As we enter quarter four of 2021, the idea of disinformation as a cyber threat probably hasn’t percolated to the forefront of concerns of many CISOs. Indeed, a Venn diagram would show no overlap of “disinformation” with the words “CISO” or “cyber threat,” especially in the United States. Yet there is a significant overlap here, and CISOs will be well served to get ahead of the curve.
A few companies have identified disinformation as a threat. Recorded Future CSO Gavin Reid notes how some activist CEOs are taking steps to address the politicization of disinformation, as companies look to third parties to better understand how to counter the arrival of disinformation pointed at their entity or influencing employee actions.
Researchers have found an unsecured database leaking over 886 million patient records online, although it’s now confirmed that this was dummy data.
The exposed data included the date, document type, physician note, encounter IDs, patient ID, note, UUID, patient type, note ID, date of service, note type and detailed note text.
The notes and physician information were stored in plain text. Patient IDs were encrypted, but it’s unclear how strongly.
Almost all (98%) US-based organizations experienced at least one cyber event in the past year, according to Deloitte’s 2021 Future of Cyber Survey. This compares to 86% of non-US organizations.
The study, which surveyed 577 C-suite executives worldwide on their organization’s cybersecurity programs, also found that a huge proportion (86%) of US companies faced increased cyber-threats due to COVID-19. Interestingly, a significantly lower proportion (63%) of non-US executives reported experiencing an increased rate of attacks during the pandemic.
The volume of ransomware attacks over the first three quarters of 2021 reached 470 million, a 148% increase on the same period last year, making 2021 already the worst year on record, according to SonicWall.
The security vendor scrutinized attempts to compromise its global customers over the period and found that each company recorded 1,748 ransomware attacks in the year-to-date (YTD). That’s reportedly nearly 10 per business day.
Duniel Tejeda, formerly of Miami, Florida, acted outside the law while employed as both a project manager and a study coordinator for clinical drug trials at Tellus Clinical Research, a medical clinic based in Miami.
As part of his plea agreement, Tejeda admitted that he entered into an arrangement with co-conspirators to deliberately distort data in medical records. The records that were manipulated by Tejeda were connected with clinical trials intended to evaluate a range of different medical conditions, including opioid dependency, irritable bowel syndrome and diabetic nephropathy.
Today, the array of threats posed to disrupt businesses only intensifies, while the systems and methods organizations use to assess the potential for trouble often fail to keep pace. The result is incomplete intelligence gathering, lack of visibility into the exact nature of threats, and increased risk exposure.
The current list of threats ranges from continuously evolving cyberattacks and business espionage to geopolitical instability and terrorism. Natural disasters, extreme weather, and the ongoing novel coronavirus pandemic compound the matter. Threat actors, for example, have launched ransomware attacks against hospitals, knowing their vulnerability amid expanding patient caseloads due to COVID-19. Against this backdrop, corporate security personnel must safeguard senior executives, employees, intellectual property (IP), supply chains, and brand status to name a few corporate assets.