Beware of Equifax Data Breach Phishing Scams
Sep14

Beware of Equifax Data Breach Phishing Scams

Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the breach, which potentially exposed their names, dates of birth, email addresses, phone numbers, home addresses, Social Security numbers and driver’s license numbers. 209,000 Americans also had their credit card numbers stolen. As is common following any data breach, victims have to be alert to the risk of identity theft and fraud. Criminals are quick to use credit...

Read More
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
Sep12

LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information

A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail messages to the account holders’ contacts. Since the messages appear to come from a contact, they are more likely to be trusted. MalwareBytes reports that one of the compromised accounts had 500 contacts, each of whom would have received a message. At the time of writing, 256 individuals clicked on the link, showing just how effective this type of LinkedIn...

Read More
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Sep01

Kaleida Health Suffers Second Phishing Attack in Space of 2 Months

Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers, diagnoses, treatment information, and other clinical data. Some patients Social Security numbers were also exposed. Patients affected by the phishing attack were notified of the privacy breach on August 25. Even though their information may not have been accessed or obtained, credit monitoring services have been offered out of an abundance of caution. Kaleida...

Read More
Webroot Acquires Securecast and Starts Offering Anti-Phishing Training
Aug21

Webroot Acquires Securecast and Starts Offering Anti-Phishing Training

Webroot, a leading provider of endpoint security systems, has announced it has acquired Securecast – A provider of a fully automated security awareness training platform. The Securecast security-awareness-as-a-service platform has been renamed Webroot Security Awareness Training, and a beta version of the platform has now been made available. Webroot will be offering the new platform to its customers to help them train their employees to be more security aware and identify and respond correctly to phishing attacks. The Webroot Security Awareness Training Platform will include a comprehensive library of training resources covering the most common attack vectors and tactics used by cybercriminals to gain access to networks and data. Training modules can be used to teach employees how...

Read More
City of Hope Phishing Attack Impacts 3,400 Patients
Aug14

City of Hope Phishing Attack Impacts 3,400 Patients

A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not believe the attack was conducted in order to steal data, rather to use the email accounts for further phishing and spam campaigns. That determination was based on an analysis of the actions of the attackers once access to the accounts was gained. However, while data theft was not believed to be the primary goal, it remains a possibility. The investigation...

Read More
2,789 Patients’ PHI Compromised in Phishing Attack
Aug02

2,789 Patients’ PHI Compromised in Phishing Attack

Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one email account. That account contained patients’ names, medical record numbers, diagnoses, dates of birth, treatment information, and other clinical data. The investigation did not confirm that ePHI had been accessed, although the possibility of a PHI compromise could not be ruled out. Patients have now been notified of the incident by mail in accordance with...

Read More
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Jul20

Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing

Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity to the phishing attacks, increasingly the likelihood that email recipients will open the emails and take whatever action the attackers suggest. DMARC can be used to prevent spoofing of domains. DMARC uses two validation systems: Domain Keys Identified Mail and the Sender Policy Framework to verify the sender of the email and determine if the domain is being...

Read More
Google Makes It Harder to Install Malicious Apps
Jul18

Google Makes It Harder to Install Malicious Apps

In May, a phishing campaign took advantage of users of Google Docs. Emails were sent containing a link to Google Docs that appeared to be an invitation to collaborate on a document. The emails contained all the typical branding one would expect from a legitimate request. However, the request was not sent via Google Docs. It was sent via a third-party app that had been named Google Docs. Clicking the link to accept the request to collaborate on the document actually installed a malicious app. If a recipient followed the instructions in the email they would grant the app certain permissions. Doing so would see the same request sent to all of their contacts. While the attacks were limited to approximately 0.1% of Gmail users, that is still a considerable number of people – 0.1% equates to...

Read More
PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award
Jun20

PhishMe CEO Royht Belani Receives EY Entrepreneur of the Year Award

The winners of the 2017 EY Entrepreneur of the Year Awards for the Mid-Atlantic region have been announced, with PhishMe CEO and co-founder Royht Belani named as 2017 CEO of the Year for the Mid-Atlantic region in the security category. Each year, EY recognizes entrepreneurs that have gone the extra mile and have shown exceptional personal commitment to their business and communities and been inspirational leaders. EY first started the award program in 1986, with the awards now in their 31st year. Previous award winners include Pierre Omidyar of eBay, Inc., James Park of Fitbit, Reid Hoffman and Jeff Weiner of LinkedIn, and Howard Schultz of Starbucks Coffee Company. Winners of the prestigious awards have ensured their companies have been highly innovative, with the CEO’s drive and...

Read More
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
Jun15

Southern Oregon University Phishing Attack Results in Theft of $1.9 Million

A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise or BEC. It involves a criminal impersonating a legitimate organization and fooling an employee into making a bank transfer to the criminals’ account. BEC attacks often result in transfers of hundreds of thousands of dollars being made. Those funds can rarely be recovered. By the time the scam is uncovered, the money has been withdrawn from the criminals’...

Read More
PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions
Jun14

PhishMe Lands Prestigious 2017 SC Europe Award for its Anti-Phishing Solutions

Each year, SC Media hosts a prestigious awards ceremony where the best companies and information security products are recognized and celebrated. The SC Awards are widely regarded as some of the most prestigious awards for companies in the field of information security. Each company and product is scrutinized by two panels of judges which score the companies and products on a wide range of criteria. To be selected as a finalist in one of the 29 categories shows a company can truly claim to be one of the best of the best. Being named as a category winner is a tremendous honor. The awards are highly coveted and clearly show companies have gone the extra mile and developed a truly outstanding product. This year, the human phishing defense solution provider PhishMe was nominated as a...

Read More
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
Jun13

Q2 Saw a 400% Increase in Phishing Attacks on Businesses

The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are increasingly targeting employees using highly sophisticated methods to get them to reveal their login credentials or install malware. It is now increasingly common for threat actors to impersonate C-level executives, business partners or employees to add more authenticity to their requests. When an email appears to have been sent by a c-level executive, many...

Read More
Phishing Trends and Intelligence Report Published by PhishLabs
Jun12

Phishing Trends and Intelligence Report Published by PhishLabs

PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape can change as threat actors shift who they target and how.” While the healthcare sector has been a major target in 2016, in Q1, 2017 the majority of phishing attacks were conducted on five other industry sectors. PhishLabs reports that 88% of phishing attacks were conducted on financial institutions, e-commerce companies, cloud storage/file hosting...

Read More
PhishMe Offers Assistance with GDPR Compliance
Jun10

PhishMe Offers Assistance with GDPR Compliance

The General Data Protection Regulation (GDPR) will be written into EU law next year, although companies need to start their GDPR compliance programs now if they are to ensure they are fully compliant before the May 25, 2018 deadline. Any company that is discovered not to be in compliance with the new regulation after that date faces a stiff financial penalty. The maximum fine for non-compliance with GDPR is $20 million Euros or 4% of the company’s global annual turnover, whichever is the greater. GDPR compliance is not optional. Any company doing business in any of the 28 EU member states is required to comply with the new regulation. The main aim of GDPR is to strengthen data protection rights of individuals and facilitate the free flow of personal data in the digital single market....

Read More
Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks
Jun08

Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks

San Antonio, TX-based Farm Bureau Bank has signed up with Agari and is now using the company’s Email Trust Platform™ to protect its customers and employees from phishing attacks. The Agari Customer Protect™ solution has been adopted to protect customers from phishing attacks that abuse its brand, while employees are protected from business email compromise and spear phishing attacks by the Agari Enterprise Protect™ solution. In contrast to many email spam solution providers that analyze the content of emails looking for common spam signatures, Agari conducts an in-depth analysis of the senders of emails. The DMARC-based system uses a global email telemetry network with the company’s proprietary technology to distinguish between trusted and untrusted senders and blocks malicious emails....

Read More
New Ironscales Report Delves into Current Phishing Trends
May30

New Ironscales Report Delves into Current Phishing Trends

Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified phishing attacks on 100 organizations affecting 500,000 mailboxes. Those organizations were spread across many industry sectors including healthcare, finance, energy and Insurance in North America, Europe, Africa and the Middle East. Phishing emails used to be fairly easy to identify and block; however, the tactics used by cybercriminals today result in more...

Read More
Purple Increases Security Following Recent Ransomware Attacks
May25

Purple Increases Security Following Recent Ransomware Attacks

The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their customers. Ransomware attacks are now one of the biggest cybersecurity threats, with figures from Trend Micro showing a 752% increase in ransomware attacks in 2016. Malware developers have also stepped up their efforts, with record numbers of new malware variants now being released. Phishing attacks are similarly rising. The Anti-Phishing Working Group (APWG) says...

Read More
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
May23

Healthcare Data Breach Reporting Improves; IT Security Incidents Rise

The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time limit is 60 days from the discovery of the breach. Healthcare organizations face fines for late breach notifications, with this year seeing the first settlement with a covered entity based solely on delayed breach notifications. OCR sent a message to healthcare organizations with that settlement. Delaying breach notifications is a serious HIPAA violation and...

Read More
KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards
May04

KnowBe4 CEO Stu Sjouwerman Finalist in 2017 EY Entrepreneur of the Year Awards

KnowBe4 CEO Stu Sjouwerman has been selected as a finalist for the 2017 EY Entrepreneur of the Year Awards. KnowBe4 is a leading provider of anti-phishing solutions that concentrate on the human element of security. KnowBe4’s products help to train end users about the threat from phishing, social engineering, CEO fraud and malware and ransomware attacks. The 2017 EY Entrepreneur of the Year Awards are now in their 31st year. The program has proved incredibly popular and has now been extended to more than 145 cities in 60 countries around the world. The 2017 EY Entrepreneur of the Year Awards are the first, and only, global award program of its kind. The award program recognizes entrepreneurs who have shown incredible commitment to their business and their communities and have fostered...

Read More
Weak Password Test Tool Released by KnowBe4
May03

Weak Password Test Tool Released by KnowBe4

Anti-phishing solution provider KnowBe4 has released a weak password test tool that can be used by organizations to assess threats related to the use of weak passwords. Weak passwords are often cited as one of the main ways cybercriminals gain access to business networks. Weak passwords can be easily guessed and provide little resistance to brute force attacks. A recent study conducted by Verizon showed that 81% of hacking related data breaches were made possible by the use of weak passwords. KnowBe4 CEO Stu Sjouwerman explained that “Using a weak password is an open-door invitation to cybercriminals.” While it is common knowledge that strong passwords should be used to secure accounts, end users often ignore advice and choose easy to remember passwords. IT security professionals are...

Read More
PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards
Apr26

PhishMe CEO Rohyt Belani Announced as Finalist in EY Entrepreneur of the Year Awards

Rohyt Belani, CEO and co-founder of PhishMe, the leading provider of anti-phishing solutions for enterprises, has been named as a finalist for Entrepreneur of the Year (mid-Atlantic) at the annual EY awards. This is the second year in a row that Belani has been recognized at the annual award ceremony. This is the 31st year of the EY Awards program, which recognize the excellence of entrepreneurs for innovation, commitment to the business and communities, leadership and the financial performance of their companies. PhishMe enjoyed record growth in 2016 with the firm continuing to go from strength to strength. The firm now employs more than 300 individuals and serves more than 1,200 enterprise customers around the world. The company now has an Annual Run Rate (ARR) of almost $50 million. A...

Read More
Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled
Apr25

Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled

Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied. While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as malicious. The AV solution then started moving those files to the quarantine folder, causing servers and PCs to become unstable and crash. The reason for the crashes and system instability was due to Windows system files being mistakenly marked as infected with W32.Trojan.Gen. However, the Webroot antivirus update problems didn’t end there. In addition to system...

Read More
Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement
Apr13

Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement

Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that a $400,000 settlement had been agreed with Metro Community Provider Network (MCPN) to resolve potential security management process HIPAA violations. The Denver, CO-based federally-qualified health center (FQHC) experienced a phishing attack in December 2011 that resulted in unauthorized access to the email accounts of employees. The incident was reported to OCR as access to the email accounts allowed the attacker to view the protected health information of patients. In total, 3,200 patients were impacted by the incident and had their sensitive information exposed. OCR conducted an investigation into the breach which revealed a number of security management process HIPAA violations had...

Read More
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Apr11

Philadelphia Ransomware Used in Targeted Attacks on US Hospitals

Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear phishing emails. Information about targets can be easily found on social media accounts with a little research. Information is gathered on an organization and campaigns crafted to maximize the chance of infection. In this case, the attackers use logos and names of physicians who work at the targeted hospital to add credibility to documents and increase the...

Read More
Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI
Apr06

Forrester Research Study Shows PhishMe Phishing Solution Gives 336% ROI

Many businesses have had no alternative but to improve cybersecurity defenses to deal with the increased threat of cyberattacks. With attacks coming from all angles and a large attack surface to defend, organizations need to purchase multiple products to keep their networks and data well defended. It is therefore important to ensure money diverted to cybersecurity is well spent. Organizations need to ensure they get the best possible protection for their investment. One area that is seeing an increasing level of investment is anti-phishing technology – Solutions that improve the last line of defense – employees. PhishMe has developed a comprehensive suite of anti-phishing solutions to keep organizations protected from the growing threat of phishing attacks. The suite consists of PhishMe...

Read More
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Mar28

Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats

Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine learning. The company has developed a solution capable of identifying phishing emails and automatically remediating attacks, without any input required from security teams. The IronTraps™ automatic phishing defense solution reduces the time taken to remediate phishing attacks to a matter of seconds. Phishing is now a major network security threat and the risk of...

Read More
Cybersecurity Tips for Healthcare Providers Offered by WEDI
Mar24

Cybersecurity Tips for Healthcare Providers Offered by WEDI

The Workgroup for Electronic Data Interchange (WEDI) has published a white paper offering cybersecurity tips for healthcare providers to help them ensure the sensitive protected health information of patients remains confidential and resilience against healthcare cyberattacks is improved. The white paper – The Rampant Growth of Cybercrime – explains the scale of the current problem. The healthcare industry has been extensively targeted by cybercriminals over the past few years and the attacks are showing no sign of abating. The sheer number of data security incidents reported to the Department of Health and Human Services’ Office for Civil Rights shows just how frequently cyberattacks result in access to ePHI being gained. In 2016, more than 315 major data security breaches were reported...

Read More
Perry Carpenter Appointed as KnowBe4’s Chief Evangelist and Strategy Officer
Mar22

Perry Carpenter Appointed as KnowBe4’s Chief Evangelist and Strategy Officer

KnowBe4 has appointed Perry Carpenter as its new Chief Evangelist and Strategy Officer. Carpenter’s role will be to help guide innovation and oversee the continued evolution of KnowBe4’s range of phishing defense solutions that target the human element of security. KnowBe4 has developed a ‘new school’ approach to security awareness training, being aware that simply providing training to end users is no longer sufficient to protect against increasingly sophisticated attackers. In addition to providing end user training on a wide range of email and web-based threats, KnowBe4 has developed a phishing simulation platform to put end users’ knowledge to the test. The platform gives employees practice at identifying phishing emails in a safe environment and greatly reduces user susceptibility...

Read More
Expanded Awareness Video Campaigns to be Showcased by Wombat Security at the SXSW Conference
Mar10

Expanded Awareness Video Campaigns to be Showcased by Wombat Security at the SXSW Conference

Wombat Security Technologies will be showcasing a new addition to its Awareness Video Campaigns at this month’s South by Southwest (SXSW) Conference. The Awareness Video Campaigns are a new addition to the Security Awareness Materials produced by Wombat, the purpose of which is to remind employees of the need to be security aware and how simple changes to behavior can have a major impact on their organizations. Cybersecurity concepts are introduced in Wombat’s training modules, with the awareness materials reinforcing those concepts, emphasizing best practices and helping to improve knowledge retention. Wombat’s Security Awareness Materials include posters for organizations to display in the workplace and images and articles to distribute via email. The Awareness Video Campaigns are a...

Read More
Wombat Security Included in Gartner 2016 Magic Quadrant for Security Awareness Computer-Based Training
Mar10

Wombat Security Included in Gartner 2016 Magic Quadrant for Security Awareness Computer-Based Training

Gartner Inc., has included Wombat Security Technologies in its 2016 Magic Quadrant for Security Awareness Computer-Based Training. This is the third consecutive year than the cyber security awareness training provider has been included in the Magic Quadrant. Gartner rates companies on two main criteria: The ability to execute and completeness of vision. Each vendor is assessed and given a score in each area. Based on the score for each component, companies will be placed in one of four quadrants. To be placed in the leader’s quadrant, companies must excel in both areas. Companies positioned in the leader’s quadrant have the highest composite scores for ability to execute and completeness of vision. Companies are also rated for their product and overall viability, sales execution and...

Read More
Guidance on Cyber Threats Issued to Healthcare Organizations by OCR
Mar08

Guidance on Cyber Threats Issued to Healthcare Organizations by OCR

The U.S. Department of Health and Human Services’ Office of Civil Rights has issued new guidance on cyber threats, advising HIPAA-covered entities to obtain the latest intelligence on new cyber threats that could potentially allow cybercriminals to gain access to the protected health information of patients and health plan members. Threat intelligence is issued by many organizations, although OCR recommends in its guidance on cyber threats to regularly check the website the United States Computer Emergency Readiness Team (US-CERT) and to sign up for email updates. US-CERT is part of the Department of Homeland Security, and has access to intelligence from many sources. US-CERT is responsible for analyzing all the gathered threat intelligence and issuing updates to businesses and the...

Read More
Agari Wins Security PG 2017 Global Excellence Award for Best Security Software
Mar03

Agari Wins Security PG 2017 Global Excellence Award for Best Security Software

The cybersecurity firm Agari has been crowed winner of the Best Security Software category at this year’s Security Product Guide 2017 Global Excellence Awards. The Security Products Guide is used by decision makers to determine the best IT security products to deploy to protect digital assets. The reviews in the guide are invaluable for helping narrow down products to those that are best suited for each individual organization. The awards are an annual event in which the best cybersecurity companies are honored and the top security products are recognized. Agari picked up the award for its Enterprise Protect™ solution – the only email security solution that counters the threat from spear phishing emails, business email compromise (BEC) attacks and sophisticated low-volume social...

Read More
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
Feb23

Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted

The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to rise over the coming weeks. Schools have been extensively targeted this year, although there have been at least 9 healthcare organizations that have fallen for the phishing scam this year. Campbell County Health, Pointe Coupe Hospital, Adventist Health (Tehachapi Valley), SouthEast Alaska Regional Health Consortium, eHealthinsurance, Citizens Memorial...

Read More
Ironscales Wins Best Messaging Security Solution Award
Feb15

Ironscales Wins Best Messaging Security Solution Award

Cyber Defense Magazine has announced the winners of its 2017 Awards, with Ironscales winning an Editor’s Choice Award in the Best Messaging Security Solution category for its automated phishing defense platform IronTraps™. The Cyber Defense Magazine Awards are decided by a panel of independent information security experts, with nominated products assessed on a wide range of criteria over a period on months. The prestigious awards recognize innovative cybersecurity products that are highly effective at blocking cyber threats. Pierluigi Paganini, Editor-in-Chief of Cyber Defense Magazine, said “We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Ironscales has earned this award from Cyber Defense Magazine. IronTraps™ is the first,...

Read More
Healthcare Data Breach Report for January 2017 Highlights Insider Risk
Feb14

Healthcare Data Breach Report for January 2017 Highlights Insider Risk

The healthcare data breach report for January 2017 published by Protenus this week highlights the danger of insider data breaches. Insider data breaches accounted for the largest percentage of healthcare data breaches disclosed in January 2017, considerably more than those caused by hackers. Summary of the Protenus Healthcare Data Breach Report for January 2017 In January 2017, 31 healthcare data breaches were disclosed publicly. While the causes for all of those breaches are not yet known – details of 26 breaches have yet to be disclosed – 58.4% were due to insiders. Those breaches accounted for 59.2% of the 388,307 records known to have been exposed in those 31 healthcare data breaches in January 2017. The insider threat is perhaps the hardest to mitigate, yet the risk posed by...

Read More
Phishing Attacks on Cloud Storage Providers Causing Concern
Feb09

Phishing Attacks on Cloud Storage Providers Causing Concern

Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and hosting services accounted for 9% of attacks. By 2016, the percentage had risen to 23% of attacks. Attacks on SaaS providers barely registered in 2013. Now attacks account for 2% of the overall total. In 2016, phishing attacks on cloud storage providers increased by 5%, while attacks on SaaS providers increased by a staggering 182%. According to PhishLabs, the...

Read More
KnowBe4 Launches New Social Engineering Indicators Training Method
Feb08

KnowBe4 Launches New Social Engineering Indicators Training Method

KnowBe4 has developed a new social engineering indicators training method to help IT security professionals manage the risk of social engineering attacks on employees more effectively. Social engineering techniques are used by cybercriminals to increase the likelihood of end users clicking on malicious links, opening infected email attachments and divulging sensitive information. While phishing emails were once fairly easy to identify, today’s threats are clever, sophisticated and much harder to distinguish from genuine emails. In addition to a recent surge in phishing email volume, security awareness is also lacking at many organizations. KnowBe4 reports that ‘end user security is in serious decline.’ KnowBe4 is tackling the problem through training and phishing simulations. The new...

Read More
IRS Issues W2 Phishing Scam Warning
Feb07

IRS Issues W2 Phishing Scam Warning

Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive in the organization that is likely to have a legitimate need for the data. Cybercriminals are using a variety of techniques to spoof company email addresses. A casual glance at the email address of the sender will not reveal any clues that the email is not genuine. Since the email appears to have been sent from an authority figure, employees are less likely...

Read More
Kroll Publishes Global Fraud and Risk Report for 2016/2017
Jan27

Kroll Publishes Global Fraud and Risk Report for 2016/2017

The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses. According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one instance of fraud. Out of the companies that had been attacked, 33% said they have experienced virus or worm infections and 26% of respondents said their employees had been targeted with phishing attacks. Data deletion or loss due to system issues was reported by 24% of executives, 23% had experienced a data breach involving employee or customer data, and 22%...

Read More
PhishMe Honored in 2017 Info Security PG’s Global Excellence Awards
Jan25

PhishMe Honored in 2017 Info Security PG’s Global Excellence Awards

The Info Security PG’s Global Excellence Awards recognize security companies that have developed outstanding products that allow organizations to secure their digital resources. The awards, which are now in their 13th year, cover a wide range of information security companies and InfoSec products, including awards for management, customer service, and naturally, the effectiveness and usability of the products. The annual awards recognize excellence in the field of information security and showcase organizations that have developed ground-breaking products that raise the bar for others. To be selected as a finalist, organizations must have gone the extra mile and ensured their products and services are truly first class. The PhishMe phishing solution was first released in 2008 with the...

Read More
Ironscales Announces 302% Growth of Annual Revenue
Jan20

Ironscales Announces 302% Growth of Annual Revenue

Israeli cybersecurity firm Ironscales has announced it has recorded an increase in annual revenue of 302% in 2016. Ironscales provides services that help organizations deal with the threat from phishing. Phishing is now the biggest cyberthreat that must be mitigated by organizations. More than 9 out of 10 data breaches occur as a result of employees clicking on phishing emails, with attacks becoming increasingly sophisticated. Ironscales has developed a range of products to help organizations reduce risk and improve resilience against phishing attacks, including the world’s first automated phishing defense solution. The IronTraps™ employee-based intrusion detection system allows employees to report phishing emails with a single click, with the system removing all instances of the email...

Read More
Agari Reports 6-Month Revenue Growth of 95%
Jan12

Agari Reports 6-Month Revenue Growth of 95%

Over the past 6 months, the anti-phishing solution provider Agari has enjoyed 95% revenue growth, helped by uptake of its new Enterprise Protect™ platform – an innovative solution developed to tackle the problem of spear phishing. The solution effectively blocks spear phishing, business email compromise and social engineering-based email attacks by analysing and verifying the senders of emails. Email-based attacks have grown in popularity in recent years. It is no longer a case of if an attack will occur, but when and how often. The increase in email-based cyberattacks and the rising cost of mitigating those attacks has forced organizations to rethink their email security strategies. While there are many email security solutions that can block phishing emails, spear phishing emails that...

Read More
2017 Global Application and Network Security Report Published by Radware
Jan12

2017 Global Application and Network Security Report Published by Radware

A recent survey conducted by Radware, and published in its 2016-2017 Global Application and Network Security report, shows that almost half of companies have been subjected to a cyber-extortion attempt in 2016, mostly with ransomware. 49% of polled businesses said they had been issued with a ransom demand after a cyberattack in the past 12 month showing the threat of ransom-related attacks has risen considerably. Ransomware and data theft with a ransom charged for its safe return, is a highly profitable strategy for cybercriminals. More actors are now getting involved and are extorting huge sums out of businesses that are not prepared for these types of attacks. The 2016-2017 Global Application and Network Security report confirms what many other surveys and studies have suggested –...

Read More
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
Jan09

ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles

E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that if the ransom was paid, no mention of this incident would be made and the data would not be sold on or published. Failure to pay the ransom would result in the data being published online. Contact was made with ESEA through its bug bounty program. ESEA obtained the attacker’s email address and requested proof of data theft. ESEA was able to rapidly confirm...

Read More
KnowBe4 Records 298% Increase in Sales in Q4, 2016
Jan07

KnowBe4 Records 298% Increase in Sales in Q4, 2016

2016 has seen a massive increase in ransomware attacks, phishing email volume has soared and CEO fraud is now rife. As the number of threats increases, companies are realizing that security defenses need to be improved. While budgets are being diverted to security products to prevent cybercriminals from breaching the security perimeter, employees remain a weak link in the security chain. All too often, cybercriminals are able to bypass technological defenses by targeting employees with phishing emails. Many companies have realized that far from being a liability, employees can be turned into a strong last line of defense. Training employees to be more security aware can block phishing and social engineering attacks; however training alone is not particularly effective. KnowBe4 has...

Read More
Twitter Credit Card Phishing Scam Offers Quick Account Verification
Jan04

Twitter Credit Card Phishing Scam Offers Quick Account Verification

A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of the account holder. The ads offer a quick method of bypassing all of those steps. The scam has been developed to appeal to brand managers, influencers, and small businesses, many of whom not be able to achieve verified status easily as they do not have immediate access to all of the necessary identification documents required by Twitter. The advertisements...

Read More
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Dec20

Yahoo Breach the Work of Cybercriminals with Nation-State Connections

Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack, with those actors believed to reside in Russia and/or Ukraine. InfoArmor’s chief intelligence officer Andrew Komarov claims the attack was performed by a hacking group operating under the name “Group E.” The group comprises of four hackers of Eastern European and Russian origin. The group is involved in hacking organizations to obtain data which are then...

Read More
Over 400,000 New Phishing Webpages are Created Every Day
Dec20

Over 400,000 New Phishing Webpages are Created Every Day

Cybercriminals are now creating record numbers of phishing sites and are using those sites to steal login and email credentials and credit card information. The malicious websites can be convincing. Images are taken from legitimate websites to make the webpages appear genuine. Sites perform complementary – but fake – virus and malware scans and convince visitors that their computers have been infected, and new scams are constantly being created to convince visitors to part with sensitive information or download malware. Antivirus companies and web filtering service providers are quick to identify new phishing sites. New malicious sites are rapidly added to blacklists enabling the sites to be blocked. Individuals and companies protected by solutions to neutralize web-borne threats remain...

Read More
Agari’s Chief Scientist Helps Organizations Understand Social Engineering Based Scams
Dec16

Agari’s Chief Scientist Helps Organizations Understand Social Engineering Based Scams

Criminals have been using social engineering techniques for centuries to con victims into handing over their hard-earned money. However, cybercriminals are now using advanced social engineering techniques to commit digital crimes. Use of social engineering is growing, especially in email attacks on organizations. These phishing, spear phishing (targeted phishing) and Business Email Compromise (BEC) attacks – also known as CEO Fraud – are highly varied, although they have one thing in common. They rely on human interaction and the manipulation of behavior to steal sensitive information such as login credentials, money or fool individuals into installing malware or ransomware. There is some confusion about what social engineering based scams are, how cybercriminals use social...

Read More
Dailymotion Cyberattack Impacts 85 Million Users
Dec06

Dailymotion Cyberattack Impacts 85 Million Users

According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may have already been used for phishing attacks or sold on to multiple individuals. The Dailymotion cyberattack is believed to have impacted approximately 85.2 million of the site’s users. Individuals affected by the breach have had their unique username and email address compromised, although the individual behind the attack is only believed to have obtained...

Read More
Ironscales Named Finalist at 2017 SC Awards
Dec06

Ironscales Named Finalist at 2017 SC Awards

The Israeli cybersecurity firm Ironscales has been named a finalist in the 2017 SC Awards in the Best Email Security Solution category and will be competing to win top spot in the category at the upcoming annual awards event in February 2017. This is now the 20th year that SC Media has been honoring the top cybersecurity vendors, with the awards highly coveted. The awards program is highly respected within the industry, with only the best of the best winning their respective category. However, the high quality of the competition makes being selected as a finalist a highly prestigious accolade. To be named as a finalist, a company must have outstanding leadership and an exceptional cybersecurity product that has been proven to be highly effective at preventing cyberattacks and mitigating...

Read More
Wombat Security Technologies Named as Finalist for a 2017 SC Media Award
Nov23

Wombat Security Technologies Named as Finalist for a 2017 SC Media Award

Wombat Security Technologies has been named as a finalist for a prestigious 2017 SC Media Award, in recognition for the quality of the company’s product and its ability to help businesses safeguard their networks and data. This is the 20th year that SC Magazine has run its awards program, which recognize the best of the best in the field of information security. The awards are highly coveted and winning an award is a major accomplishment for any company. Even being named as a finalist is a major achievement, demonstrating the high quality of a product or service. Each product or service is subjected to an in-depth analysis by two panels of independent judges, including current and former CISOs and analysts and educators from academic institutions. Each product or service is given a score...

Read More
PhishMe Finalist in Best IT Security-Related Training Category at 2016 SC Magazine Awards
Nov23

PhishMe Finalist in Best IT Security-Related Training Category at 2016 SC Magazine Awards

The 2016 SC Magazine Awards are a highlight in the calendar for companies in the field of information security. The awards honor the achievements of companies and individuals working in the field of information security and recognize and honor the best and brightest talent. Information security products and services nominated for awards are assessed by two panels of judges, comprising analysts, educators, vendor-neutral consultants and current and former CISOs. Each competitor is thoroughly assessed with average scores tallied before the finalists in each category – and the category winners – are decided. To become a finalist or to win a prestigious award, competitors must display excellence in their respective field. In 2016 there are 29 awards covering a wide range of security...

Read More
Antivirus Software No Longer Sufficient to Protect Against Internet Threats
Nov18

Antivirus Software No Longer Sufficient to Protect Against Internet Threats

According to Darren Bilby, a senior security researcher at Google, antivirus software is no longer good enough to protect against Internet threats. Antivirus software still has its place, but the software will not protect organizations against all malware, ransomware, and other Internet threats. The use of anti-virus products also introduces a false sense of security. People think they are protected because they use antivirus software and set it to update automatically. They also conduct regular scans to ensure nothing has slipped through the net. However, antivirus software cannot detect and protect against all malware. Access to systems can be gained without detection. The software is simply no longer effective enough. Bilby said antivirus software is worse than a canary in a coal...

Read More
Study Shows Fall in Organizational Resilience Against Cyberattacks
Nov18

Study Shows Fall in Organizational Resilience Against Cyberattacks

This week, the Ponemon Institute published the results of its 2016 Cyber Resilient Organization study which showed that organizational resilience against cyberattacks is has fallen over the last 12 months. The Ponemon Institute describes organizational resilience against cyberattacks as the ability of an organization to “maintain its core purpose and integrity in the face of cyberattacks.” The IBM’s Resilient-sponsored study showed that only 32% of IT security professionals rated their resilience against cyberattacks as high. Last year, 35% of IT security professionals rated their resilience as high. When asked about how well their organization would be able to respond to a cyberattack, 66% said they did not think their organization would be able to recover. 68% of respondents said...

Read More
Deloitte Ranks Wombat Security Technologies 144 in 2016 Technology Fast 500 List
Nov18

Deloitte Ranks Wombat Security Technologies 144 in 2016 Technology Fast 500 List

Wombat Security Technologies has been included in the 2016 Deloitte Technology Fast 500 list, securing position 144. Each year, Deloitte produces its Fast 500 lists which recognize the fastest growing technology, telecoms, media, life sciences and energy companies in North America. To be included in the list, firms must have enjoyed exceptional growth. Not all companies qualify for inclusion. Companies must have developed proprietary intellectual property or technology that is sold to their customers that contributes to operating revenues, while base year operating revenues of at least $50,000 are required with a minimum current operating year turnover of $5 million. This year’s list includes firms with growth ranging from 121% to 66,661% over the period from 2012 to 2015, with the...

Read More
PhishMe Reports 97% of Phishing Emails Used to Deliver Ransomware
Nov18

PhishMe Reports 97% of Phishing Emails Used to Deliver Ransomware

PhishMe has released its Q3 Malware Review which indicates the ransomware epidemic is growing, with the malicious file-encrypting malware now used in record numbers of attacks on businesses. Ransomware is malicious code that locks files with powerful encryption, preventing companies from accessing their data. The attackers hold the only keys to unlock the encryption, which must be bought by companies in the form of a ransom payment. There has been an explosion in the number of ransomware variants this year, with many ransomware families now being used to extort money from businesses. However, the leading variant that has been used in the majority of attacks is Locky. Locky is constantly being updated with the attackers using a variety of techniques to avoid detection. The ransomware...

Read More
Facebook’s Darknet Password Buying Practice Revealed
Nov17

Facebook’s Darknet Password Buying Practice Revealed

The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed last week that the social media giant buys stolen passwords on the black market and uses them to better protect users’ accounts. Facebook can use the stolen passwords and their associated email addresses to scan its users’ accounts to check for a match. If password recycling is discovered, Facebook can then force users to reset the passwords on their...

Read More
Locky Ransomware Campaign Targets OPM Data Breach Victims
Nov11

Locky Ransomware Campaign Targets OPM Data Breach Victims

The actors behind Locky ransomware have started using data from the OPM data breaches of 2014 and 2015 as part of a new campaign to spread cryptoransomware. It is unclear how much of the data has been obtained, although in total, 22 million user records were stolen in the OPM data breach. The mass spam emails contain a malicious JavaScript file which downloads Locky onto computers. Once installed the ransomware can encrypt files on the infected machine and network drives. At present there is no way of decrypting files locked by the ransomware. Files must either be recovered from backups or the ransom must be paid to obtain decryption keys. Individuals whose email addresses were obtained in the OPM data breach are being sent a fake notification that appears to have come from OPM account...

Read More
New LinkedIn Social Engineering Scam Uncovered
Nov10

New LinkedIn Social Engineering Scam Uncovered

Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information. The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft. The attackers are using a common social engineering technique designed to scare potential victims into responding. The emails claim that there is a security issue with users’ accounts that must be rectified promptly. Common to other scams of this nature, a sense of urgency is injected by telling users that they must respond within 24 hours to ensure their account is not blocked. While many scams are sophisticated, this LinkedIn social...

Read More
Google Takes Action Against Websites that Repeatedly Serve Malware
Nov09

Google Takes Action Against Websites that Repeatedly Serve Malware

Google is to take action against websites that are repeatedly used to serve malware, unwanted software, or are used to phish for information. Once a website has been identified as a repeat offender, visitors to the website that use the Chrome browser will be served a warning alerting them that the site is being used to distribute malware. Site owners will be given the opportunity to clean their sites and have the warning removed, but the warning message will not be removed for 30 days. There will be no exceptions. Once branded as a repeat offender, webmasters will be required to wait 30 days before the warning will be removed. Google will notify site owners by email if their sites have been deemed to be repeat offenders. Webmasters will be able to submit a request to Google to have the...

Read More
BEC Attack on El Paso Resulted in Theft of $3.2 Million
Nov04

BEC Attack on El Paso Resulted in Theft of $3.2 Million

The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken place in the United States in recent years. The attacker posed as a vendor and informed the city that payment had not been received. A payment of $300,000 was sent, followed by a further payment of $2.9 million from the Camino Real Regional Mobility Authority. The first payment was identified by the CFO after it was noticed that the money had been misdirected...

Read More
Windows Flaw Already Being Exploited by Hackers
Nov03

Windows Flaw Already Being Exploited by Hackers

Russian hackers have been actively exploiting two zero-day vulnerabilities prior to Google’s announcement of the flaws. Google’s Threat Analysis Group announced the flaws, including how they could be exploited, earlier this week. Microsoft had been informed of a new zero-day vulnerability on October 21, although Google only waited 10 days before making the announcement and crucially, did before Microsoft had issued a patch. While Google usually waits up to three months before making flaws public to give organizations time to develop a patch, in this case the decision was made to publish details of the flaws early as they were being actively exploited in the wild. In cases when flaws are actively being exploited, Google only provides vendors with 7 days to issue an advisory or patch the...

Read More
NetSkope Performs Analysis of CloudFanta Malware
Oct27

NetSkope Performs Analysis of CloudFanta Malware

A new report published by NetSkope Threat Research Labs casts some light on CloudFanta malware, which is currently being spread via spearphishing campaigns. CloudFanta malware was first identified in July 2016 and is known to have been used in upwards of 26,000 credential-stealing attacks. The purpose of the malware is to steal email credentials and monitor online banking activities. Once email credentials have been obtained, messages are sent from the compromised account, while stolen banking credentials are used to make fraudulent transfers. Attacks have been concentrated in Brazil, although the use of CloudFanta malware is likely to spread further afield. As with many malware campaigns, infection begins with an email attachment or malicious link. The emails use social engineering...

Read More
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Oct24

Phishing Scam Fools Baystate Health Employees and Exposes PHI

Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious links, open infected email attachments, or disclose their login credentials, the attackers can gain a foothold in the network. Phishing scams can be speculative, although increasingly cybercriminals are using highly targeted campaigns. Well-crafted and highly convincing emails are sent that appear to be genuine requests from colleagues to divulge information....

Read More
PhishMe Excellence Awards Winners Announced at Submerge 2016
Oct15

PhishMe Excellence Awards Winners Announced at Submerge 2016

The PhishMe Submerge user conference took place in Orlando, FL on September 28-29, 2016. The event provided attendees with the opportunity to learn phishing defense best practices and hear about case studies highlighting information security successes and failures. More than 100 phishing defense professionals attended the event from all over the world. There were two tracks at the conference – The ‘Deep Dive’ track that focused on getting the most out of PhishMe products and the ‘Under the Surface’ track, that detailed the latest threats and attack trends. Industry experts talked about the latest malware, ransomware and phishing threats and tactics for ensuring an effective response to security incidents. In addition to providing an excellent opportunity for learning and networking,...

Read More
Ransomware Threat Not Understood by 60% Office Employees in the U.S.
Oct14

Ransomware Threat Not Understood by 60% Office Employees in the U.S.

According to Symantec, ransomware attacks are now being conducted at a rate of 4,000 a day, yet a recent survey has shown that six out of ten office workers in the United States are unaware of the ransomware threat. The survey was conducted on more than 1,000 office workers in the United States by security firm Avecto. Questions were asked to determine the effectiveness of security awareness training programs, with a particular focus on current threats such as crypto-ransomware. Ransomware is a form of malware that locks files with powerful encryption once it is loaded onto a computer or network, preventing files from being accessed. A ransom is then demanded to supply a key to decrypt the data. Without access to critical business files, companies are often left with no alternative but...

Read More
Warning Issued About Hurricane Matthew Phishing Scams
Oct12

Warning Issued About Hurricane Matthew Phishing Scams

US-CERT has issued warning about a spate of Hurricane Matthew phishing scams as cybercriminals attempt to defraud users and infect computers by taking advantage of interest in the hurricane. Following any natural disaster or major new event, scammers launch new campaigns to obtain sensitive information that can be used for identity theft and fraud. Cybercriminals also seize the opportunity to spread malware and ransomware. This natural disaster is no different. Hurricane Matthew phishing scams are conducted to obtain sensitive information such as bank account information and credit card numbers which can be used to commit fraud. Users should also be careful about divulging any sensitive information online or via email which could be used by identity thieves. Hurricane Matthew phishing...

Read More
2016 Ransomware Trends Analyzed by BitSight
Oct12

2016 Ransomware Trends Analyzed by BitSight

A new report on 2016 ransomware trends has recently been released by security firm BitSight. For the report, BitSight researchers analyzed 2016 ransomware trends across almost 20,000 companies in the United States from a wide range of industry sectors. The report shows that while healthcare organizations have made the news following high profile attacks this year, it is actually the education sector that has been hit the hardest. The government came second, with the healthcare industry the third most targeted sector. Ransomware is a growing problem and no industry is immune to attack. The report cites research from the Department of Justice that indicates more than 4,000 ransomware attacks are now occurring every day.  According to the report, attacks were most commonly conducted using...

Read More
Europol Report Shows 2016 Cybercrime Trends
Sep29

Europol Report Shows 2016 Cybercrime Trends

The new Internet Organized Crime Threat Assessment released by European Law Enforcement Agency Europol has highlighted the biggest 2016 cybercrime trends. The report also confirms that online threats and cyberattacks have increased during the past 12 months. The increase in cybercrime has been attributed in part to the rise in hackers offering malware, ransomware, DDoS attacks and other malicious activities as a service. Now, more individuals are able to conduct online criminal campaigns as it no longer requires a high skill level. The report indicates that the level of cybercriminal activity has increased so much that online crime has now exceeded conventional criminal activity in many countries. It is far easier to defraud individuals and companies online than it is using more...

Read More
Healthcare Data Breach Costs Rise 282% in 12 Months
Sep27

Healthcare Data Breach Costs Rise 282% in 12 Months

A recent study from CheckPoint shows that healthcare data breach costs have risen by an astonishing 282% in the past 12 months, while there has been a 60% rise in healthcare security incidents. Even though the industry is being targeted by cybercriminals and the frequency of attacks has increased, only 54% of healthcare organizations have tested their data breach response plan, and only 21% of healthcare organizations use disaster recovery technology. Yet 19% of organizations have reported suffering a security breach in the past 12 months. The healthcare industry is being targeted due to the high value of healthcare data. Healthcare records are now 10 times more valuable than credit cards according to the report. The prize is certainly worth pursuing, yet many healthcare organizations...

Read More
11% of UK IT Professional Do Not Know What Ransomware is
Sep26

11% of UK IT Professional Do Not Know What Ransomware is

A survey of UK IT decision makers has revealed that 69% of large organizations in the United Kingdom expect to be attacked with ransomware in the next 12 months, while 44% have already experienced a ransomware attack.  Out of the organizations that had already been attacked, three quarters believed they would be attacked again in the next 12 months. The threat from ransomware is well understood in the United States, but news isn’t getting through on the other side of the Atlantic. While IT decision makers should be aware of the ransomware threat, worryingly one in ten IT decision makers were not even aware what ransomware is and two in ten were not aware of how ransomware works. If those in charge of IT security are not aware of the extent of the problem, it doesn’t bode well for end...

Read More
Yahoo Data Breach Confirmed: 500 Million Users Affected
Sep22

Yahoo Data Breach Confirmed: 500 Million Users Affected

Two months ago, a massive Yahoo data breach appeared to have been uncovered. The records of more than 200 million Yahoo email account holders seemed to have been listed for sale on a Darknet marketplace. The hacker who placed the listing on the site – Peace – had previously listed other large databases for sale, including the data from the MySpace and LinkedIn data breaches. Peace is the co-founder of the Darknet marketplace TheRealDeal, where the data were listed for sale. The Yahoo Data Breach is the Biggest Ever Reported Yahoo conducted an investigation into the apparent breach and now, more than two months later, the Yahoo data breach has been confirmed. However, the Yahoo data breach is far worse than the data listing suggested. The account details of more than 500 million...

Read More
Malicious Microsoft Publisher Files Used in Phishing Attacks on Businesses
Sep16

Malicious Microsoft Publisher Files Used in Phishing Attacks on Businesses

Hackers are using malicious Microsoft Publisher files to create backdoors in Windows computers. The files are being used in targeted attacks on businesses, with a view to stealing sensitive data. A new campaign has been identified by Bitdefender that is targeting small to medium-sized businesses in the UK and China. So far, around 2,000 of the malicious emails have been captured. Spear phishing emails containing malicious Microsoft Publisher files appear to be sent from employees in legitimate businesses. The emails claim to contain a purchase order and users are advised to open the attachment to view details of the order and to confirm that it has been received. It is relatively rare for spammers to use the .pub format to spread malware, instead they tend to prefer other Microsoft...

Read More
World Anti-Doping Agency Cyberattack: Olympics Stars’ Medical Files Published
Sep13

World Anti-Doping Agency Cyberattack: Olympics Stars’ Medical Files Published

The medical records of a number of leading U.S athletes have been leaked online. The data came from a hack of the World Anti-Doping Agency and Court of Arbitration for Sport (WADA-CAS). A group of hackers operating under the name Tsar Team / Fancy Bears successfully hacked WADA’s anti-doping administration and management system (ADAMS) database and stole sensitive data on U.S. athletes. The data have now been uploaded to the hacking group’s website. While medical data is often stolen for financial gain, the recent WADA-CAS hack appears not to be financially motivated, instead it was the intention of the hackers to gain access to medical data to show that it is not only Russian athletes that are involved in doping. The hackers claim that they stand for” fair play and clean sport.” On the...

Read More
Defenses Against Ransomware Must be Improved, Says FTC Chair
Sep13

Defenses Against Ransomware Must be Improved, Says FTC Chair

FTC Chair, Edith Ramirez believes that more needs to be done to deal with the ransomware threat and says defenses against ransomware must be improved. At a recent forum event which examined the rise in the use of ransomware and the strategies that can be adopted by organizations to deal with the threat, Ramirez said ransomware is now “among the most troubling cyberthreats.” She also explained that the problem is unlikely to go away, so companies must improve their defenses against ransomware attacks. Ransomware is used by hackers to encrypt data to prevent business and consumers from accessing their files. Powerful encryption is used and the attackers hold the only keys to decrypt the data. A ransom demand is then issued to supply those keys. Oftentimes, backup data is also...

Read More
RAA Ransomware Tweaked to Attack Businesses
Sep12

RAA Ransomware Tweaked to Attack Businesses

A new variant of RAA ransomware has been discovered by Kaspersky Lab. The new RAA ransomware variant has been developed to make it more effective against businesses. RAA ransomware was first discovered in June. The ransomware was also discovered to incorporate Pony; an information stealing Trojan. However, the hackers responsible for developing RAA ransomware have been working on making the file-encrypting, information stealing malware more effective. The new variant – called Trojan-Ransom.JS.RaaCrypt.ag – contains a number of new functions that make it far more effective at attacking businesses. The primary method of delivery is the same as RAA1. The ransomware is delivered to end users via email. However, in order to bypass spam filers, the latest version of the ransomware is...

Read More
Healthcare Industry Must do More to Deal with the Threat from Phishing
Sep07

Healthcare Industry Must do More to Deal with the Threat from Phishing

The benefit of conducting simulated phishing attacks has been well documented, yet many healthcare organizations do not put anti-phishing training to the test. Consequently, knowledge gaps may be allowed to persist which could jeopardize network security. A recent study conducted by Wombat suggests the healthcare industry must do more to deal with the risk of phishing. Healthcare professionals’ knowledge of phishing threats does not appear to be up to scratch in several key areas. Wombat’s Beyond the Phish report was prepared after the company assessed more than 20 million questions and answers on security threats. The Q&A was developed to test respondents’ ability to identify potential phishing attacks. The study was conducted on a range of organizations including healthcare,...

Read More
Emergency OS X Security Updates Released by Apple
Sep02

Emergency OS X Security Updates Released by Apple

Apple has released emergency OS X security updates to tackle three zero-day vulnerabilities which are being actively exploited. The Emergency OS X updates tackle the “Trident vulnerabilities” which are currently being used by the Israeli firm, NSO Group Technologies. According to security researchers from Lookout Security and Citizen Lab, the exploits, which were discovered last week, could well have been weaponized and used to attack iOS and OS X devices. All users have been advised to install the emergency OS X security updates as soon as possible to ensure their devices are protected from attack. In order for the vulnerabilities to be exploited, a targeted user must be convinced to visit a malicious webpage. As recent research by Wombat has shown, phishing campaigns can be highly...

Read More
1.1 Billion Records Exposed in 2016 Data Breaches
Sep01

1.1 Billion Records Exposed in 2016 Data Breaches

According to a new data breach report published by Risk Based Security, more than 1.1 billion records have been exposed or stolen in the first 6 months of 2016. Those figures make 2016 the worst ever year for data breaches by some distance and the year is far from over yet. The good news, if you can call it that, is compared to the first 6 months of 2015, data breaches are down by 17%. Unfortunately, cyberattacks on organizations are exposing more records. Attacks on healthcare providers and insurers have not been of the scale of those discovered in 2015, although major breaches have occurred. A hacker/hacking group operating under the name The Dark Overlord stole the healthcare records of more than 10 million Americans and listed those data for sale on the darknet marketplace,...

Read More
Anti-Phishing Training Company PhishMe Secures $2.5 Million in Funding
Jul29

Anti-Phishing Training Company PhishMe Secures $2.5 Million in Funding

Providing employees with anti-phishing training is an important part of an organization’s cybersecurity strategy. Technology can be used to prevent network cyberattacks, but employees are a weak link. If phishing emails are delivered to inboxes, it is all too easy for an employee to open an infected email attachment and load malware onto a corporate network. Anti-spam solutions can be employed to reduce the risk of phishing emails being delivered, but no solution is 100% effective, 100% of the time. Sooner or later phishing emails will be delivered. Since employees are the last line of defense it is important that they are told how to identify phishing emails. PhishMe Inc. offers training courses to teach employees how to identify phishing emails. Phishing email simulations are also...

Read More
Phishing Threat Greater Than Any Other Time in History
May26

Phishing Threat Greater Than Any Other Time in History

The Anti-Phishing Working Group (APWG) has released a new report on phishing that shows, during the first three months of 2016, phishing activity was greater than at any other time in history. APWG defines phishing as a criminal mechanism that employs technical subterfuge and social engineering techniques to steal personal identity data and financial credentials. APWG therefore includes CEO scams or business email compromise attacks, fraudulent and spoofed websites, phishing emails, malware that logs keystrokes, and websites that have been infected with keylogging malware. For the report, APWG studied data from member companies from around the globe from a wide range of industry sectors. The study showed that the worst hit country was China, where 57.24% of computers are infected,...

Read More
New Privacy and Security of Healthcare Data Study Released by Ponemon
May13

New Privacy and Security of Healthcare Data Study Released by Ponemon

The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data has been released this week by the Ponemon Institute. This year’s study has highlighted some worrying data breach trends and the new report clearly shows that healthcare organizations – and their business associates – need to do more to improve data security in order to prevent breaches of protected health information. Many healthcare organizations lacked the resources and knowledge to adequately protect electronic protected health information when they first transitioned from paper to electronic records under the Meaningful Use scheme. Today, knowledge of cybersecurity protections has improved and investment in cybersecurity defenses has increased, yet data breaches continue to be experienced by healthcare...

Read More
Threat from Ransomware Prompts FBI to Issue a Warning to Healthcare Organizations
May05

Threat from Ransomware Prompts FBI to Issue a Warning to Healthcare Organizations

The threat from ransomware has increased considerably over the course of the past few months, and healthcare organizations are in cybercriminals’ cross-hairs. Attacks on healthcare providers have been occurring with increasing regularity, prompting the FBI to issue a warning. Ransomware is not new, but it is increasingly being used by cybercriminals to attack large organizations. In 2015, the FBI saw a sharp upward trend in the use of ransomware to attack organizations. Healthcare organizations are being targeted because they hold large volumes of data which are needed for day to day operations. If cybercriminals can break through security defenses and lock data files, organizations may be forced to give in the attackers’ ransom demands. The FBI warns that as long as cybercriminals are...

Read More
Employees are the Weakest Security Link Says Verizon Report
Apr26

Employees are the Weakest Security Link Says Verizon Report

The 9th annual Verizon Data Breach Investigations Report was published this Tuesday. The report provides a valuable insight into the main causes of data breaches in 2015. The report shows that the biggest causes of healthcare data breaches in 2015 were stolen login credentials, privilege misuse, and miscellaneous errors. The threat from within cannot be ignored, but it was malicious external actors that caused healthcare organizations the most problems. A high percentage of attacks either targeted healthcare employees or took advantages of mistakes they made while online. One of the biggest problems is phishing. Phishing is now used in an increasing number of attacks on healthcare providers. Phishing emails are sent to healthcare workers via spam email. In many cases the emails are sent...

Read More
Locky and Samas Attacks Prompt US-CERT to Issue Ransomware Alert
Mar31

Locky and Samas Attacks Prompt US-CERT to Issue Ransomware Alert

The spate of recent ransomware attacks on U.S. healthcare providers and businesses has prompted US-CERT to issue a warning about the destructive ransomware variants, Locky and Samas. The latest alert was issued by the Department of Homeland Security in conjunction with the Canadian Cyber Incident Response Centre (CCIRC) to raise awareness of the threat from ransomware, the mode of action of the malicious software, the variants that are currently proliferating, and the actions that can be taken to reduce the risk of attack. While ransomware has been around for several years, attacks have been limited until recently. Now many malicious actors are turning to ransomware to extort money out of victims and the threat to businesses is growing. Ransomware victims are told that their systems and...

Read More
Ransomware Attacks on Hospitals on The Rise
Mar24

Ransomware Attacks on Hospitals on The Rise

The recent spate of ransomware attacks on hospitals continues. In the last few days, two more attacks on Southern Californian hospitals have been announced. Ransomware is a form of malware that encrypts files to prevent the victims from accessing their data. Ransomware is spread predominantly via email, although web-borne attacks are also being used to install the malicious software on end user devices. Once installed, ransomware searches for a wide range of file types and locks them with powerful encryption. Infections can also spread laterally resulting in files on multiple computers and servers being locked. Recent Ransomware Attacks on Hospitals Eight ransomware attacks on hospitals have recently been reported, four of which were in the United States, with two reported infections in...

Read More
Biggest Healthcare Data Breaches of 2015
Dec28

Biggest Healthcare Data Breaches of 2015

The financial sector and retail industries have suffered the largest data breaches over the past couple of years, but 2015 was without doubt the year of the healthcare data breach. The biggest healthcare data breaches of 2015 were all caused by hackers and the industry has been increasingly targeted by cybercriminals seeking valuable healthcare data. Biggest Healthcare Data Breaches of 2015 The two biggest healthcare data breaches of 2015 exposed more patient records than were exposed in all healthcare industry data breaches over the last four years combined. Heading into 2015, the previous largest healthcare data breach had exposed 4.9 million patient records. A security incident of that magnitude was fortunately a rarity. In 2015, there were two healthcare data breaches reported in...

Read More
Anti-Phishing Solutions for Healthcare Providers
Dec22

Anti-Phishing Solutions for Healthcare Providers

Phishing is main method used by hackers to gain access to healthcare data, but fortunately there are a number of anti-phishing solutions for healthcare providers that can be employed to protect networks, and the computers that connect to them. While software solutions can reduce the likelihood of phishing emails being delivered to inboxes, what happens when emails do sneak past anti-spam filters? How likely is it that healthcare workers will respond to a phishing email? According to a recent study, if five emails reach employee inboxes, at least one individual is likely to click on the link in the email or open the email and attachment. Importance of Anti-Phishing Solutions for Healthcare Providers Highlighted by Recent Phishing Study The study was conducted by PhishMe, a leading...

Read More
OCR HIPAA Settlement for a Phishing Attack
Dec15

OCR HIPAA Settlement for a Phishing Attack

University of Washington Medicine has agreed to an OCR HIPAA settlement for a phishing attack suffered in 2013. A financial penalty of $750,000 must be paid to Office for Civil Rights, and a corrective action plan (CAP) must be adopted to address areas of non-compliance with the HIPAA Security Rule. First OCR HIPAA Settlement for a Phishing Attack Data breaches are investigated by Office for Civil Rights and financial penalties are sometimes issued when data breach investigations reveal failures to comply with HIPAA Privacy, Security, and Breach Notification Rules. This is the sixth time this year that a financial penalty has been issued to a covered entity by Office for Civil Rights for a failure to comply with HIPAA Rules. Oftentimes, OCR is content with issuing a robust CAP to a...

Read More
Essential Healthcare Mobile Security Considerations
Nov30

Essential Healthcare Mobile Security Considerations

The use of Smartphones, tablets and other mobile devices in healthcare is growing. Even though healthcare mobile security issues are numerous, the devices are simply too beneficial. Provided healthcare mobile security problems are tackled, the devices can help to improve efficiency, productivity, patient engagement, staff happiness, and drive down costs. Many HIPAA-covered entities rely on the devices and consider them to be critical to ensure quality care is provided to patients. They are now used to communicate directly with patients via text message and email, to access patient data, view test results, schedule appointments, and communicate with other members of the care team. Patients are becoming more engaged in their own healthcare thanks to Smartphone apps. They are using their...

Read More
Cybercriminals Exploiting Bugs in Human Hardware via LinkedIn
Oct21

Cybercriminals Exploiting Bugs in Human Hardware via LinkedIn

New cybersecurity vulnerabilities are being discovered on a daily basis, and health IT departments are diverting resources to plug security holes and address software risks as soon as they arise; however, it is important not to forget bugs in human hardware, which are arguably must easier for hackers to exploit. Bugs in Human Hardware Being Exploited Bugs in human hardware is a term often used to describe security flaws in human personalities, which can be exploited by criminals looking to gain access to data to commit fraud, sabotage networks and steal sensitive information. The perpetrators of these crimes, otherwise known as confidence tricksters, are using a variety of methods to gain access to usernames and passwords, security keys and other highly sensitive data. Rather than using...

Read More
New Android Phone Data Security Report Released
Oct19

New Android Phone Data Security Report Released

The timespan between reports of Android phone data security problems is getting shorter. As soon as one major security vulnerability is discovered and addressed, other security flaws are found. Due to the number of security issues with the devices, some view Android Smartphones as a data breach waiting to happen. Bad news for healthcare providers with a BYOD policy allowing the devices to connect to their networks. Critical Vulnerabilities Exist on 87% of Android Devices Google, the company that developed the Android platform, recently commissioned a report on Android data security and the results are worrisome. The researchers discovered the majority of Android phones contain at least one critical security vulnerability: 87.7% of devices according to the security report. The study was...

Read More
Medical Device Security Vulnerabilities are Putting Patient Data at Risk
Sep29

Medical Device Security Vulnerabilities are Putting Patient Data at Risk

A new report presented at the DerbyCon Security Conference on Tuesday has revealed serious medical device security vulnerabilities. The medical device security vulnerabilities are present in a wide range of devices used in hospitals and clinics, and the vulnerabilities could potentially be exploited by hackers seeking data to use for identity theft and fraud. Patient data is being recorded and stored on medical devices and computer equipment, and those devices are linked to internal networks. However, many devices are also directly accessible via the internet. Since the devices are networked, there is a risk that internal systems can be infiltrated by malicious insiders if access to medical devices can be gained. The problem is not just one of data exposure. If access to data is gained,...

Read More
Oakland Family Services Data Breach Announced
Sep13

Oakland Family Services Data Breach Announced

The Oakland Family Services data breach was caused by an individual employee responding to a phishing email, potentially exposing the PHI of 16,000 patients. The Department of Health and Human Services’ Office for Civil Rights has been notified of a recent Oakland Family Service data breach that exposed the Protected Health Information (PHI) and Personally Identifiable Information (PII) of up to 16,000 patients. Individuals who visited the healthcare provider for treatment between April 2007 and July 2015 may have been affected. According to a press release announcing the Oakland Family Services data breach, patient names, service dates, patient ID numbers and the dates that services were provided, were all potentially compromised in the security breach. No financial information was...

Read More
New Android Smartphone Data Security Warnings Issued
Sep03

New Android Smartphone Data Security Warnings Issued

An Android Smartphone data security warning has recently been issued by IBM’s X-Force Application Security Research Team. CheckPoint has also discovered Android security vulnerabilities which have potential to be exploited by hackers. The new security vulnerabilities have been discovered in the operating system, with IBM’s warning suggesting as many as 55% of Android phone users could be affected by the security flaw. The warning came just a few days after CheckPoint discovered new flaws with Android phones which have potential to affect millions of users around the world. One of the problems with Android Smartphone data security is due to the software installed on the devices by manufacturers. This software cannot be uninstalled without first rooting the device, and even then it is not...

Read More
UCLA Health System Hack Uncovered
Jul18

UCLA Health System Hack Uncovered

A UCLA Health System hack has been uncovered in which 4.5 million patient health records have been accessed and potentially stolen. This may not be the biggest healthcare data breach in 2015; the Anthem Hack exposed 78.8 million records and the Primera Blue Cross breach resulted in 11 million records being compromised – but this certainly ranks as one of the most serious healthcare data breaches ever reported. The data exposed in the UCLA Health System hack was of a highly sensitive nature, more so that the Anthem breach, as Social Security numbers and health data was also accessed. As a result, the victims of this data breach face a high risk of suffering identity theft and fraud. UCLA Health System Hack Exposes Highly Sensitive Patient PHI Suspicious server activity had been noticed by...

Read More
FBI Warning Issued over Cryptowall Ransomware Threat
Jun25

FBI Warning Issued over Cryptowall Ransomware Threat

The Cryptowall ransomware threat has now reached a critical level, with the FBI deeming it necessary to issue a warning to allow businesses and individuals to take extra care. Ransomware is a type of malware that disables the target’s computer by encrypting the device. If an attack is successful, the device will be locked until a ransom is paid. Only then will the necessary security fix be provided to unlock the device. There are numerous threats from ransomware, although one variant in particular is causing the most problems: Cryptowall. According to the FBI warning, the number of reported cases of Cryptowall malware in the last two months has reached 992. That figure will now almost certainly be higher as more individuals download the malware. The FBI estimates that the malware is...

Read More
1.1 Million Records Exposed in CareFirst BCBS Cyberattack
May21

1.1 Million Records Exposed in CareFirst BCBS Cyberattack

A major cybersecurity breach has been discovered by CareFirst Blue Cross Blue Shield after an email account was compromised; the CareFirst BCBS cyberattack is reported to have affected 1.1 million health plan members. CareFirst is the third healthcare insurance company to suffer a major data breach in the last few months. The first announcement came from Anthem Inc., in February, after it discovered it had suffered a data breach that exposed the records of 78.8 million individuals. Access to the data first taken place many months previously. Next was Premera Health which suffered a data breach that exposed 11 million records. Again the attack was historic, dating back some 10 months. Now CareFirst has reported that its data breach first occurred on June 20, 2014, with the last known...

Read More
2019 Cost of Data Breaches will be $2.1 Trillion
May18

2019 Cost of Data Breaches will be $2.1 Trillion

The cost of data breaches is rising, and this is not likely to change according to a study conducted by Juniper Research; data breach costs will have risen to $2.1 trillion in just four years’ time. The Cost of Data Breaches Will Continue to Increase By 2019, researchers predict that cybercrime will be having an incredible impact on the lives of consumers. Their personal data is what thieves are after. With that information, criminals are able to run up millions of dollars in debts in the names of other people. The new Juniper report, entitled The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation – looks at the current digital security landscape and analyses the impact cybercrime is having on organizations today, how this has changed in recent...

Read More