Happy Star Wars Day! We’re ready to help you man your deflector shields to prevent intrusions. Here’s how our Dark Web Jedi can keep your passwords and data out of that wretched hive of scum and villainy, because the Force is strong in our solutions.
Read More
A fresh batch of passwords just hit the Dark Web exposing thousands of passwords from major public health organizations and other entities. Find out more about it and how to protect your business.
Read More
In uncertain times, it pays to keep an eye on the Dark Web to avoid a potentially disastrous breach – because bad actors are poised to make the most of an upended business world in the wake of COVID-19
Read More
A data breach is disastrous for any company in any industry, but the healthcare sector is an especially high-stakes arena where data security is of utmost importance and under continual attack. Few types of data are as valuable as Personal Health Information (PHI) and other health-related data like prescription information, health insurance login information, or insurance data. There is a ready market for this information on the Dark Web where healthcare provider information is known to sell for as much as $500 per listing. While patient information goes for significantly less money, as little as $3.25, hackers can make up the difference by selling in bulk, which is part of the reason that today’s hackers are more ambitious than ever, and they are taking the fight to healthcare providers’ digital front doors. Indeed, no one has been spared from the scourge of data breaches afflicting the healthcare system. In October, we reported on a data breach at Tu Ora Compass Health, a national health service that implicated the personal data for more than a million New Zealanders. However, hundreds of smaller healthcare providers, lab service providers, and other healthcare SMBs managing copious amounts of patient data are also under attack. McAfee Labs identified the healthcare sector as one of the most frequently targeted sectors today, far outpacing finance, media, retail, technology, and many others. In total, more than 38 million healthcare records have been exposed this year alone, and this trend shows little sign of abating, which means that defense is the only option. Keep reading to gain a better understanding about the current state of data security in healthcare, which serves as a cautionary tale for companies in every sector striving to keep their data secure. The Current State of Data Security in the Healthcare Sector Never ones to miss an opportunity, cybercriminals have been upping their game in 2019, adapting their techniques to extract data from healthcare providers. A recent survey by Malwarebytes identified a 60% increase in trojan malware detections in the first nine months of 2019, compared to all of 2018. At the same time, ransomware attacks are inflicting costly damage on patient records. In the first quarter alone, hospitals saw a 195% increase in this attack strategy. These data breaches are more than just a costly inconvenience. In the health care sector, it can cost patient lives. Hard data is emerging that connects data breaches and patient outcomes. For instance, researchers found that, after a data breach, “as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined in the new study.” In a very real way, data security is a life or death issue that relies on many moving pieces to ensure data security and patient well-being. For better or worse, not all data breaches occur in house. Third-party software vendors continue to be a top attack point; however, in many cases, it’s not the software that’s to blame. According to a report on the state of cybersecurity in the healthcare industry, staff negligence provides an open door for phishing and spear phishing attacks that ultimately compromise patient data. With a robust market for patient data and other healthcare-related information, hackers will continue to innovate their methodologies, making it increasingly difficult to identify their tactics. That doesn’t mean that your business is defenseless. How You Can Protect Yourself Despite a complicated cybersecurity environment, healthcare providers aren’t powerless to protect themselves against costly data breaches. Notably, malware attacks – both ransomware and otherwise – require employees to engage with the malicious material for it to be effective. Simply put, bad actors may be able to target healthcare providers with copious amounts of harmful material, but, without an adequate response, much of their efforts are fruitless. Similarly, phishing and spear phishing campaigns can’t compromise credentials unless users hand them over. It’s estimated that 80% of data breaches are attributable to employee negligence, as scams and other malicious emails routinely make their way to employee inboxes causing breach fatigue that puts patient data at risk. Therefore, healthcare providers who offer comprehensive employee awareness training improves their chances of successfully defending against these attacks. In an ever-evolving threat landscape, this training prepares all employees to become a defensive asset in the quest to protect patient data. At the same time, simple security upgrades like two-factor authentication and strong, unique passwords across all accounts can minimize risk exposure while placing barricades in the way of anyone trying to steal patient or company data. Conclusion In 2019 and beyond, providing the best patient care will require a revised take on the Hippocratic Oath. Simply put, first doing no harm will require intentional efforts to protect patient data. It’s a difficult task, but it’s not impossible. Rather than leave it up to chance, partner with ID Agent, which offers an array of products and services that support your data security initiatives: Designed to protect against human error, BullPhish IDTM simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. When paired with AuthAnvilTM, you can protect your employees’ password integrity by offering integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. With a robust market on the Dark Web, cybercriminals have millions of reasons to continue attacking healthcare IT, which means that defensive maneuvers need to begin right away.
Read MoreOver a year after its widely anticipated debut on May 25th, 2018, the General Data Protection Regulation (GDPR) is still a point of confusion for many SMBs. Although our European partners have been keeping a pulse on developments for quite some time, privacy regulations are quickly pervading into the global security landscape across the US, Canada, Australia, and New Zealand with cascading consequences and implications. In order to prepare MSPs and business owners for upcoming change, the ID Agent Team will unravel how the Dark Web and GDPR are inextricably connected. But first, let’s refresh on the basics: A GDPR Crash Course Designed to protect the data security and privacy of EU citizens, the GDPR was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights including the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. Or even worse, 4% of global revenue. Dark Web + GDPR So where does the Dark Web fit into this? Just this past week, we covered a recent report by the Federation of Small Businesses (FSB) proclaiming that UK-based SMBs were suffering nearly 10,000 cyber attacks per day. Although the majority of these are serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These manifest themselves as vulnerabilities caused by password recycling, lost devices, accidental website updates/ emails, and even rogue employee behavior. Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency, and then leverage leaked information to orchestrate crippling fraud tactics. In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches, and will also be held liable for such accidental leaks. For example, the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimization of impact. The Solution The global standards for data protection may be rising, but so have the solution sets for SMBs. By partnering up with MSPs who have enlisted in proactive Dark Web monitoring solutions (like Dark Web ID!), you can future-proof your company from facing GDPR fines or dealing with business process interruptions. Case dismissed. Need more proof? See what Ryan Markel, President of Take Ctrl, LLC, has to say about working with our team: “My clients are so grateful that they are not aware when their passwords are compromised that they are telling their colleagues at other companies they have to work with us”. Sources: https://www.parkersoftware.com/blog/gdpr-dark-web https://www.law.com/legaltechnews/2019/01/23/could-the-gdpr-right-to-access-make-personal-data-more-vulnerable/?slreturn=20190712111548 https://cybersecuritysummit.co.uk/wp-content/uploads/sites/29/2017/10/White-Paper-GDPR-Data-Breaches-the-Dark-Web-June-2017.pdf https://www.swknetworkservices.com/dark-web-breaches-compliance-gdpr/ https://gdpr.report/news/2017/07/03/growing-threat-dark-web/ http://www.securityeurope.info/the-eus-gdpr-and-crime-throwing-some-light-on-the-dark-net/ https://mashable.com/article/how-gdpr-changed-internet-2018/ https://lmgsecurity.com/should-your-data-breach-response-plan-include-dark-web-scanning/ https://cyansolutions.co.uk/monitor-dark-web-stop-security-breaches-fast/ Cybersecurity and GDPR: https://www.ncsc.gov.uk/information/GDPR UK’s Cyber Essentials certification: https://www.cyberessentials.ncsc.gov.uk/advice/
Read More
Update, October 4, 2018: Our cybersecurity division has confirmed that the individual account information associated with the Facebook breach is now being sold on popular Dark Web markets for $3 to $12. In comparison, a database of 2 million users is typically sold on the Dark Web for about $30. This means the infamous hackers could see an unusual payday of $150 to $600 million.
Read More
A large-scale data breach has the power to cripple any organization, including your customers’ companies. Unfortunately, these data breaches usually start with compromised credentials sold to the highest bidder on the dark web. Right now, all that stands in the way of your customers and a massive, costly breach is a few passwords — unless you’re offering dark web monitoring as a service.
Read More
Coming up with a strong password gives me a headache. About 3 years ago, I came up with the most (in my mind) brilliant password EV3R. You see, I used an 8 in the first part of the password to make the word Gr8 – great. Great! I could remember that, because it made me grin at my own cleverness every time I typed it. “You sneaky SOBs will never crack my code!”
Read More
Not familiar with the term “Dark Web”? That’s okay, even some of the most sophisticated individuals in the tech space have no idea what the dark web is and how it’s accessed. As an MSP or MSSP, you are doing your part to secure and monitor your client’s network and provide a seamless user experience. However, through no fault of your own, your client’s and their employees are not making your job easier by creating credential-based blind spots that until now were hard to detect and mitigate.
Read More