Security News
Contact-tracing applications require employers to collect all kinds of employee health data that they never had to worry about before - temperatures, health symptoms and travel history, for example - and they aren't sure how to use and protect this data in a way that balances health and safety with privacy. To help get you started on the right path, here is a 10-point plan for securing PII, including new employee health data collected through COVID-19 contact-tracing applications and other healthcare tracking systems.
An internal investigation typically follows five key phases: a trigger event; a legal hold and custodian interviews; requests for data and data collection; processing, review and analysis of files; and the recommendation of next steps. While complaints to HR alleging discrimination or harassment based on race or gender are among the most common triggers of an internal investigation, other triggers include leaked or stolen intellectual property, whistle-blower complaints alleging fraud or compliance violations, the loss or theft of physical assets, or leaked or stolen data containing sensitive or personally identifiable information.
With that in mind, here are some of the ways that COVID-19 has reshaped the threat landscape and where the new cybersecurity priorities lay. Whereas IT organizations had been moving toward reliance on highly-trained cybersecurity experts to defend their pre-pandemic networks, they will now have to make sure all employees know how to keep business data and systems safe from inappropriate access no matter where they're working.
Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data. Americans have reported 152,129 coronavirus-related fraud cases to the Federal Trade Commission since the start of 2020, according to data analyzed by Atlas VPN. FTC data further revealed that Americans have lost more than $98 million to COVID-19 and stimulus check scams.
Less than 50% of security leaders understand the relationship between a cybersecurity threat and how it directly affects a specific business risk, while not enough security leaders believe in a coordination with business stakeholders' needs, regarding cost, performance, and risk-reduction objectives. There's not enough discussion on cybersecurity strategy: 47% of security leaders frequently discuss cybersecurity with business execs, and 42% of business executives rarely, "If ever," consult with security leaders on business strategies.
The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic. EDITED TO ADD (8/12): Interpol report....
The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity pros saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey by ISSA and ESG. Organizations were fairly prepared for the global pandemic. Most organizations don't believe the pandemic will increase 2020 cybersecurity spending.
A report published Wednesday by security firm Tanium describes how IT leaders were surprised by the security threats and challenges they've had to face in the wake of COVID-19. A full 96% admitted that they were caught off guard by the security challenges that arose within the first two months of the lockdown.
The Cybersecurity and Infrastructure Security Agency announced the addition of two leading cybersecurity experts to support the agency's COVID-19 response efforts. Corman and Arnold were both hired using authorities granted under the CARES Act, which allows agencies to hire staff to temporarily support the COVID-19 response.
TransUnion surveyed consumers in six countries and found that phishing was the preferred method of attack 27% of the time. Credit agency TransUnion has found that COVID-19 related scams have targeted 32% of people around the world, and phishing is the method of choice, accounting for 27% of those attacks.