Phishing scams have the ability to swoop up valuable information with one deceptive email, so it makes sense they have been a popular methodology for cybercriminals for a while. And it’s likely to remain that way, at least for the time being. Scott Gerlach is chief information security officer at SendGrid. 2018 proved that phishing campaigns’ popularity is holding steady. According to the Anti-Phishing Work Group (APWG), there were 264,483 unique phishing email reports in Q2 of last year. Two key sectors that were the focus of some of these campaigns: healthcare organizations and universities. That’s because these organizations contain a treasure trove of valuable data, so serious damage can be done if a phishing scam gets this data in the wrong hands. Take a recent college graduate for instance, whose private information was compromised in a successful phishing scheme. That graduate, as he/she begins a career in an organization, now poses a threat to the present company by potentially exposing it to a data breach.
Phishing attacks on healthcare companies may be even more dangerous — as the records involved in healthcare’s processes and procedures contain life-changing information. From payment data to insurance provider information, the potential swath of stolen patient information could put people at serious risk of identity theft. A study from the Ponemon Institute found 65 percent of medical identity theft victims spent an average of $13,500 to pay the healthcare bills falsely made in their name. The effectiveness these attacks have on these sectors this year makes us believe that the threat will show no signs of slowing in 2019. So organizations must prepare their employees for a continuous onslaught of sketchy emails.Fighting the finesOne of the most impactful events of 2018 within the cybersecurity sphere was actually not a threat at all, but rather a policy designed to better protect people from them. Its name: GDPR (General Data Protection Regulation). Its goal: give EU citizens more control over their personal data. Finally implemented on May 25, 2018, this legislation has brought forth a huge amount of positive change, forcing companies to entirely reevaluate their approach to data security and privacy in 2018. But now that the dust has settled, and some potential fines have started rolling in, we predict that we’ll see companies fight back on the validity of these policy-related fines. That’s because when a business’ main offering isn’t technically a security offering, business leaders may start questioning what kind of security investment should be required of an organization. More so, some companies may call into question just how applicable EU regulation is around the world.Building a secure futureNow, these predictions aren’t without corresponding security pointers as well. By anticipating what trends may emerge in 2019, we can also advise next steps for those they may impact. To plan ahead for the future, you must first invest your time and energy into the right building blocks. When it comes to security specifically, that means the products and processes that are most effective for your company’s needs. Combat phishing with email solutions that deploy robust anti-phishing software and leverage a DMARC email validation system. And if you find yourself faced with a GDPR fine, make decisions based on what is best for your customers. Equip your company with the right tools and knowledge it needs to head fearlessly into the new year, and security becomes an achievable resolution. Meet the predictions with preparedness.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
