Valuable Insights and Thought Leadership

While large-scale breaches like Equifax, Deloitte, and Yahoo may have dominated headlines in 2017, there were countless other data breaches that occurred and went largely unreported last year. In fact, a recently released 2017 data breach report from Risk Based Security (RBS), a provider of real time information and risk analysis tools, revealed a 305% increase in the number of records exposed in data breaches in the past year compared to 2016.

The growing threat of hackers and cybercriminals targeting government agencies has led a number of states to purchase cyber insurance to protect themselves - and their constituents. As massive data breaches like Yahoo and Equifax dominate news headlines, a growing number of businesses have rushed to purchase cyber insurance policies. Last year, insurers wrote $1.35 billion in premiums, a 35% jump from 2015, according to Fitch Ratings.Now, US states have begun following suit. In a survey of state CIOs, 38% reported having some type of cyber insurance this year, compared to 20% in 2015.

Santa Barbara, California-based Cottage Health System has agreed to a $2 million settlement with the state attorney general resolving allegations that the health system failed to implement “basic, reasonable safeguards to protect patient medical information”, which led to the exposure of nearly 55,000 medical records.According to California Attorney General Xavier Becerra, the health system’s failure to protect patient medical information violated state and federal privacy laws. The state alleged the health system failed to adequately protect patient records.In December 2013, Cottage Health was notified its patients’ records were accessible online, as one of its servers that contained 50,000 patient records was left unencrypted. Worse yet, there was no password protection, firewalls or permissions to prevent unauthorized access. Exposed information included medical history, diagnosis, laboratory test results, and medications.

It is that time of year once again - the holiday season. With it comes family gatherings, celebrating traditions, and of course, holiday shopping. You’re likely to put together a game plan when it comes to budgeting, where and when to find the best deals, and what to get everyone on your list. But, if you are one of the estimated 59% of Americans that plans to do your shopping online, it’s important to put together a plan for protecting your data, and your money, this holiday shopping season.

On Tuesday, November 21, Uber officially disclosed a massive data breach that affected 57 million users of the ride-hailing app. The breach originally occurred in October of 2016 with Uber working to conceal it for over a year after paying a $100,000 ransom.Discovery of the company’s cover-up of the incident resulted in the firing of two employees who led Uber’s response to the hack, said Dara Khosrowshahi, who was named CEO in August following the departure of founder Travis Kalanick.Khosrowshahi said he had only recently learned of the breach, which happened in October 2016. He said Uber had begun notifying regulators. The New York attorney general has opened an investigation into the data breach, a spokeswoman said.

Does your favorite yoga studio or local ice cream shop have a cybersecurity risk management plan? If not, they may be putting their sensitive data- or yours- at risk of cybertheft.According to new research from insurance firm Nationwide, a significant percentage of small businesses may not know they have been a cyberattack victim due to a lack of understanding as to what constitutes a cyberattack.Nationwide’s annual survey of business owners found that 13 percent said they experienced a cyberattack.However, that number jumped to 58 percent of owners who identified as victims when shown a list of specific examples of attacks, including phishing, viruses and ransomware - revealing a 45 percent gap in lack of understanding about what constitutes an actual attack.

Creating a culture of security, as you’ve likely gathered, is not a static process. The key to staying ahead of cybercriminals is consistent review and updates. A common mistake organizations make with their security awareness program is failing to plan long term. Often times, they get caught up in the initial roll-out of their training, but forget to plan on updating their program periodically. New types of attacks are consistently generated, so it is important that senior management and the IT department work together to stay ahead of the hackers. The key to maintaining a strong security posture is consistent review and updates. 

On Tuesday, October 10, Breadcrumb Cybersecurity - formerly IT Strategy, Inc. - presented The California Cybersecurity Initiative: Privacy is the New Currency. The inaugural event, hosted at McCormick Barstow, LLP, highlighted the financial and reputational risks associated with today’s cyber threats, as well as the economic advantage to protecting the privacy of patients, customers, and sensitive corporate data.