As I sat down to write this post, I couldn’t help amusing myself with yet another corny “cloud” analogy: The potential for lateral movement between different parts of the extended corporate ecosystem is a bit like all the different types of lightening there are. If, besides being a tech geek, you are also a weather geek, you can read about lighting here. Among other things, this site explains that “Anvil Crawlers are horizontal tree-like, in-cloud lightning discharges whose leader propagation is slow enough… that a human observer… can see its rapid motion across the sky.” Where cloud security is concerned, Illusive’s aim is to make malicious lateral movement to, from, and between clouds slow and visible to the human eye—so that security teams can stop cyberattacks before a successful strike.
HIPAA Compliance—Cyberattackers Aren’t Fazed
In spite of longstanding HIPAA compliance requirements, and the billions of dollars being invested to ensure HIPAA compliance, it seems that cyberthreats and attackers aren't fazed. Healthcare suffered from some of the largest breaches ever reported in 2015. The breach at Anthem compromised 78.8 million records, and two additional breaches exposed more than 10 million records each1. The following year, 2016, saw the highest number of breaches with 327 reported. The number of breaches in 2017 surpassed 2016, with more than 342 reported. While the number of breaches grew, the number of compromised records dropped from 112 million in 2016 to a little more than 14 million in 2017.
The Society for Worldwide Interbank Financial Telecommunication, known as SWIFT, became a household name in 2016, when hackers breached Bangladesh Bank's SWIFT wire transfer system and made off with almost $81 million. More than a dozen other banks around the world were hit with similar cyberattacks. Although compromised wire transfer systems haven't made headlines lately, they're still happening—and starting to appear in the consumer world.
The intersection between cybersecurity and data privacy is making front-page news these days. The General Data Protection Regulation (GDPR), adopted by the European Union in 2016 and implemented in May 2018, represents a comprehensive regulatory effort with the objective of protecting consumer data and privacy. Organizations, or “controllers” of data in the language of the laws, must put in place “appropriate technical and organisational measures” to implement the data protection principles. There have been other legislative efforts in recent years dedicated to consumer data protection - the Dodd–Frank Wall Street Reform and Consumer Protection Act in the U.S. being one of them (though some of those regulations have since been removed or eased), but GDPR has been the most extensive.