Category: Uncategorized

We’re taking a look at the cybersecurity companies that launched products and partner program updates, raised major funding, announced acquisitions or made key executive changes in February.
It was a short but busy month for the cybersecurity industry, which continued to show signs of being quite resistant to the effects of the economic slowdown that’s been impacting the overall tech sector. While a handful of cybersecurity companies did announce layoffs in February, far more had other types of announcements to share during the month — including major funding rounds, new partner programs, notable product launches, acquisitions and key executive hires.
[Related: Palo Alto Networks CEO Nikesh Arora On SASE, AI And Why Partners Are ‘More Important’ Than Ever]
In February, major moves by cybersecurity companies included a massive funding round and valuation boost for fast-growing cloud security startup Wiz, while Proofpoint was among the cybersecurity companies that unveiled new partner programs last. Check Point announced several big executive moves, including a major hire, and Zscaler announced a new product line as well as an acquisition of a security startup. And in an interview with CRN, Palo Alto Networks CEO Nikesh Arora signaled that he’ll be a lot more involved in the cybersecurity giant’s channel-related efforts going forward.
What follows are details on 10 of the cybersecurity companies we’re following that made big moves in February.
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.

source

Today more than 300 million people are working remotely — creating, accessing, sharing, and storing data wherever they go — and data breaches arising from insider threats and simple mishaps can cost businesses an average of $7.5 million annually. Ultimately it doesn’t matter if a breach is intentional or accidental. Insider risk programs should be part of every company’s security strategy. To be successful, organizations should lead with their employees as partners in the effort and supplement their program with advanced tools that detect and mitigate insider risks wherever they arise. The author offers four lessons he’s learned as Microsoft’s chief information security officer.
As the digital world continues to grow, so do the volume, variety, and velocity of cyber threats and attacks. The world is awash in data, and there is always someone trying to turn it into their own virtual currency.
Today malware and ransomware are hitting everything from our personal cell phones to mission-critical infrastructure and supply chains. Whether it’s phishing, smishing, or vishing, attackers are getting more sophisticated too, using details about our personal and work lives to tempt us to share our data.
But in a world where everyone is a target, companies also need to understand their exposure to risks that come from inside their organizations. Today more than 300 million people are working remotely — creating, accessing, sharing, and storing data wherever they go — and data breaches arising from insider threats and simple mishaps can cost businesses an average of $7.5 million annually. Consider the 2022 data breach of Cash App, where a former employee accessed customer financial reports after being terminated. The breach likely affected 8.2 million current and former customers.
Ultimately it doesn’t matter if the breach was intentional or accidental. Insider risk programs should be part of every company’s security strategy. To be successful, organizations should lead with their employees as partners in the effort and supplement their program with advanced tools that detect and mitigate insider risks wherever they arise.
Here are four lessons I’ve learned as CISO at Microsoft, managing our insider risk program as it grew from a small internal initiative into a business unit that reports to the CEO.
This point comes first for a reason. In business and in life, trust is the key to any functioning relationship. The best insider risk programs emphasize the balance between employee privacy and company security. It’s critical to come up with privacy controls and policies that maintain, and even boost, trust.
Setting up tools to indiscriminately sift through employee activities for wrongdoing is not only ineffective and counterproductive — it’s just plain wrong. It’s an invasion of privacy that creates anxiety and erodes the relationship. Organizations need to be able to detect insider risks, but they need to do it the right way, acting transparently and within a narrowly defined scope to demonstrate respect and extend trust to employees.
Setting up privacy controls that protect identities at work — even during investigations — lets people know you’re protecting them too. Using role-based access for insider risk management tools also helps ensure that the right person is reviewing compliance alerts, keeping unwarranted suspicion from creeping into the organization.
While IT and security groups will lead the way, insider risk is a business problem that involves the entire company. At Microsoft, we learned this over time. What started as an initiative in our security organization evolved into a unified effort across the business groups, including legal, HR, and senior leadership.
This broad involvement helps ensure wider buy-in and provides additional perspectives and resources, such as the legal department prioritizing emerging regulations and HR facilitating training programs and surveys. An insider risk committee or ombudsperson can help get the conversation going. One of their first tasks should be creating a response plan that outlines how information is shared, when and what each group contributes, who makes which decisions, and who is accountable.
It’s also important to have shared goals with clear measures of success. You can fine tune the process by quantifying key metrics such as the number of cases raised, the true positive and false positive flags, and actions taken as the result of findings. If you have a high number of false positives, you risk burdening your HR and legal teams with unnecessary and expensive investigations.
Getting employees to engage with data protection and compliance training can be challenging, but it’s important that they know how to mitigate security risks and why it’s a priority. Trainings that emphasize stewardship of data show that the organization is extending its trust to employees as they serve the business.
Train people on how to handle the organization’s data properly, and repeat that message regularly so it’s always fresh. It also helps to make it personal. Most people immediately understand and engage on how to protect their own financial and health care data. Infusing a personal aspect into the training connects the dots on the importance of data protection for the business as well.
Training people on the principle of “see something, say something” in a risk-free way is a critical capability for an insider program. By improving data security education and training, companies can empower employees as a first and last line of defense that is complemented by detection tools.
Gartner defines insider risk management as “the tools and capabilities to measure, detect, and contain undesirable behavior of trusted accounts within the organization.” And insider risk management tools have gotten much more precise and effective in recent years.
Older tools tend to overlook subtle indicators that can identify a bad actor trying to hide their tracks. They also often feature overly strict controls that lower productivity and encourage workarounds. Today a new breed of insider risk management tools is emerging with adaptive security capabilities that can detect risky activities and mitigate any potential impact while staying out of the way and keeping user information private.
Where an activity like printing a confidential file might not show intent, a sequence of connected activities like renaming the file and then deleting it after printing could indicate something more serious. Using machine learning, these tools can separate the signal from the noise and identify subtle actions, reducing the false positives that can bog down the organization.
Managing both internal and external risks is vital to the security of any organization. Each comes with their own challenges, but what makes insider risk management especially tricky is the need to balance people, processes, and technologies.
Powerful tools can help impede, detect, and respond to insider risks — but they won’t address the root causes. That’s where detailed onboarding, security trainings, team-building exercises, and work-life balance programs are useful. Building a healthy work environment helps reduce the risk of an employee intentionally engaging in dangerous behavior. But at the end of the day, striking the balance between people and technology matters most of all. Risk management has to be proactive and continuous, and it takes trust, transparency, and collaboration to keep that engine running. This philosophy — people first, backed by powerful technology — is the only way to prevent incidents before they happen, detect them if they do, and respond to them quickly and effectively.

source

In 2022, 59 percent of business in the Asia-Pacific region reported being the victim of a cyber attack, 32 percent reported being the victim of multiple cyber attacks and the region suffered a shortage of 2.1 million cyber security professionals.
This has culminated in the Asia-Pacific region being victim to a number of high-profile cyber attacks within the last 12 months. In this article, Cyber Security Hub explores seven of these attacks.
In December 2022, an IT managed service provider that supports a range of organizations across New Zealand including several within its government suffered a cyber attack, compromising access to its data and systems.
Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora (Health New Zealand), although health service delivery was not been affected. 
The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack impacted access to some coronial data. This allegedly included thousands of autopsy reports.
New Zealand’s National Cyber Security Center (NCSC) said that it was coordinating governmental response to the cyber attack, both within the Government Communication Security Bureau and alongside the New Zealand Police, CERT NZ and the Privacy Commissioner.
Lisa Fong, deputy director-general of the NCSC, said that the organization is working with the compromised third party to “understand more fully the nature of the data that has been impacted” and how the cyber attack occurred. 
On October 13, 2022, Australian health insurance provider Medibank suffered a data breach which affected 9.7 million people.
The malicious actor responsible for the breach attempted to extort the company by contacting them directly to negotiate the release of the data. Medibank refused, which led to the hacker releasing private medical information obtained in the breach on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
They also released files containing customer data called “good-list” and “naughty-list” on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”
During question time in Australian Parliament on November 10, minister of home affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber-attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
On October 7, 2022, Japanese car manufacturer Toyota issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 2022. 
The breach occurred because a section of the source code for T-Connect, an app which allows customers to connect their phone to their car, had been posted on source code repository GitHub in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for five years.
Any customers who registered for the app from December 2017 to September 2022 were at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access included email addresses and customer management numbers. Personal or sensitive information including payment card information, name and address were not accessed.
Following a security investigation, Toyota said that while it “cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time [it] cannot completely deny it”.
Toyota also said that it would individually notify all those who were affected by the breach.  
Australian online retail marketplace MyDeal confirmed in October 2022 that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, said that it would be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber-attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.  
A GPS tracker manufactured by Chinese company MiCODUS was been revealed to have numerous critical cyber security vulnerabilities that could allow bad actors to remotely hack a vehicle’s system in August 2022. 
At the time of the discovery, the MiCODUS MV720 GPS tracking device had been sold to customers across 169 countries and installed in more than 1.5 million devices. 
The critical cyber security issues were first discovered by cyber security startup BitSight. Following the discovery of the vulnerabilities, BitSight informed the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The CISA confirmed that “successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands and the disarming of various features (e.g. alarms)”. 
In a report on the vulnerabilities, BitSight said it had found MiCODUS devices were being used by a range of organizations including “a Fortune 50 energy company, a national military in South America, a national government and a national law enforcement organization in Western Europe, and a nuclear power plant operator”.
It was also revealed that MiCODUS has a global customer base of 420,000, with 1.5 million devices sold. However, BitSight did note that it was unable to determine the number of MiCODUS MV720 units currently in use globally, as well as the number of MiCODUS devices used for personal or businesses uses.
Australian telecommunications company Telstra revealed on Tuesday that it had been hit by a data breach that had revealed the details of 30,000 current and former employees.
The details included employee’s first and last names and email addresses, and were posted on hacking forum BreachedForums.
In a tweet, Telstra confirmed that the data leak “wasn’t a breach of any Telstra system” and that it has notified its employees and authorities first, before notifying former employees, despite “minimal risk” to them.
You may have heard about a data breach involving Telstra employee details. Here are the key facts:

👉 This wasn’t a breach of any Telstra system
👉 No customer account info was included
👉 The data includes first/last names and employee email addresses
👉 The data is from 2017


A Telstra spokesperson said the company had been “made aware of a data breach affecting a third party that included limited Telstra employee information from 2017.”
Of the information shared, 12,800 of the employees named were current employees.
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that led to the details of 11 million customers being accessed.
The information accessed includes customers’ names, dates of birth, phone numbers, email addresses, home addresses, driver’s license and/or passport numbers and Medicare ID numbers. Payment detail and account passwords were not compromised in the breach.
Optus confirmed that it has now contacted all customers to notify them of the cyber-attack’s impact, beginning with those who had been affected by the breach and finishing with those who had not had their data accessed.
Someone claiming to be the hacker told Australian journalist Jeremy Kirk that they had “accessed an unauthenticated API endpoint” meaning that they did not have to log in to access the data and that it was “all open to internet for any one[sic] to use”.
A person claiming to be the hacker responsible for the data breach posted a small sample of the customer data stolen to the hacking forum BreachedForums on September 23. 
Using the alias optusdata, the hacker demanded that Optus pay them $1mn ransom, or they would leak the data of all 11 million customers affected by the breach. When Optus did not respond to the ransom demand, optusdata then posted a text file of 10,000 customer data records on September 26, allowing other malicious actors to use the data in their own phishing campaigns.
Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data will be sold to other hackers.
However, on the same day, the supposed hacker posted a new message on BreachedForums, rescinding their demand and apologizing to Optus.
The hacker said there were “too many eyes” so they will not be selling the data to anyone and claimed that they had deleted all the data from their personal drive, and that they had not made any copies. They offered an apology also to the 10,200 people who had their data exposed via their posts on BreachedForums, and to Optus itself, saying “hope all goes well with this”.
They finished by saying they “would have reported [the] exploit if [Optus] had [a] method to contact” and that while the ransom was not paid, they “dont[sic] care anymore” as it was a “mistake to scrape publish data in the first place”.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
08 – 09 March 2023
Free CS Hub Online Event
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
22 March, 2023

05 April, 2023
Online
Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-20
10:00 AM – 11:00 AM EST
2023-04-12
10:00 AM – 11:00 AM EST
2023-04-05
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

SYDNEY, Feb 27 (Reuters) – The Australian government on Monday said it planned to overhaul its cyber security rules and set up an agency to oversee government investment in the field and help coordinate responses to hacker attacks.
The move follows a rise in cyber attacks since late last year with breaches reported by at least eight companies, including health insurer Medibank Private Ltd (MPL.AX) and telco Optus, owned by Singapore Telecommunications Ltd (STEL.SI).
Current cyber security rules, government policies and regulations "are simply not at the level that we need them to be," Prime Minister Anthony Albanese said during a meeting with industry leaders and experts.
"This is really fast moving. It's a rapidly evolving threat, and for too many years Australia has been off the pace," Albanese said.
The government will set up a coordinator for cyber security, supported by a national office within the department of home affairs, tasked with ensuring government agencies work together during cyber incidents.
View 2 more stories
The coordinator will also oversee the government's investment strategies on cyber security and help lead the response when hackers attack.
The government has published a discussion paper on a new cyber security strategy, which it aims to implement next year, and is seeking feedback on how businesses can improve their cyber security in partnership with the government.
Though the government and the private sector are undertaking critical security measures, the current rules do not ensure smooth coordination during cyber incidents, Minister for Home Affairs, Clare O'Neil said, blaming the previous government for implementing them.
"That law was bloody useless, like not worth being printed on the paper when it came to actually using it in a cyber incident," O'Neil told ABC Radio in an interview. "They're not fit for purpose at the moment, and I do think they need reform."
Our Standards: The Thomson Reuters Trust Principles.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Access unmatched financial data, news and content in a highly-customised workflow experience on desktop, web and mobile.
Browse an unrivalled portfolio of real-time and historical market data and insights from worldwide sources and experts.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2023 Reuters. All rights reserved

source

Photo: zf L/Getty Images
The average breach costs in healthcare surpassed $10 million, with the industry maintaining its the top rank for costliest industry breaches for the 12th consecutive year, according to IBM X-Force’s latest Cost of a Data Breach Report.
The average total cost of a breach in healthcare increased 9.4% from $9.2 million in the 2021 report to $10.1 million in 2022.
The study also found healthcare organizations have a higher breach cycle than any industry, requiring nearly 11 months to identify and contain a breach.
“In recent years, we’ve increasingly seen cybercriminals rely on the concept of leverage,” says John Hendley, head of strategy at IBM Security X-Force. “Healthcare is simply a very attractive and lucrative target as operations and downtime are considered both costly and urgent.”
Malicious actors use this sense of urgency as leverage to pressure their victims – often through ransomware attacks.
Another key factor driving up costs in healthcare is the very nature of healthcare records as static data, Hendley explains.
“When your credit card information is compromised, your bank will issue you a new card and you can proceed as usual; however, healthcare data fundamentally doesn’t change,” he says. “This means these records are far more valuable and, therefore, easily monetized on the dark web.”
As such, those bundles of compromised data have a much higher per record cost (about $250 per record) than the average breached record. To put it into perspective, the average data breach cost in healthcare is 80% higher than the global average (of $4.35 million).
“Finally, because of the complexity of healthcare environments, this industry sees the longest breach cycles than any other industry, which contributes to higher costs,” he says. “The longer it takes to identify and contain a breach, the higher the costs businesses will incur.”
The report shows that healthcare organizations required 232 days to detect and an additional 85 days to contain a data breach.
Hendley says the most troubling finding from the report is actually the same across all industries: breaches are contributing to the rising cost of everything.
“According to the study, 60% of businesses increased prices on their products or services because of their data breach,” he points out. “Imagine the route a scalpel takes to get from raw materials to the hand of a surgeon, and how many organizations are involved in that supply chain.”
First, there’s the company that mines and refines the metal, the company that shapes it into the tool and packages it, the logistics companies that get it where it needs to go, the hospital itself, and the insurance and billing companies that must keep track of its use.
“Now, how many of those companies have had breaches? Well, on average, our study shows it’s 83% – or four of those five,” he explains. “Many have had more than one.”
He says those costs from downtime associated with the compromise, time spent responding, and any associated regulatory fines all go somewhere, and it’s increasingly being passed to the consumer, almost like a kind of “cyber tax.”
Hendley says cyber events need to stop being considered an abstract issue and start being framed for what they are: a significant factor capable of stressing the global economy, just as pressing a matter as COVID, Russia’s war on Ukraine, or other supply chain issues.
“Now in its 12th consecutive year as the costliest industry, it’s clear that healthcare institutions need to invest in their security to avoid paying these costs in breach fines and damages in the future,” he adds.
From his perspective, it’s essential they prepare for the next breach – because there will be a next breach.
“I’m a hacker, and I’ve been inside the networks and systems of hospitals, medical supply companies, pharmaceutical organizations, and more,” he says. “There is always a way in. Always.”
But all is not lost, and he says healthcare organizations can “absolutely” fight back against modern threat actors.
“The best way to do that is creating an incident response plan and playbooks,” he says. “What do we do in the event of a breach? Who do we mobilize? What’s the protocol? How can we quickly contain the incident? The answers to these questions should be thoroughly documented and regularly tested so they know what to do in the event of a real-life cyber crisis.”
Further, while this is a longer-term process, a zero-trust security strategy can help healthcare institutions better manage the risks of their often disconnected and complex environments, while still allowing users access to the appropriate resources.
“Finally, if you’re looking for a very basic step, organizations should review their identity and access management implementations to force use of multifactor authentication,” Hendley says. “Just this one step greatly helps curb cybercriminals’ ability to use stolen credentials, which is one of their favorite methods of initial compromise.”
Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209
More Whitepapers
More Webinars

© 2023 Healthcare IT News is a publication of HIMSS Media

source

Maksim Kabakou – Fotolia
In this era of digitalisation, the world is witnessing exponential growth in incidents that compromise the security of information owned by businesses or governments. Recently the Royal Mail’s overseas deliveries suffered severe disruption due to a ransomware attack linked to Russian criminals. In 2022, around 50 Indian government websites were hacked and eight data breaches were reported. These included a ransomware attack on some servers at the All India Institute of Medical Science (AIIMS) that paralysed operations of the premier medical institute in India for many weeks.
The tremendous increase in such incidents has fuelled the demand for qualified IT professionals who could prevent cyber attacks on critical government and business IT assets. But there exists a considerable mismatch in the supply-demand situation of qualified cyber security professionals. To complicate this further, professionals entering this field face difficulty in deciding what skills they should acquire. This article explores what paths are available in cyber security training by analysing reports released by two eminent associations in the field of information security.
The first report discussed is the latest edition of the annual report on the cyber security workforce released by (ISC)² titled 2022 Cyber Security Workforce Study. This report presents insights into the challenges and opportunities faced by cyber security professionals around the world. The report was prepared after conducting a survey among 11,779 cyber security professionals. The study estimates that the size of the global cyber security workforce in 2022 was 4.7 million people and the gap in the global cyber security workforce stood at 3.4 million people, which is an increase of 26.6% at the year-over-year (YoY) level.
Clearly, there exists a wide gap between the supply and demand of cyber security professionals, and the shortage is more evident in the EMEA and APAC regions where the YoY increase is greater than 50%. Half of the cyber security professionals under age 30 who participated in the survey started their careers in IT and then moved to cyber security. Both vendor-neutral certifications (e.g., (ISC)², ISACA or CompTIA) and vendor-specific certifications (e.g., Microsoft, Amazon or Cisco) were popular among the respondents. Most of the organisations (55%) preferred their employees to acquire a vendor-neutral certification. 
The second report examined was released by ISACA, entitled State of Cyber Security 2022. In this study, ISACA conducted a survey among 2,031 cyber security professionals from around the globe on seven major aspects of cyber security, covering areas such as staffing and skills. The main findings of this study are discussed below:
Cyber security staffing: Only 34% of the respondents felt that their organization’s cyber security team was appropriately staffed, and 60% replied affirmatively to the question if they had difficulty in retaining qualified cyber security professionals. Regarding their expectations of future demand for individual contributors in a technical cyber security role, 82 percent of respondents expected an increase in demand.
Skills gaps: A notable finding of this survey is the topmost skills gap among cyber security professionals. 54% of the respondents were of the view that cyber security professionals lacked soft skills like communication, flexibility and leadership. The (ISC)² study also came out with a similar finding. To the question of the most important qualifications required for cyber security professionals seeking employment, 44% responded with strong problem-solving abilities and 27% responded with strong strategic thinking skills.
The mismatch of competency and social skills gap among cyber security professionals is highlighted by the World Economic Forum (WEF). The authors of an article on workforce gaps note that cyber security goes beyond the realms of the traditional physical and logical layers of cyberspace—since it involves human and societal dimensions, a social layer has to be included in the management of cyber security.
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole.
Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM.
Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress.
Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector.
How better security training can help firms tackle new cyber threats facing remote workers, writes Daniel Hoffman of Hornetsecurity.
Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience.
To address the needs of the social layers, cyber security professionals should be trained in acquiring soft skills. Apart from acquiring soft skills, the ISACA study found the following skill gaps in the technical front of cyber security: cloud computing (52%), security controls (34%) and coding skills (30%). According to the ISACA study respondents, the top five most important security skills needed in their organizations currently are cloud computing (52%), data protection (47%), identity and access management (IAM) (46%), incident response (46%) and DevSecOps (36%).
The survey reports published by ISACA and (ISC)² provide very useful insights into the current state of the cyber security workforce situation and future possibilities. It may be noted that the supply-demand gap in cyber security workforce requirements is not seeing any decline in the coming few years. There is huge potential for adequately skilled professionals to enter this very exciting domain of cyber security, but the main challenge for is in acquiring the right skill sets. Both studies highlight the need for acquiring the appropriate type of soft skills along with learning the needed technical capabilities.
Sudeep Subramanian is an associate professor in the area of international business at the FORE School of Management in New Delhi, India. He has over two decades of experience in information technology and management education. His teaching experience in management courses extends over 12 years and he spent eight years in the IT industry before joining academia. His IT industry experience includes software development, project management, information systems audit, and information security consulting. He is a Certified Information Systems Auditor (CISA) and ISO 27001 Lead Auditor.
While the EU is considering new cryptocurrency regulation, the U.S. Securities and Exchange Commission is focused on heightening …
Policymakers want federal data privacy legislation limiting businesses’ ability to collect data on individuals and banning …
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses …
Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least …
This Risk & Repeat podcast episode discusses the White House’s National Cybersecurity Strategy and its proposal to hold …
The volume of vishing attacks continues to rise. But threat researchers say it’s difficult to attribute such threats to …
Hewlett Packard Enterprise also unveiled plans to acquire Athonet, an Italian company that provides cellular technology for …
Take this practice quiz on twisted-pair cables, sampled from ‘Networking Essentials: A CompTIA Network+ N10-008 Textbook,’ to …
This excerpt from ‘Networking Essentials: A CompTIA Network+ N10-008 Textbook’ provides an overview of twisted-pair network …
Linux admins can use Cockpit to view Linux logs, monitor server performance and manage users. Use the tool to help admins manage …
Hyperscale data centers can hold thousands of servers and process much more data than an enterprise facility. However, they can …
Organizations that build 5G data centers may need to upgrade their infrastructure. These 5G providers offer products like virtual…
The data ingestion specialist’s latest platform update focuses on enabling users to ingest high volumes of data to fuel real-time…
As data governance gets increasingly complicated, data stewards are stepping in to manage security and quality. Without one, …
Data mesh brings a variety of benefits to data management, but it also presents challenges if organizations don’t have the right …
All Rights Reserved, Copyright 2000 – 2023, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
SAN FRANCISCO – A federal jury convicted Joseph Sullivan, the former Chief Security Officer of Uber Technologies, Inc. (“Uber”), of obstruction of proceedings of the Federal Trade Commission (“FTC”) and misprision of felony in connection with his attempted cover-up of a 2016 hack of Uber. The announcement was made by United States Attorney Stephanie M. Hinds and FBI San Francisco Special Agent in Charge Robert K. Tripp following a four week trial before the Hon. William H. Orrick, United States District Judge.
“Technology companies in the Northern District of California collect and store vast amounts of data from users,” said U.S. Attorney Hinds. “We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught. We will not tolerate concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”
“The message in today’s guilty verdict is clear: companies storing their customers’ data have a responsibility to protect that data and do the right thing when breaches occur,” said FBI Special Agent In Charge Tripp. “The FBI and our government partners will not allow rogue technology company executives to put American consumers’ personal information at risk for their own gain.”
The circumstances regarding Sullivan’s violations of the law involve two separate hacks of Uber’s databases—one in 2014 and another in 2016. The evidence at trial established that Sullivan was hired as Uber’s Chief Security Officer (“CSO”) in April 2015. At that time, Uber had recently disclosed to the FTC that it had been the victim of a data breach in 2014 (“2014 Data Breach”) and that the breach related to the unauthorized access of approximately 50,000 consumers’ personal information, including their names and driver’s license numbers. In the wake of that disclosure, the FTC’s Division of Privacy and Identity Protection embarked on an investigation of Uber’s data security program and practices. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber’s broader data security program and practices. 
The evidence at trial demonstrated that Sullivan, in his new role as CSO, played a central role in Uber’s response to the FTC. Specifically, Sullivan supervised Uber’s responses to the FTC’s questions, participated in a presentation to the FTC in March 2016, and testified under oath, at length, to the FTC on November 4, 2016, regarding Uber’s data security practices. Sullivan’s testimony included specific representations about steps he claimed Uber had taken to keep customer data secure. 
Exactly ten days after his FTC testimony, Sullivan learned that Uber had been hacked again. The hackers reached out to Sullivan directly, via email, on November 14, 2016. The hackers informed Sullivan and others at Uber that they had stolen a significant amount of Uber user data, and they demanded a large ransom payment from Uber in exchange for their deletion of that data. Employees working for Sullivan quickly verified the accuracy of these claims and the massive theft of user data, which included records on approximately 57 million Uber users and 600,000 driver license numbers. 
The evidence demonstrated that, shortly after learning the extent of the 2016 breach and rather than reporting it to the FTC, any other authorities, or Uber’s users, Sullivan executed a scheme to prevent any knowledge of the breach from reaching the FTC. For example, Sullivan told a subordinate that they “can’t let this get out,” instructed them that the information needed to be “tightly controlled,” and that the story outside of the security group was to be that “this investigation does not exist.” Sullivan then arranged to pay off the hackers in exchange for them signing non-disclosure agreements in which the hackers promised not to reveal the hack to anyone, and also contained the false representation that the hackers did not take or store any data in their hack. Uber paid the hackers $100,000 in bitcoin in December 2016, despite the fact that the hackers had refused to provide their true names. Uber was ultimately able to identify the two hackers in January of 2017 and required them to execute new copies of the non-disclosure agreements in their true names and emphasized that they were not allowed to talk about the hack to anyone else. Sullivan orchestrated these acts despite knowing that the hackers were hacking and extorting other companies as well as Uber, and that the hackers had obtained data from at least some of those other companies.
The evidence showed that, despite knowing in great detail that Uber had suffered another data breach directly responsive to the FTC’s inquiry, Sullivan continued to work with the Uber lawyers handling or overseeing that inquiry, including the General Counsel of Uber, and never mentioned the incident to them. Instead, he touted the work that he and his team had done on data security. Uber ultimately entered into a preliminary settlement with the FTC in summer 2016, supported fully by Sullivan, without disclosing the 2016 data breach to the FTC.
In Fall 2017, Uber’s new management began investigating facts surrounding the 2016 data breach. When asked by Uber’s new CEO that had happened, Sullivan lied, falsely telling the CEO that the hackers had only been paid after they were identified and deleting from a draft summary prepared by one of his reports that the hack had involved personally identifying information and a very large quantity of user data. Sullivan lied again to Uber’s outside lawyers conducting an investigation into the incident. Nonetheless, the truth about the breach was ultimately discovered by Uber’s new management, which disclosed the breach publicly, and to the FTC, in November 2017. 
In addition, the two hackers identified by Uber were ultimately prosecuted in the Northern District of California. Both pleaded guilty on October 30, 2019, to computer fraud conspiracy charges and now await sentencing. The separate guilty pleas entered by the hackers demonstrate that after Sullivan assisted in covering up the the hack of Uber, the hackers were able to commit an additional intrusion at another corporate entity—Lynda.com—and attempt to ransom that data as well. 
In finding Sullivan guilty, the jury concluded he obstructed justice, in violation of 18 U.S.C. § 1505, and that he committed misprision of felony (i.e., knew that a federal felony had been committed and took affirmative steps to conceal that felony), in violation of 18 U.S.C. § 4. Sullivan faces a maximum of five years in prison for the obstruction charge, and a maximum three years in prison for the misprision charge. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553. 
Sullivan remains free on bond pending sentencing. His sentencing will be set at a later date. 
The case is being prosecuted by the Corporate and Securities Fraud Section of the U.S. Attorney’s Office. The prosecution is the result of an investigation by the FBI. 
 
OAKLAND – Charles Johnathen Harris made his initial federal court appearance today to face charges that he was in possession of child pornography in violation of federal law, announced United…
SAN FRANCISCO – Today, Ian Benjamin Rogers was sentenced to 108 months in prison and Jarrod Copeland was sentenced to 54 months in prison for their respective roles in crimes…
SAN FRANCISCO – Today, Anthony Francis Faulk pleaded guilty to a federal charge of conspiracy in connection with a scheme to defraud more than a dozen executives of cryptocurrency-related companies…
Northern District of California
Main Office:
Federal Courthouse
450 Golden Gate Avenue
San Francisco, CA 94102
San Francisco: (415) 436-7200
TTY: (415) 436-7221
Oakland: (510) 637-3680
San Jose: (408) 535-5061
 
Stay Connected

Have a question about Government Services?

source

Photo: zf L/Getty Images
June has been a busy month across healthcare, and not always for the best reasons. The number of data breaches at hospitals, health systems, health plans and elsewhere has been significant – even in comparison to the risk-fraught cybersecurity landscape we’ve all become accustomed to.
Here’s a partial list, including some high-profile names.
On June 3, Kaiser Permanente informed members of its Kaiser Foundation Health Plan of Washington of an unauthorized access incident that occurred on April 5, 2022.
Kaiser security officials “discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident. We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”
PHI potentially exposed included names, medical record number, dates of service, and lab results, officials said, but Social Security and credit card numbers were not included.
“We do not have any evidence of identity theft or misuse of protected health information as a result of this incident,” said Kaiser Permanente officials.
At Atrium Health, officials served notice this month that an unauthorized third party “gained access to a home health employee’s business email and messaging account” via a phishing exploit.
After that incident, which occurred in April, Atrium Health at Home secured the affected account, confirmed the unauthorized party had no further access, notified law enforcement and engaged an outside security firm.
“The behavior of the unauthorized party indicates they were likely focused on sending other phishing emails and not targeting medical or health information,” said Atrium officials. “Unfortunately, despite a thorough investigation, we could not conclusively determine whether personal information was actually accessed by the unauthorized party.”
Personal information in the affected account may have included names, home addresses, dates of birth, health insurance information and medical information, including dates of service, the provider and facility, and/or diagnosis and treatment information.
“For a limited subset of individuals, Social Security numbers, driver’s license/state ID numbers and/or financial account information also may have been involved,” officials said. “Our electronic medical record systems are separate from email accounts and were not affected by this incident.”
Also this month, UNC Lenoir Health Care disclosed an incident involving a breach of patient information by MCG Health, one of its third-party business partners.
MCG’s clinical support services including patient care guidelines. UNC officials said that in December of 2021 and January of this year, MCG “was contacted by an unknown third-party who claimed to have improperly obtained patient data from MCG.”
This person “made a demand for money in exchange for the return of the patient data to MCG. MCG opened an investigation and contacted the FBI.”
MCG informed UNC Lenoir of the incident in April, the health system said, and its forensic investigators confirmed that health records for 10 patients were listed for sale on the dark web.
“These records are believed to have come from MCG,” said UNC officials. “Lenoir patient records were not found on the dark web, but MCG has determined that the unauthorized third-party may be in possession of Lenoir information which could include: patient name, Social Security number, medical codes, street address, telephone number, email address, date of birth and gender.”
At Quincy, Massachusetts-based Shields Health Care Group, which provides management and imaging services, healthcare customers were informed in June about some suspicious activity on its network.
“With the assistance of third-party forensic specialists, we took immediate steps to contain the incident and to investigate the nature and scope of the incident,” which occurred in March, officials said.
“An unknown actor gained access to certain Shields systems from March 7, 2022 to March 21, 2022,” according to Shields. “To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud. However, the type of information that was or may have been impacted could include one or more of the following: Full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information.”
Data breaches are nothing new in healthcare, of course, but in recent years, the variety, frequency and, sometimes, severity of cybersecurity exploits has increased.
The U.S. Department of Health and Human Services has offered help. Most recently, its Health Sector Cybersecurity Coordination Center, or HC3, published a new guidance on Strengthening Cyber Posture in the Health Sector on June 16. Among the steps it suggests:
Conduct regular security posture assessments.
Consistently monitor networks and software for vulnerabilities.
Define which department owns what risks, and assign managers to specific risks.
Regularly analyze gaps in your security controls.
Define a few key security metrics.
Create an incident response plan and a disaster recovery plan.
But some hospitals and health systems still think the feds should be doing more to help manage the increasingly challenging burden as healthcare cyberattacks intensify.
As Politico reported this past week, “from January through June, the Office of Civil Rights tallied 256 hacks and information breaches, up from 149 for the same period a year ago.”
As those attacks increase – posing serious risks to patient safety – healthcare leaders are asking the government to do more to help protect the critical IT systems of U.S. providers.
“It blows my mind that ultimately, it’s on the individual hospital systems to attempt to – essentially in isolation – figure it out,” Politico quotes Lee Milligan, chief information officer at Oregon-based Asante Health System. “If a nation state has bombed bridges that connect over the Mississippi River and connect state A and B, would we be looking at it in the same way? And yet the same risk to life happens when they shut down a health system.”
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.
More Whitepapers
More Webinars

© 2023 Healthcare IT News is a publication of HIMSS Media

source

We don’t support this browser version anymore. Using an updated version will help protect your accounts and provide a better experience. 
Update your browser
Please update your browser.
We don’t support this browser version anymore. Using an updated version will help protect your accounts and provide a better experience.
Update your browser
Home
Sign in
Free credit score
Financial Education
Customer Service
Give feedback
Schedule a meeting
Find ATM & branch
It appears your web browser is not using JavaScript. Without it, some pages won’t work properly. Please adjust the settings in your browser to make sure JavaScript is turned on.

A credit card data breach occurs when personal credit card data is exposed to an unauthorized individual. The data may include the card owner’s name and address, the card number, expiration date, and verification code (CVV). Breaches can occur accidentally, or thieves may intentionally steal credit card information to commit identity theft, make potential unauthorized purchases or open a new line of credit in someone else’s name.
Having your data compromised in a breach may be nerve-wracking but knowing what to do if you find yourself in this situation could help minimize damage to a minimum.
Credit card data breaches involve the exposure of confidential data, but they can happen in any number of different ways.
In some cases, a data breach may be entirely accidental. A company’s data protection measures could fail, exposing users’ credit card information to the public (including potential criminals who want to take advantage of it).
Hackers and identity thieves use unscrupulous methods to access private information as well. In small-scale data breaches, they may get access to someone’s physical credit card and use it to make purchases. Alternatively, they may use a credit card skimmer — a piece of technology that can record credit card information when people swipe their cards at a machine — to capture credit card details. 
Large-scale credit card breaches happen when criminals use nefarious tactics like phishing, SQL injections (installing malicious code on a web app), or fake web applications/text messages to obtain credit card information. These tactics give criminals access to their target’s websites or applications, potentially allowing them to access a lot of information all at once.
Depending on the situation, the user may be the first to realize something is wrong after spotting unfamiliar purchases on their credit card statement, in which case they should immediately contact their credit card issuer.
Credit card companies also have a number of security measures in place to help monitor for suspicious activity and credit card theft. Fraud monitoring allows credit card companies to watch for suspicious transactions and may reach out to customers for verification. 
In large-scale credit card data breaches, companies are required to inform customers that their information was compromised. In such situations, they will typically provide further context around what caused the breach and what information was accessed, and they’ll advise customers about what actions they should take. This may include reviewing statements for unauthorized purchases or changing compromised passwords.
You can never be too careful with your credit card information. There are several actions you may consider taking to reduce the chances of having your information compromised in a breach — or used fraudulently in the event it is.
One way criminals gain access to your credit card information is through a weak password. Using the same password for many different sites and services puts you at risk, as do simple passwords that are easy to guess, like “password123" or your pet’s name.
Consider using unique and secure passwords for every site you use and updating your passwords frequently.
Many online companies allow you to set up two-factor authentication. For example, a company may send you a code via a text message when you are trying to log in or ask you to verify a security question alongside your password to gain access.
This extra layer of protection may help prevent credit card breaches in the future.
If you lose a credit card at any point, the credit card issuer can freeze the account. This will help prevent anyone who may have stolen your card from using it to make unauthorized purchases.
If a credit card expires or you’ve stopped using it altogether, destroy the physical card before disposing of it. You can do this by cutting it up into small pieces and putting them in the waste bin.
If you have a piece of mail or a printout with your Social Security number, credit card information, or any other identifying factors, a shredder may come in handy to help destroy any personal documents before anyone can find them and use them for future unauthorized purchases.
Criminals attempt to steal your information in a variety of ways, so knowing the warning signs is a good way to protect yourself. Never click on a link sent to you via email or text message unless you know who sent it, and you know the person or company that sent it did so intentionally. 
Remember, if someone else has fallen victim to identity theft, criminals may use their identity to gain your trust and get your information as well. So, if someone you know sends you a random message on social media or via text asking you to click a link, you may want to refrain from clicking until you’ve verified that the person sending you the link is who you think it is.
Your credit card company most likely has methods in place to protect your information, but there may be additional security measures they offer that you may not be using. You can find out more by visiting their website or calling their customer service line and asking about what you can do to further protect your credit card information.
If you have been informed that your credit card information has been compromised, you may want to review your credit card statements for unfamiliar purchases. You may also want to change the passwords on any accounts associated with the breach (even if you don’t see anything strange on your statements).
Getting caught up in a data breach can be frustrating to say the least, but there are things that might help prevent this situation. When you know the warning signs and if you suspect your credit card data has been breached, there are steps you can take to help protect your personal information and your money.
Cash back rewards are bonuses provided to customers when they use their cards to make purchases. Cash back rewards can take the form of dollars or points.
Understand the debt-to-income ratio and its significance in personal finance. Learn how to calculate your debt-to-income ratio and why lenders use it.
Debt consolidation means to bring all of your balances to a single bill & it can be a useful way to manage your debt. Here's how to consolidate your credit card debt.
Enjoy 24/7 access to your account via Chase’s credit card login. Sign in to activate a Chase card, view your free credit score, redeem Ultimate Rewards^® and more.
Explore the world and earn premium rewards with Chase Sapphire Reserve^® or Chase Sapphire Preferred^®. Compare travel credit cards and find your ideal travel companion.
Earn Chase Ultimate Rewards^® on everyday purchases and redeem for travel, cash back and more. See all our rewards credit cards and choose one that’s right for you.
Enjoy the convenience of earning cash back with Chase Freedom^® or Chase Freedom Unlimited^®. Compare our cash back credit cards to find your best option.
Browse credit cards from our premier partners, including Amazon Rewards cards, Southwest Rapid Rewards cards, Marriott Rewards and others.
Own a business? Power its potential with one of our business credit cards, like Ink Business Preferred℠, Ink Business Unlimited℠ or Ink Business Cash℠.

“Chase,” “JPMorgan,” “JPMorgan Chase,” the JPMorgan Chase logo and the Octagon Symbol are trademarks of JPMorgan Chase Bank, N.A.  JPMorgan Chase Bank, N.A. is a wholly-owned subsidiary of JPMorgan Chase & Co.
Your points don’t expire as long as your account is open; however, you’ll immediately lose all your points if your account is closed for program misuse, fraudulent activities, failure to pay, bankruptcy, or other reasons described in the terms of the Rewards Program Agreement.

© 2023 JPMorgan Chase & Co.
Chase’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you’re about to visit. Please review its terms, privacy and security policies to see how they apply to you. Chase isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the Chase name.

source

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020.
New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when inflation is growing, breached businesses have passed higher costs to customers, with 60% of organizations in the study reporting that they increased the price of goods and services in response to losses from the breach.
These are among the dozens of findings from the study of 550 organizations across a variety of industries and geographies that experienced a data breach between March 2021 and March 2022. Now in its 17th year, with research independently conducted by Ponemon Institute, and featuring analysis by IBM Security, the Cost of a Data Breach Report is among the leading benchmark reports in the security industry. It offers IT, security and business leaders a lens into risk factors that can increase the costs associated with a data breach, and which security practices and technologies can help mitigate security risk and financial damages.

The use of security AI and automation has jumped by nearly one-fifth since 2020, and cost savings from security AI and automation were the highest of any factor studied.
The percentage of organizations with security AI and automation deployed grew from 59% in 2020 to 70% in 2022, an 18.6% growth rate. Those organizations that reported their security AI and automation technologies are “fully deployed” — 31% of organizations — experienced breach costs that were $3.05 million less than at organizations with no security AI and automation. Data breaches at organizations with no security AI and automation deployed cost an average $6.2 million, compared to an average $3.15 million at organizations where security AI and automation was fully deployed.
The ROI from security AI and automation is apparent from another metric, that of time. Security AI and automation not only reduced costs, but they also significantly lowered the time to identify and contain a data breach (i.e., the breach lifecycle). With those technologies fully deployed, the average lifecycle of a data breach was 74 days shorter than the average for no security AI and automation.
IBM provides SOAR solutions to help businesses accelerate incident response with automation, process standardization and integration with businesses’ existing security tools. These capabilities enable a more dynamic response, providing security teams with intelligence to adapt and guidance to resolve incidents with agility and speed.

Healthcare breach costs surged to $10.1 million, the highest average cost of any industry for 12th year in a row.
While healthcare costs in the U.S. have seen increases between 6% and 7% since 2020, according to PwC, data breach costs in the industry have far outpaced overall healthcare inflation in the same time period. Healthcare industry breach costs surged 42%, growing from $7.13 million in 2020 to $10.10 million in 2022. Healthcare has been the highest cost industry for 12 years in a row.

More organizations deploy zero trust in 2022 than they did in 2021, with cost savings of about $1 million.
This was the second year that the report looked at the impact of a zero trust security framework on the average cost of a data breach. The share of organizations deploying a zero trust architecture grew from 35% in 2021 to 41% in 2022. The other 59% percent of organizations studied in the 2022 report who do not deploy zero trust incurred an average of $1 million in greater breach costs compared to those that do deploy zero trust. However, the cost savings were even greater for those with a mature zero trust deployment — about $1.5 million lower compared to organizations at the initial stages of a zero trust program.
Ransomware and destructive attacks were more expensive than the average breach in 2022, while the share of breaches involving ransomware grew by 41%.
Last year was the first year that the report looked at the cost of ransomware and destructive attacks. The average cost of a ransomware attack — not including the cost of the ransom — went down slightly in 2022, from $4.62 million to $4.54 million, while destructive attacks increased in cost from $4.69 million to $5.12 million, compared to the global average of $4.35 million. The share of breaches caused by ransomware grew from 7.8% in 2021 to 11% in 2022, a growth rate of 41%.
The impact of incident response teams and regularly tested incident response plans on cost was $2.66 million in average savings.
Forming an incident response (IR) team and extensive testing of the IR plan were two of the most effective ways to mitigate the cost of a data breach. However, of studied businesses that have IR plans (73%), 37% don’t test their plan regularly. It’s essential that businesses routinely test their IR plans through tabletop exercises or run a breach scenario in a simulated environment, such as a cyber range.
The 2022 study broke new ground in research with some fresh findings showing how the cost of a breach was affected by factors including supply chain compromises, critical infrastructure, and the skills gap. The study also explored how security technologies, including extended detection and response (XDR) and cloud security, impacted breach costs. Below are some of these findings.
$4.82 million was the average cost of a critical infrastructure data breach.
The average cost of a data breach for critical infrastructure organizations studied was $4.82 million — $1 million more than the average cost for organizations in other industries. Critical infrastructure organizations included those in the financial services, industrial, technology, energy, transportation, communication, healthcare, education, and public sector industries. Twenty-eight percent of critical infrastructure organizations experienced a destructive or ransomware attack, while 17% experienced a breach because of a business partner being compromised.
45% of breaches occurred in the cloud, but breaches cost less in hybrid cloud environments.
Forty-five percent of breaches in the study occurred in the cloud. Breaches that happened in a hybrid cloud environment cost an average of $3.80 million, compared to $4.24 million for breaches in private clouds and $5.02 million for breaches in public clouds. Organizations with a hybrid cloud model also had shorter breach lifecycles than organizations that solely adopt a public or private cloud model. It took 48 fewer days for hybrid cloud adopters to identify and contain a breach, compared to public cloud adopters.
XDR technologies helped reduce breach lifecycles by almost a month.
Those 44% of organizations with XDR technologies saw considerable advantages in response times. Organizations with XDR deployed had a data breach lifecycle that was on average 29 days shorter compared to organizations that didn’t implement XDR.
XDR capabilities can help significantly reduce average data breach costs and breach lifecycles. For example, IBM Security QRadar XDR enabled businesses to detect and eliminate threats faster by leveraging its single unified workflow across tools.
The skills gap cost organizations more than half a million dollars in data breach costs.
Just 38% of organizations in the study said their security team was sufficiently staffed. This skills gap was associated with data breach costs that were $550,000 higher for understaffed organizations than for those with sufficiently staffed security teams.
Nearly one-fifth of breaches were caused by a supply chain compromise, which cost more and took nearly a month longer to contain.
A number of major attacks in recent years have reached organizations through the supply chain, such as organizations being breached due to the compromise of a business partner or supplier. In 2022, 19% of breaches were supply chain attacks, at an average cost of $4.46 million, slightly higher than the global average. Supply chain compromises had an average lifecycle that was 26 days longer than the global average lifecycle.
The Cost of a Data Breach Report contains a wealth of information that can help organizations understand potential financial risks and benchmark costs based on a variety of factors. Plus, the report includes recommendations for security best practices based on IBM Security’s analysis of the research.
There’s more to explore in the full report, including:
Register to download a PDF of the complete report.
Register for a webinar with IBM Security experts discussing key findings and best practices.
John Zorabedian is a content marketing manager at IBM Security, with nearly a decade of experience in marketing in the cybersecurity industry. At IBM, he dir…
4 min read – Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
17 min read – Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers…
4 min read – As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting…
View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…
Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…
2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…
The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are the headline breaches and supply chain attacks to consider. Over recent years, what lessons can we learn from our recent history — and what projections…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source