Category: BAI Security Blog
customer data

The Proactive Way to Manage Customer Data

With 2017 behind us and the new year beginning, there’s no time like now to reevaluate how your organization handles sensitive customer information. With data breaches increasing year after year, everyone should turn their gaze inward to ensure they are taking a proactive cybersecurity stance. Why is this so important? Here’s an example of everything that can go wrong if you don’t protect your customer’s data. Breach Fallout This year, the California Attorney General announced a $2 million settlement with Cottage Health — a healthcare network — after the organization suffered two separate breaches in 2013 and 2015, exposing the information of about 55,000 patients. Upon investigation, Cottage Health discovered that a third-party managed services provider named Insync reportedly removed

Read More »
BAI Security January 3, 2018
ephi

Mobile Devices and Healthcare: How to Protect Your Organization

In today’s world, almost every piece of technology comes equipped with the ability to access the internet. Phones, watches — even refrigerators — are built to connect. While the intent here is to make life a little easier, an unfortunate side effect is that these connections open up new pathways for cyber criminals. For organizations that acquire a large amount of sensitive data — health care organizations, for example — these openings become potentially business crippling pathways through which hackers can steal information. Today, we’re going to discuss what endpoints you need to be paying close attention to and how you can ensure your organization is protected against these threats. The Threat In their October newsletter, the Department of Health and Human Services’ Office

Read More »
BAI Security November 30, 2017
Cyber Attack

The Ever-Expanding Threat of Cyber Criminals

The Dark Overlord, a dangerous group of cyber criminals, have made a name for themselves over the past several years. We’ve covered some of their illegal activities in the past targeting healthcare and financial institutions, and unfortunately, they’ve continued to make news. Their latest attacks open a new front into cybersecurity, signaling a shift all organizations should have on their radar. Here’s what you need to know. Real-Life Ransom As you likely know, when it comes to ransomware and cyberattacks, everyone from the FBI to security professionals like us advise that you never pay the demanded ransom. This only emboldens cyber criminals and there’s no guarantee that you’ll actually receive your stolen data. Instead, the best protection is to have

Read More »
BAI Security October 30, 2017
data breaches

2017 in Breaches: Equifax and More

This question was recently answered, as Equifax announced, “We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.” What’s so bad about this disclosure? Well, as it turns out, the patch for this vulnerability had already been made available — months before the breach occurred. This brings with it multiple concerns. For one, Equifax is not going to win back any consumer confidence with the admission that they willingly either chose not to or failed to notice they needed to update their systems when a patch was available. And two, if this could happen to a huge company like Equifax, then who isn’t at risk? Year After Year Growth 2016 was the biggest year

Read More »
BAI Security September 22, 2017
cyber attacks

Spear Phishing: How to Avoid the Newest Tax-Based Scam

In a past blog post, we discussed how cyber criminals will often use tax season as a cover to attack unsuspecting organizations. Usually this is done via a phishing method where the attacker poses as a member of a particular organization’s C-Suite and requests sensitive information be sent their way – like W2 forms, for example. This trick relies on the fact that some HR employees do face requests similar to this, and in such a tense period (tax season), are more likely to slip up and fail to fully verify these requests. With tax season now firmly in the background, one might think that cyber criminals would lay off this method of attack for the time being. Unfortunately, this

Read More »
BAI Security August 21, 2017
Malware

Zero-Day Vulnerabilities: Rooting Out Hidden Threats

In 2015, ransomware and malware related attacks cost businesses around the world $325 million. This was considered to be a relatively acceptable figure. Rumors spread throughout the cybersecurity industry that a future dominated by cybercrimes was something we might be able to dodge. While a high amount, the $325 million value just didn’t meet the worst-case scenario many had expected. Was it possible everyone drastically overestimated how popular these attack methods would become? Fast forward two years later, as ransomware-based attacks alone are expected to reach $5 billion in costs to organizations this year. Obviously, this is an astronomical increase in the spread and effectiveness of cyberattacks. It is, however, just the tip of the iceberg. While ransomware attacks like

Read More »
BAI Security July 25, 2017
cylance

Looking Back: WannaCry and How You Can Prevent Ransomware Infection

WannaCry infections on day 1 via Cyren Last month, a ransomware virus known as “WannaCry” made international headlines by infecting devices in more than 150 countries. In total, over 300,000 Windows-operating computers fell victim to this attack, forced to seek remediation by either being forced to pay a ransom to retrieve their data or relying on their previously backed-up data. This was a unique attack. Oftentimes in this space, we discuss very targeted attacks on specific industries like healthcare and finance. The hackers perpetrating these more targeted campaigns do so for a reason – they’re counting on the element of surprise. They hope there won’t be news coverage of their attack, making it all the more easier to take advantage of the right IT

Read More »
BAI Security June 13, 2017
Compromise Assessment

Windows Vulnerability

Oftentimes, cyber attackers are able to infiltrate the networks of organizations through holes in older programs which have not been updated. Recently, a malware known as “DoublePulsar” has been found targeting un-patched Windows systems, inserting itself within networks and laying seeds for future ransomware attacks. Here’s what’s currently known about this threat and what steps you can take to prevent yourself from falling victim to it. An Advanced Attacker As reported in Bank Info Security, a group of hackers known as the “Shadow Brokers” – believed to have ties with the Russian government – released a set of attack tools which exploit flaws in older versions of Windows. One of these tools, DoublePulsar, has been adopted by attackers and implanted in

Read More »
BAI Security April 27, 2017
employee training

Employee Training is the Only Way to Prevent Social Engineering

Social engineering is currently one of the hottest topics within the IT security world – for good reason. The use of this attack method is only increasing, as phishing attempts grew by a whopping 250% between October 2015 and March 2016, and to make matters worse, combatting this threat poses a very unique challenge. While phishing methods can sometimes be blocked by email spam protections and other similar barriers, detection mostly falls on employees who are challenged to figure out what is real or not. This can be much more difficult than it seems – and it’s only getting harder. Take the following into consideration. Emails can appear as though they are sent from official sources – with official graphics, signatures and

Read More »
BAI Security April 20, 2017
Breach

Minimizing the Effects of a Breach: ABCD Pediatrics

Oftentimes, a prominent cyber-attack leaves us wondering why the targeted organization didn’t do more to protect themselves. And sometimes this is a correct response, like in the case of the infamous Yahoo breaches, where so many things could have been done differently to prevent the massive fallout that company has experienced as a result of these attacks. Of course, this isn’t the case with all breaches. An organization can take every appropriate step to protect themselves, yet still be a victim. This doesn’t mean that these efforts were a failure; in a world with rapidly increasing numbers of malware and daily cyber-attacks, managing to ward off any portion of an attack is a win. ABCD Pediatrics, a Texas-based practice, recently

Read More »
BAI Security April 13, 2017

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact