Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics. There seems to be a clear trend in attacks against the healthcare industry, and that trend includes targeting smaller healthcare companies and clinics.

As the years go by, technology continues to evolve, and as we rely more and more on smart devices and the online space, there becomes greater risks of cyberattacks. If you work as a cybersecurity professional, then you are fighting the good fight, but it isn’t always easy. The job is unpredictable, and it requires odd hours and constant vigilance.

Have you ever had to set up your Gmail account on a secondary device, such as your tablet, and when you tried to login, verification prompts were sent to your original device to confirm that the login attempt was done by you? You confirmed the login, and that ended it. That is exactly what happened to an Uber employee whose account was compromised.

UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts. 200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks.

IT environments in businesses are often volatile. The value of hardware might depreciate over time. There is constant evolution in the world of software. Existing configurations go through a variety of transitions. While some of these updates are permitted since they are part of the organization's regular patching cycle, others raise red flags because they appear out of nowhere.

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies.

As we approach the holiday season, we wanted to focus this month’s post on you (and your family). Bad guys don’t just wait until the holidays to start causing havoc, they also relentlessly target all of us all throughout the year. Judging by our perseverance, nothing is going to keep us from a good holiday deal, and attackers love to use this season to their advantage. Therefore, we must all keep a frosty demeanor (pun intended) to protect ourselves.

It would be nice to imagine that when cyber criminals look for their next target, they ignore the small- and medium-sized businesses (SMBs) that simply can’t afford an attack. Unfortunately, that’s not the case. In fact, 43% of cyber attacks are directed at SMBs. Today, a massive 80% of North American SMBs are at risk of a cyber attack.

Every single blog you read on cybersecurity has at least one mention of the Zero Trust approach to cybersecurity (even this one 😊). Alas, don’t consider that Zero Trust is yet another hyped word that will soon vanish into thin air. Zero Trust, originally dubbed more than a decade ago, came up as a necessity to defend systems, networks, data and people against the increasing sophistication of attackers that rendered implicit trust a vulnerability.

Many enterprises perceive cyber-attacks as malicious actions predominantly executed by external actors. Enterprises devote time and budgets investing in methods to bolster their security perimeters against external threat actors. However, it is equally important for these organizations to remember that many cyber-attacks, which cost millions in losses, originate through an internal compromise.