Cumulative count of data breach reports shared with Verizon (Image: Verizon DBIR 2023)

Verizon: When Ransomware Attacks Cost, They're Costing More

Mathew J. Schwartz • June 6, 2023

Criminals are continuing to stolen credentials, compromise attacks, ransomware and social engineering to earn an illicit payday, according to Verizon's latest annual analysis of data breaches and how they happened, which finds that post-ransomware cleanup costs are rising.

Fraud Management & Cybercrime

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Latest

Governance & Risk Management

Microsoft Pays $20M to Settle FTC COPPA Complaint

David Perera • June 5, 2023

Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the XBox Live registration process. The Federal Trade Commission accused the company of a slew of infractions.

Governance & Risk Management

Psychiatry Practice Fined for Posting PHI Online

Marianne Kolbasuk McGee • June 5, 2023

Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review.

3rd Party Risk Management

Iowa Reports Third Big Vendor Breach This Year

Marianne Kolbasuk McGee • June 5, 2023

The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.

Next-Generation Technologies & Secure Development

How to Implement Large-Scale Security Programs Economically

Shipra Malhotra • June 5, 2023

Flipkart embraced a comprehensive security maturity program that incorporated defense-in-depth, automation, zero trust and secure SDLC/security-by-design principles across its four subsidiaries. Flipkart's Raakesh Thayyil discussed the importance of a cohesive strategy.

Cyberwarfare / Nation-State Attacks

Why Cyber Defenders Need Partnerships, Tools and Education

Steve King • June 5, 2023

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.

Business Continuity Management / Disaster Recovery

Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell

Michael Novinson • June 5, 2023

Despite the beating new publicly traded security companies have taken during the economic downturn, Rubrik is looking to test its luck in the public market. Reuters reported Monday the firm is working with Goldman Sachs, Barclays and Citigroup in preparation for an IPO that could take place in 2024.

General Data Protection Regulation (GDPR)

Microsoft Sets Aside $425M for Anticipated GDPR Fine

David Perera • June 3, 2023

Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network. European authorities have shown increased willingness to use the GDPR to limit targeted advertising.

Cybercrime

Chinese APT Backdoor Bypasses Indonesian Antivirus

Jayant Chakravarti • June 2, 2023

A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.

HIPAA/HITECH

Mistrial in Criminal HIPAA Case Against Army Doctor & Spouse

Marianne Kolbasuk McGee • June 2, 2023

A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.

Leadership & Executive Communication

Integrating a People-Centric Security Culture at Microsoft

Rashmi Ramesh • June 2, 2023

Enterprise cybersecurity is no longer just about a siloed team of professionals securing the firm's systems and servers. Security has evolved into a key business consideration with people at its core, according to Suraj Jayaraman, Microsoft's director of cloud security architecture.

Governance & Risk Management

Pentagon to Pay Starlink for Ukraine's Satellite Broadband

Mathew J. Schwartz • June 2, 2023

The U.S. Department of Defense says it will pay for Starlink satellite broadband access for Ukraine as it battles Russia's all-out invasion. Military experts say Starlink remains essential for supporting Ukraine's battlefield communications, including drone reconnaissance.

Leadership & Executive Communication

ISMG Editors: Why Communications Skills Matter for CISOs

Anna Delaney • June 2, 2023

In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.