‘Accountability framework’ proposed to promote secure health care practices
The CyberPeace Institute’s methodology holds promise, but it must further differentiate itself and overcome enforcement challenges.
The CyberPeace Institute’s methodology holds promise, but it must further differentiate itself and overcome enforcement challenges.
A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada. Now experts are weighing in on the potential ramifications that can befall an organization if security footage is leaked or falls into the wrong hands.
If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes.
The lesson here: malicious actors continue to leverage the combination of automated scanners and scripts to strategically rack up high victim counts, especially when they sense time to inflict damage before patching is running out.
The program is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks.
Current tactics, which seek payouts that are multiple times larger than the average email impersonation scheme, are not terribly sophisticated. But if perfected, the approach could pose a serious threat to the financial investment and privacy equity community.
The incident is another example of why businesses must assess and manage third-party vendor risk.
Infosec thought leaders say that blaming an intern ignores the true roots of the problem, including insufficient credentials policies and access management practices.
“The entire way we perform security in a development environment needs to be rethought.”
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.