Detectify year in review: 2019 has been quite a journey so far with expansion to the US and doubling our size. Join us for a proverbial toast to the year as we share a recap of our highlights.

The largest hospital system in New Jersey said it paid an extortion fee to hackers who had disrupted medical facilities with a ransomware attack. A spokesperson for Hackensack Meridian Health, based in Edison, New Jersey said it was working to restore its computer systems following a Dec. 2 ransomware attack that forced administrators to cancel roughly 100 elective medical procedures.

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise because no one really knows how they work. It’s like security through obscurity.

At Bearer, we use GraphQL to allow our Dashboard application to communicate with our database. Recently we gave this GraphQL API a re-design. Here are a couple of lessons we learned during the process.

With so many acronyms in cyber security, it isn’t always easy to distinguish between the many product and service offerings available. This can create significant confusion for IT and security personnel that need to make quick purchase decisions to address holes in their security coverage.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law before the rollout of major social media sites such as Facebook, Twitter, and Instagram. And as such, there are no specific HIPAA rules for social media. However, some HIPAA laws and standards apply to the use of social media by health care organizations and their workers. Because of that, each health care organization must implement a HIPAA social media policy to decrease the risk of HIPAA violations.

Spyware is unwanted software, a type of malicious software or malware, designed to expose sensitive information, steal internet usage data, gain access to or damage your computing device. Any software downloaded to a user's device without authorization can be classified as spyware. Even spyware programs installed for innocuous reasons often violate end user privacy agreements and have the potential for abuse.

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested background checks to our clients rather than providing detailed background reports or having the client run a background check on our employees.

After spending several decades in this industry, I have seen growth in many different security products and in many different areas. All the while, I’ve questioned whether specific technologies were offering real value or were just over-marketed to create more revenue opportunities for investors. As we have seen repeatedly, categories of security products blossom in many different ways. So many vendors, so much technology. Where do we go from here?

This holiday season kicked off a couple weeks ago, with Black Friday and Cyber Monday showing a 14% increase in early holiday purchases from the same period during 2018, according to a report by Bank of America Merrill Lynch Global Research. With holiday sales projections showing similar numbers until the end of the year, there has never been a more vital time to ensure that consumer transactions are completing as expected.