California Hospital data breach crisis deepens

UC San Diego Health, a California based healthcare service provider, reportedly suffered a data breach early this year, and it notified the 450,000 victims from September 7th, 2021.

Going further, the details of the security incident was made public by the health services provider in July this year in which it stated that it became a victim of a phishing attack as one of its employees fell prey to email bait that led to the leak of sensitive information of millions of patients, students and employees.

Disclosing the details further via email, the health system said that hackers might have accessed patient records between December 2nd, 2020 and April 8th, 2021 containing data such as full names, addresses, Dobs, email addresses, fax numbers, claims reports, diagnosis reports, prescription info, treatment info, social security numbers, government ID numbers, financial details, student ID numbers, usernames, passwords and such.

After UC San Diego Health notified the affected individuals, a lawyer representing a cancer patient from El Cajon filed a lawsuit in a district court of California, as he felt that the health system failed to follow the basic principle of protecting the data of its patients from hackers, thus deeply violating California Consumer Privacy and Medical Confidentiality laws.

The medical lawsuit filed mid last week is seeking compensation for all those individuals who were affected with the personal info exposure and a class-action suit seeking unspecified damages has been filed.

Note- All companies serving the healthcare sector should train their employees on how to avoid phishing attacks by following the basics in cybersecurity hygiene.

The post California Hospital data breach crisis deepens appeared first on Cybersecurity Insiders.

September 28, 2021 at 10:15AM

Read More

QUAD group led by US pressed against China for Cyber Attacks

All these days we have seen western companies and governments blaming China for launching sophisticated cyber attacks that crippled the critical infrastructure such as supply from oil companies and meat distribution. Now, the government/s seems to have acted on the Chinese aggression with retaliated moves and the nation to lead the front on this note seems to be the Biden led North America.

From here on, a US led group will lead the front with a commitment to promote the best practices and shared standards with cybersecurity and other issues.

Yesterday, White House released a media update on this note disclosing some details related to the summit in brief.

Dubbed as Quadrilateral Security Dialogue (QUAD), the group consist representatives from US, India, Japan and Australia. It is reported that they took part in a meeting last week to discuss the alliance of democratic nations against the Chinese aggression.

It is already a known fact that China has troubled the entire world with COVID-19, emerging tech that targets the climate change, IT infrastructure, space and cybersecurity negatively.

QUAD wants to retaliate against such threats scientifically, and that includes warding off implications that emerge while promoting Open RAN Development.

What’s interesting about QUAD is that it was formed just weeks after Australia in association with UK and US announced AUKUS pact that seeks cooperation from member nations against the evil consequences arising with the development of AI, Quantum Computing and Cybersecurity.

The post QUAD group led by US pressed against China for Cyber Attacks appeared first on Cybersecurity Insiders.

September 28, 2021 at 10:14AM

Read More

What are the key benefits of card personalisation for banks and customers?

Did you know that 64% of households in New Zealand have a pet, and that the estimated 4.6 million pets outnumber their Kiwi owners? That is why it is no surprise that a preferred theme for New Zealanders’ personalised banking card is a picture of their pet.   

Providing the best user experience is paramount to the success of financial institutions. This is why leading banks in New Zealand, such as our customer ANZ Bank, have started offering a web service that enables cardholders to upload a picture of their pet, then receive a personalised payment card using that pet picture as artwork. 

While for New Zealanders ‘pets’ is the most popular theme, the concept of card artwork can be easily expanded to include a favourite football or rugby club, brands, or other affiliated visuals. Customers can select an existing image from a library offering multiple themes or upload a personal picture.  

How does card personalisation work?  

Beyond the cool look-and-feel of these cards, the technology behind this is fascinating. The ability for a customer to have a customised image on their card is a complex offering. It requires an integrated software application and post-production audit process to validate that the image falls under the specific ISO standards. One such tool is the Thales Gemalto AllAboutMe personal card design software that allows users to make their payment cards truly personal. Here’s how the customisation process works.  

The first step of personalising debit/ credit cards is to validate the image that the customer has shared with their bank. This is required as customers will occasionally submit pictures that don’t fit the specifications and therefore cannot be printed on the body of the card.  

 Secondly, in order to create a great artwork on the card (just like the cat displayed above), the design process needs to adhere to ISO specifications. For example, the silicon chip frame position cannot be changed, while the payment scheme and the bank’s logos, as well as other features such as the name on the card, need to seamlessly co-habit with the artwork. Imagine if the head of the cat was hidden by the lead frame – this could look quite unpleasant! To ensure that all these specific requirements are met, an automatic zoom and shift algorithm must be applied to the cardholder’s uploaded picture in order to optimise the overall look-and-feel of the card. 

Finally, as the service is available on the bank’s website, it needs to be attractive, secure and very easy to use. Users need to have clear guidance around how to upload the right pictures, including simple insights into the pick-and-place selection process.

Benefits of card personalisation  

Customising payment cards can be a great traffic booster for online banking services. In addition, a personalised card is likely to become top of wallet for the cardholder, which means more transactions, and therefore higher revenue for the issuing banks and their partner payment schemes.  

In fact, according to an independent report by Aite Group, financial institutions that provide card artwork for customers saw an average increase of 6% in card activation in 2018. Furthermore, the custom card product outperformed the generic card offering at an average increase of 21% in transactions, and showed an average increase of 18% in customer retention.  

Card personalisation allows customers to identify with their card, which in turn creates loyalty. The popularity of the ‘pets’ card among New Zealanders means that the banking card is not just one of many smart cards in a user’s wallet, but has become a very personal object that can say a lot about someone. In fact, the bank card speaks for its owner. For example, the cardbody material is an adhesion message to the value carried, while the personal picture on the card has a unicity message about the cardholder.   

The key driver for customising bank cards is the bond it creates between the cardholder, the card and the issuers. One thing for sure is that in 2021, the trend for people to pay more attention to their banking card and its look-and-feel is growing – and they have plenty of options to choose from, whether metal, bio-sources made, biometric or a card customised with a personal image. 

The post What are the key benefits of card personalisation for banks and customers? appeared first on Cybersecurity Insiders.

September 28, 2021 at 09:10AM

Read More

AT&T Business Summit is virtual Oct. 27-28 and free!

We know that many of us couldn't wait to reconnect in person.

However, the health and safety of our guests will always be our top priority. Given the continued uncertainties around the pandemic, the AT&T Business Summit will be exclusively virtual this year. And it’s jam-packed with cybersecurity talks! Given how critical security is to digital transformation and our ability to innovate, we’ve got a robust line-up of cybersecurity topics – from SASE to zero trust and the technologies you need to help protect your business.

Rest assured, you will be able to experience the magic of the AT&T Business Summit through our virtual program. We will explore how businesses are creating entirely new realities by uniting technology and human ingenuity to deliver customized, unique and safe experiences for their customers and employees.

Be prepared to hear from the same great visionaries, gain access to global decision-makers, and dive into the technology that is shaping the future.

We hope that you join us as we take this journey together.

Join us from October 27-28, 2021 by registering. Event is FREE!

Here are the key Cybersecurity breakout sessions:

Securing the edge with Zero Trust and SASE Breakout

Speakers: Todd Waskelis and Dan Solero

Description:

PERSPECTIVE: Many companies embrace mobile, video, cloud, and IoT technologies to stay competitive and relevant amidst ever-growing demands from customers and partners. They want to embrace next-generation security frameworks like SASE and Zero Trust, but don’t know where to start.

CHALLENGE:  An ever-expanding edge is synonymous with new cybersecurity demands. Threats and compromises at the edge may lead to problems even more severe than service disruptions. And edge applications and devices will be targets due to increased data and processing. Trust and security are the drivers for digital economy and innovation at the edge.

LEARNING: In this session, we’ll level set the popular SASE and Zero Trust frameworks and see a typical journey towards implementing those approaches. We’ll explain implementation, starting with any current investments already in place to help empower, enable, and protect the edge and help build trust within a Zero Trust context.

Securing your supply chain in a 5G world

Speaker: Theresa Lanowitz

Description:

PERSPECTIVE: Today’s supply chains are global. We have more partners in our ecosystems than ever, and each partner plays an important role in getting our customers the best products possible.

CHALLENGE: With so many different components encompassing the modern supply chain, how do you make sure you’re working with trusted partners? How do you make sure your trusted partner’s supply chain is secure? Challenges born from neither securing nor understanding your supply chain represent enormous risks to your business, your brand, and your customers.

LEARNING: A fireside chat with Alfonso Rivera, CISO of Grupo Bimbo, this session will outline the complexities of managing and securing a global supply chain that must deliver safe materials for human consumption; types of security frameworks used to undertake a global requirement; plus, best practices for assessing and securing your own supply chain.

Cybersecurity and edge networking: Delivering the next level of enterprise protection

Speaker: Rupesh Chokshi

Description:

PERSPECTIVE: As businesses adopt new technologies and adapt to fluctuating social and economic conditions, their cybersecurity priorities change. With remote work, created by the COVID-19 pandemic, becoming more manageable, companies are shifting their focus to more robust and comprehensive ways of protecting their data, IT infrastructure, and human assets. This shift requires them to re-think their approach to secure-edge networking, and connected endpoints.

CHALLENGE: Increasing number of ransomware and DDoS attacks, new vulnerabilities introduced by work-from-home, and the need to protect rapidly growing volumes of IoT devices, has put many enterprise security organizations at a crossroads. New technologies and solutions are available in the market today, but what’s the right formula for deploying them and what are the right skillsets needed for executing top initiatives?

LEARNING: Join our panel and hear how industry leaders are tackling their critical cybersecurity projects.

Cybersecurity and edge networking: Delivering the next level of enterprise protection

Speaker: Rupesh Chokshi

Description:

PERSPECTIVE: Digital transformation is creating cybersecurity risks as businesses embrace new technologies and expand ecosystems of partners and suppliers. Companies that want to take advantage of delivering fully protected and optimized access to distributed information and applications must consider a new holistic framework for securing endpoints, data, and connectivity across key IT environments – the network, the edge, and the cloud.

CHALLENGE: The increasing complexity of IT and the explosive growth of connected devices are exposing companies to even greater cybersecurity threats. As digital transformation accelerates, building a comprehensive platform, that seamlessly connects and protects your entire business, can be difficult without understanding the forces driving the convergence of cybersecurity and edge networking.

LEARNING: In this session, industry experts will discuss the trends, vision, and use cases behind the intersection of cybersecurity, edge, fiber, and 5G connectivity.

Zero Trust, SASE, and XDR: Aligning these emerging trends to work best for your business

Speaker: Mary Blackowiak and Rakesh Shah.

Description:

PERSPECTIVE: The necessity for digital transformation is clear among many of today's modern businesses. Cloud-based applications offer organizations the ability to innovate and remain nimble. And allowing employees to work from anywhere helps businesses attract and retain the industry's best talent.

CHALLENGE: These emerging trends create a landscape where users and data are increasingly distributed, and many legacy network and security infrastructures are struggling to keep up. Businesses need visibility into where their sensitive data is being stored and how it is being shared, and they need to provide consistent, highly secure experiences to their users, wherever they may be located.

LEARNING: We will compare three of the industry's most popular architecture models: Zero Trust, Secure Access Service Edge (SASE), and Extended Detection and Response (XDR) to identify where they overlap, their key differences, and the unique value each offers businesses that want to modernize network

Top three ways to prepare for a ransomware event

Speaker: Geoff Mefford and Alex Waterman

Description:

PERSPECTIVE: Ransomware is a cyberattack that restricts access to parts of an organization's system until certain financial demands are met. In addition to the economic impact, companies exposed to a ransomware attack may experience severe downtime, loss of reputation, critical data loss, and damage to systems.

CHALLENGE: The total impact of a ransomware attack is much greater than the ransom fee itself. Does your cybersecurity strategy address the unique factors required for protecting against ransomware? 

LEARNING: This session will help you understand your organization's vulnerabilities and how to improve resiliency in response to ransomware. Join our team of security experts to understand the continued evolution of ransomware attacks and quickly identify red flags that put organizations at risk.

Build your SASE strategy

Speaker: Derrick Johnson and Robbie Harrell

Description:

PERSPECTIVE:  This is a two-part series. Be sure to sign up for Part 2 for the full benefit of the workshop. SASE has quickly gained mindshare across industries and is creating significant opportunities for evolving the network and security landscape within your enterprise.

CHALLENGE: A strategic approach is needed to help sort through the noise in the industry and define a step-by-step program for SASE adoption tuned to your specific business needs.

LEARNING: In this interactive workshop format, learn from experts and your peers on how to approach practical SASE adoption with guidance around planning, strategy, solutioning, integration, and holistic deployment.

And the Keynote speaker!

Indra Nooyi is the former Chairman and CEO of PepsiCo (2006-2019); a Fortune 50 company with operations in more than 180 countries.

In this role, Mrs. Nooyi was the chief architect of Performance with Purpose, PepsiCo’s pledge to do what’s right for the business by being responsive to the needs of the world around us. As part of Performance with Purpose, PepsiCo was focused on delivering sustained growth by making more nutritious products, limiting its environmental footprint and protecting the planet, and empowering its associates and people in the communities it serves. During her tenure, PepsiCo grew net revenue more than 80%, and PepsiCo’s total shareholder return was 162%.

And the closing the event is Shaquille O'neal!

The post AT&T Business Summit is virtual Oct. 27-28 and free! appeared first on Cybersecurity Insiders.

September 27, 2021 at 09:10PM

Read More

Five reasons why MNOs play a central role in the drone ecosystem

Did you know that the commercial drone market is one of the fastest and most innovative sectors of the IoT? Commercial drones have now become a vibrant, emerging industry, which has the potential to cater to a whole spectrum of commercial needs. According to Drone Industry Insights, the drone market reached a total value of $22.5 billion last year. By 2025, this figure is expected to exceed $42 billion.

By 2035, our skies will be at least ten times busier than today, with a large portion of the flying hours flown by drones operating Beyond Visual Line of Sight (BVLOS) across all environments to provide a wide variety of services: critical infrastructure inspection, deliveries, cargo freight, etc. In terms of services, inspection is currently the top application of drones with UAV deliveries growing fast, as mentioned by the GSMA.

This significant growth is all enabled thanks to the ubiquity, security and reliability of cellular networks. The connected sky is a major new opportunity for mobile network operators (MNOs), who can support a wide range of drone-driven applications. Mobile networks can be used to identify a drone, establish its location and communicate securely with it to help mitigate privacy, safety and security risks. 4G, and specifically 5G networks, also offer high-speed drone connectivity over large areas, making cellular networks the preferred solution for connecting drones.

MNOs have the assets in their hands to address the commercial drone challenges including BVLOS, data management, integration to the aviation space, in a rapidly growing ecosystem, which needs to meet local aviation regulations.

Why do MNOs play a key role in the drone ecosystem?

There are five fundamental reasons for this, which include a mix of technical and business-related topics.

1. Leveraging cellular connectivity for many applications

MNOs can deliver extreme 5G mobile broadband speed and ultra-latency, which can open up endless opportunities for drone operators. For example, the high-bandwidth two-way communications available over 5G networks provide significant benefits to applications such as inspection, surveying, monitoring and surveillance. It also enables the live streaming of images, video or other data, allowing operators to review this information while the drone is in flight mode, and take immediate actions as required.

2. Improving the safety of drone operations

Already engaged in the digital onboarding of consumers, MNOs are ideally positioned to provide drones and their operators with strong registration solutions. Registering pilots and drones with public authority servers needs to be secure and reliable. Just like a car’s licence plate is linked to its driver, drones are linked to their pilots.  Additionally, they already manage the connectivity of billions of secure devices (SIMs and eSIMs), ideally suited for cellular IoT

3. Market leaders

MNOs are key enablers for innovation and there is a multitude of examples for this, with the most prominent being that they enable the widespread availability of connectivity like 5G and 4G. Other big trends impacting the industry include the Internet of Things (IoT) devices and sensors, AI and machine learning algorithms and data analytics. These technologies influence almost all industries of the technology economy, and MNOs’ role in enabling their widespread use is undeniable.

4. Sales capabilities

MNOs have a large and strong customer network throughout different business service departments. With a strong sales force and the ability to address B2B and B2B2C businesses, MNOs are ideally positioned to help many organisations take advantage of the commercial drone revolution.

5. Strong brand recognition in the country where they operate

Telecom operators have strong brand value and recognition in each country they operate, as well as an extensive network of leading technology partners. MNOs are already regarded as trusted national service providers, enabling essential connectivity solutions for governments worldwide. Furthermore, some of them are already involved in commercial drone activities and have solid relationships with aviation regulators.

Examples of Mobile Network Operators involved in drone applications

There’s a new opportunity for MNOs to enable a wide range of drone-led security-sensitive applications across a multitude of verticals, including transportation, industry, emergency services, as reported by the GSMA. For example, drones can offer organisations the ability to transport essential supplies to remote areas. Earlier this year, Verizon’s Skyward and UPS Flight Forward announced that they’re partnering to test a delivery service with drones connected in 5G. This connectivity will help them manage and support multiple drones, flying simultaneously, and going to different places from a single point of departure. 5G’s low latency and edge computing also allow for monitoring air traffic entering and exiting a busy logistics hub, especially those that use mixed fleets of autonomous vehicles like drones, trucks, and airplanes.

In terms of industry applications, drones can help construction companies to safely and efficiently reach inaccessible or unsafe areas, monitor their development as well as easily assess health and safety.

To enable use cases like the examples mentioned above, it’s essential that MNOs provide the mobile network infrastructure that can enable a safe BVLOS flight. Vodafone for example has conducted a number of cellular network trials in the past three years to test capabilities such as remote command and control as well as network-based geo-location. This has enabled the MNO to create dynamic no-fly zones. For example, connecting drones to Vodafone’s cellular network, drone operators and relevant authorities are able to create and remove no-fly zones at any given time and location, which the drones respond to in real time. Incorporating this feature within the cellular network enables the safe and reliable management of drone activity in scenarios such as crime scenes and major incidents.

Drones will undoubtedly become an integral part of the smart cities of the future. The creation of a seamless sky is already underway in Australia, with Thales and Telstra having recently prototyped LAAM (Low Altitude Airspace Management) technology, which dynamically manages airspace, integrating manned and unmanned traffic whilst automating drone flight approvals. The companies have combined their expertise to build a robust, safe and secure ecosystem, preparing the way for the integration of manned and unmanned traffic in the Australian skies.

See how Thales helps MNOs become key players in the commercial drone’s market with solutions that:

• Connect seamlessly drones and ensure a continuity of service.
• Protect devices, identity and data.
• Predict to prevent and detect threats.

Find more information on drone solutions here.

The post Five reasons why MNOs play a central role in the drone ecosystem appeared first on Cybersecurity Insiders.

September 27, 2021 at 09:09PM

Read More

Security does not end with Implementing Controls

In cybersecurity, threat actors are relentless. To keep systems safe, we need a process of controls to oversee the entire chronology of a potential attack scenario – protection before an attack happens, effective mitigation and correction during an attack, and recovery afterwards. The tools of defense are vital, but not enough.

Organizations need to decide how to deploy these tools, how much to spend, how to train people, and how to ensure they maintain compliance with industry standards and governance/risk (GRC) requirements.

Security controls must be organized and described in a way that non-IT people – employees and executives alike – understand and embrace, even if they do not fully grasp all the technical terms, and this is where specialized experts including Certified Authorization Professionals (CAP) play a key role. CAPs can be the vital bridge between technicians, executives, regulators, and others involved in the Security process.

Learn more in our article.

The post Security does not end with Implementing Controls appeared first on Cybersecurity Insiders.

September 27, 2021 at 09:09PM

Read More

Best cloud security certifications to make a great career

To all those who would like to seek a brilliant career in cloud security, here’s a knowledge-share on what they need to pursue to keep their salary bells ringing with glory.

Certificate of Cloud Security Knowledge- Shortly known as CCSK, this certification acts as a stepping stone for a great career in cloud security as it covers topics such as basic security knowledge in the cloud architecture and data security, management identification and access management and such. Cloud Security Alliance offers this course and exam certification for $415 in a test form that includes 60 multiple-choice questions. Having a computer certification at Post Graduate level makes sense. However, those with other IT backgrounds can also choose these certifications if they are looking for a career change. Salary expectation- $230,000- $290,000 as a min annual pay.

CompTIA Cloud +- This certification offered by CompTIA covers all topics and concepts required for basic cloud approaches. But it is better if someone with a computer background seeks this certification that comes for a $338 per exam. Salary expectation- $230,000 -$250,000 as a min annual pay.

Certified Cloud Security Professional (CCSP)- ISC² offers the CCSP certification and for an annual fees of $136 and the exam at the cost of $612. Those with an IT background and some knowledge about Infosec can pursue the course and exam. Salary expectation- $230,000 as a min annual pay.

GIAC Cloud Security Automation (GCSA)- This certification is pursued by only a few as most of the IT professionals in the cloud field know little about how the certification helps in accelerating their career. SANs Institute offers Cloud Security and DevSecOps Automation training in continuous integration and continuous delivery of cloud apps on AWS and Azure platforms. And the cost of the exam is $2000 that requires 75 questions to answer. Salary expectation- $210,000 as a min annual pay.

Azure Security Engineer Associate (ASEA)- Microsoft offers this certification that educates a professional to become an expert in implementing security controls and threat protection tools on Azure cloud platform. Passing Microsoft Exam AZ-500 is important to pursue ASEA and the cost of exam is $170 that is offered in a test format of 40-60 multiple-choice questions. Salary expectation- $150,000- $190,000 as a min annual pay.

Amazon AWS Certified Security- Having a 2-3 years Amazon Web Services experience is necessary to pursue the AWS Certified Security course. And you can pass the course after writing a $310 exam that has a test format of 60-70 multiple-choice questions. Salary expectation- $180,000 as a min annual pay.

Google offers a Cloud Security Engineer certification that must be pursued only by those who have at least 2 years of Google Cloud experience and 3 years of knowledge in IT industry. The exam cost is at $200 and will be offered in a test format of 50 multiple-choice questions. Salary expectation- $170,000 as a min annual pay.

Kubernetes Security Specialist Certification is offered by Cloud Native Computing Foundation and the cost of the exam is $375. The test format involves a performance test that needs to be solved in command prompt running on Kubernetes. A Certified Kubernetes Administrator certificate is a prerequisite to pursue this course, and not that easy to pass this hurdle. Salary expectation- $290,000 as a min annual pay.

Note- Minimum Salary specified in the article are subjected to change with time and is solely based on the experience, educational qualification, demand for talent, available talent pool, job profile and last but not the least the company that has put the job offer.

The post Best cloud security certifications to make a great career appeared first on Cybersecurity Insiders.

September 27, 2021 at 08:52PM

Read More