Security News

Imperva fellow explains why data privacy is about much more the breaches and just knowing where your data is. I could be a network firewall and say, "By protecting your network, I'm protecting your data. Therefore, I do data security." The same thing would be true of encryption or, even more specific, technologies like tokenization or pseudo-anonymization or all of these things to hide your data in certain ways, all of these are data security and trying to protect data.

ESG as a box-ticking exercise 40% of risk professionals view their organization's current ESG strategy as a box-ticking exercise, rather than driving real impact. Risk at the board level Risks that are currently top of mind at board meetings are regulatory changes and compliance, human capital, including talent management, retention and recruitment and lack of diversity within the board or management team.

Interest in specific topics within cybersecurity grew significantly. Between last year's high-profile incidents involving ransomware, supply chain attacks, the exploitation of critical systems vulnerabilities and the new focus on cryptocurrency theft, it's likely that interest in cybersecurity topics will continue to climb in 2022 and beyond.

Ransomware was the most common attack method behind third-party breaches in 2021, initiating more than one out of four incidents analyzed. Despite immense cybersecurity improvements following the onset of the COVID-19 pandemic, the healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents last year.

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC's powers for disclosing data breaches and leaks to customers and federal agencies of "Customer proprietary network information." The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.

A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than half of all the healthcare records exposed in 2021.

A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported password leaks and security breaches owing to poor password practices and weak password setups.

Cybercriminals will continue to exploit vulnerabilities within remote working and the vaccine ecosystem, but also set their sights on new targets such as online gambling. As more states legalize online sports betting, phishing scams will target the growing ranks of online gamblers, particularly new entrants.

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro. To generate its new report, named "The Great Cyber Security Market Failure and the Tragic Implications for Mid-Sized Companies," Coro analyzed information on more than 4,000 midsize companies across six industries: retail, manufacturing, professional services, healthcare, transportation and education.

Brittany Ferries has told some customers that an unforeseen technical glitch introduced after "Routine" website maintenance had left their accounts wide open, potentially exposing very sensitive details to anyone who knew the linked email address. The operator, which runs ships from the UK to ports in Spain and France, contacted punters on Tuesday with the bad news about a "Breach to our data that might have an impact on your My Account with Brittany Ferries."