The Securities and Exchange Commission said that in 2016, hackers gained access to its computer database containing potentially market-moving corporate information and might have used the information for illegal trading gains. The SEC said it concluded only last month that the cybercriminals might have used the data for trading.
The growing risk of cyberattacks will help the cyberinsurance market grow to as much as $14 billion by 2022, Allied Market Research predicts. Stand-alone cyberinsurance policies have expanded to cover new threats, such as ransomware, while experts believe that general policies that weren't designed to cover cyberrisks will leave many threats uncovered.
Companies can face liability if a vendor suffers a data breach, and lawyers urge them to take steps to curtail such risk. Companies should thoroughly vet vendors and ensure that contracts spell out certain obligations and rights in such a situation, the lawyers write.
Data breach costs in North America have climbed to $1.3 million for large companies and $117,000 for small- and midsize businesses, a Kaspersky Lab and B2B International report states. The primary costs for enterprise recovery come from paying additional staff wages and a decrease in business, but the report notes that most firms are boosting their IT security budgets to handle increasing infrastructure complexity.
Carelessness exhibited by employees was cited by 54% of IT professionals as the primary cause of cybersecurity incidents in the workplace, a study by Keeper Security and the Ponemon Institute has found. Issues with passwords also were cited as problematic, with many respondents saying that password policies did not exist or were not enforced at their companies.
Fifty-nine percent of 129 White Hat and Black Hat hackers surveyed said phishing is the best way to steal data from organizations, including health care groups, followed by ransomware and malware, a Bitglass report states. Respondents also cited access controls, facial recognition and password protection as the three least effective enterprise security measures, while data at rest in the cloud, mobile devices, outdated applications/programs/systems, traditional on-premises security and unmanaged devices were listed as the top five blind spots in data security.
The EU's plans to give consumers more control over their data through the General Data Protection Regulation means big changes and challenges for businesses. It is up to businesses to know, understand and follow the law to avoid fines and other penalties, and to overcome obstacles such as locating and monitoring data.
Organizations should consider training more of their IT personnel on using threat intelligence data to help handle the ongoing rise in cybersecurity threats, writes Sue Poremba. "IT staff are the ones already working with the infrastructure and have a better understanding of the organization's mission than other employees, and many already do frontline cybersecurity defense or mitigation as part of their regular duties," she writes.
Consult Hyperion report predicts $4,662M in fines for EU FinServ Institutions in first 3 years of the GDPR requirements
New report from Consult Hyperion predicts $4,662 million, or 4.7 billion euros in fines for EU FinServ Institutions in the first three years of the General Data Protection Regulation (GDPR) requirements. Under GDPR, these fines could apply to any organization doing business in the EU, or those that process personal information for EU residents or visitors. While most organizations focus only on breach prevention, the breach notification provision poses the highest risk to businesses. Download the report to learn how GDPR applies to your business, and how AllClear ID can help you prepare.