This problem was made abundantly clear to the users of the Ashley Madison website. According to CNN, the extramarital affair website’s 37.5 million users are under the threat of having their information shared with the world unless they comply with the hacker’s requests. This is an effective way that hackers can hold a user hostage, but instead of ransoming a loved one or prisoner, it is information that is on the line. Ashley Madison users are only an example; for the average person this is an instance that would not influence their daily lives. However, there are countless other activities that an average person takes part in that could be used to harm, for example, driving. The recent experiment where hackers were able to take over the controls of a Jeep while a passenger was driving should be alarming to any of those who commute regularly. Since hackers were able to control the breaks of the vehicle, serious harm could be inflicted to anyone on the road. Since, according to USA Today, 210 million Americans are licensed drivers, this is an issue that affects almost everyone.

It is becoming a reality that now that everything is done online, we leave a digital footprint in almost everything we do, and this data can be used against us. The key is to recognizing that since everything leaves a trace, than we must be careful about what we post and what activities we choose to do online. Security that detects when our personal issues are being accessed is vital to keep privacy a reality. Effective security could prove to be the difference in being able to live your daily life without fear or being held hostage by it.

Live your life without fear.
Let Aegify help you secure your organizations data and reduce overall risk of being held hostage by the very technology that keeps your business running. To learn more about our Security, Risk and Management solutions please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday, September 3 from 11:00 AM – 12:00 PM PDT.

The post How Technology Can Hold You Hostage appeared first on Aegify.

In February of 2015, health insurance provider Anthem Inc. database was hacked, which includes social security and credit card numbers, health information, patient history, and other valuable client information. According to The Wall Street Journal, this database was made up of over 70 million former and current customers, and employees. As of recent, it is believed that the same group of hackers responsible for the Anthem hack is also responsible for a similar data breach to United Airlines. According to Bloomberg Business, this breach provided the hackers with flight manifest data, including passenger information like destination and place of departure, as well as corporate information and business strategy.

Although these stories lack the glamour and creativity of the spy stories that we are so used to, this is how espionage is conducted in today’s world, and it has clearly been extremely effective regardless. While possibly being thousands of miles away, one can collect all the information they would ever need about a person by receiving access to sensitive information through a data breach. This data can be compiled together to create a massive intelligence network without the hacker ever even leaving his home. With a spy’s work becoming much easier, more effective and simpler, security has never been so necessary to defend against an unseen enemy.

Don’t Become The Next Data Casualty
Fortunately, Aegify’s mission is to protect your organization’s data. Aegify provides a single software solution to address your security, risk and compliance concerns. To learn more, please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 13, from 11:00 AM – 12:00 PM PDT.

When you next encounter a movie about a top secret mission to recover vital information about a corrupt government, consider instead picturing the story’s hero as an average worker, sitting at their desk on a computer while eating a donut.

The post The True Face of Espionage appeared first on Aegify.

Even though, according to UCLA Health, no personal or medical data was accessed, the principal of a university’s data being accessed is a terrifying principal to any student or anyone paying to put a student through school. With today’s world dominated by the use of computers, Internet and online data, education is too. From a monetary prospective it is easy to see why a data hack would be catastrophic; tuition, on campus housing, dining commons charges, tutoring and athletics are all paid online through the school. Hackers could instantly have access to these transfers by a data breach. Even more damaging than the money that could be stolen, is the information that is accessible if one could gain access to university data. A breach to a school gives the hacker access to homework grades, test scores, transcript info, and social security numbers. This is data that could completely alter someone’s GPA and could be an instrument in identity theft. Although it may be difficult to recover from stolen money, it can be nearly impossible to completely repair damage done from a personal data hack.

I have been interning for Aegify over the summer months away from my education at UC Santa Barbara, a sister school to UCLA, and have learned a lot about the cyber security world. I was notified about the UCLA attacks in an email sent out to all UC Santa Barbara students that told us about the attacks and notified us that that the UCSB security system is being reworked as it was similar to that of UCLA. The realization that my personal data along with any other students’ could so easily be accessed and the implications of what effects a cyber hack could have was eye opening. Any university could be subject to the same breach of data, and every student is potentially at risk. Above all the demand for effective security systems has never been so high, and students are in need of the tools to protect our data, and ultimately our future.

Chris Leahy is an intern at Aegify and is a second year Economics student at the University of California, Santa Barbara. He has worked in the marketing department as of Summer 2015. To learn more about how to protect your company against cyber hacks, please click HERE to register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 6, from 11:00 AM- 12:00 PM PDT.

The post What Does Your Education Mean to a Cyber Hacker appeared first on Aegify.

In the world of healthcare data security, the Goliaths dominate. However, there is an underdog story in the making in this field too. Healthcare providers are struggling to keep up to date on compliance with changing regulations as well as the technology needed to properly protect their data. For example, 36%-40% of hospitals (depending on size) reported dissatisfaction with their security systems and a need for improvement in the next 12 months.

Many hospitals rely on vendors- 24% specifically according to Peer60 2015 report- to keep security software and programs up to date, while another 11% depend on the same companies to comply with HIPAA regulations. Vendors often do a poor job of explaining their complex systems and this makes it much more difficult for hospitals to implement all of the tools they have been given. Also, many security companies aren’t up to date on current data protection technology. If these hospitals are not taking advantage of all of the features a security solution has to offer and the technology used is not effective, than how safe could your important data really be?

Since a select few large companies run most Network security systems, this complaint with how protection is being managed in hospitals is largely significant to all other security vendors and providers looking to get their name out on the market through innovation and disruption in the market place.. By providing less expensive, easier to use, and more effective data security protection, the smaller and newer security companies can shift demand away from the dominant few that have controlled the market in past years. If the large security companies cannot satisfy, then it is time for the Davids of the data security world to make their mark. This is already happening in the highly evolving Security Monitoring and CyberSecurity arena.

In the recently released Gartner CIO Agenda Report, 2015, CIOs have identified Security & Risk Management as one of their top priorities. Many of your peers have already engaged Aegify to manage their security, risk and compliance efforts. Discover why. To learn more about how to protect important data, please click HERE to watch our excellent 55 minute presentation on how to protect your company from cyber attacks.

The post Security Goliaths Have Had Their Time, But Here Comes David appeared first on Aegify.

The Health Insurance Portability and Accountability Act demands that health care providers report data breach in cases that effect more than 500 people. In case of violation of HIPAA, enterprises and their business associates and covered entities, face a penalty of $50,000 reaching up to $ 1,500,000. Over 40% of cyber security breaches in 2014 has been across healthcare providers and their business associates. Such rampant breaches across this sector leads to loss of millions of digital healthcare records and personal information of patients and therefore calls for aggressive counter measures to address these rampant data breaches, given the fact that PHI is getting more valuable in the cyber-fraud scenario than the credit cards.

As per the requirements of HIPAA compliance, all patient health information and   critical assets have to be secure. But, the records compiled in 2014 points to a      disturbing trend in increased in data breaches, nearly 41 million from 29.3 million,  an increase of 41% over 2013. Moreover, records also display that the complaints  received by the Office for Civil Rights include nearly 5,447 unresolved cases and  around 53,000 closed. The reasons put across are lack of jurisdiction or  complaints being withdrawn, and not because there was no HIPAA violation.  Further, analysis of the HHS data also brings to light that a large portion of the security breaches (over 52%) have been through theft, nearly 10% due to unauthorized access due to loss of devices, and over 9% due to hacking incidents.

Source: Compilation by Erin McCann, Managing Editor at Healthcare IT News, using data from the Department of Health and Human Services, which includes HIPAA breaches involving more than 500 individuals, reported by 1,149 covered entities and business associates

Businesses across the healthcare industry and its verticals therefore need to scan their PHI assets and conduct security analysis besides ensuring meaningful use of the EHR. Understanding the criticality of the situation, enterprises have deployed a number of new age techniques to protect their electronic data from breaches.

However, Aegify has been developed as a comprehensive security, risk and compliance management solution that not only addresses all of HIPAA compliance needs but also provides the covered entities with meaningful use attestation reports with proof of security and risk analysis. Further, Aegify automates HIPAA management through continuous workflow assessment cycle, and provides instant remediation measures to correct the security deficiencies, a trusted Solution by 70+ MSPs with thousands of customers. Aegify protects your assets, detects vulnerabilities proactively, and responds with appropriate remedial measures. Aegify is the only solution that unifies a comprehensive Security, Risk, and Compliance Assurance system.

The post The Ever growing list of HIPAA breaches appeared first on Aegify.

Findings of the survey

Some of the findings highlighted in the PWC survey revealed that organizations detected an average of 135 security incidents in the past year. While nearly 77% of the participants of the survey experienced a security incident, almost 67% of the survey respondents were unable to gauge the financial impact of these incidents. The finding further revealed that less than half of respondents lacked an effective risk management program, with only about 47 percent performing periodic risk assessments. Enterprise mobility emerged as a cause for concern, with only 31 percent of respondents admitting to have a mobile security strategy and a mere 36 percent employing a Mobile Device Management (MDM) solution. These statistics clearly indicate that companies need to take a serious note of the kind of cyber security threats and risks that are out there.

Are you prepared?

The important question that needs to be answered is whether your enterprise has implemented a proper Governance, Risk and Compliance system. If it hasn’t, then your enterprise could be vulnerable with very high risks. PWC recommends that every enterprise evaluate the risks that come with supply chain partners. Besides developing threat-specific policies, enterprises need to conduct regular cyber risk assessments and implement mobile security practices in pace with adoption of mobile devices. Additionally, efforts to boost cyber awareness across the organization must include workforce training. PWC also suggests that enterprises make the best of information sharing, both internally and externally, to be abreast of all the latest cyber risks and threats.

In many instances, cyber criminals continue to find ways to circumvent the usual security technologies and acquire sensitive information. This is precisely why enterprises need to adopt a balanced approach that comprises of people, processes, and effective partnerships to strategically counter cyber security threats. Enterprises need to combat cyber threats by implementing a comprehensive security, risk and compliance assessment platform such as Aegify Security Posture Management or Aegify SecureGRC or Aegify Risk Manager. Aegify strengthens an enterprise’s security posture with powerful security monitoring and reporting capabilities. By deploying a solution like Aegify, enterprises can seamlessly address cyber threats and completely mitigate risks.

The post A Right Approach to Cyber Security appeared first on Aegify.

Speaking about these threats, Cyber Ark CMO John Worrall said that businesses are now realizing the importance of these threats, and that their concern reflects the concerns of the government about these threats. Moreover, the visibility of network attacks has increased thanks to the publicity about cyber attacks connected with China, recent reports about potential attacks on the nation’s critical infrastructure, and the speeches of government and military officials about cyber security threats.

All this has led to a growing awareness amongst IT executives and organizations around the world, although many are yet to understand the magnitude of the threat. While on the one hand this awareness can be attributed to public reports, on the other, such awareness is also born out of pain from experiencing the threat. The Cyber Ark study also revealed that many businesses have firsthand knowledge of the risks of cyber attacks, and out of the participants in the survey, 51 percent believe that a cyber attacker is currently residing on their systems, or has done so during the past year.

Although what people believe may be different from the actual fact, and perceptions expressed during the survey may have been influenced by fevered media coverage of the subject in the recent past, according to security professionals, the undeniable truth is that the risks are real, and the imminent risk of cyber attack is potentially greater than a physical attack. Therefore, organizations now have a good reason to worry about cyber attacks, because in cyber warfare and terrorism, those corporations that support critical infrastructure, may be viewed by attackers as a path to disruption and destruction.

So organizations worldwide have the responsibility to shore up cyber defenses and prevent such attacks from taking place. Survey researchers found that 61 percent of the respondents were of the opinion that the government could step in to protect the nation’s critical infrastructure from advanced cyber threats through incentive programs, tax credits, and liability protections. This would encourage businesses to bolster their security measures. But most of all, a comprehensive security platform such as Aegify Security Posture Management or Aegify SecureGRC can prove extremely beneficial in today’s scenario. It can strengthen the security posture of organizations and prevent cyber attacks with powerful security monitoring and reporting capabilities, thus seamlessly addressing cyber threats and completely mitigating risks before it is too late.

The post Cyber Attacks- The Greatest Threat to Countries Today appeared first on Aegify.

Although the breach seems to have begun in late August this year, it was not detected by the state government officials until the 10th of October, and the public was not notified about the loss of their PII until the 26th. While it is still unclear as to how the databases were accessed by criminals, it seems that state-approved credentials have been used to access the databases. But how these credentials were obtained by hackers is unclear. Though there is a possibility that the credentials could have been stolen, or an insider accomplice may be involved, there has been no evidence in the matter as yet.

This incident has taken the state government by complete surprise, and it clearly ranks as one of the most serious cyber crimes. Several issues remain to be addressed in this incident, one of the most important being the extent to which encryption was used, and the other being the issue of the contractor not detecting anything although the system was scanned for vulnerabilities in the months of September and October.

The state has been forced to hire a new contractor to ensure the security of the systems, as well as a lawyer to provide advice in the matters of liability. In addition to this, the state has also agreed to pay Experian up to $12 million for credit monitoring for victims. Although more action is awaited in this matter, and a complete account of how the hacking incident occurred is yet to come to light, this attack is certainly an eye-opener for all those who think that they have done enough to secure their data.

It’s therefore time to do a reality check and adopt a comprehensive security solution like SecureGRC to curb threats and vulnerabilities, and prevent security attacks of such nature.

The post Hackers Exploit Opportunity-Execute Well-Planned Attack appeared first on Aegify.

Speaking during a Washington briefing held by The Week magazine and Zurich Insurance Co. Ltd., Rep. Mike Rogers, R-Mich. – author of a cyber security bill that has passed the House that would encourage greater participation by the private sector in cyber security efforts – said the “threat changes by the day.”

By the time mandatory cyber security standards are devised and implemented, the cyber attackers already are ahead of the defenders, he said.

The Cyber Information Sharing and Protection Act – HR. 3523 – passed the House in April, but it has yet to be taken up by the Senate.

According to Rep. Rogers’ website, the legislation would give the federal government new authority to share classified cyber threat information with approved U.S. companies and knock down barriers to cyber threat information sharing.

But in a formal statement of administration policy, the White House said that the administration “strongly opposes” the bill in its present form for, among other things, privacy concerns.

Like it or not your company is exposed to cyber risk. Do you know how to manage these evolving and ever changing risks? “Data Protection: What risk professionals need to know about cyber risk management,” a new Business Insurance white paper, can show you how. Click here to learn more and view a sample.

The post Cyber attack is ‘single largest threat’ to U.S.: House Intelligence Committee head | Business Insurance appeared first on Aegify.

Chris Porter, a member of Verizon’s RISK team, which was actively involved in consolidating information for the 2012 Data Breach Investigations Report, says that more often than not, irrespective of the size of the organization, industry, or its location, the root causes for these breaches were traced to compromise of credentials or attacks on web applications.

This report reviews 855 data breaches across175 million stolen records, and the findings of this report clearly indicate the international nature of cybercrime. It was seen that the breaches included in the report had originated from 36 countries, which is a steep increase from 22 countries in 2010. Moreover, almost 70% of these breaches originated in Eastern Europe, and less than 25% had originated in North America. According to Porter this could be because of the legal framework that exists in Eastern Europe, in which cyber criminals are easily able to locate loopholes.

However, going beyond geographic parameters, researchers have also noted that the size of the organization also has a major part to play. For instance, larger organizations may have to do much more to protect their systems, and should be able to identify new risks and vulnerabilities. But in most cases, organizations do not pay much attention to how they are being attacked. This is the reason why a number of attack vectors are still being used successfully by hacktivist groups.

Hacktivism: A Serious Threat

When it comes to hacktivist attacks, the primary difference is that they are not waged with the intention of financial gain. These hacktivist groups have been around for quite some time, but they did not get much attention. These groups are now more frequently attacking large organizations, breaking into their databases, and stealing data of any kind, including emails, password lists etc., which they can publish. And it was seen that in the year 2011, more data has been compromised by hacktivists, than by organized crime.

How can organizations respond to this evolving threat?

Cyber threats are an ongoing challenge for every organization. But with security attacks turning out to be more sophisticated and organized, dealing with this challenge becomes even more difficult. However, to best safeguard data and ensure complete information security, organizations should resort to an end-to-end security and compliance management solution like SecureGRC. eGestalt’s SecureGRC is a completely automated and integrated solution, which has the capability to detect emerging threats and prevent security mishaps by closing gaps in the system as and when they arise.

The post Hacktivist Groups Pose Major Threat- Organizations Beware! appeared first on Aegify.