The Latest News in Cybersecurity

How Human Vulnerabilities Affect Your Security Actively managing your human security risk is essential to effective cybersecurity Human vulnerabilities, leading to human failures, were responsible for more than two thirds of data breaches (68%) in 2024. The failures were not malicious or deliberate. Instead, they resulted from employees falling victim to phishing schemes and other social engineering attacks, and making human errors that affected company security. These two top examples of human security risk were spotlighted in Verizon’s 2024 Data Breach Investigations Report. Cybersecurity tools and technologies have evolved to their most effective levels ever. So it’s no surprise that cybercriminals have turned increasingly to the weakest link in the security chain by exploiting our human vulnerabilities. Fortunately, that link is gradually being strengthened thanks to more effective management of human security risk, including regular cybersecurity training.

2024 Healthcare Data Breaches Reported to HHS OCR Set New Records Data breaches reported in 2024 set new cost and impact records, with healthcare breaches affecting nearly 180 million individuals 2024 may be in our rearview mirror, but let’s not dismiss it just yet. There are valuable lessons to be learned from HIPAA violations and healthcare data breaches against the backdrop of general security incident reports published by leaders in the information technology industry. In 2024, the number of data breaches across the globe reached a record high of 10,000, and the average cost of a data breach rose 10% to a record $4.88 million (USD).

Office for Civil Rights has proposed new HIPAA security requirements for ePHI in the first major Security Rule update in a decade The environment in which healthcare is provided in the U.S. has changed dramatically. Cyberattacks, ransomware crimes, and data breaches have increased significantly throughout the healthcare industry. The HHS Office for Civil Rights (OCR), which enforces the HIPAA Security Rule, continues to find the same compliance failures with every audit and investigation.

Key Security Compliance Deadlines Occur in Early 2025 If you are a Chief Information Security Officer, Chief Information Officer, Chief Technology Officer, Director of Information Technology, or bear a similar title in your organization, your business calendar for the first quarter of 2025 is filling up fast. Among the important dates you should be monitoring are several key compliance deadlines for implementation of new security measures, including:

The 12 Days of Christmas with a New Cyber Twist

The Many Risks of Hardware Security Failures New NIST report examines hardware security failure scenarios and the risks they pose to your organization In November 2024, the Information Technology Laboratory at the National Institute of Standards and Technology (NIST) released NIST Report 8517, which examines nearly 100 scenarios that highlight the extensive possibilities for hardware-related IT security failures. Leveraging existing data on hardware weaknesses and design flaws documented in the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) indexes, overlaid by the lab’s own research and evaluation, the report provides security failure scenarios that describe where each weakness typically occurs and its risk of exploitation. NIST Report 8517 is useful for anyone desiring to understand the various ways computer hardware can experience security-related failures that can lead to malicious exploitation, data breaches, ransom demands, and their associated costs.

Six Reasons for a New Security Risk Assessment If your last risk assessment is older than a year or two, it’s time for an update Security risk assessments are a vital requirement in federal regulations that impose security safeguards, which is just about all of them these days. They are also required by the major cybersecurity frameworks and cybersecurity standards that have been adopted by countless organizations.

2024 Cybersecurity Survey Offers New Insights into Internet User Behavior and Attitudes Now in its fourth year, the survey of online behaviors and attitudes is conducted annually by the National Cybersecurity Alliance and CybSafe. The 2024 survey, conducted between March 6 and April 22, 2024, included 7,012 adult individuals in the United States, Canada, United Kingdom, Germany, Australia, New Zealand, and India. 2024 represents the largest sample size to date.

HIPAA Security Rule Compliance Urged by OCR to Reduce Vulnerability to Hacking and Ransomware Office for Civil Rights warns healthcare providers, business associates, insurers against perils of non-compliance

How the New v4.0.1 Changed PCI DSS 4.0 (and How it Didn’t) Compliance with PCI Data Security Standard 4.0 is still mandatory by March 31, 2025!