Week of July 20, 2018


Week of July 20, 2018

Bay of Plenty DHB Target of 10 Cyber-Attacks per Second*:

  • The Bay of Plenty District Health Board in New Zealand has been forced to protect itself from cyber-attacks from Russia and the Ukraine
  • Newshub can reveal the small DHB is fielding up to 864,000 potential cyber-attacks per day - that's as many as 10 a second.
  • Bay of Plenty DHB is specifically protecting itself from what it calls "sources of high-levels of cyber-attacks" naming Russia and the Ukraine as examples.
  • In the UK last year, hospitals were crippled when computers were infected with ransomware, throwing the entire health system into crisis.
  • In New Zealand the Ministry of Health has been fighting off up to 1.7 million attacks a week - about three times fewer than the BOP DHB.
  • Some hackers tend to target smaller organizations because they’re an easy target.
  • The large number of attacks have prompted the DHB to implement phishing exercises to test staff on their cyber security awareness.
  • Unfortunately, over 100 staff failed the last test, going into the link provided and inputting their details.
  • They are taking this threat very seriously and continuously looking for ways to increase cyber awareness and cyber safety amongst the 3300+ staff.
  • Cyber-attacks are an unfortunate reality for any major institution, but are of particular concern for DHBs where patient safety and patient data security are paramount.

*Source: News Hub, July 20, 2018


British Airways Asked Customers to Post Personal Information on Twitter to Comply With GDPR*:

  • Complaining about airlines on Twitter is a universal pastime for disgruntled travellers, and yet somehow British Airways has managed to turn the activity into a data privacy debacle of its own doing.
  • A security researcher discovered that the airline’s social media team was demanding customers post a trove of personal information publicly on Twitter, so it could help investigate customer service claims.
  • That included passport numbers, full addresses, and other sensitive info.
  • Even weirder, the airline kept insisting this was to “comply with GDPR,” which is the General Data Protection Regulation – the EU’s new widespread consumer privacy law.
  • So it doesn’t make much sense why British Airways would require customers to post their personal information on Twitter for all to see just to get assistance about a missed or delayed flight.
  • After some users complained about the airline’s bizarrely worded request, it began altering its replies to say that customers should DM them the info instead.
  • But there’s nothing about GDPR that should imply it involves asking people to post personal information to Twitter.
  • Making matters worse for British Airways, the researcher found that British Airways uses tracking cookies when you check into flights on a web browser that then sends your personal information to third-party sites.
  • This is a violation of GDPR, the same GDPR that British Airways’ social media team thinks it’s complying with by asking people to post personal information on Twitter.
  • Now, while it’s well understood that GDPR is confusing and takes some time to parse, it seems like there’s a more profound misunderstanding going on over at British Airways.

*Source: The Verge, July 20, 2018


How Much Does a Data Breach Cost*:

  • Data breaches are a terrifying reality for every company that does business on the internet—which is all of them.
  • No matter what endpoint protection, encryption, and security you put in place, there's always a chance your sensitive customer information might be part of the next trove of data to leak online.
  • There are all sorts of things not to do when your poor server is the one that's breached, but one way or another, it's going to cost you.
  • According to a recent study, in the US, the average incident could cost a company upwards of $7.9 million.
  • The 13th annual report found that the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million, and the average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148 per record.
  • The US notched the highest average data-breach cost in the world by a wide margin.
  • The next most expensive average cost by country is Canada at $4.74 million, followed by Germany at $4.67 million, France at $4.227 million, and the UK at $3.68 million.
  • A big question a year from now will be how the implementation of GDPR and its strict penalties related to data-breach disclosure will affect these numbers, not only in EU countries but around the world.
  • One thing companies can do to decrease risk is to protect themselves by correcting avoidable mistakes.
  • While the majority of data breaches cited in the report were the result of hacking, a staggering 25 percent of breaches came down to simple human error.

*Source: PCMag, July 19, 2018


Survey: Most US, EU Companies Will Comply With GDPR by Years End*:

  • Almost two months after the launch of the General Data Privacy Regulation (GDPR), nearly three-quarters of US and European companies say they will be compliant by year’s end — but only 20 percent believe they are now.
  • A new report based on a survey of 600 IT and legal professionals (equally distributed between the US, the UK and the EU) found that fifty-three percent say they are in the process of implementing the regulation.
  • Many complying companies are applying GDPR practices to all of their customers and visitors.
  • The survey also found that compliance efforts are “motivated more by a desire to meet customer and partner expectations than by fear of fines or lawsuits.”
  • Eighty-seven percent of respondents said that “privacy will become even more important at their companies.”
  • Half of the respondents do not intend to wait for GDPR certification, but will instead acquire third-party validation.
  • As many as 65 percent of those surveyed view GDPR as having a positive effect on their business,” despite the difficulties in becoming compliant.
  • Only 15 percent view the GDPR as having a negative impact on their business.
  • Compared to a similar study from August of last year, these stats represent tremendous movement toward GDPR compliance.
  • The earlier report found that only 38 percent of respondents in the US had completed or were in the midst of GDPR compliance, compared to 66 percent now.
  • In the UK, 37 percent were completed or in progress as of last August, versus 73 percent now.

*Source: Martech Today, July 17, 2018


U.S. National Intelligence Chief Sounds Chilling Alarm on Cyber Attacks *:

  • America’s director of national intelligence, Dan Coats, has issued a disturbing “red alert” about a dangerous new level of cyber warfare on the U.S.
  • The danger signs are as serious as early warnings of the 9/11 attacks that were ignored, Coats said at a recent conference.
  • Russia has been “the most aggressive foreign actor, no question and they continue their efforts to undermine our democracy.”
  • China, Iran and North Korea also continue to wage cyber warfare on America.
  • Targets include federal government agencies, the military, state and local governments, business and academia.
  • Coats said Russia’s intent to undermine our basic values, undermine democracy, and create wedges between us and our allies is disturbing.
  • Intelligence officials have seen aggressive attempts, including by those “masquerading as Americans,” to manipulate social media and to “spread propaganda focused on hot-button issues that are intended to exacerbate socio-political divisions.”
  • Coats urged Americans to “verify the credibility of the sources of information upon which they base their decisions.”

*Source: Huffington Post, July 15, 2018


Phone in the Right Hand? You’re a Hacker!*:

  • Hackers are finding it too easy to circumvent traditional cyber defences, forcing businesses to rethink their security strategies.
  • Many firms are now harnessing big data and adopting cutting edge verification checks.
  • In fact, some can even identify you by how quickly you type your computer keys or how you hold your mobile phone.
  • There are some aspects of this shiny, computer-powered era that look more feudal than futuristic.
  • Consider the way many organisations protect themselves and their staff from cyber-attacks: many approach cyber-security like a medieval king would have tackled domestic security – by building a castle to protect themselves.
  • The high walls, moat and drawbridge are the security tools, anti-virus and firewalls they use to repel the barbarians at the gates trying to breach their cyber defences.
  • But now that castle metaphor is really starting to break down.
  • Outer Defences: The first issue is mobility. Digital fortifications worked well when all staff sat at desks, used desktop computers and were concentrated in a few buildings.
  • The second problem is that many firms wrongly assume that those in inside their castle walls can be trusted and are "safe,” but this leave many firms dangerously exposed.
  • Typically, once attackers have penetrated a trusted network they find it is easy to move laterally and easy to get to the crown jewels because all the defenses point outward.
  • Tumbling Walls: In a bid to get beyond this outdated thinking, many organizations have torn down the old castle walls in favour of a model known as the “Beyond Corp” approach.
  • Beyond Corp assumes every device or person trying to connect to a network is hostile until they are proven otherwise.
  • This encompasses obvious stuff such as login names and passwords, as well as where someone logs in from; but it also relies on far more subtle indicators.
  • It can be how quickly do you type the keys, are you holding the device in your right or left hand.
  • As familiarity with big data sets has spread, many more big firms are adopting the Beyond Corp approach when organising their digital defences.
  • One big advantage is that Beyond Corp turns a firm's network into an active element of defense.
  • Beyond Corp approaches can also mean a significant reduction in time to detect threats.
  • The industry average is about 100 days to spot threats, but with Beyond Corp you should be down to hours not days.
  • This approach also usually involves dividing up a company’s internal network, so users only get access to applications they are approved to use.
  • Advances in automation are increasingly helping companies keep a handle on the millions of events that now occur on their systems.

*Source: BBC, July 13, 2018


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top