NetWorks Group Blog

Healthcare data theft totaled more than 112 million records in 2015, according to the Office of Civil Rights. Moreover, 42.5 percent of all data breaches have occurred in the healthcare industry in the last three years, and 91 percent of healthcare organizations have reported at least one breach in the last two years. Hackers, unauthorized access from staff, improper disposal, data loss — all of these factors contributed to large-scale data breaches in hospitals and medical facilities across the United States. Now, more IT managers and administrators are investing in cybersecurity to safeguard patient data.

Topics: Managed Detection & Response, Information Security, Vulnerability Management, Compliance, Healthcare

Are you in the market exploring options for security log monitoring and management? If so, I’m sure you are inundated with requests for a meeting from various SIEM (Security Information and Event Management) vendors.

Topics: Security Monitoring, Managed Detection & Response, Information Security, Threat Hunting, Incident Response, Threat Management

A comprehensive cyber security framework consists of several components, and one of the most important among them is security log monitoring. Without an effective security log monitoring and management policy in place, a company runs the risk of non-compliance, and perhaps fines, if there is ever a data breach. In order to maintain compliance with guidelines laid out by laws like HIPAA, and frameworks such as PCI, companies need to have an effective security monitoring solution in place that can help them collect and analyze log information so they can detect and respond to cyber attacks.

Topics: Security Monitoring, Managed Detection & Response, Information Security, Compliance

The NotPetya ransomware, a Petya variant, attack of July 2017 is similar to the recent WannaCry attack that struck 230,000 computers globally. NotPetya utilizes the same exploit as WannaCry, Eternal Blue, to infect Windows-based computers across the network. All of the files on the victim's computer are encrypted, the master boot record is overwritten, and a message appears that demands $300 in Bitcoin. Unlike other types of ransomware, paying this fee does not give access back to the files, as the malware is designed to be unable to undo its effects on the computer.

Topics: Managed Detection & Response, Information Security, Threat Management

 As global cybercrime continues to develop new methods to penetrate system defenses, the tactics used in response to threats have been forced to adapt as well. The result has been a move from simple antivirus protection to complete endpoint protection using sophisticated integrations of endpoint malware protection, threat detection and response algorithms, and, in some cases, managed security services. Endpoint threat detection has been identified by Gartner research as one of the top tools for fighting cybercrime.

Topics: Managed Detection & Response, Information Security, Threat Management

Is Your Collection Agency Business Secure From a Cyberattack?

Topics: Managed Detection & Response, Ethical Hacking, Information Security

What is PCI Compliance?

Topics: Managed Detection & Response, Information Security, Vulnerability Management, Compliance

Key findings from Verizon DBIR report for the Healthcare Industry

As an information security professional, it can be difficult to know where to concentrate your efforts. Some threats are overly hyped, while others slide in under the radar.

Topics: Security Monitoring, Managed Detection & Response, Information Security, Threat Management, Healthcare

Essential Infrastructure in Peril 

Critical infrastructure industries are a required foundation for a functional society. Without these sectors, vital services and products are unavailable. Health care, finance and manufacturing are three examples of markets that fall under this designation. The huge shortage of personnel with cybersecurity skills puts this essential infrastructure in peril. The demand for these experts is higher than the supply, making it difficult for organizations to appropriately protect themselves from cybercriminals. In the United States, only 66.7 percent of employer demand is met. It's even worse in other countries, with Israel only filling 28.4 percent of demand. 

Topics: Security Monitoring, Managed Detection & Response, Ethical Hacking, Device Management, Information Security, Vulnerability Management, Threat Management

In this post, I'd like to talk about how to actually apply the concept of “red teams” in your enterprise.  First, and foremost, red teaming for cyber security refers to the concept of a small team of hackers reviewing an organization to determine if they can gain access to critical assets.  This may not sound much different than a penetration test, but one crucial piece is almost non-existent in a red team exercise:  scope.  A red team will utilize a web application, mobile platform, physical, social engineer, and network tester as part of a team whose goal is to profile the organization and gain access.

Topics: Security Monitoring, Managed Detection & Response, Ethical Hacking, Penetration Testing