Cyber Connections News Roundup: August 27

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

August 27, 2019

How Do You Measure Cybersecurity Effectiveness?

A recent blog post on www.lawfareblog.com examines the lack of universally recognized metrics to measure cybersecurity improvements. As a result, decision-makers “are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones.” The article seeks to understand the importance of a balance between quantitative and qualitative metrics in order to also address role of processes and procedures. “Cybersecurity is a matter not just of the equipment and tools in place but also of how the equipment and tools are used by people.” Read more.

Microsoft Leads All Brands in Phishing Attacks

A recent article on www.forbes.com estimates that phishing attacks account for up to 90% of cyberattacks by volume. And the Microsoft brand has a clear lead when it comes to these attacks. According to a recent Vade Secure survey based on its AI engine activity, more than 20,000 unique Microsoft phishing URLs were detected for an average of more than 222 per day. The 180 million Office 365 business users provide a playing field rife for attack. And once an attacker steals Office 365 credentials the whole world of a Microsoft user’s account opens up. PayPal occupies the second spot. Read more.

More than Half of Industrial Cybersecurity Incidents Caused by Human Error

A recent Kaspersky report titled “State of Industrial Cybersecurity 2019” found that errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks in 2018. An article about the report on www.securitymagazine.com cites the top five most common types of vulnerabilities within industrial control systems as: misconfigurations (34.7 percent); vulnerabilities, patches and updates (26.7 percent); identity and access management (12.9 percent); insecure services enabled (7.9 percent); architecture and network segmentation (7.9 percent). Read more.

Nearly One Third of Healthcare Employees Have Never Received Cybersecurity Training

Employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in three main areas: regulation, policy and training, according to a new report from Kaspersky titled “Cyber Pulse: The State of Cybersecurity in Healthcare Part 2.” According to an article on www.healthcarefinance.com, the report established several findings that correlate to the increasing number of hacking and IT-related incidents occurring in healthcare organizations across North America. For example, nearly a fifth of U.S. respondents to the survey (18%) reported they didn’t know what the HIPAA security rule meant. In Canada, nearly half of respondents (49%) said they didn’t know if Canadian PHI needed to stay in Canada. Read more.

Reformed Con Man Frank Abagnale Offers Tips on Preventing Identity Theft

Frank Abagnale, the subject of the movie “Catch Me If You Can” starring Leonardo DiCaprio, sat down recently with TechRepublic to offer his tips on avoiding identity theft. First, he advises to freeze your credit, which reduces the ability for someone to create a fraudulent credit account in your name. Abagnale also advises to avoid writing checks because most often they include your name, address, and phone number, as well as your bank’s name and address, account number, routing number and signature. Moreover, everyone can see your physical check, which exposes it to more risk. Read more.