Tag: Cybersecurity
Cybersecurity

In Plain Sight: Zero-Day Vulnerabilities

Zero-day vulnerability is a futuristic sounding term – you can almost picture it as the name of a science fiction novel – but it presents a great threat to organizations across all industries. These vulnerabilities are holes in software which lack a patch or fix, meaning they can be exploited by clever cyber criminals to steal your information. Back in 2014, Anthem, a major US health insurer, suffered what was then the biggest healthcare breach ever. This attack was conducted by a group known as “Black Vine,” who used zero-day vulnerabilities in Internet Explorer to carry out the attack. Recently, RAND corporation, a research organization that develops solutions to public policy challenges to help make communities throughout the world safer

Read More »
BAI Security March 17, 2017
Cybersecurity

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own. We bring this up for a good reason: people still aren’t taking passwords seriously. A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in

Read More »
BAI Security January 19, 2017
breach security

The Final Tally: Healthcare Breaches in 2016

The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people. The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016. Business State Individuals Affected Submission Date Type of Breach Banner Health AZ   3,620,000   8/3/16   Hacking/IT Incident   Newkirk Products, Inc.   NY   3,466,120   8/9/16   Hacking/IT Incident   21st Century Oncology   FL   2,213,597   3/4/16   Hacking/IT Incident  

Read More »
BAI Security January 12, 2017
Cybersecurity

The Biggest Threats of 2016 and Predictions for 2017

This year had its share of headline grabbing cybersecurity news. From Yahoo’s many breaches, to new threats in phishing and social engineering, 2016 wasn’t short on new threats. With the year wrapping up, we wanted to take a minute to recap what we saw as the biggest threats of 2016, what to prepare for in 2017 and what you can do right now to protect yourself. The Biggest Cybersecurity Threat of 2016 By far, the most significant cybersecurity threat of 2016 was ransomware. The Kaspersky Security Bulletin 2016 states that the rate of ransomware attacks against businesses increased this year from one every two minutes in January to one every 40 seconds in September. Kaspersky Lab detected 2,900 ransomware variations

Read More »
BAI Security December 29, 2016
Banking

The Year of Ransomware

Ransomware is a threat you’ve probably heard a lot about in 2016. That’s not without good reason – it’s one of the main cybersecurity threats facing businesses today. Though preventative steps do exist, this is still an extremely effective attack method you can’t afford to ignore. One successful attack is all it takes to set your business back drastically. The Method Victims of ransomware receive demands for bitcoins, the volatile virtual currency whose value to real world dollars can rapidly change at any moment, making it even more difficult for a business to secure their data’s release. The standard attack goes like this: Online gangs of cyber criminals remotely encrypt and lock computers, leaving victims with a ransom screen they can’t

Read More »
BAI Security October 7, 2016
Breach

Key Takeaways from RSA 2015

RSA 2015 drew more than 28,000 security-minded people to its latest week-long conference in San Francisco. The key takeaways from the discussions, workshops, and keynotes were highlighted by the tech, business, and mainstream press. The Associated Press coverage pointed out that attending RSA is a particularly sobering experience for those not involved in the security industry. The reporter noted that many breaches are the result of human error – one click on a link in a phishing e-mail, malicious text message, or website can open a network to attack. “Verizon researchers estimate one in five phishing emails were read by their targets and one in 10 persuaded someone to open an attached file,” the reporter noted, adding that the newest

Read More »
BAI Security April 30, 2015
Attack

Securing Billions of Smart Things

There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners).  That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is 50 billion things will be interconnected, merrily gathering data, and making our lives easier/transforming the world into a marketer’s magic kingdom. The US Federal Trade Commission (FTC) has signaled its strong interest in bringing privacy enforcement to the so-called Internet of Things (IoT), with the release of its “voluntary standards” report this week.  We put those two works inside quotes because while the standards are voluntary right now, it’s a safe bet that they will be used in

Read More »
BAI Security February 3, 2015
C-Suite

FREE SECURITY AWARENESS TRAINING FOR FINANCIAL INDUSTRY EXECUTIVES

Security awareness will be a focus for banking regulators in 2015, with a focus on financial institutions’ C-suite executives and boards of directors. It’s likely that an in-depth refresher program will be a must for many, as new regulations are more complex and put a strong emphasis on cybersecurity preparedness. One resource that financial institutions may wish to consider when choosing training is the free cybersecurity education program supported by the Department of Homeland Security and the Federal Emergency Management Agency. (Thank you to http://www.bankinfosecurity.com for alerting us to this offering.) The newly updated cybersecurity curriculum is part of a series of courses offered by the National Cybersecurity Preparedness Consortium, a partnership between Texas A&M’s Engineering Extension Service, The University of San

Read More »
BAI Security December 9, 2014
Cybersecurity

FINANCIAL INDUSTRY IT SECURITY 2015 TO-DO LIST

The forthcoming cybersecurity guidance from the Federal Financial Institutions Examination Council is expected to focus on people and processes that defend against specific types of threats, Future IT examinations for all sizes of banking institutions will include reviews of employee awareness of security threats, the depth and breadth of an institution’s training programs, patching policies, and – especially – securing mobile banking. When will the guidance be released? There is no date set as yet for when the guidance will be issued, but all indications point to 2015. Congressional pressure on industries to address the growing numbers of data breaches, combined with the banking industry’s strong interest in delivering mobile services, will likely push the FFIEC to move forward comparatively quickly with

Read More »
BAI Security November 26, 2014

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact