Security News

Image: USCG. The U.S. Coast Guard has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. "Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security."

These installers-such as Python Package Index for Python or npm and the npm registry for Node-are usually tied to public code repositories where anyone can freely upload code packages for others to use, Birsan noted. Birsan decided to answer this question last summer while attempting to hack PayPal with another ethical hacker, Justin Gardner, who shared with him "An interesting bit of Node.js source code found on GitHub," Birsan said.

The number of breaches may have fallen, but the number of exposed records hit a high not seen since 2005, says Risk Based Security. The volume of publicly disclosed data breaches fell by 48% in 2020 compared with the previous year, leading to 3,932 in total.

United Kingdom's Information Commissioner's Office has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery. The UK independent authority urged organizations using compromised versions of the SolarWinds Orion IT management platform to check for evidence of attackers infiltrating their network and gaining access to personal information.

Generali Global Assistance released the findings of its survey which examines consumer sentiment on retail data breaches and the identity theft risks holiday shopping poses. 2 in 3 are concerned about data breaches during holiday shopping season; nearly 4 in 5 will think twice before doing business with a breached retailer.

With the healthcare industry estimated to spend $134 billion on cybersecurity from 2021 to 2026, $18 billion in 2021, increasing 20% each year to nearly $37 billion in 2026, 82% of CIOs and CISOs in health systems in Q3 2020 agree that the dollars spent currently have not been allocated prior to their tenure effectively, often only spent after breaches, and without a full gap assessment of capabilities led by senior management outside of IT. Talent shortage for cybersecurity pros continues. "The talent shortage for cybersecurity experts with healthcare expertise is nearing a very perilous position," said Brian Locastro, lead researcher on the 2020 State of the Healthcare Cybersecurity Industry study by Black Book Research.

Threat actors found success infecting businesses with ransomware and stealing company data, turning those ransomware attacks into data breaches. "The seemingly crazy predictions of the past around the cost of ransomware attacks on the healthcare industry stand to be proven true in 2021. We've seen a substantial rise in ransomware since the onset of COVID, and as the space race 2.0 continues, so will the prevalence of attacks," said John Ford, IronNet cyber strategist and former healthcare CISO. With countries all around the world hunting for a COVID vaccine there will be more nation-state attacks leveraging ransomware and an increase in cloud-based ransomware attacks as healthcare systems expedite their transition to meet the growing remote needs, Ford predicts.

Mastercard announced Cyber Secure, an AI-powered suite of tools that allows banks to assess cyber risk across their ecosystem and prevent potential breaches. Acquiring banks can help merchants understand their own cyber risk, preventing hundreds of millions of dollars in potential fraud.

There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the "Worst year on record," Risk Based Security reveals. Factors contributing to the decline in publicly reported breaches.

Professor says companies shouldn't wait until they're breached before adding tight security. Students are rising to the challenge.