Catch up on the past week’s cybersecurity news.

The European Union General Data Protection Regulation (GDPR) came back in the news this week with two related items: the United States is finally seeing a similar regulation come into effect (at least in one state), and there are serious concerns about GDPR compliance more than a month after it became law.

Elsewhere, this week we explore some of the fallout from the NotPetya attack and how much it has cost organizations across the globe. We also look at a popular ransomware tactic hitting hospitals and some alarming new data about small and medium-sized business preparedness for email attacks.

  1. California's new data privacy law the toughest in the US, via CNET
    • A major privacy bill signed into law in California on Thursday is poised to reshape how Silicon Valley does business. When the law goes into effect, companies will face the country's toughest privacy requirements, including stopping the collection and sale of personal data upon request from consumers.
  2. NotPetya ransomware still costing industries millions in recovery, via Security Boulevard
    • Mere months after the NotPetya ransomware contagion, victims were already reporting more than $1 billion in damages across countries and verticals. And the costs associated with the attack are apparently still climbing.
  3. Mobile phishing in 2018: Why it’s growing and how to stop it, via Mobile Insights
    • As organizations explore emerging threat trends, new research emphasizes the growing impact of mobile phishing on enterprise security. Since 2011, Lookout Research has observed an 85 percent year-over-year increase in phishing attacks on mobile devices.
  4. New types of authentication take root across the enterprise, via TechTarget
    • Taking away password autonomy from the user could improve security in many areas, but none more directly than phishing. Even if a user falls for a phishing email, his authentication is not compromised if two-factor authentication is in place, because the hacker lacks the cryptographic or biometric authentication access factor.
  5. Cybercriminals target hospitals with SamSam ransomware attacks, via Health IT Security
    • Cybercriminals increased their SamSam (aka SAMSA) ransomware attacks against the healthcare sector in the first quarter of 2018, with numerous cases reported of hospitals paying the ransom to regain access to their systems, according to a McAfee Labs Threats Report.
  6. ‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short, via Digiday
    • A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. Jangled nerves are calming, but experts warn against feeling a false sense of security.
  7. Small businesses aren't properly prepared for cyberattacks, via ITProPortal
    • Polling 600 businesses in the US, the United Kingdom and Australia, a study by Webroot found that new types of attacks are dominating in 2018 (compared to the year before) but that the cost of a breach is decreasing, as well. Phishing has taken the number one spot as the most dangerous type of attack, from malware.
  8. Phishing cited by SMBs as top attack threat, via Infosecurity Magazine
    • Webroot SMB Cybersecurity Preparedness, found almost 100% of businesses train their employees in cybersecurity awareness. However, the report also found that the number significantly decreases for ongoing training practices, with only 39% of companies reporting that they educate employees continuously throughout the duration of employment.
  9. Insider dangers are hiding in collaboration tools, via Dark Reading
    • A new report from Wiretap measured the prevalence of insider risks from collaborative communication tools, in both public and private conversations. The report found the platforms are rife with uncontrolled sharing of sensitive information and password sharing.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

GDPR Right to Be Forgotten: How Does It Work?

Upon request, be ready to delete EU resi…

Upon request, be ready to delete EU resident data—forever. T… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jun 27, 2018

Have You Done These 4 Things for GDPR Compliance?

The May 25th GDPR deadline is upon us. …

The May 25th GDPR deadline is upon us. In the last edition … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted May 17, 2018

Healthcare Data Breaches due to Email Attacks Continue to Increase

By the Numbers – Breaking Down the HHS B…

By the Numbers – Breaking Down the HHS Breach Database Alth… Read More >

David Hood

by David Hood

Director, Technology Marketing, Mimecast

Posted Feb 14, 2018