Weekly Security Roundup #32: Being Loose with Your Online Security Spells Trouble
Not a week goes by without news of a huge data breach or information about a new cyber threat on the loose.
The numbers behind them tell the story of a serious and real need to amplify the efforts of increasing cyber security, both at company and individual levels.
Our contribution to the fight against cyber criminals this weeks includes:
- a story about cyber threats and the very real damage they can do: 7 Cyber Threats That Will Keep You Up at Night
- and a few answers you might have been seeking for a long time: 10 Most Wanted Answers to Popular Cyber Security Questions.
We’re all trying to do our part and make it easier for you to really grasp the importance of cyber security and its implications for your day to day life, no matter if you’re a CEO or work at the local store. We’re all in this together, so that’s why the Weekly Security Roundup is here.
Security articles of the week
1. Cyber criminals now targeting the healthcare sector
A new, huge data breach made the headlines this week: CareFirst confirmed that their database has been breached, exposing 1.1 million customers’ data.
The insurer is the second to take a big hit, after Anthem, another health insurance company, was breached, potentially leaking personal data belonging to its almost 80 million customers.
The situation is dire, especially since a recent study the Ponemon Institute shows that 91% of healthcare organizations and 59% of business associates have experienced a data breach.
This is one more reason to do everything in your power to protect your own data and also know what to do if you personal information is compromised by another entity.
2. Can cyber insurance be a safety net?
For companies, cyber insurance should definitely be on the expense list, given the current landscape. But there’s a catch: you can’t get a payout if you’ve knowingly neglected a security hole or swept a vulnerability under the rug.
So is the case of healthcare provider Cottage Health System, a situation that can set an important precedent when it comes to similar law suits.
Also, cyber insurance may give you some peace of mind, but don’t think of it as a safety net. In case you should lose your data or have your personal information exposed, money will most likely not ease the pain.
3. You have 99 security problems, and Wi-fi is definitely one
Wi-Fi has become a common commodity for most of us. We surely take if for granted, but, most of the time, we ignore the dangers it brings into play.
Just this week, 2 important news have made it around the world.
The first one concerns your privacy: anyone who knows his/her way around cyber security concepts, can easily scan Wi-Fi access points to determine where a person is 90% of the time. And that’s because Wi-Fi information isn’t considered location data(!), so Android applications such as games routinely collect it. Of course this data could be used against you, if it where used for malicious purposes.
The second one is all about cyber security: cyber criminals have engineered a way to hijack routers on a huge scale to spread malware! When a user visits a compromised website or views a malicious advertisement in his/her browsers, the DNS server configured on the router is replaced by a DNS belonging to rogue infrastructure. This way, cyber criminals are able to intercept traffic, spoof websites, hijack search queries, inject rogue ads on web pages and do a lot more. You should definitely read more about this attack!
And there are also two resources I’d like to recommend:
10 Steps to Maximize your Home Wireless Network Security
11 Security Steps To Stay Safe on Public Wi-Fi Networks
4. Cybersecurity is finally on the agenda for most corporate boards
Company boards are stepping up their game in terms of cyber security, and they have a lot of ground to cover. We’ve written in the past about 10 Critical Corporate Cyber Security Risks, but the list goes on and on from there.
Organizations are finally admitting that they’re not prepared to deal with cyber attacks. In fact, 66% of them admitted to this in a recent survey conducted by NYSE Governance Services and Veracode.
Cyber security is finally, really being acknowledged as a corporate risk, and board members are focused on the business risks they incur. Brand damage, data breach costs, intellectual property theft are top concerns, but the actual implementation of the security measures is left to the specialists.
And it’s no wonder that this seemingly sudden focus on cyber security has come to light: the average total cost of a data breach worldwide jumped a whopping 23% in 2014, reaching an astounding $3.8 million!
If you’re new to this, we have a recommendation to help you ease into the cyber security context: the Corporate Security Checklist – a CEO’s Guide to Cyber Security.
5. Software vulnerabilities can last longer than you can imagine
If a piece of software has a vulnerability that no one exploits or knows about, is it really there?
In this scenario, yes. And it can go undetected for as long as 20+ years!
You’d be surprised to know just how many bugs the software we use daily has. This story about 11 software bugs that took way too long to meet their maker is a perfect example of that, but the story goes far beyond these out of the ordinary examples.
The apps we rely on daily are flawed, creating security gaps that cyber criminals ruthlessly exploit. In this case, we have a recommended reading that might save you a couple of headaches: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks.
An important part of the solution is to keep your software updated at all times! Tim Rains, Chief Security Advisor, Microsoft Worldwide Cybersecurity & Data Protection, says it and at least 50 more advise the same. Do listen to their advice.
6. Millenials are loose with their online security
And that spells trouble, of course. If you were born after 1980, you could probably use some cyber security education.
Being comfortable with technology had made millenials ignorant of serious cyber threats. Moreover, they’re really looking for trouble by:
- reusing passwords for their accounts (85%)
- acceptind social media invites from unknown people
- accessing company documents from personal devices (48%)
- finding security workarounds
- and even taking confidential information pertaining to the company they work for and moving it out of the secured network.
The results of such behavior could have dire implications not just for companies, but for personal cyber security as well.
The solution? Constant training and education done through channels that are attractive and engaging.
We are sure there are other important security news out there. So please let us know, what security news did we miss and should have been included here?