September news roundup: Security pros go back to school
September is a busy month. Summer comes to an end and kids head back to school. Throw in a data breach (or 20) and everything gets even more hectic. In the last few weeks, we’ve seen an e-commerce solutions provider, an IP telephony service and countless hospitals suffer security data breaches, compromising the personal information of thousands of customers and patients. Unfortunately, the cybersecurity news doesn’t stop there.
Below are the top five stories that should be on every security and IT pro’s radar as the month comes to a close.
Education now suffers the most ransomware attacks (by Kelly Jackson Higgins, Dark Reading)
IT professionals working for educational institutions might need to go back to school. A recent survey found schools are the No. 1 target for security breaches. One in 10 education organizations are victims of malware attacks, and schools often blame the attacks on the number of people using their networks at a given time. While the education industry’s budget (or lack thereof) to enhance security practices could also be to blame, data-aware auditing is an inexpensive alternative to help track user access and locate sensitive data.
After Illinois hack, FBI warns of more attacks on state election board systems (by Sean Gallagher, Ars Technica)
As the race for the White House heats up, so does the need for increased cybersecurity. In late August, the FBI found evidence that hackers attacked voter registration databases in Illinois and Arizona, potentially exposing the personal information of nearly 200,000 people. Staying secure this election season has not only been a problem for the government, but also app developers. According to Fortune, Donald Trump’s campaign app collects personal information, yet lacks a wall to protect the data and fails to clarify to what extent, and how, it will be used. It’s time for both parties to help enhance data security on the campaign trail.
Over 400,000 sensitive healthcare records leaked on the Dark Web (by Dan Patterson, TechRepublic)
More than 88 percent of all U.S. ransomware incidents occurred among healthcare organizations. It’s no wonder that more than 400,000 sensitive healthcare records have made their way to the dark web.
To avoid adding to these statistics, get a better view of the data for which your company is responsible. Being data aware and maintaining compliance are two easy steps to help protect your healthcare organization from falling victim to a breach or ransomware attack.
Cybersecurity enhancements proposed for financial firms in New York (by Greg Master, SC Magazine)
As the number of cyberattacks on financial institutions increases (more than 75 percent of organizations experience some sort of breach), the state of New York is taking action to prevent more incidents. Under new regulations, banks, credit unions and insurance agencies will be required to adhere to specifically outlined security practices, which include:
- Establish a cybersecurity program with policies designed to ensure the confidentiality, integrity and availability of information systems that perform core cybersecurity functions.
- Designate a chief information security officer responsible for implementing, overseeing and enforcing its new program and policy.
- Protect the confidentiality, integrity and availability of information systems with tactics like annual testing, an audit trail system, periodic reviews of access privilege, cybersecurity training for employees and written incident response plans.
Government is hit by 9,000 security breaches a year – but reporting them remains chaotic (by Danny Palmer, ZDNet)
A new study found U.K. government departments were breached almost a whopping 9,000 times in the last year. Of those, only 14 were reported. This isn’t just a problem overseas. Here in the States, the U.S. Office of Personnel Management (OPM) was under fire for an attack that left more than 22 million people vulnerable. Research determined that human error and outdated technology were to blame.
Subscribe to our newsletter to stay up to date with the latest data security news.Like This