By:
On:
In: *Connecting the Dots Blog*, Hackers, Information Security, Risk Management

Cybercrime Gangs and Cybercrime for Hire – Are You Sure Your People Are Ready for This? According to BankInfoSecurity.com, Cybercrime Gangs are hiring! Cybercrime gangs are hiring hackers who can “send ‘violent and graphic’ emails and text messages to schoolchildren’s parents, blackmail healthcare organizations, manufacturers, technology companies and law firms, or leak unaired episodes of “Orange is the New Black,” preferably while also being fluent in Arabic, Chinese or German”. On the darknet cybercrime forum, there are hacking service offerings for hacking web server, setting up keylogger software, DDOS, hacking personal computers, hacking cell phones, hacking email or social media accounts, changing school grades, andRead More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Information Security, Prevention

It’s Patient Safety Awareness Week (March 11 – 17), are you sure you’re doing everything you can to keep your patients safe and ensure they are receiving the best care they can? The evidence from the tragic attack at the Veterans Home of California in Yountville mirrors similarities we have seen in hundreds of other previous attacks. The similarities exposed involve failures with “Connecting the Dots”. Clearly, more than enough “Dots” (warning signs, resources, etc.) were available to disrupt the escalation of evil but again the warning signs (“Dots”) were missed or not acted upon by the appropriate team or community member. By not ConnectingRead More →

By:
On:
In: *Connecting the Dots Blog*, Connect the Dots, Information Security, Regulatory Compliance

Connecting the dots with Cyber Security failures…Why are so many Cyber Security failures occurring? The data doesn’t lie.  The 2018 Global State of Information Security Survey from PwC surveyed 9,500 executives across 120 countries which helps explain why so many organizations and failing to prevent Cyber Security incidents: 48% of the 9,500 executives said they do not have an employee security awareness training program 54% of the 9,500 executives said they do not have an incident response process The Equifax breach exposed why PATCHING systems is critical and costly if you fail. (see VIDEO here) I also shared the DAM Analogy for why PATCHING yourRead More →

By:
On:
In: *Connecting the Dots Blog*, Hackers, Human Resources, Information Security, Risk Management, Security

ONGOING PATCHING is one of the BEST ways to prevent expensive and embarrassing information security breaches. Equifax failed to PATCH a server and it led to 143 million of Americans (perhaps even you and me) having their sensitive information exposed to cybercriminals. Two top Equifax IT executives have stepped down (and were called out by name in negative headlines) because they failed to make sure the ONGOING PATCHING of their servers took place in a timely manner to prevent hackers from gaining unauthorized access to sensitive information. Equifax is just one of thousands of organizations that have failed to make sure ONGOING PATCHING is takingRead More →

By:
On:
In: *Connecting the Dots Blog*, Hackers, Information Security, Prevention

You can’t prevent hackers and hacker threats, but you can prevent breaches like this! When you fail to apply the latest patches to your Systems, and when you fail to update People about new threats…you create GAPS for hackers. Hackers are like cockroaches… they only need one small GAP and they are in your Systems! Applying System patches to eliminate vulnerabilities and GAPS is not that difficult, however, it takes discipline to make System patches a priority and it requires ongoing awareness to know when System patches are available to be applied. WannaCry is an expensive and embarrassing lesson learned (a global lesson learned) forRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

  In my 30+ years of performing risk, vulnerability and threat assessments, I have always advised my clients to be really careful with whom they hire to for “maintenance and cleaning crews”.  This news about the Target data breach validates my advice.   According to news reports, the hackers that pulled off one of the largest and most expensive data breaches ever, did so by stealing/hacking credentials from Target’s HVAC subcontractor.  Once the hackers had the HVAC subcontractor credentials, they had access to Target’s network and were able to place their sophisticated malware…and you know the rest of the story.   This ‘Connecting the Dots’Read More →

By:
On:
In: *Connecting the Dots Blog*, Financial, Information Privacy, Information Security

  Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users. Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users. Strike 3:  A third incident took place with the leakage of 2500 users’ names and addresses.  SONY admitted that this breach was due to human error on the part of their system management team. In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or maliciousRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Financial, Human Resources, Information Privacy, Information Security, Regulatory Compliance, Risk Management

  Recent attacks continue to show that spear phishing is quickly emerging as one of the society’s greatest threats.  Technology alone is NOT going to solve this problem.  It is critical for consumers to be more vigilant and aware of what they are clicking on, sites they are visiting, e-mails they are responding to, etc. Lessons Learned:  Financial insitutions should make consumer education a higher priority.  Awareness training, handouts, seminars, etc. can be a great way for organizations to connect with their customers, improve trust, enhance reputations and help prevent potential incidents, breaches, lawsuits, etc. down the road.  Security awareness training and education can become aRead More →