While many organizations seek to monitor their cybersecurity posture with internal testing, such as table top exercises, simulated phishing attacks, and other proactive measures, the question always remains: is it enough to thwart a sophisticated threat actor? This simple question, with its many complexities and concerns, was a daily inquiry for me as a former FBI executive in charge of the data presentation and storage for operations.
Read more »Tag: cyber threat
-
All Hail the Red Team! The Value of Penetration Testing for a Cybersecurity Culture Posted on: May 17, 2022 In: Data Privacy & Cybersecurity
-
Can Your Coffee Maker Be Hacked? Cybersecurity Issues and the Growing Internet of Things Posted on: May 09, 2022 In: Data Privacy & Cybersecurity
Internet of Things (IoT) devices have flooded the lives of consumers over the past few years, with the global IoT market valued at $384.7 billion in 2021, according to a March 2022 report from Fortune Business Insights. "Smart" technology has become a standard feature on most consumer products, and with a growing number of devices being connected to the internet, it is increasingly important that the public be sufficiently educated on the risks that accompany IoT devices.
Read more »
-
OFAC September 2021 Advisory: Illusory Solutions to Soften the Enforcement Threat? Posted on: September 22, 2021 In: Data Privacy & Cybersecurity
On September 21, 2021, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an updated advisory on potential sanctions risks for facilitating ransomware payments. The sanctions have been authorized by the International Emergency Economic Powers Act and the Trading with the Enemy Act with the purpose of disrupting funding for malicious cyber activities and limiting activities that may be adverse to U.S. national security and foreign policy objectives.
Read more »
-
What’s in President Biden’s Executive Order on Improving the Nation’s Cybersecurity? Posted on: May 27, 2021 In: Data Privacy & Cybersecurity
On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity, emphasizing the current cyberattack landscape targeting the public and private sectors and the need to heighten efforts and increase resources to defend against this threat environment. The Order comes following recent high-profile cyber incidents, and echoes the NIST's Framework’s Five Functions. Parts of the Order will also directly affect federal contracts and its supply chain.
Read more »
-
You’ve Experienced a Ransomware Attack - Now What? 5 Practical Steps to Take In Response to a Ransomware Attack Posted on: March 11, 2021 In: Data Privacy & Cybersecurity
By now, most of you know that due to the COVID-19 pandemic and the shift to remote work, data security incidents increased both in number and severity in 2020 and show no signs of slowing down in 2021. What you may not know, however, is what to do when your business experiences a ransomware attack. This post details five steps your organization should take immediately to reduce the impact of the attack.
Read more »
-
FBI Healthcare Alert - Imminent Threat Of Widespread Ryuk Attack Posted on: October 29, 2020 In: COVID-19 Response
The FBI and DHS-CISA issued a warning on October 28, 2020 about an imminent threat to hospitals and healthcare providers. They represent that they have credible information to suggest there will be a widespread Ryuk ransomware attack this weekend (October 30 - November 1), and the FBI, DHS and the NSA's Cybersecurity Threat Operations Center are currently investigating the matter. It is recommended that hospitals and healthcare providers implement the following measures as soon as possible.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: COVID-19 Response
In 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
A Time for Reflection: Advisen’s 2020 Cyber Law Firm of the Year Award Posted on: July 15, 2020 In: Data Privacy & Cybersecurity
Lewis Brisbois' Data Privacy & Cybersecurity Team recently received Advisen’s 2020 “Cyber Law Firm of the Year” award for the second year in a row. We are proud of this accomplishment and grateful for Advisen’s recognition, as well as the dedication of our attorneys and industry partners. Receiving this honor provides us with more than simply a reason to celebrate. It also gives us a chance to reflect upon the work that we performed last year and to determine how best to serve our clients in the future.
Read more »
-
Business Email Compromise Attacks on the Rise in 2020 Posted on: June 18, 2020 In: COVID-19 Response
A business email compromise (BEC) is a cyber crime that utilizes access to an organization’s email to defraud that organization and its employees, customers, or partners. In 2020, COVID-19 has provided attackers with a new source for BEC exploits. Attackers are taking advantage of the need for communications surrounding COVID-19 and increased remote work connections from employee home networks to their employers’ corporate networks.
Read more »
-
Remaining Vigilant Against State-Sponsored Cyberattacks Posted on: April 15, 2020 In: Data Privacy & Cybersecurity
State-sponsored cyberattacks have increased in recent years. These attacks, which are supported and funded by foreign governments, typically reflect geopolitical dynamics, with hacking campaigns often emerging following international conflicts. Frequently, the nations responsible for cyberattacks seek to achieve specific goals through their hacking campaigns. Their objectives may include conducting economic espionage or disrupting another nation’s political or economic stability.
Read more »
-
Threat Intelligence: Maze Ransomware Variant Posted on: December 09, 2019 In: Data Privacy & Cybersecurity
While ransomware variants like GandCrab, Ryuk, and WannaCry have received a lot of attention and cost their victims significant amounts of money, these attacks are rarely accompanied by a credible threat to expose sensitive data. These threat actors are able to monetize their attacks with the extortion payments alone. However, a variant known as Maze (or ChaCha) could change that equation.
Read more »
-
Keeping the Creeps Off Your Computer: Tips to Avoid Scareware & Scare Scams Posted on: October 29, 2019 In: Data Privacy & Cybersecurity
Halloween is a great time to masquerade as your favorite supernatural or otherworldly character, generating harmless screams and candy. Not so harmless is the fear that scammers create by pretending to know something about you or your cyber system in order to scare you into sending them money.
Read more »