Few concerns keep business leaders up at night like the threat of a cybersecurity incident. With the average cost of a data breach exceeding $4 million for the first time and public sentiment, regulatory requirements and practical functionality firmly against companies that can’t protect their digital landscape, many leaders are reprioritizing cybersecurity in response to this increasingly urgent reality.
According to Gartner’s 2021 CIO Agenda Survey, cybersecurity is the top spending priority for 61% of leaders as they work to address rapidly shifting risks and responsibilities.
The majority of modern cyber-attacks result from unintentional human error and poor cybersecurity etiquette. For this reason, many well-known attacks, such as ransomware, often use social engineering techniques. This means cybersecurity software and policies lose much of their effectiveness if undercut by poor cyber-hygiene. Companies must treat cybersecurity as a team effort, combining secure individual behaviors and awareness through clear and simple policies. This can be achieved through cultivating a strong cybersecurity workplace culture.
The health care industry has been on the front lines a lot lately. Along with helping control the effects of COVID-19, it has been a prime target for ransomware. In a 2021 survey conducted of 597 health delivery organizations (HDOs), 42% had faced two ransomware attacks in the past couple of years. Over a third (36%) attributed those ransomware incidents to a third party, such as what happened earlier this year with Kaseya. The effects go beyond stolen health care data, although that is important, too. What does it mean when a health care organization faces an attack? And what can they do to protect themselves?
A team led by NCITE researcher Erin Kearns recently won a nearly $136,000 grant from the Department of Homeland Security Science and Technology Directorate to study how police departments screen for and identify insider threats in the hiring process and among active officers.
“Our hope with this project is to better understand how departments screen for potential insider threats and to share those practices with the broader law enforcement community,” said Kearns, a University of Nebraska at Omaha criminologist who sees the potential for collaboration with law enforcement.
The legal entanglement of the entrepreneurial U.S. Navy engineer, Jonathan Toebbe, who hoped to parley sensitive nuclear submarine secrets into a cool $5 million is now in hiatus as he sits in a West Virginia jail cell awaiting his December trial. We can only imagine the discussions within the Navy’s information security teams upon learning some of the most sensitive of secrets were hand carried out of classified environments, back to the residence of the employee, and then passed on to an unauthorized third party. The epitome of insider threat realized.
Those involved in the commercial side of mitigating insider threats are almost universally agreed that an individual’s proclivity to lift proprietary secrets from their place of employment increases as they inch closer to separation or departure. Court documents certainly appear to paint a picture of Toebbe hoping to score an extraordinary payday and separate from employment with the Navy. Whether overt acts also signaled to his colleagues and leadership that he was contemplating an exit is not known.
Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.
Specifically, the attackers compromised GoDaddy’s Managed WordPress hosting environment – a site-building service that allows companies and individuals to use the popular WordPress content management system (CMS) in a hosted environment, without having to manage and update it themselves.