Bay of Plenty DHB Target of 10 Cyber-Attacks per Second*:
- The Bay of Plenty District Health Board in New Zealand has been forced to protect itself from cyber-attacks from Russia and the Ukraine
- Newshub can reveal the small DHB is fielding up to 864,000 potential cyber-attacks per day - that's as many as 10 a second.
- Bay of Plenty DHB is specifically protecting itself from what it calls "sources of high-levels of cyber-attacks" naming Russia and the Ukraine as examples.
- In the UK last year, hospitals were crippled when computers were infected with ransomware, throwing the entire health system into crisis.
- In New Zealand the Ministry of Health has been fighting off up to 1.7 million attacks a week - about three times fewer than the BOP DHB.
- Some hackers tend to target smaller organizations because they’re an easy target.
- The large number of attacks have prompted the DHB to implement phishing exercises to test staff on their cyber security awareness.
- Unfortunately, over 100 staff failed the last test, going into the link provided and inputting their details.
- They are taking this threat very seriously and continuously looking for ways to increase cyber awareness and cyber safety amongst the 3300+ staff.
- Cyber-attacks are an unfortunate reality for any major institution, but are of particular concern for DHBs where patient safety and patient data security are paramount.
*Source: News Hub, July 20, 2018
British Airways Asked Customers to Post Personal Information on Twitter to Comply With GDPR*:
- Complaining about airlines on Twitter is a universal pastime for disgruntled travellers, and yet somehow British Airways has managed to turn the activity into a data privacy debacle of its own doing.
- A security researcher discovered that the airline’s social media team was demanding customers post a trove of personal information publicly on Twitter, so it could help investigate customer service claims.
- That included passport numbers, full addresses, and other sensitive info.
- Even weirder, the airline kept insisting this was to “comply with GDPR,” which is the General Data Protection Regulation – the EU’s new widespread consumer privacy law.
- So it doesn’t make much sense why British Airways would require customers to post their personal information on Twitter for all to see just to get assistance about a missed or delayed flight.
- After some users complained about the airline’s bizarrely worded request, it began altering its replies to say that customers should DM them the info instead.
- But there’s nothing about GDPR that should imply it involves asking people to post personal information to Twitter.
- Making matters worse for British Airways, the researcher found that British Airways uses tracking cookies when you check into flights on a web browser that then sends your personal information to third-party sites.
- This is a violation of GDPR, the same GDPR that British Airways’ social media team thinks it’s complying with by asking people to post personal information on Twitter.
- Now, while it’s well understood that GDPR is confusing and takes some time to parse, it seems like there’s a more profound misunderstanding going on over at British Airways.
*Source: The Verge, July 20, 2018
How Much Does a Data Breach Cost*:
- Data breaches are a terrifying reality for every company that does business on the internet—which is all of them.
- No matter what endpoint protection, encryption, and security you put in place, there's always a chance your sensitive customer information might be part of the next trove of data to leak online.
- There are all sorts of things not to do when your poor server is the one that's breached, but one way or another, it's going to cost you.
- According to a recent study, in the US, the average incident could cost a company upwards of $7.9 million.
- The 13th annual report found that the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million, and the average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148 per record.
- The US notched the highest average data-breach cost in the world by a wide margin.
- The next most expensive average cost by country is Canada at $4.74 million, followed by Germany at $4.67 million, France at $4.227 million, and the UK at $3.68 million.
- A big question a year from now will be how the implementation of GDPR and its strict penalties related to data-breach disclosure will affect these numbers, not only in EU countries but around the world.
- One thing companies can do to decrease risk is to protect themselves by correcting avoidable mistakes.
- While the majority of data breaches cited in the report were the result of hacking, a staggering 25 percent of breaches came down to simple human error.
*Source: PCMag, July 19, 2018
Survey: Most US, EU Companies Will Comply With GDPR by Years End*:
- Almost two months after the launch of the General Data Privacy Regulation (GDPR), nearly three-quarters of US and European companies say they will be compliant by year’s end — but only 20 percent believe they are now.
- A new report based on a survey of 600 IT and legal professionals (equally distributed between the US, the UK and the EU) found that fifty-three percent say they are in the process of implementing the regulation.
- Many complying companies are applying GDPR practices to all of their customers and visitors.
- The survey also found that compliance efforts are “motivated more by a desire to meet customer and partner expectations than by fear of fines or lawsuits.”
- Eighty-seven percent of respondents said that “privacy will become even more important at their companies.”
- Half of the respondents do not intend to wait for GDPR certification, but will instead acquire third-party validation.
- As many as 65 percent of those surveyed view GDPR as having a positive effect on their business,” despite the difficulties in becoming compliant.
- Only 15 percent view the GDPR as having a negative impact on their business.
- Compared to a similar study from August of last year, these stats represent tremendous movement toward GDPR compliance.
- The earlier report found that only 38 percent of respondents in the US had completed or were in the midst of GDPR compliance, compared to 66 percent now.
- In the UK, 37 percent were completed or in progress as of last August, versus 73 percent now.
*Source: Martech Today, July 17, 2018
U.S. National Intelligence Chief Sounds Chilling Alarm on Cyber Attacks *:
- America’s director of national intelligence, Dan Coats, has issued a disturbing “red alert” about a dangerous new level of cyber warfare on the U.S.
- The danger signs are as serious as early warnings of the 9/11 attacks that were ignored, Coats said at a recent conference.
- Russia has been “the most aggressive foreign actor, no question and they continue their efforts to undermine our democracy.”
- China, Iran and North Korea also continue to wage cyber warfare on America.
- Targets include federal government agencies, the military, state and local governments, business and academia.
- Coats said Russia’s intent to undermine our basic values, undermine democracy, and create wedges between us and our allies is disturbing.
- Intelligence officials have seen aggressive attempts, including by those “masquerading as Americans,” to manipulate social media and to “spread propaganda focused on hot-button issues that are intended to exacerbate socio-political divisions.”
- Coats urged Americans to “verify the credibility of the sources of information upon which they base their decisions.”
*Source: Huffington Post, July 15, 2018
Phone in the Right Hand? You’re a Hacker!*:
- Hackers are finding it too easy to circumvent traditional cyber defences, forcing businesses to rethink their security strategies.
- Many firms are now harnessing big data and adopting cutting edge verification checks.
- In fact, some can even identify you by how quickly you type your computer keys or how you hold your mobile phone.
- There are some aspects of this shiny, computer-powered era that look more feudal than futuristic.
- Consider the way many organisations protect themselves and their staff from cyber-attacks: many approach cyber-security like a medieval king would have tackled domestic security – by building a castle to protect themselves.
- The high walls, moat and drawbridge are the security tools, anti-virus and firewalls they use to repel the barbarians at the gates trying to breach their cyber defences.
- But now that castle metaphor is really starting to break down.
- Outer Defences: The first issue is mobility. Digital fortifications worked well when all staff sat at desks, used desktop computers and were concentrated in a few buildings.
- The second problem is that many firms wrongly assume that those in inside their castle walls can be trusted and are "safe,” but this leave many firms dangerously exposed.
- Typically, once attackers have penetrated a trusted network they find it is easy to move laterally and easy to get to the crown jewels because all the defenses point outward.
- Tumbling Walls: In a bid to get beyond this outdated thinking, many organizations have torn down the old castle walls in favour of a model known as the “Beyond Corp” approach.
- Beyond Corp assumes every device or person trying to connect to a network is hostile until they are proven otherwise.
- This encompasses obvious stuff such as login names and passwords, as well as where someone logs in from; but it also relies on far more subtle indicators.
- It can be how quickly do you type the keys, are you holding the device in your right or left hand.
- As familiarity with big data sets has spread, many more big firms are adopting the Beyond Corp approach when organising their digital defences.
- One big advantage is that Beyond Corp turns a firm's network into an active element of defense.
- Beyond Corp approaches can also mean a significant reduction in time to detect threats.
- The industry average is about 100 days to spot threats, but with Beyond Corp you should be down to hours not days.
- This approach also usually involves dividing up a company’s internal network, so users only get access to applications they are approved to use.
- Advances in automation are increasingly helping companies keep a handle on the millions of events that now occur on their systems.
*Source: BBC, July 13, 2018