Authentic8 Blog Category: Remote Browser

2017 in Review: Data Breach Statistics and Trends

Illustration: 2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog

What were the biggest data breaches in 2017? Did the federal government's cybersecurity fare better, two years after the disastrous OPM hack in 2015?

Did ransomware live up to, or even beat, the dire predictions? Which industries were targeted or hacked most?

We have pulled together summaries, surveys and posts worth returning to, for use as a quick reference to consult when working on IT security presentations, cybersecurity plans and requests for budget or approvals in the year ahead:

The Biggest Hacks, Leaks and Data Breaches in 2017

...presented in 28 (illustrated) slides by ZDnet, with links to more in-depth information.

Source: ZDNet

ABA Tech Report 2017: Security

What does the American Bar Association’s 2017 Legal Technology Survey Report reveal about data security in the nation’s law firms? David G. Riess, attorney at Clark Hill PLC, summarizes.

Source: ABA Tech Report

2017 in Review: Data Breach Statistics and Trends - Authentic8 Blog illustration

Largest Healthcare Data Breaches of 2017

78 healthcare data breaches in 2017 that affected more than 10,000+ records

Risk Management and Employee Cybersecurity

Illustration: Risk Management and Employee Cybersecurity - Authentic8 Blog

Risk management will be a central topic at the 3rd annual ALM cyberSecure conference in New York City this year.

The cross-industry gathering of thought leaders on December 4-5 aims to facilitate a holistic approach to data security, risk management and data governance.

Influential business leaders from the cybersecurity industry and high-ranking law enforcement officials will be convening with corporate risk management, compliance and law department leaders at the conference, which features speakers from numerous Fortune 100 companies.

Authentic8 Co-Founder and CEO Scott Petry will moderate a discussion panel on “Revamping Employee Cybersecurity Policies and Training to Mitigate Legal Risks” on December 4th.

Scott Petry will be joined on stage by Daniel Pepper, Vice President and Deputy General Counsel at Comcast; Adam Rubin, General Counsel of PrizeLogic; and Allen Brandt, Executive Director, Associate General Counsel and Chief Privacy Officer at the Depository Trust & Clearing Corporation.

Balancing IT security, data protection and privacy

Balancing IT security and data protection with the needs

The Long Con: Antivirus and Your Data

Illustration: The Long Con: Antivirus and Your Data - Authentic8 Blog

Officials and security researchers have named antivirus (AV) vendors as the new weak link in enterprise and government networks. They claim that sensitive files of the U.S. National Security Agency, the Republic of Korea Armed Forces and U.S. companies were targeted and exfiltrated thanks to the software that should be protecting the endpoint.

Antivirus solutions have been around since the mid-1980s. We gave them file system permissions to scan every file. Then we allowed access OS processes to scan active code. Then we allowed vendors to take our data to the cloud for “enhanced” security.

Now, as with many other services, our trust is used against us. The same AV tools that were supposed to help us fight malware are used as a backdoor to steal sensitive information and stage cyber attacks. This feels like a long con perpetrated by the antivirus industry.

Which vendors can you trust?

The irony is that for years we’ve been paying vendors to

5 Must-Read Cybersecurity Resources for Law Firms

Illustration: 5 Must-Read Cybersecurity Resources for Law Firms - Authentic8 Blog

A recent survey of law firms found that nearly one-third of the respondents didn’t know who was responsible for risk management within their organization. What will their corporate clients make of that?

According to the research reviewed for this post, client cybersecurity audits are becoming the new normal for law firms. Many companies are no longer willing to entrust their legal matters to firms without subjecting them to a client audit first.

The same holds true when Big Law is looking to partner with smaller practices in local markets. Potential partners who cannot demonstrate that and how they protect sensitive client information against data breaches will lose valuable business and connections to a competitor in the region who can.

For this post, we have collected resources that provide up-to-date insights and guidance that help law firms with their cybersecurity planning and client audit preparation:

*

1. Why Are So Many Law Firms Unaware That They Suffered a Data Breach?

The second edition

How Do I Know If My Local Browser Extension Was Hijacked?

Illustration: How Do I Know If My Local Browser Extension Was Hijacked? - Authentic8 Blog

If you’ve installed add-ons or plugins with your browser (like the one that came with your computer), it could be a question you're asking yourself right now.

This week brought news that at least six more extensions for a popular browser were hijacked. Two similar attacks were uncovered only last week. In all these cases the hijackers “updated” the extensions to inject malicious code into web pages. More than a million local browser installations were affected.

*

At the risk of repeating myself - local browser add-ons put your data at risk. Browsers are targeted in more than 80 percent of online attacks because inherent design flaws and the security weaknesses of common internet protocols make them the most vulnerable component of your personal or business IT.

When connecting to a website, browsers indiscriminately fetch and process code from the web on the local computer. Malicious code may be hidden in a web app or passed through from an ad server on