Why that might not be a good thing for Nebraska. Based on a study of thousands of cases that it has worked, incident response firm Coveware has found that the number of firms paying a ransom has dropped from 85% in Q1 2019 to 46% in Q1 2022. When victims do pay a ransom, in Q1 2022, they paid an average of $211,529, down 34% from the previous quarter, Coveware found. It attributes this to fewer victims paying, attackers overall infecting...

There are several trends emerging in the cyber insurance industry that are worrying for mid-size and local entities. These trends are largely a response to the havoc ransomware has caused across industries in the last 18 months. The emerging trends can be summed up as: Prices are increasing, in many cases in the range of 2x-4x Renewal and acceptance rates for policies are going down, in many cases, by 40%-60% compared to previous years Entities...

Law enforcement and intelligence agencies in the U.S, the U.K. and Australia have issued a joint advisory on unidentified Iran government-backed advanced persistent threat (APT) actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to attack organizations in their respective countries. Attributing the attacks to a specific APT group is inherently challenging, but a senior cyber threat intelligence analyst has pointed out...

The FBI has been keeping tabs on the most exploited vulnerabilities for years. They also pay close attention when it appears that hacking is being perpetrated by other nations. On May 12th, they released their list of the top 10 most exploited vulnerabilities. The list is intended to help all organizations “place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber...

Cybercrime led to $3.5 billion in losses in the U.S. last year, with a sharp uptick in business email compromise scams – which accounted for nearly half those losses, according to a newly released FBI Internet Crime Report, which is based on complaints the FBI received. Donna Gregory, the head of the FBI’s Internet Crime Complaint Center, emphasizes that the FBI isn’t seeing a ton of new types of fraud but rather criminals using new...

The cyber-attack against Anthem Inc., which the insurer says may have started with a spear-phishing campaign targeting five of its employees, is a warning sign of the kinds of sophisticated schemes that may be common in the year ahead.   If the Anthem breach is a result of phishing it’s emblematic of what many security experts are expecting to see in the evolution of attacks against companies and their employees.   Risks From Social...

The healthcare sector is increasingly becoming a target for cybercriminals and with a plethora of valuable information and inconsistent security procedures it’s easy to see why it’s an enticing target. In this environment of ever increasing risks, it’s critical that healthcare organizations and their business partners implement information security management practices that go far beyond just focusing on HIPAA compliance.   One of...

As we all become more reliant on technology for everything from social engagements to business, the threats to the security of our information has increased dramatically. Due to the increased threat level, the Federal Financial Institutions Examination Council (FFIEC) has implemented a number of initiatives to raise awareness of cyber-security risks and the need for risk assessment and mitigation among financial institutions.   In order to...

We know that when it comes to IT security in the healthcare field there is a vast continuum from most to least secure. With different risk factors, budgets, needs and capabilities the IT security situation of each health care provider is unique. That said every provider needs to make sure that they’re at least taking the minimum steps in the immediate future to ensure that you’re not just a costly breach waiting to happen. There are two simple...

If you currently allow, or are considering allowing, employees to use their own mobile devices for work purposes, there are some steps that need to be taken to ensure that you’re not at risk for expensive security breaches. By taking the following steps you will allow your employees to stay productive while mitigating risk and ensuring that you have plans and procedures in place in case something should happen: Create a coherent policy before...