Data Breach, Vulnerability Data on Track to Set New Records in 2017

“There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.

Enterprise security executives looking for metrics to justify their budgets to top management should have plenty of material to choose from for the rest of year.

Two reports from Risk Based Security this week show that numbers related to data breaches and software vulnerabilities look set to break new records in 2017, if first quarter trends are any indication.

Risk Based Security’s analysis of Q1 data showed there were a total of 1,254 publicly reported data breaches worldwide, which together exposed a mind-boggling 3.4 billion records containing sensitive data.”

Read more article details here.

Author: Jai Vijayan

The Top 5 IT Security Skills SMBs Need in 2017

Cybersecurity is not a new concept, but it is taking on new importance this year. Today’s digital organizations are driven by new technology and dependent on orderly data, and everyday life seems to be increasingly happening on top of connected infrastructures. The risks posed by cybersecurity attacks are monumental, but to mitigate those risks, new skills are needed.

However, modern businesses, specifically small- and medium-sized businesses (SMBs) are struggling to keep up with the cybersecurity skills required to secure IT infrastructures, respond to incoming threats and ensure proper operations. According to CompTIA’s recent report, The Evolution of Security Skills, between 18 and 32 percent of companies say that they need significant improvement to existing security expertise across various topics. So, with the apparent need for improved security skills, how can you present your managed IT services to prospective clients as a solution for bridging this widening security skills gap?

We all know that security skills are in high demand today, but they can be hard to come by for many SMBs who don’t have the budget to hire an in-house security team. Their most practical and financially-sound option is to partner with an MSP like you and leverage your services and expertise to bridge this security skills gap. If you need help convincing your prospective clients of this, you can download the chart below and pair it with the talking points to make the case for why SMBs need your services to stay protected against today’s sophisticated threat landscape.

Network Infrastrcture Security

  • Network and infrastructure security is the skill that’s in highest demand, which makes sense because that’s where cybercriminals usually first gain access and wreak havoc on a company’s digital access. Today, network security has expanded beyond basic firewalls into application-aware firewalls, intrusion detection/prevention, and network monitoring. In order to protect your whole infrastructure and network, you need to be able to have line of sight into what’s going on, and that’s where a proactive remote monitoring and management (RMM) solution can be most valuable. Our RMM solution will keep an eye on the health and security of your IT infrastructure, and because it’s coupled with antivirus, it will be able to provide actionable alerts, protection against potential threats and help enhance the defenses of your network and your overall business.

Knowledge of Threats & Threat Management

  • Because threats are ever changing and evolving, threat knowledge is becoming increasingly important. Knowledge can be your first line of defense against cyber threats, so you need to know what to lookout for. As a business owner, however, you don’t have the time to scour the Web or keep constant watch on current cybersecurity trends. But that’s where we come in.

    Partnering with us gives you complete access to our IT expertise. Along with our services, we can provide security training and education and network assessments to ensure your entire businesses is prepared to thwart off any potential threats. No more worrying about learning curves or finding the right hire. With our managed services, you’ll have the knowledge and skills you need to keep up with changes in the threat landscape.

Application and Data Security

  • Now, not only do you know what to look out for, you need to be prepared to properly handle and manage threats. Few capabilities are more fundamental to proactive threat monitoring and management than real-time monitoring, and our RMM solution can perform this function for you.
    In the event of a cybersecurity incident, your most essential data must be properly secured and easily restorable. To maintain business continuity and mitigate the damage caused by a successful cyber attack, you need our reliable business continuity and disaster recovery (BCDR) solution. It is the ultimate failsafe against data breaches and data loss. If your essential files are encrypted by ransomware, our BCDR solution will ensure that your data can be restored from the point at which it was last backed up. This helps minimize costly downtime and allows your business operations to continue as usual.

Compliance and Operational Security

  • If you’re in the healthcare or financial services vertical, you know maintaining compliance is vital to staying in operation. Working with a HIPAA compliant IT solutions provider who understands HIPAA regulations will free you from the stress of worrying about all the protocols, policies and procedures you need to follow. Similarly, if you’re offering e-commerce services on your website, you need an MSP who fully understands the PCI security standards and how to keep all of your business data protected.

 

Find original article here.

Author: Lily Teplow, Continuum

DATA BREACH REPORTS SET TO “SKYROCKET” IN 2017 THANKS TO PASSING OF DIGITAL PRIVACY ACT

“Reports of data breaches in Canada will “skyrocket” this year, Kevvie Fowler, KPMG’s national leader of cyber response in Canada, has predicted to the CBC.

Upcoming changes in Canadian privacy law, as well as guidance from the Canadian Securities Administrators (CSA), will force companies to be more transparent about cyberattacks than they have in the past, as well as outline the risk for potential compromised data in the future. The Digital Privacy Act, passed in June 2015, requires data breach notification and reporting regulations to become part of privacy law.

The Act was supposed to take effect in “early 2017,” according to the government, but industry experts expect this to happen by the fourth quarter of the year. Following that, organizations will now have to log all breaches and notify users of any breach that could pose “a real risk or significant harm.”

This could include letting users know about compromises in information such as names and addresses, credit card data, previous online shopping orders and security questions and passwords. Failure to handle these breaches accordingly can result in fines of up to $100,000 CAD.”

Read more details here.

Author: Bradly Shankar

31 Health Data Breaches Disclosed in January as HHS Fines for Late Reporting

“2017 has kicked off with a huge proportion of insider threats, as January data from disclosed breaches reveals that 59.2% of breached patient records were the result of insiders.  This month’s health data breaches reinforce the importance of health data security, as the need to protect patient data from insiders continues to loom large.  Healthcare organizations, more than ever, need to be proactive in discovering and reporting when a breach has occurred. This is especially the case given that HHS OCR has issued its first fine for failing to report a breach within their 60-day window.”

Read more details here.

Author: Protenus 

Study: DataBreaches.net

Victims of W-2 phishing scams (2017 list)

“When someone appearing to be your boss emails you and says they urgently need you to send them employees’ W-2 information from 2016, what do you do? Well, if you haven’t been trained properly or reminded often enough – or if your employer doesn’t have safeguards in place that might prevent you from just sending an email with an attachment out of the system – you might fall for the scam and email criminals the requested information.

If you don’t want to be hated by your colleagues whom you have put at risk of tax refund fraud and identity theft, when you get a request to email W-2 information, STOP and consult with a supervisor and ask them to confirm up the chain that this is a legitimate request.

Last year, this site compiled 145 such incidents before I somewhat waved a white flag in terms of trying to keep up. Let’s see how 2017 goes.”

Read more details here.

Author: Dissent

5 data breach predictions for 2017

“In 2017, most companies have data breach preparedness on their radar. But the threat landscape is ever-evolving. Staying ahead of emerging threats and the increasing sophistication of cybercriminals requires “constant vigilance,” as Mad-Eye Moody from J.K. Rowling’s Harry Potter series was fond of saying.

“Preparing for a data breach has become much more complex over the last few years,” says Michael Buemmer, vice president at Experian Data Breach Resolution. “Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans.”

To aid in that effort, Experian Data Breach Resolution recently released its fourth annual Data Breach Industry Forecast, a report rooted in Experian’s history helping more than 17,000 companies deal with data breaches in the last decade (4,000 in 2016 alone).”

Read more details here.

Author: Thor Olavsrud

Ransomware Poses Evolving Threat to Enterprises in 2017, Report Finds

“Ransomware is a big problem and becoming more serious as hackers around the world target enterprises that are most able to pay hefty data ransoms and can’t afford to be locked out of critical business data, a new report from security companies Trend Micro and Information Security Media Group (ISMG) reveals. The two firms recently surveyed IT leaders at more than 225 companies worldwide on their experience with ransomware. The results were sobering: More than half of respondents reported a ransomware attack in 2016, and a surprisingly large number of IT leaders have no idea how often their company is attacked. Meanwhile, new ransomware families are cropping up at a rapid rate, according to Trend Micro. These facts combined could create major security problems for companies in 2017, the firms say, which is why safeguarding corporate networks from ransomware is critical. In the following slides, eWEEK will discuss the survey’s findings and hopefully shed some light on ransomware to help companies improve their defenses in the years ahead.”

Read more details here.

Author: Don Reisinger