In 2018, the Identity Theft Resource Center counted 1,244 U.S. data breaches - involving the likes of Facebook, Marriott and Exactis - that exposed 447 million sensitive records, such as Social Security numbers, medical diagnoses and payment card data.
The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.
A failure to patch systems and slipups that lead to insider threats are two major causes of breaches in the healthcare sector that need to be urgently addressed, says Anahi Santiago of Christiana Care Health System.
Organizations in all sectors struggle with mitigating the insider threat, but it's an acute concern in healthcare, where patients' lives are at stake. Pete Nourse of Veriato outlines specific threats to this sector.
Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.
The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss how to start an insider threat program in a presentation at Information Security Media Group's Security Summit: London, to be held Oct. 23.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
A case involving alleged insider theft of protected health information from a hospital in New York illustrates why healthcare organizations need to take extra precautions to prevent similar incidents. Security experts offer recommendations.
The EU's General Data Protection Regulation, which has tough breach notification requirements, is spurring global interest in technologies to help prevent insider breaches, says Tony Pepper of Egress Software Technologies.
Forty-eight percent of customers drop the products and services of organizations that have had a publicly-disclosed data breach. This is but one of the findings of the new 2018 Global State of Online Digital Trust study commissioned by CA Technologies. CA's David Duncan analyzes the results.
Randy Trzeciak, director of the CERT Insider Threat Center at CMU, says he's frequently asked: "Haven't we solved the insider threat problem?" Far from it, he responds. In fact, he's helping many organizations start insider threat defense programs. He'll be a speaker at ISMG's New York Security Summit.
Better, stronger fraud-detection intelligence - that's the promise of the new 3-D Secure 2.0 protocol for digital merchants, networks and financial institutions. But what should organizations do to prepare? James Jenkins of CA Technologies weighs in.