CyberSecurity in 120 Secs: Ransomware, CVS, and More


We're excited to kickstart our weekly roundup of security news from the past week. In these weekly summaries we'll highlight significant points, so you get the most from all the news in just 120 seconds.

Ready, get set, go!


Why is this significant?

Why is this significant?

  • The nature of routers make this threat all the more serious as the routers may enable easy access into the organization.
  • Planting firmware enables this threat to maintain persistence by existing also after a re-boot.
  • These kinds of compromises highlight the need for a hybrid security approach. It’s not enough to just ensure that the communicating device has a security module since a threat that bypasses that module defeats all. However, a hybrid solution prevents that point of failure by recognizing that something has gone awry.


Why is this significant?

  • CVS’s photo website has been offline since mid-July. That's 2 months of not being able to fully operate due to a compromised environment. The loss of profit here is clear. Businesses need to start changing their mindset from defense to learning how to keep their data secure while under the assumption that their environment is compromised.
  • Update on those two hackers that hacked into the database of the top three newswire service’s press releases, prior to being published and selling the information to 32 traders in the stock market. Now they have settled in court for $30 million, without denying any SEC claims.
  • This case highlights the strong financial motivation behind cyber-attacks. Apparently, the duo generated $100 million in profits over five years using information from 150,000 press releases.


Why is this significant?

  • Cyber insurance is not a pill against attacks. Yet, they can provide an assessment and help companies manage their risk.
  • The Payment Card Industry (PCI) Data Security Standard (DSS) was founded about 10 years ago by credit card processors who did not want to carry the loss of abused credit cards. PCI DSS is now considered a standard that many companies try to follow. Although PCI does not guarantee security, it indeed helped the security industry. Research has showed that companies that were compliant to PCI were also more secure. In fact, security teams have also used PCI DSS as a springboard to enhance their security posture. Could a standard created by insurers have the same effect?
  • This is a call to not just punish when things go bad, but to provide an incentive when things go right (in the form of better rates). One of the greatest issues with cyber-security is to place a monetary figure on its worth. Such motivation can help security teams place a dollar amount to part of their strategy.


Endpoint protection is what enSilo does. Check it out!

Sign Up for a Demo Today

Related Blog Posts