The past several years have been marked by numerous high-profile data breaches that seem to be happening with increasing frequency and scope. Given the unprecedented participation in digital platforms and the unparalleled amount of personal data that today’s tech companies store, government regulation and oversight felt inevitable.
The holiday season revolves largely around traditions like festive lights, Christmas trees, family dinners, holiday cards and Secret Santa gift exchanges. Even if you don't like all of these traditions, you will probably agree that none is as bad as one of the newest phenomena that characterizes this time of year: holiday cyber scams.
As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems.
In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS.
The nights are drawing in and the world outside has been painted with autumnal colours once again. The year is ending and, as such, it is a time for reflection before the inevitable glance towards the white light of the future breaking upon the horizon. Flowery prose aside, we've just had our latest Quarterly Business Update (QBU). We’ve had a pretty good year. We’ve grown, innovated, added to our services and taken on more clients than ever.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well what an amazing choice this week, it has been hard to choose. But this first one, one that appear just before I started writing this blog entry has to make it as the top story. It is so bizarre and a real first!
Wood Ranch Medical has announced it will be permanently closing its doors as a direct result of a ransomware attack. The devastating attack occurred at Wood Ranch Medical in Simi Valley, CA, which recently announced that the practice will permanently close on December 17, 2019. It is another example of how cyber attacks and specifically Ransomware can bring a business to its knees.
The ransomware attack encrypted the computer systems at Brookside ENT and Hearing Center in Battle Creek which housed patient records, appointment schedules, and payment information rendering the data inaccessible. A ransomware attack can prove costly to resolve. That cost was not deemed worth it by one Michigan practice, which has now permanently closed its doors.
So what is Ransomware? Ransomware is a type of malicious program/application that gains access to your files or systems and blocks user access to those files or systems. Then, all files, or even entire devices, are held hostage using encryption until the victim pays a ransom in exchange for a decryption key. The key allows the user to access the files or systems encrypted by the program.
The principle of least privilege (POLP), an important concept of computer security, is the practice of limiting access rights for users, accounts and computing processes to only those needed to do the job at hand. Privilege refers to the authorization to bypass certain security restraints. When applied to people, minimal privilege, means enforcing the minimal level of user rights that still allow the user to perform their job function.
