Reports by good Samaritan hackers participating in the Department of Defense's voluntary reporting program have led to the mitigation of more than 2,800 security issues as the program approaches its one-year anniversary. More than 50 countries are represented among approximately 650 individuals who participated.
Twenty-eight percent of 9,000 respondents to a PricewaterhouseCoopers survey said they didn't know how many cyberattacks had affected their organizations, writes Michael Aminzade of Trustwave. Conducting a comprehensive risk assessment is critical to organizational cybersecurity, he advises.
Forever 21 announced Tuesday that its payment system may have been compromised, potentially putting its customers' credit card data at risk. The company says that an investigation into transactions that occurred between March and October is ongoing.
Understaffing of cybersecurity professionals is not just an inconvenience; it also increases a company's risk of facing a cyberattack or a data breach, reveals a survey from Life and Times of Cyber Security Professionals. Seventy percent of respondents said the shortage had affected their organizations, while 22% said the shortage had contributed to an attack or breach at their company within the past two years.
More than 12 states have purchased cyberinsurance to pay for credit monitoring, legal fees and security assessments of state servers in case of a network hack. Fitch Ratings reports that insurance companies saw a 35% increase to $1.35 billion in premiums for such policies in 2016.
A security breach involving Parity Technologies has erased between $150 million and $350 million in cryptocurrency, owned mostly by small businesses. There is no word on whether the money is recoverable.
A study published in JAMA Internal Medicine claiming that larger health care facilities have an increased data breach risk "neglects inherent biases in data collection and reporting practices," Vanderbilt University researchers wrote in a letter to the editor in the same journal. Researchers noted that treating data breaches based on their size rather than on their impact could negatively affect perceived privacy and security risks, and they raised concerns about the gap between detected and unreported breaches.
Acting HHS Secretary Eric Hargan received a letter from the House Committee on Energy and Commerce asking for details about the departures and employment appointments of HHS Deputy CISO Leo Scanlon and Margaret Amato, former director of the Healthcare Cybersecurity Communications and Integration Center, both of whom were displaced from their positions on Sept. 6. "It is ... important to understand what led HHS to temporarily remove two key HHS cybersecurity officials from their positions, while possibly making structural changes to [HHS'] role, thus creating new uncertainty as to who is in charge," the letter stated.