Internet data breaches threaten the usernames and passwords of billions of people, but bad actors find phishing is the most effective way to hijack their victims' online identities, according to researchers at Google and the University of California-Berkeley. In a year-long study of online black markets, the researchers found that 25 percent of phishing victims were at risk of a Google email account takeover after their credentials were exposed, compared to 7 percent of victims of third-party data breaches and 12 percent of keylogger victims.

In other news business travelers headed to other countries should be familiar by now: Keep your laptop with you at all times. But not all travelers are heeding them, and many are unaware of the foreign hackers and state-sponsored spies who are taking advantage of their lax security practices. The theft of technical product specifications, investment plans, research on mergers and acquisitions, marketing plans and other information can have consequences beyond loss of revenue and market position.

Cyber threats in healthcare and medical devices

Technology is booming in healthcare organizations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information. As technology becomes more ingrained into core healthcare offerings, there is an increased threat of cyberattacks disrupting services, stealing sensitive patient data, and putting lives at risk. It’s crucial that healthcare IT professionals plan strategically about how they can manage risk within their organization and respond to active threats to ensure the security and safety of patients and their data.

Cyber considerations in business deals

Evaluating a business decision? Given the ubiquity of electronic data, an acquirer must have a comprehensive understanding of a target company’s data privacy and cybersecurity risks. Such an understanding can minimize transactional risks and post-closing liabilities. An acquirer’s cybersecurity due diligence should investigate the target company’s data privacy practices and procedures, evaluate the risks addressed by those practices and procedures and seek to eliminate (or at least reduce) those risks post-closing.

High profile hacking incident updates

Credit reporting agency Equifax, which suffered a data breach over the summer that left vulnerable the personal financial information of nearly half of all Americans, was served November 10 with a rare "50-state" complaint that aims to combine the dozens of individual suits filed against Equifax since September.

Hackers are continuing to attempt to gain access to the networks of nuclear power companies and others involved with critical national infrastructure, raising concerns about cyber-espionage and sabotage. A report compiled by the FBI and US Department of Homeland Security (DHS) has warned of an ongoing hacking campaign that has seen attackers infiltrate the networks of power companies and others to steal details of their control systems, including information from control systems within energy-generation facilities.

The NSA's hackers were hacked in a major cybersecurity breach. A group known as The Shadow Brokers have stolen sophisticated tools the agency uses to penetrate computer networks.

Top News

What all of us can do

Google Study Finds Phishing Is Top Online Threat  Internet data breaches threaten billions of people's usernames and passwords, but bad actors find phishing is the most effective way to hijack their victims' online identities, according to researchers.  Newsfactor Network on Nov 14, 2017

Foiling Cyber-Spies on Business Trips Intellectual property theft is not new, but it’s more widespread, experts say, thanks to tiny cameras and microphones or compromised Wi-Fi networks.  New York Times - Most Recent on Nov 13, 2017

Healthcare

The healthcare industry’s fear of the cyber threat  Originally written by Nick Ismail on Information Age Technology is booming in healthcare organizations with digital transformation policies leading to increased adoption of connected medical devices, big data analytics for faster and more accurate diagnoses, and paperless systems for the easy exchange of patient information.   Information Age - Articles on Nov 14, 2017

FDA stresses importance of addressing cybersecurity risks in health care  Medical device security should be a top priority among health care organizations as the sector becomes increasingly dependent on connected devices, Suzanne Schwartz, the FDA's associate director for science and strategic partnerships at the Center for Devices and Radiological Health, wrote in a blog post. Schwartz cited the importance of having a total product lifecycle approach and integrating security at the product design phase and also clarified the agency's role in medical device cybersecurity, saying that it is not the only agency responsible for cybersecurity.  SmartBrief - Ultrasound on Nov 9, 2017

One-Fifth of Healthcare Organizations Still Run XP  Infoblox report finds many organizations lack visibility and control.  Info Security News on Nov 14, 2017

Business alerts

Remember cybersecurity due diligence when evaluating a business acquisition  Given the ubiquity of electronic data, an acquirer must have a comprehensive understanding of a target company’s data privacy and cybersecurity risks. Such an understanding can minimize transactional risks and post‑closing liabilities. A key due diligence task is determining the adequacy of the target company’s data privacy and cybersecurity practices given its legal obligations and the type and volume of information it collects. As with any due diligence exercise, the goals are to inform, validate and quantify.   Biz Journal - Midwest News on Nov 14, 2017

SEC May Give New Guidelines on Reporting Cybersecurity Breaches  A senior Securities and Exchange Commission regulator said public companies will soon face new guidelines for how they report cybersecruity breaches to investors.  Wall Street Journal Technology - What's News on Nov 9, 2017

No one is safe

Equifax Hit With Rare '50-State' Complaint Over Data Breach  Credit reporting agency Equifax, which suffered a data breach over the summer that left vulnerable the personal financial information of nearly half of all Americans, was served November 10 with a rare "50-state" complaint that aims to combine the dozens of individual suits filed against Equifax since September.   Law360 - Texas Law on Nov 14, 2017

Hackers are attacking power companies, stealing critical data: Here's how they are doing it  Attackers are particularly interested in industrial control systems -- and they're still at it right now.  ZDNet - News on Oct 23, 2017

NSA's Hackers Are Hacked In Major Cybersecurity Breach  David Greene talks to Matthew Olsen, former head of the National Counter Terrorism Center, for an assessment after hackers at the National Security Agency were hacked.  NPR - Talk of the Nation on Nov 14, 2017