Friday Five: 2/3 Edition
It's Friday! Catch up on the latest infosec headlines with our weekly news roundup.
1. The NHS says Google mistook its 1.2 million employees for a huge cyberattack and blocked it by Rob Price
This week, Google blocked access to the entire National Health Service network, mistaking the amount of traffic from NHS employees for a cyber-attack. The NHS has 1.2 million employees who provide healthcare. The NHS IT department reportedly argued that Google likely thought the NHS network was using something like a DDoS attack to try to take down the site. Google denies this and says its systems were working correctly and that users may see a CAPTHCA window while doing a Google search because their systems are just checking to make sure users are human. This follows the NHS’ IT issue in November 2016 when millions of emails were sent in a reply-all chain resulting in a standstill network overload. Read the article for more info.
As companies continue to move to the cloud, cloud security becomes increasingly vital. Security companies are offering a variety of new products and services for the cloud from data protection to application security. The cloud security market is expected to reach over $8 billion by 2019, over double what it was just 3 years ago. Take a closer look at some of the movers and shakers of cloud security to watch for this year.
Employees are leaking corporate secrets for cash on the dark web. A private dark net marketplace offers subscriptions to access allegedly vetted insider information, which are assigned confidence ratings and advice about whether to buy or sell stocks. Another dark web site recruits retail staff to cash out stolen credit cards. Some services even help insiders place malware in the internal network. As the issue of insider threats continues to shine in the spotlight, it is incredibly important for organizations to prepare against them. For more info, head to The Register.
Following the travel ban imposed by Donald Trump this past weekend, security professionals have voiced concerns about possible repercussions. While the ban began with 7 countries, Trump has indicated that others may be added if needed. Security pros are worried that the ban has spiked anti-American sentiment and will increase hacking attacks, discourage foreign students from studying here, and hurt recruitment efforts in an industry that is already suffering from talent shortage. On the other hand, other people say the ban will have very limited impact due to the fact that business operations in those countries were already being restricted before the ban. For more, read the full article at CSO.
The Children’s Medical Center of Dallas is facing a huge $3.2 million fine for HIPAA noncompliance. The hospital filed data breach reports in 2010 and 2013 but failed to update their unencrypted laptops and phones until later in 2013. The OCR could've imposed a $6 million fine for the hospital's failure to adopt appropriate security measures immediately following the breaches. Fortunately for the hospital, there was a lack of known harm to individuals and they weren't found willfully neglectful. Though normally the OCR prefers to settle cases, it will resort to penalties if violations are severe enough. Thus, it is important for organizations in the healthcare industry to tread carefully and vigilantly where HIPAA compliance is concerned. Read the full article on Bloomberg.