Cyberattack numbers for December were bad, stiff privacy fines in Europe and attacks on the healthcare sector continue
Welcome to Cyber Security Today. It’s Wednesday, January 6th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Cyber Security Today is brought to you by the new Cisco Security Outcomes Study, where we surveyed 4,800 cybersecurity and IT professionals.Visit https://cisco.com/go/SecurityOutcomes to read the results.Cisco Secure Insights Summit on January 21, 2021, at 10 a.m. Pacific Time.
While most of us are looking ahead to what will happen in the new year, for a little while statistics from last year are still emerging. Some are troubling because they reflect the poor state of cybersecurity around the globe.
For example, a British website called IT Governance which tallies publicly-issued reports on data breaches, found that in December alone there were 134 security incidents across the world. That’s the highest the site has recorded. Among those organizations that released numbers, those breaches accounted for over 148 million records of data exposed. That’s another monthly high. A record is one piece of information for a person, so a name, address, phone number and email address counts for four records. The total number of publicly-acknowledged records exposed in 2020 came to more than 20 billion.
The biggest data breaches reported last month included the theft of data on 2.5 million subscribers of Italian wireless carrier Ho-Mobile; and the publishing on a criminal site of a stolen database of 1.5 million names, phone numbers and email addresses of customers of Ledger, which makes a USB memory stick-sized device for storing cryptocurrency.
Remember the overwhelming majority of reported data breaches don’t publicly estimate how much personal data was stolen. Many data breaches are quietly reported to regulators and customers where required by governments. Other organizations don’t report breaches at all where there is no requirement.
Here are more numbers: Last year regulators in the European Union group of countries fined organizations over $210 million for violating privacy obligations under the General Data Protection Regulation. That’s according to a news site called Finbold. The country with the most offenders was Spain, where organizations were hit 128 times for fines totalling about $9 million. The country with the biggest total value of fines was Italy, which saw organizations punished 34 times for a total of about $71 million. By the way, there were only three fines in the United Kingdom, but they totalled $52 million. That would include the $26 million fine levied against British Air for a 2018 data breach of information on more than 490 million passengers and employees around the world.
Cyberattacks on hospitals and healthcare institutions also rose as the year ended. According to security vendor Check Point Software, in the last two months of 2020 attacks increased 45 per cent. That’s more than double the increase in cyberattacks across all industries worldwide. The biggest attack type against healthcare was ransomware. Canada saw the biggest increase, with a 250 per cent hike in attacks, followed by Germany with a 220 per cent increase. Why healthcare institutions? Because, criminals figure, they are likely to pay ransoms so they can continue to provide patient care during the COVID pandemic. This sector also includes medical research institutions, who want their work to continue.
I’ll be discussing this report with Dinah Davis of Arctic Wolf on my Friday afternoon podcast.
Finally, Citrix has released firmware updates for its Application Delivery Controller and Gateway products. IT administrators should make sure these updates are quickly installed so their devices aren’t used to launch denial of service attacks against innocent victims.
That’s it for today. Links to details about today’s stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.