’s southern section. Here, the regional Orrstown Bank was hit with a cyber-attack; two employees were reportedly duped into phishing scams, thus exposing the information of nearly 55,000 customers.
The bank’s security team reportedly terminated the outside access and reviewed bank systems. In the wake of the attack, law enforcement was notified and Orrstown consulted forensics experts to analyze the breach. These experts also reportedly determined what information was contained in the related emails. Check out the full article for more analysis on this incident.
Day 5: California’s New Data Privacy Law Rivals EU’s GDPR
Since May 25, 2018, and the rollout of the European Union’s General Data Protection Regulation (GDPR), and even before, data privacy has been top of mind. A part of that sentiment has carried over to the U.S. with the passing of California’s Consumer Privacy Act (CCPA). In this article, we examine the similarities between the two.
The law provides protections for consumer privacy and echoes GDPR in many ways. Its breadth is wide, as it will affect any business which collects personal information from those in the state when it goes into effect in 2020. This article provides a guide to the CCPA, as we examine the protections it entails, similarities to GDPR, loopholes, and its future application.
Day 6: APIs: Cyber Security’s Emerging Threat Vector
In this article, we examine the new – and pervasive – threat vector, APIs. APIs allow for distinct interaction between levels of software. They also allow for easier program development and can be utilized for web systems, operating systems, databases, hardware or software libraries.
According to a recent survey of 250 IT professionals conducted by Imperva, there has been a heightened concern for cyber security risk related to API use. It reads: “Specifically, 63% of respondents are most worried about DDoS threats, bot attacks and authentication enforcement for APIs.”
Day 7: Incident Of The Week: Indian Bank Loses $13.5M In Costly Cyber-Attack
In this edition of “Incident of the Week,” we examine a cyber-attack on an Indian bank that found nefarious actors lifting 944 million rupees, or $13.5 million. The heist, at India’s Cosmos Bank in the nation’s western city of Pune, came via simultaneous withdrawals across 28 countries on Aug. 11.
In a statement on the cyber incident, Cosmos Bank said a “switching system” used to process debit card payments was circumvented amid in the attack. The institution stated: “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system.”
Day 8: Cyber Security & AI: Intersecting Needs With Innovation [Report]
Artificial intelligence (AI) is poised to make rapid advancements in the near future. As these technologies proliferate, however, the dilemma becomes how the tools can shape the future of cyber security, and the specific practices as they related to the enterprise.
In this Market Report, entitled "Cyber Security & AI: Intersecting Needs With Innovation," we'll examine some of these challenges, along with:
- Understanding the need for AI
- The biggest challenges as the technologies progress
- And AI's move to "mainstream"
Day 9: Incident Of The Week: Cosco Shipping Faces Ransomware Attack
In this edition of “Incident of the Week,” we examine a cyber-attack on the American region of China’s state-run shipping company, Cosco Shipping Holdings, Co. It’s not the first time a top, global shipping company fell under the crosshairs of black hats either, as last year Danish shipper A.P. Moller-Maersk fell victim to the NotPetya malware strain.
The cyber-incident has been chalked up to a “local network breakdown” in the Americas region, which impacted email and telephone. In a remedial step, the company cut communications with other regions, although operations were maintained. Check out the full article for more insight.
Day 10: 2018 Global Report: Cryptocurrency’s Role In Cyber Attacks
As ransomware continues to place added pressure on CISOs and the remaining enterprise security staffers, cryptocurrency payments appear to be the transaction method of choice. But the question remains: Do enterprises of all sizes – SMBs, large enterprise – hoard bitcoins so that their response time is minimal if they’re struck with a service-denying, data-stealing ransomware incident?
We have brought together four industry experts to provide an in-depth overview and analysis of burgeoning ransomware threats. Each has led various initiatives in the cyber and crypto spaces, and now they are imparting that wisdom to Cyber Security Hub’s readers. They cover the following:
- Ransomware & Cryptocurrency: How Two Intertwined Ecosystems Grow Together
- ‘Crypto-Haze’: Enterprise Policy Around Digital Currency Security
- Holistic Costs Associated With A Ransomware Attack
- Building A Better, More Secure Infrastructure To Invest In Digital Assets
Day 11: Incident Of The Week: T-Mobile Data Breach Impacts 2M Customers
In this edition of “Incident of the Week,” we examine a pervasive data breach at the telecommunications provider T-Mobile, affecting approximately 2 million customers. In an advisory on its website, T-Mobile wrote: “Out of an abundance of caution, we wanted to let you know about an incident that we recently handled that may have impacted some of your personal information.
This is not the first time that T-Mobile has fallen under threat-actor crossfire. In 2015, a breach impacting 15 million customers affected social security numbers. Motherboard also notes that in February, the company detected a bug in a T-Mobile site that would’ve allowed for account hijacking. The vulnerability was repaired before being exploited. Check out the full article for more insight.
Day 12: Cyber Security Hub Membership: Just A.S.K. [Video]
The Cyber Security Hub is a thriving digital media outlet assisting enterprise security teams. Its news coverage, analysis and networking makes it a prime destination for cyber security professionals. Interested in learning more about membership? Questions? Just A.S.K.! View this short video clip to learn more about this acronym, along with other site perks.
Indeed, in 2019, cybersecurity will continue to be a major source of investment across all industries. The Fact of the matter is that the cyber threat is complex and constantly changing, and a number of high profile cyber attacks in demonstrating the need for companies of all sizes and across all sectors need to shore up their defenses and face the challenges posed by cyber attackers.
So, be sure to stay tuned for another year industry insight at Cyber Security Hub.