Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
Every few weeks, a new cybersecurity breach occurs in business or in government. Cybercrime is on the rise, whether it’s based on stealing personal data and making a profit, political espionage, or the ego boost that hackers get when they see their work in headlines. The United States is the leading target for hackers because, “the country has much national and international consumer and corporate data in a disparate range of institutions and regulations; making it easier to find and exploit systemic weaknesses,” according to Juniper Research.
Juniper Research predicts that more than 33 billion records will be stolen by cyber criminals in 2023 alone, an increase of 175 percent compared to the 12 billion records expected to be compromised in 2018.
Three markets in particular – healthcare, financial services and retail – have been hit hard during the past few years and, according to CSO Magazine, they will continue to be the primary targets of hackers. In The Cybersecurity Regulations Healthcare, Financial Services, and Retail Industries Must Know About, author Jonathan Nguyen-Duy highlights the importance of companies taking a 360-degree view of how they approach protecting private data.
“With the risk of ever greater financial losses and public safety damage, organizations should undertake the holistic security approaches outlined in a variety of industry standards and regulations. Irrespective of which risk management strategy or security control is implemented, the key is to use an integrated and automated security architecture with deep visibility and control that can also operate at speed and scale. Current network ecosystems stretching from the IoT edge, across enterprise networks, and out to multiple cloud service providers are far too distributed for traditional manual prevention, detection, and response solutions.”
The article outlines guidelines and standards that are available to address cybersecurity threats in the healthcare, financial services and retail markets including:
- NIST Cybersecurity Framework is a collaborative effort between the U.S. government and private sector organizations to provide cybersecurity best practices along with a framework for managing risk.
- For healthcare, while HIPAA guidelines are in place, many new healthcare guidelines and regulations have also been recently introduced by Congress and the FDA, including the Internet of Medical Things Resilience Partnership Act and the Medical Device Cybersecurity Act of 2017.
- The financial services sector is subject to several regulations and guidelines from the Financial Industry Regulatory Authority (FINRA) that require written policies and procedures be submitted regarding the protection of consumer information from cyberattacks. Since the financial industry is recognized as a critical infrastructure around the world, there have also been multiple developments in the global regulation of financial cybersecurity.
- The retail industry is largely targeted for the consumer credit card data it stores. As a result, retailers must adhere to PCI DSS – The Payment Card Industry Data Security Standard. These standards provide guidance on how to store and transmit payment information to minimize the risk of data breach and fraud.
Protecting your digital footprint
While big companies and government agencies can apply vast amounts of resources to protect against cybersecurity threats, the reality of living in a digital world means that small companies and individuals need to find ways to protect themselves and their personal data. According to the Pew Research Center, 65 percent of Americans have been victims of a security breach, and 49 percent believe that their personal data is less safe than it was five years ago.
The Wichita Business Journal recently published Cybersecurity: 6 ways to protect your family office, which lists ways individuals and small companies can protect themselves.
- Keep track of technology: Create an inventory of routers, computers, phones and other devices connected to the internet and regularly check to make sure each one has updated antivirus, firewall and cyber protections.
- Create and communicate a policy: To prevent vulnerabilities from within the office walls, all businesses should have a written cyber-protection policy that is regularly communicated to office staff.
- Educate everyone: Cyber education should be a key part of regular office meetings and communications.
- Conduct background checks: Business should regularly conduct criminal background checks, even if an employee has been with the business for many years, to make sure that they know the people working for them and safeguard against an internal attack.
- Test your resilience: Through vulnerability assessments and penetration testing, or essentially identifying weaknesses in a system or simulating a cyberattack, family businesses can better identify areas of strength and fortify areas of weakness.
- Leverage technology tools: Sharing sensitive data via email is a big cybersecurity threat and one way to prevent this is through email encryption tools. These encode a message before sending and require the receiver (who has a tool) to decrypt the information.
Cyber Oregon partner blog post of interest
- Galois: C2rust