All kinds of news items abound this week. LinkedIn has been sued for allegedly copying data from Apple users’ cut/copy/paste clipboards without consent, in violation of several federal and California privacy laws. LinkedIn has denied storing or sharing the clipboard data and is still investigating the matter.
Popular app TikTok also continues to face data security backlash. After being banned in India (along with a host of other Chinese apps) for security concerns, organizations in the US are now following suit. And in a reversal of their prior stance, the UK is now banning Chinese conglomerate Huawei from its 5G network, citing security issues.
Not even online auction houses are exempt from cyber attacks. LiveAuctioneers discovered its database of 3.4 million users, containing personal details and passwords, was for sale on the dark web.
Hackers are ever employing new strategies and seeking new targets. According to the Verizon 2020 Data Breach Investigations Report (DBIR) we examined a few weeks ago, further data shows that cyber criminals are focusing their efforts on web-based applications, which account for 43% of breaches so far this year. Cloud computing has also come increasingly under attack. Organized crime is responsible for over half the breaches that occurred, and hacking is still a preferred method, causing 45% of data breaches. Malware lies behind 17% of breaches, and 18% of organizations have blocked at least one piece of ransomware in the past year. This distribution isn’t radically different from the trends we’ve seen in the past. There is always a reported increase in ransomware, for instance, necessitating constant vigilance and improved response practices.
Another fact that hasn’t changed much is how that ransomware frequently targets healthcare institutions, which has, again, increased in the past month. “With healthcare organizations focused on supporting increased capacity and a remote workforce at an unanticipated speed and scale, their defensive posture is reduced,” says Josh Gluck, Vice President of Global Healthcare Technology Strategy at Pure Storage. He recommends a three-pronged approach of identity management/data access policies, multifactor authentication, and sophisticated data monitoring and management across the enterprise.
The Verizon report did find, on the bright side, that organizations are doing a better job at shoring up the weak points in their defenses than in years past. Same goes for security tools and their efficiency. In a week full of intense news stories, it’s good to see some successes.