Most organizations deploy defenses to reduce the risk of cyber threats entering their environment. But what about the threats that are already inside? Whether the result of malicious, negligent or compromised users, insider threats pose serious business risks, and most organizations just aren’t prepared.
A Florida public hospital system has kicked off the New Year of breaches by reporting to regulators a hacking incident detected in October that involved data exfiltration affecting the personal information of more than 1.3 million patients and employees.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the ransomware-as-a-service model shifted in 2021, the rise of fraud in faster payments and how to prevent it, and one CISO's take on the state of the industry.
The Department of Justice says it's thwarted a Sony Group insider who allegedly embezzled $154 million, converted the proceeds to bitcoin, and demanded a ransom payment to return the money. Authorities say the former Sony employee has been criminally charged in Japan.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This post's chapter is...
As the workplace quickly evolves, people are working from everywhere
and accessing data from anywhere. Suddenly, CISOs must manage not
just external threats but countless risks from within, which always prove
more elusive and harder to detect or prevent than traditional external
ones. While the most common insider...
The U.K. High Court has upheld the U.S. government's request to extradite WikiLeaks founder Julian Assange, after receiving assurances about the conditions in which the 50-year-old would be held. Assange reportedly plans to appeal the ruling.
A medical biller in Florida and an emergency medical technician in New York have each pleaded guilty in two separate federal cases involving the criminal misuse of patient information. One case involved healthcare fraud and identity theft, and the other criminal HIPAA violations.
A former employee of a New York-based technology company, likely to be IoT technology company Ubiquiti, has been arrested for stealing confidential data and extorting his employer for nearly $2 million. If convicted, the suspect faces up to 37 years in prison.
The saying "Penny-wise, pound-foolish" is relevant when we talk to those friendly, knowledgeable finance people about ongoing employee screening due to the dreaded insider threat and the costs associated with it - which leads to us pulling out our hair in utter frustration. This rant is about that.
Pfizer has sued a former employee, alleging she uploaded to her personal devices and accounts thousands of files containing confidential information and trade secrets pertaining to the company's vaccines and medications, including its COVID-19 vaccine, to potentially provide to her new employer.
Compromised insiders are one of the most difficult security risks for an enterprise to manage. A compromised insider is a legitimate user on the network whose account or asset has been commandeered by an attacker without their knowledge.
The attacker then moves around the network as the trusted insider and executes...
A federal grand jury has indicted the owner and manager of several medical testing labs for his alleged connection with more than $100 million in fraudulent COVID-19-related and other healthcare services billing using Medicare beneficiaries' private information.
As the COVID-19 pandemic persists, cybersecurity threats and related risks continue to grow, including ransomware, external threats and especially those involving healthcare insiders, says Denise Anderson, president of the Health Information Sharing and Analysis Center.
In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.