On February 13th, we broke out the hats and balloons (read: hummus and beer) to celebrate Illusive’s 100th software sprint. For 100 releases now, we’ve been helping our customers—hundreds of organizations across industries—revolutionize their ability to stop advanced cyberattackers.
Let’s tackle a familiar, yet daunting problem for vulnerability management (VM) teams: The patching “to-do” list in most organizations is so long that having some way to prioritize patching of networked endpoints, servers and other assets is essential for limiting exposure to cyberattacks.
HIPAA Compliance—Cyberattackers Aren’t Fazed
In spite of longstanding HIPAA compliance requirements, and the billions of dollars being invested to ensure HIPAA compliance, it seems that cyberthreats and attackers aren't fazed. Healthcare suffered from some of the largest breaches ever reported in 2015. The breach at Anthem compromised 78.8 million records, and two additional breaches exposed more than 10 million records each1. The following year, 2016, saw the highest number of breaches with 327 reported. The number of breaches in 2017 surpassed 2016, with more than 342 reported. While the number of breaches grew, the number of compromised records dropped from 112 million in 2016 to a little more than 14 million in 2017.
The epic and exponential rise in cybercrime is a subject of near-daily discussion in the national and local news. Whether it’s from ransomware, identity theft, digital corporate espionage, information warfare, compromised election systems or hacked critical infrastructures—increasingly all of our information systems are under attack. While the media is quick to report on the “what” of each data breach (for example, company X was hacked so change your password to that account), they rarely delve into the why and the how. How are these attacks taking place, and why are they growing at a pace so much quicker than all other forms of criminal activity? Without understanding the “why and how” of cybercrime, we are doomed to fail in our battle against cyberattacks.
The Society for Worldwide Interbank Financial Telecommunication, known as SWIFT, became a household name in 2016, when hackers breached Bangladesh Bank's SWIFT wire transfer system and made off with almost $81 million. More than a dozen other banks around the world were hit with similar cyberattacks. Although compromised wire transfer systems haven't made headlines lately, they're still happening—and starting to appear in the consumer world.
The intersection between cybersecurity and data privacy is making front-page news these days. The General Data Protection Regulation (GDPR), adopted by the European Union in 2016 and implemented in May 2018, represents a comprehensive regulatory effort with the objective of protecting consumer data and privacy. Organizations, or “controllers” of data in the language of the laws, must put in place “appropriate technical and organisational measures” to implement the data protection principles. There have been other legislative efforts in recent years dedicated to consumer data protection - the Dodd–Frank Wall Street Reform and Consumer Protection Act in the U.S. being one of them (though some of those regulations have since been removed or eased), but GDPR has been the most extensive.