In Australia, mobile numbers can be transferred to other SIM cards using minimal personal information, which has been seized upon by fraudsters.

Gone in 15 Minutes: Australia's Phone Number Theft Problem

Jeremy Kirk • September 25, 2018

In Australia, it can take as few as 15 minutes to steal someone's phone number, a type of attack known as SIM hijacking. Such attacks are rising, but mobile operators have no plans to change the authentication required around number porting, which can be set in motion online with minimal personal information.

Data Loss

Cybercrime: 15 Top Threats and Trends

Latest

Anti-Fraud

Scan4You Operator Gets 14-Year Prison Sentence

Mathew J. Schwartz • September 25, 2018

Scan4You, a notorious cornerstone of the cybercrime-as-a-service economy that allowed malware developers to more easily create code to bypass anti-virus defenses, has been dismantled, and its Latvian technical administrator has been slammed with a 14-year U.S. prison sentence.

Breach Response

Massachusetts HIPAA Case Outlines Series of Missteps

Marianne Kolbasuk McGee • September 24, 2018

A HIPAA-related enforcement case in Massachusetts involving two insider breaches alleges a trail of missteps, including failure to take prompt action after receiving tips about potential misuse of patient information. What can other entities learn from the mistakes?

Anti-Phishing, DMARC

How to Spot and Stop Newer Email Threats

Tom Field • September 24, 2018

Email fraud threats have evolved from attackers targeting networks to them focusing on specific individuals within an organization. What can enterprises do to halt these attacks before they reach the inbox? Denis Ryan of Proofpoint shares defensive tactics.

Breach Preparedness

Breach Investigations: The Detective's View

Tom Field • September 24, 2018

Kenrick Bagnall, a former IT executive who is now a detective constable with the Toronto Police, offers unique insights on public/private partnerships and how enterprises can work better with investigators in the event of a breach.

Fraud

Winning the Battle Against New Account Fraud

Nick Holland • September 24, 2018

With the abundance of PII available on the dark web, there has been an explosion of synthetic identity fraud. Michael Lynch of InAuth discusses how device and user data can be leveraged to combat the fraudulent opening of new accounts.

Endpoint Security

Future-Proofing for IoT Risks

Tom Field • September 24, 2018

The internet of things promises to change how enterprises operate - as well as the cybersecurity risks they will face. Robert Falzon of Check Point Software Technologies outlines IoT risks and how to prepare to mitigate them.

Network Firewalls, Network Access Control

The Link Between Volatility and Risk

Tom Field • September 24, 2018

Financial service organizations have networks that are larger and more dynamic than ever - and so are their network security risks. Matt Kraning of Qadium shares the results of a new review and how organizations can respond to it.

Business Email Compromise (BEC)

Business Email Compromises Fuel Procurement Fraud

Nick Holland • September 21, 2018

Business email compromises have been at the center of a number of procurement fraud scams, says Allan Stojanovic, a security architect and analyst at the University of Toronto, who describes the fraud and why it's so difficult to thwart.

Cybersecurity

Defending Against Next-Generation DDoS Attacks

Nick Holland • September 21, 2018

DDoS attacks have increased significantly in scale via IoT botnet attacks. Gary Sockrider of Netscout Arbor discusses best practices for dealing with this significant threat.

Anti-Fraud

Using Machine Data Analysis to Detect Fraud

Nick Holland • September 21, 2018

Connecting the dots between disparate forms of machine data can prove to be valuable in discovering fraud patterns, says Jade Catalano of Splunk, who explains how.

General Data Protection Regulation (GDPR)

When Will GDPR Show Its Teeth?

Nick Holland • September 21, 2018

The latest edition of the ISMG Security Report takes a look at the EU's General Data Protection Regulation, including the outlook for enforcement and common misconceptions about its provisions.

Governance

Hospitals Fined $1 Million After TV Crews Film Patients

Marianne Kolbasuk McGee • September 20, 2018

HIPAA privacy violations can come in many forms. Case in point: Federal regulators have smacked three Boston hospitals with settlements totaling nearly $1 million for allowing crews for the documentary TV show "Save My Life: Boston Trauma" to film on their premises without obtaining authorization from patients.