Ransomware worries, Bose admits attack, cyber insurance news and the latest security patches.
Welcome to Cyber Security Today. It’s Wednesday May 26th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Ransomware is increasingly on the minds of IT leaders after the attack this month on the Colonial Pipeline in the U.S. According to a post-attack survey by the IT association called ISACA, 84 per cent of the 1,200 respondents believe ransomware attacks will only increase as the year goes on.
Eighty-five per cent of respondents think their organization is at least somewhat prepared for a ransomware attack. On the other hand only 32 per cent of those think their organization is highly prepared. Even worse, 38 percent of respondents said their company has not conducted any ransomware training for their staff.
Personal information of current and former employees of high-end audio manufacturer Bose was possibly copied during a ransomware attack. The company made that acknowledgment in a letter to the New Hampshire attorney general’s office last week. The incident happened in March, but Bose only determined what may have been copied in late April. Bose told the Bleeping Computer news site that what it called a “very small number of individuals” were possibly victimized. The data was in spreadsheets in the HR department. One possible lesson from this attack: Know where all of your organization’s sensitive personal and corporate data is. That’s the only way it can be protected.
Security experts urge organizations to get cyber insurance for at least partial protection against the costs of a cyber attack. However, don’t be surprised at sticker shock: The U.S. Government Accountability Office, which reports to Congress, recently reported cyber insurance premiums in the United States have been skyrocketing since the middle of 2019. More bad news: Organizations in high risk sectors should expect lower coverage as well as high premiums. And by the way, when you do go for cyber insurance expect the insurer to demand the firm have multifactor login authentication for all employees. Experts at a virtual conference I covered early in the month said many North American cyber insurance providers have made that a new rule.
Finally, here are some of the latest security updates to know about:
–IT leaders whose firms use VMware’s vCentre Server should install the latest patch. It fixes a vulnerability in the Virtual SAN Health Check plug-in;
–PulseSecure’s Virtual Private Network appliances have been under attack recently, forcing parent company Ivanti to issue fixes. The latest is a workaround for a major issue. Network administrators who use these products need to be familiar with this alert;
–WordPress administrators who use the WP Statistics plug-in from VeronaLabs should install the latest patch. It fixes an SQL injection security vulnerability. And there’s also an update available for WordPress admins who use the ReDi Restaurant Reservation plugin;
–Owners of Trend Micro’s Home Network Security Station should install the latest patches. This is because researchers at Cisco Systems discovered a number of vulnerabilities. The Security Station monitors and protects home networks from cyber attacks as well as manages the network.
–And Apple iPhone, iPad, Mac and iWatch users should make sure the latest versions of their operating systems are installed. iOS and iPadOS are now on version 14.6
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.