Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology
and strategies for combatting targeted attacks

Getting Ahead of HIPAA Compliance Requirements to Increase Security

Posted by Guy Rosenthal on Jan 2, 2019 3:14:28 PM

HIPAA Compliance—Cyberattackers Aren’t Fazed

In spite of longstanding HIPAA compliance requirements, and the billions of dollars being invested to ensure HIPAA compliance, it seems that cyberthreats and attackers aren't fazed. Healthcare suffered from some of the largest breaches ever reported in 2015. The breach at Anthem compromised 78.8 million records, and two additional breaches exposed more than 10 million records each1. The following year, 2016, saw the highest number of breaches with 327 reported. The number of breaches in 2017 surpassed 2016, with more than 342 reported. While the number of breaches grew, the number of compromised records dropped from 112 million in 2016 to a little more than 14 million in 2017.

Read More


Automated Cybercrime Highlights Need to Automate Cyber Defenses

Posted by Marc Goodman on Dec 18, 2018 4:18:14 PM

The epic and exponential rise in cybercrime is a subject of near-daily discussion in the national and local news. Whether it’s from ransomware, identity theft, digital corporate espionage, information warfare, compromised election systems or hacked critical infrastructures—increasingly all of our information systems are under attack. While the media is quick to report on the “what” of each data breach (for example, company X was hacked so change your password to that account), they rarely delve into the why and the how. How are these attacks taking place, and why are they growing at a pace so much quicker than all other forms of criminal activity? Without understanding the “why and how” of cybercrime, we are doomed to fail in our battle against cyberattacks. 

Read More


GDPR Compliance: Personal Data Privacy & Beefing Up Data Security

Posted by Guy Rosenthal on Dec 11, 2018 10:35:53 AM

The intersection between cybersecurity and data privacy is making front-page news these days. The General Data Protection Regulation (GDPR), adopted by the European Union in 2016 and implemented in May 2018, represents a comprehensive regulatory effort with the objective of protecting consumer data and privacy. Organizations, or “controllers” of data in the language of the laws, must put in place “appropriate technical and organisational measures” to implement the data protection principles. There have been other legislative efforts in recent years dedicated to consumer data protection - the Dodd–Frank Wall Street Reform and Consumer Protection Act in the U.S. being one of them (though some of those regulations have since been removed or eased), but GDPR has been the most extensive.

Read More


Ponemon Report: How Security Teams Defend After a Security Breach

Posted by Beth Ruck on Nov 15, 2018 9:57:52 AM

Moody's Cyber Risk Group: “Cyber becomes more and more important.”

On November 12, Moody’s announced its intent to start incorporating in its credit rating method the degree to which an organization faces risk of major impact from a cyberattack. This follows the news, back in February 2018, that the Securities and Exchange Commission issued additional guidance on its requirement that public companies must “inform investors about material cybersecurity risks and incidents,” even if they have not yet been the target of a cyberattack.  

Read More


Merger Mania: Increasing Cybersecurity during Mergers & Acquisitions

Posted by Ofer Israeli on Nov 13, 2018 7:02:00 AM

More than $2.5 trillion in mergers were announced in the first half of 2018[1]a new record. Ranked by value of the deal, energy and power deals led, followed by media and entertainment, with healthcare and industrials close behind. Industries are converging and organizations are using acquisitions, divestitures, and other forms of asset remix to reposition their businesses. For example, there are numerous mergers among pharmaceutical, life sciences, and biotech companies as they seek to gain traction in a highly fragmented market. EY predicts that the total value of life sciences M&A will surpass $200 billion in 2018. According to Deloitte, technology acquisition is the primary driver of M&A pursuits, ahead of expanding customer bases in existing markets, and adding products or services[3].

Read More


3 Ways Privileged Credentials May be Available to Cyberattackers

Posted by Revital Aronis & Dolev Ben Shushan on Oct 23, 2018 3:14:05 PM

Preventing the ability of attackers to perform lateral movement within your network is not only a threat detection function—it’s also a cyber hygiene function. In this blog, we’ll review some of the most common—and invisible—ways that privileged user credentials proliferate in enterprise networks. It’s well understood that domain admin or other high-powered credentials are gold to a cyberattacker. With “keys to the kingdom,” they can move easily and silently from one system to another, change domain attributes, add permissions, change passwords, and connect to any machine in the domain. Most organizations dedicate significant resources to careful management of Active Directory and use various technologies and practices to control access privileges. But our experience shows that even in the most diligent organizations, privileged user credentials are more accessible to attackers than you’d think.

Read More


Stay up to date!