Cybersecurity quarterly benchmarks: Q1, 2022

Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

Oct. 24, 2022

As cybersecurity threats rage, colleges invest in risk prevention and pay higher insurance premiums

Cyber insurance policy renewal price increases are typically between 40% and 60%, with some increases hitting the triple digits, S&P said.

By Rick Seltzer • Oct. 14, 2022

CommonSpirit’s ‘IT security incident’ was likely cyberattack, security experts say

Experts view moving systems offline and interrupting access to electronic health records as a defensive move.

By Samantha Liss • Oct. 7, 2022

American Airlines phishing attack involved unauthorized access to Microsoft 365

The airline has begun disclosing additional details to state regulators, confirming more than 1,700 people were impacted.

By David Jones • Sept. 26, 2022

Morgan Stanley fined $35M by SEC over improper data disposal

The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

By Gabrielle Saulsbery • Sept. 21, 2022

Stolen single sign-on credentials for major firms available for sale on dark web

Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500, BitSight found.

By David Jones • Sept. 21, 2022

American Airlines targeted by threat actor in July data incident

The airline has notified customers about the potential release of personal data, but said there is no evidence of the data being misused. 

By David Jones • Sept. 20, 2022

Capital One freed from consent order tied to 2019 breach

The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

By Gabrielle Saulsbery • Sept. 20, 2022

LastPass says it contained August breach, leaving customer data and vaults secure

After investigating alongside Mandiant, the widely used password manager has enhanced a number of security protocols in response to the four-day incident.  

By David Jones • Sept. 16, 2022

Cloud security pros expect elevated risk for serious data breaches

Just one out of five cybersecurity and engineering professionals escaped the previous year without incident.

By Matt Kapko • Sept. 14, 2022

PyPI contributors targeted by JuiceLedger in latest attack against open source

The supply chain attack represents a potential risk to organizations using open source, researchers from SentinelOne and Checkmarx say.

By David Jones • Sept. 6, 2022

Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics

The trend of attacks focusing on a systemic technology used across most providers is one that Critical Insights expects to continue this year. 

By Rebecca Pifer • Aug. 29, 2022

Twilio discloses more victims as phishing attack effects cascade

The communications and identity authentication provider said it has discovered 163 victims thus far.

By Matt Kapko • Aug. 29, 2022

Almost 10K credentials compromised in phishing spree that ensnared Twilio, Mailchimp

Attackers targeted Okta identity credentials and two-factor authentication in the campaign dubbed Oktapus.

By Naomi Eide • Aug. 26, 2022

LastPass breached, portions of source code stolen, CEO says

The unauthorized actor did not access data or encrypted vaults from its more than 33 million registered users, however the company deployed containment and mitigation measures. 

By David Jones • Aug. 26, 2022

Third-party attacks spike as attackers target software connections

Every third-party tool and partnership is a potential path for attack and an opportunity to exploit human behavior. The risks spread far and wide.

By Matt Kapko • Aug. 22, 2022

Mailchimp breach shines new light on digital identity, supply chain risk

Sophisticated threat actors are targeting weak links in the email marketing space to go after vulnerable financial targets.

By David Jones • Aug. 18, 2022

DigitalOcean, caught in Mailchimp security incident, drops email vendor

An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

By David Jones • Aug. 17, 2022

Twilio phishing attack fallout spreads to Signal

The vendor’s widely used two-factor authentication service became a point of potential compromise for 1,900 Signal users. One user suffered a direct hit.

By Matt Kapko • Aug. 15, 2022

How attackers are breaking into organizations

Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

By Matt Kapko • Aug. 15, 2022

Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

Dissimilar responses from Cloudflare and Twilio bear important lessons in transparency, resiliency and access.

By Matt Kapko • Aug. 9, 2022

Hospitals have low level of accountability for connected device breaches

Only an average of 3.4% of hospitals’ IT budgets are being spent on device security, a recent survey shows.

By Rebecca Pifer • Aug. 5, 2022

Data breach costs spread downstream, IBM says

Nearly half of all organizations studied by IBM have minimal or no cloud security practices in place.

By Matt Kapko • July 29, 2022

Entrust acknowledges June cyberattack, remains tight-lipped on the details

The cybersecurity vendor has yet to disclose how the incident occurred, the type of data stolen and if ransomware was involved.

By Matt Kapko • July 28, 2022

Uber reaches non-prosecution deal with feds after concealing data breach

The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture. 

By David Jones • July 26, 2022