Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Compliance. Show all posts
validation
Automation Compliance Cybersecurity Data Breach Downtime Encryption Infrastructure PenTesting Risk validation

Pentera Report: 67% of Companies Hit by Data Breaches in Past Two Years

 

A new study by Pentera reveals that 67% of organizations have experienced a data breach in the last 24 months — with 24% affected in the past year, and 43% reporting incidents within the previous 12 months.

The most common consequence of these breaches was unplanned downtime, affecting 36% of companies. In addition, 30% faced data compromise, while 28% incurred financial losses, emphasizing the growing risk and impact of security failures.

Among the organizations that shared the breach aftermath, a startling 76% said the incidents affected the confidentiality, integrity, or availability of their data. Only 24% reported no significant consequences.

Confidence in government-led cybersecurity efforts is also alarmingly low. Just 14% of cybersecurity leaders said they trust the support provided. Although 64% of CISOs acknowledged receiving some level of help, many feel it’s not enough to safeguard the private sector.

To strengthen cyber defenses, U.S. enterprises are spending an average of $187,000 a year on penetration testing, which simulates cyberattacks to uncover system vulnerabilities. This figure makes up just over 10% of the overall IT security budget, yet over 50% of CISOs plan to increase this allocation in 2025.

Still, companies are making system changes — such as new users, configuration updates, and permission modifications — much more frequently than they validate security. The report highlights that 96% of U.S. organizations update infrastructure quarterly, but only 30% test their defenses at the same pace.

“The pace of change in enterprise environments has made traditional testing methods unsustainable,” said Jason Mar-Tang, Field CISO at Pentera.
“96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. The report’s findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today’s environments.”
Read more »
techhiring
AIdeepfakes Compliance Cyber Crime Cybersecurity IdentityTheft NorthKorea remotejobs techhiring

North Korean Operatives Posing as Remote IT Workers Infiltrate U.S. Tech Firms

 

A rising number of top-tier tech companies in the U.S. have unknowingly employed North Korean cyber agents disguised as remote IT professionals, with the operatives channeling lucrative tech salaries back to Pyongyang to support the regime's weapons program.

Cybersecurity leaders warn that the scope of the deception is broader than previously believed, impacting numerous Fortune 500 firms. The trend is driven by a national shortage of cybersecurity talent and the ongoing popularity of remote work arrangements following the pandemic.

These North Korean agents are constantly refining their tactics—using advanced AI tools and enlisting U.S.-based collaborators to set up operations across the country—raising serious concerns among Chief Information Security Officers (CISOs) and technology executives.

Though it's hard to pinpoint the exact number of companies affected, many industry leaders are now publicly sharing their experiences. Law enforcement agencies continue to investigate and expose the intricate tactics being used.

“I’ve talked to a lot of CISOs at Fortune 500 companies, and nearly every one that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen,”
— Charles Carmakal, CTO, Google Cloud’s Mandiant

Interviews with a dozen leading cybersecurity experts reveal that the threat is serious and growing. Several experts acknowledged that their own companies had been targeted and were struggling to contain the damage. During the same briefing, Iain Mulholland, Google Cloud’s CISO, confirmed that North Korean operatives had been spotted “in our pipeline,” although he didn’t specify whether they had been screened out or hired.

SentinelOne, a cybersecurity firm, has been vocal about its experience. In a recent report, the company revealed it had received nearly 1,000 job applications tied to the North Korean scheme.

“The scale and speed of this operation, as used by the North Korean government to generate funds for weapons development, is unprecedented,”
— Brandon Wales, former executive director at CISA and current VP at SentinelOne

Experts outline a repeated pattern: Operatives build fake LinkedIn profiles, impersonate U.S. citizens using stolen data such as addresses and Social Security numbers, and apply for high-paying roles in bulk. At the interview stage, they deploy AI-powered deepfake technology to mimic the real person in real-time.

“There are individuals located around the country who work in software development whose personas are being used,”
— Alexander Leslie, Threat Intelligence Analyst, Recorded Future

Once hired, these agents navigate onboarding using stolen credentials and request laptops to be shipped to U.S. addresses. These addresses often lead to "laptop farms"—homes filled with dozens of work devices operated by Americans paid to assist the scheme.

CrowdStrike began tracking this infiltration trend in 2022 and identified 30 affected companies within the first week of launching a monitoring program. Since early 2024, advancements in AI have only strengthened these operatives’ capabilities. According to an interagency advisory from the FBI, Treasury, and State Department, each operative can earn as much as $300,000 annually.

“This money is directly going to the weapons program, and sometimes you see that money going to the Kim family,”
— Meyers

In one significant case, American citizen Christina Chapman pleaded guilty in February to collaborating with North Korean agents for three years, helping them steal identities and manage a $17 million laptop farm operation that employed North Koreans at more than 300 U.S. companies.

“It’s hard for us to say how many humans are actually operating these personas, but somewhere in the thousands of unique personas,”
— Greg Schloemer, Senior Threat Analyst, Microsoft

In January, the U.S. Justice Department charged two Americans for enabling another North Korean scheme that brought in over $800,000 from more than 60 companies over six years.

FBI Special Agent Elizabeth Pelker explained at the RSA Conference in San Francisco that once one operative is in, they often refer others, leading to networks of up to 10 imposters within the same organization.

Even after dismissal, many operatives leave behind malware or backdoor access, extorting companies for ransom or stealing sensitive data.

“This is very adaptive,” Pelker said. “Even if [the hackers] know they’re going to get fired at some point, they have an exit strategy for them to still … have some sort of monetary gain.”

Authorities are targeting U.S.-based "laptop farm" operators as a key strategy to dismantle the scam’s infrastructure.

“If the FBI goes and knocks on that door and puts that person in cuffs and takes all the laptops away, they’ve lost 10 to 15 jobs, and they’ve lost a person who they’ve already invested in that relationship with,”
— Schloemer

The scheme is expanding internationally. CrowdStrike reports similar patterns in the U.K., Poland, Romania, and other European nations. Recorded Future has also traced activity in South Asian regions.

Still, legal and compliance fears prevent many companies from speaking up.

“That North Korean IT worker has access to your whole host of web development software, all the assets that you’ve been collecting. And then that worker is being paid by you, funneled back into the North Korean state, and is conducting espionage at the same time,”
— Leslie

“We don’t want there to be a stigma to talking about this,”
— Wales
“It is really important that everyone be open and honest, because that is the way that we’re going to deal with this, given the scale of what we are facing.”
Read more »
Ransomware
Breach Compliance Cybersecurity Data Breach DaVita dialysis Healthcare Hospital incident ITsecurity patientcare Ransomware

DaVita Faces Ransomware Attack, Disrupting Some Operations but Patient Care Continues

 

Denver-headquartered DaVita Inc., a leading provider of kidney care and dialysis services with more than 3,100 facilities across the U.S. and 13 countries, has reported a ransomware attack that is currently affecting parts of its network. The incident, disclosed to the U.S. Securities and Exchange Commission (SEC), occurred over the weekend and encrypted select portions of its systems.

"Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems," DaVita stated in its SEC filing.

The company is working with third-party cybersecurity specialists to assess and resolve the situation, and has also involved law enforcement authorities. Despite the breach, DaVita emphasized that patient care remains ongoing.

"We have implemented our contingency plans, and we continue to provide patient care," the company noted. "However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time," the company said.

With the investigation still underway, DaVita acknowledged that "the full scope, nature and potential ultimate impact on the company are not yet known."

Founded 25 years ago, DaVita reported $12.82 billion in revenue in 2024. The healthcare giant served over 281,000 patients last year across 3,166 outpatient centers, including 750+ hospital partnerships. Of these, 2,657 centers are in the U.S., with the remaining 509 located in countries such as Brazil, Germany, Saudi Arabia, Singapore, and the United Kingdom, among others. DaVita also offers home dialysis services.

Security experts warn that the scale of the incident could have serious implications.

"There is potential for a very large impact, given DaVita’s scale of operations," said Scott Weinberg, CEO of cybersecurity firm Neovera. "If patient records were encrypted, sensitive data like medical histories and personal identifiers might be at risk. DaVita has not reported data exfiltration, so it’s not clear if data was stolen or not."

Weinberg added, "For dialysis patients needing regular treatments to survive, this attack is extremely serious. Because of disrupted scheduling or inaccessible records, this could lead to health complications. Ransomware disruptions in healthcare may lead to an increase in mortality rates, especially for time-sensitive treatments such as dialysis."

The breach may also bring regulatory challenges due to DaVita’s international footprint.

"Regulations can differ with respect to penalties and reporting requirements after a breach based on the country and even the state in which the patients live or were treated," said Erich Kron, security awareness advocate at KnowBe4.

"A serious cybersecurity incident that affects individuals in multiple countries can be a legal nightmare for some organizations," Kron said. "However, this is something that organizations should plan for and be prepared for prior to an event ever happening. They should already know what will be required to meet regulatory standards for the regions in which they operate."

In a separate statement to Information Security Media Group, DaVita added, "We have activated backup systems and manual processes to ensure there's no disruption to patient care. Our teams, along with external cybersecurity experts, are actively investigating this matter and working to restore systems as quickly as possible."

This cyberattack mirrors similar recent disruptions within the healthcare industry, which continues to be a frequent target.

"The healthcare sector is always considered a lucrative target because of the serious sense of urgency whenever IT operations are disrupted, not to mention potentially disabled," said Jeff Wichman, director of incident response at Semperis. "In case of ransomware attacks, this serves as another means to pressure the victim into paying a ransom."

He added, "At this time, if any systems administering dialysis have been disrupted, the clinics and hospitals within DaVita’s network are most certainly operating machines manually as a last resort and staff are working extremely hard to ensure patient care doesn’t suffer. If any electronic machines in their network are down, the diligence of staff will fill the gaps until electronic equipment is restored."

DaVita joins a growing list of specialized healthcare providers facing cybersecurity breaches in 2025. Notably, Community Care Alliance in Rhode Island recently reported a hack that impacted 115,000 individuals.

In addition, DaVita has previously disclosed multiple health data breaches. The largest, in July 2024, affected over 67,000 individuals due to unauthorized server access linked to the use of tracking pixels in its patient-facing platforms.
Read more »
WhiteHat
Compliance Cyber Security Encryption EthicalHacking Firewalls PenTesting Ransomware Vulnerabilities WhiteHat

Ethical Hacking: The Cyber Shield Organizations Need

 

Ethical hacking may sound paradoxical, but it’s one of the most vital tools in modern cyber defence. Known as white hat hackers, these professionals are hired by companies to simulate cyberattacks, uncover vulnerabilities, and help fix them before malicious actors can strike.

“Ethical hackers mimic real-world threats to identify and patch security flaws. It’s about staying a step ahead of the bad guys,” says a cybersecurity expert.

As cyber threats surge globally, ethical hackers are in high demand. A recent Check Point Software report revealed a staggering 44% rise in global cyberattacks. From ransomware gangs to state-sponsored intrusions, the risks are growing—and the need for skilled defenders is greater than ever.

The ethical hacking process begins with reconnaissance—mapping a company’s digital infrastructure. Next comes scanning and vulnerability testing, using the same techniques as criminal hackers. Once issues are identified, they’re reported, not exploited. Some ethical hackers work independently, participating in bug bounty programs for companies like Google and Microsoft.

Industries like finance, healthcare, and tech—where sensitive data is a prime target—rely heavily on ethical hackers. Their techniques include penetration testing, system and network hacking, internal assessments, and web application testing.

In 2019, a team at Positive Technologies uncovered a Visa card flaw that could’ve allowed contactless payments to exceed set limits—just one example of ethical hacking saving the day.

Penetration testing simulates real breaches, such as injecting code, overloading systems, or intercepting data. System hacking targets devices with tools to crack passwords or exploit system weaknesses. Internal testing flags human errors, like weak credentials or poor security training. Web app testing scans for issues like XSS or SQL injections before launch. Network hacking exposes flaws in protocols, open ports, or wireless vulnerabilities.

The biggest advantage? Ethical hackers reveal blind spots that internal teams might miss. They prevent data breaches, build customer trust, and ensure compliance with regulatory standards—saving organizations from reputational and financial harm.

“Finding flaws isn’t enough. Ethical hackers offer the roadmap to fix them—fast,” a security analyst shares.

With the right skills, anyone can break into this field—often with significant rewards. Major companies offer million-dollar payouts through bug bounty programs. Many ethical hackers hold certifications like CEH, OSCP, or CySA+, with backgrounds ranging from military service to degrees in computer science.

The term “hacker” doesn’t always mean trouble. Ethical hackers use the same tools as their criminal counterparts—but to protect, not exploit. In today’s digital battlefield, they’re the unsung heroes safeguarding the future.


Read more »
Workspace
Beta Enterprise Compliance CSE Cybersecurity Encryption Gmail Privacy S/MIME Security Workspace

Google Rolls Out Simplified End-to-End Encryption for Gmail Enterprise Users

 

Google has begun the phased rollout of a new end-to-end encryption (E2EE) system for Gmail enterprise users, simplifying the process of sending encrypted emails across different platforms.

While businesses could previously adopt the S/MIME (Secure/Multipurpose Internet Mail Extensions) protocol for encrypted communication, it involved a resource-intensive setup — including issuing and managing certificates for all users and exchanging them before messages could be sent.

With the introduction of Gmail’s enhanced E2EE model, Google says users can now send encrypted emails to anyone, regardless of their email service, without needing to handle complex certificate configurations.

"This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls," Google said today.

The rollout starts in beta with support for encrypted messages sent within the same organization. In the coming weeks, users will be able to send encrypted emails to any Gmail inbox — and eventually to any email address, Google added.

"We're rolling this out in a phased approach, starting today, in beta, with the ability to send E2EE emails to Gmail users in your own organization. In the coming weeks, users will be able to send E2EE emails to any Gmail inbox, and, later this year, to any email inbox."

To compose an encrypted message, users can simply toggle the “Additional encryption” option while drafting their email. If the recipient is a Gmail user with either an enterprise or personal account, the message will decrypt automatically.

For users on the Gmail mobile app or non-Gmail email services, a secure link will redirect them to view the encrypted message in a restricted version of Gmail. These recipients can log in using a guest Google Workspace account to read and respond securely.

If the recipient already has S/MIME enabled, Gmail will continue to use that protocol automatically for encryption — just as it does today.

The new encryption capability is powered by Gmail's client-side encryption (CSE), a Workspace control that allows organizations to manage their own encryption keys outside of Google’s infrastructure. This ensures sensitive messages and attachments are encrypted locally on the client device before being sent to the cloud.

The approach supports compliance with various regulatory frameworks, including data sovereignty, HIPAA, and export control policies, by ensuring that encrypted content is inaccessible to both Google and any external entities.

Gmail’s CSE feature has been available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers since February 2023. It was initially introduced in beta for Gmail on the web in December 2022, following earlier launches across Google Drive, Docs, Sheets, Slides, Meet, and Calendar.
Read more »
GenAI
Compliance Cyber Security cysecurity GenAI

Cyfox Launches OmniSec vCISO: Harnessing GenAI for Comprehensive Compliance and Cybersecurity Management


Cysecurity News recently interviewed CYFOX (https://www.cyfox.com/) to gain an in-depth understanding of their new platform, OmniSec vCISO (https://www.cyfox.com/omnisec). The platform, designed to simplify compliance and bolster security operations, leverages advanced generative AI (genAI) and aims to transform what was traditionally the manual processes of compliance into a seamless, automated workflow.

GenAI-Powered Automated Compliance Analysis

One of the platform’s most innovative features is its use of genAI to convert complex regulatory texts into actionable technical requirements. OmniSec vCISO digests global frameworks such as ISO and GDPR, as well as regional mandates, and distills them into clear, prioritized compliance checklists.

Bridging the Data Gap with Dual Integration

For years, security teams have contended with disparate data sources and laborious manual assessments. OmniSec vCISO addresses these challenges through a dual-integration approach: lightweight, agent-based data collection across endpoints and API-driven connections with existing EDR/XDR systems. This method delivers a unified view of network activities, vulnerabilities, and overall security posture, enabling organizations to rapidly identify and address risks while streamlining day-to-day operations.

The system is designed to work with multiple compliance standards simultaneously, allowing organizations to manage overlapping or similar requirements across different regulatory frameworks. Notably, once an issue is resolved in one compliance area, OmniSec vCISO aims to automatically mark corresponding items as fixed in other frameworks with similar criteria. Additionally, the platform offers the flexibility to add new compliance measures—whether they are externally mandated or internal standards—by letting users upload or define requirements in a straightforward manner. This approach keeps organizations current with evolving legal landscapes and internal policies, significantly reducing the time and effort typically required for gap analysis and remediation planning.

Intuitive Interface and Real-Time Reporting

OmniSec vCISO is built with the end user in mind. Its intuitive Q&A dashboard allows security leaders to ask direct questions about their organization’s cybersecurity status—whether querying open vulnerabilities or reviewing asset inventories—and receive immediate, data-backed responses. 

Detailed visual reports and compliance scores facilitate internal risk assessments and help convey security statuses clearly to executive teams and stakeholders. Furthermore, the platform incorporates automated, scheduled reporting features that aim to ensure critical updates are delivered promptly, supporting proactive security management.

Future-Forward Capabilities and Broader Integration

During the interview, CYFOX representatives outlined ambitious future enhancements for OmniSec vCISO. Upcoming integrations include support for pulling employee data from systems such as Active Directory and Google Workspace. These enhancements are intended to enable the incorporation of user behavior analytics and risk scoring, thereby extending the platform’s functionality beyond asset management. By evolving into a single hub for all tasks a CISO faces—from compliance remediation to cybersecurity training and awareness—the platform seeks to simplify and centralize the complex landscape of modern cybersecurity operations.

Data Security and Operational Simplicity

OmniSec vCISO is engineered with robust data security at its core. All information is transmitted and stored on CYFOX-managed servers using stringent encryption protocols, ensuring that sensitive data remains secure and under the organization’s control. The platform’s automated, genAI-driven approach aims to reduce manual intervention, allowing organizations to achieve and maintain compliance with minimal operational overhead.

A Measured Step Forward

OmniSec vCISO represents a practical response to the evolving challenges in cybersecurity management. By automating compliance gap analysis, offering the flexibility to add both new and internal compliance frameworks, and managing multiple standards concurrently—with automatic cross-compliance updates when issues are resolved—the platform delivers a balanced solution to the everyday needs of CISOs and compliance officers. The insights shared during the Cysecurity News interview highlight how CYFOX is addressing real-world challenges in modern cybersecurity.

 By Cysecurity Staff – March 10, 2025

Read more »
Threat Detection
Compliance Cyber Security Cybersecurity Data Breach Network Security OT security Ransomware Threat Detection

Cybersecurity Threats Are Evolving: Seven Key OT Security Challenges

 

Cyberattacks are advancing rapidly, threatening businesses with QR code scams, deepfake fraud, malware, and evolving ransomware. However, strengthening cybersecurity measures can mitigate risks. Addressing these seven key OT security challenges is essential.

Insurance broker Howden reports that U.K. businesses lost $55 billion to cyberattacks in five years. Basic security measures could save $4.4 million over a decade, delivering a 25% ROI.

Experts at IDS-INDATA warn that outdated OT systems are prime hacker entry points, with 60% of breaches stemming from unpatched systems. Research across industries identifies seven major OT security challenges.

Seven Critical OT Security Challenges

1. Ransomware & AI-Driven Attacks
Ransomware-as-a-Service and AI-powered malware are escalating threats. “The speed at which attack methods evolve makes waiting to update your defences risky,” says Ryan Cooke, CISO at IDS-INDATA. Regular updates and advanced threat detection systems are vital.

2. Outdated Systems & Patch Gaps
Many industrial networks rely on legacy systems. “We know OT is a different environment from IT,” Cooke explains. Where patches aren’t feasible, alternative mitigation is necessary. Regular audits help address vulnerabilities.

3. Lack of OT Device Visibility
Limited visibility makes networks vulnerable. “Without visibility over your connected OT devices, it’s impossible to secure them,” says Cooke. Asset discovery tools help monitor unauthorized access.

4. Growing IoT Complexity
IoT expansion increases security risks. “As more IoT and smart devices are integrated into industrial networks, the complexity of securing them grows exponentially,” Cooke warns. Prioritizing high-risk devices is essential.

5. Financial & Operational Risks
Breaches can cause financial losses, production shutdowns, and life-threatening risks. “A breach in OT environments can cause financial loss, shut down entire production lines, or, in extreme cases, endanger lives,” Cooke states. A strong incident response plan is crucial.

6. Compliance with Evolving Regulations
Non-compliance with OT security regulations leads to financial penalties. Regular audits ensure adherence and minimize risks.

7. Human Error & Awareness Gaps
Misconfigured security settings remain a major vulnerability. “Investing in cybersecurity awareness training for your OT teams is critical,” Cooke advises. Security training and monitoring help prevent insider threats.

“Proactively addressing these points will help significantly reduce the risk of compromise, protect critical infrastructure, ensure compliance, and safeguard against potentially severe disruptions,” Cooke concluded. 

Moreover, cyberattacks will persist regardless, but proactively addressing these challenges significantly improves the chances of defending against them.
Read more »
GDPR
AI governance AI Security AI technology CCPA Compliance Cyber Security Data Privacy data security GDPR

The Need for Unified Data Security, Compliance, and AI Governance

 

Businesses are increasingly dependent on data, yet many continue to rely on outdated security infrastructures and fragmented management approaches. These inefficiencies leave organizations vulnerable to cyber threats, compliance violations, and operational disruptions. Protecting data is no longer just about preventing breaches; it requires a fundamental shift in how security, compliance, and AI governance are integrated into enterprise strategies. A proactive and unified approach is now essential to mitigate evolving risks effectively. 

The rapid advancement of artificial intelligence has introduced new security challenges. AI-powered tools are transforming industries, but they also create vulnerabilities if not properly managed. Many organizations implement AI-driven applications without fully understanding their security implications. AI models require vast amounts of data, including sensitive information, making governance a critical priority. Without robust oversight, these models can inadvertently expose private data, operate without transparency, and pose compliance challenges as new regulations emerge. 

Businesses must ensure that AI security measures evolve in tandem with technological advancements to minimize risks. Regulatory requirements are also becoming increasingly complex. Governments worldwide are enforcing stricter data privacy laws, such as GDPR and CCPA, while also introducing new regulations specific to AI governance. Non-compliance can result in heavy financial penalties, reputational damage, and operational setbacks. Businesses can no longer treat compliance as an afterthought; instead, it must be an integral part of their data security strategy. Organizations must shift from reactive compliance measures to proactive frameworks that align with evolving regulatory expectations. 

Another significant challenge is the growing issue of data sprawl. As businesses store and manage data across multiple cloud environments, SaaS applications, and third-party platforms, maintaining control becomes increasingly difficult. Security teams often lack visibility into where sensitive information resides, making it harder to enforce access controls and protect against cyber threats. Traditional security models that rely on layering additional tools onto existing infrastructures are no longer effective. A centralized, AI-driven approach to security and governance is necessary to address these risks holistically. 

Forward-thinking businesses recognize that managing security, compliance, and AI governance in isolation is inefficient. A unified approach consolidates risk management efforts into a cohesive, scalable framework. By breaking down operational silos, organizations can streamline workflows, improve efficiency through AI-driven automation, and proactively mitigate security threats. Integrating compliance and security within a single system ensures better regulatory adherence while reducing the complexity of data management. 

To stay ahead of emerging threats, organizations must modernize their approach to data security and governance. Investing in AI-driven security solutions enables businesses to automate data classification, detect vulnerabilities, and safeguard sensitive information at scale. Shifting from reactive compliance measures to proactive strategies ensures that regulatory requirements are met without last-minute adjustments. Moving away from fragmented security solutions and adopting a modular, scalable platform allows businesses to reduce risk and maintain resilience in an ever-evolving digital landscape. Those that embrace a forward-thinking, unified strategy will be best positioned for long-term success.
Read more »
Subscribe to: Posts (Atom)