The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Friday Five 10/2

by Colin Mullins on Friday October 2, 2020

Contact Us
Free Demo

A legal right to work from home, insensitive phishing, and election disinformation - catch up on the week's news with the Friday Five!

1. Working from home could become a legal right in Germany by David Meyer

The German government is pushing forward with a proposal to give people the legal right to work from home where possible. The proposal comes on the heels of an acknowledgment that the shift to mass WFH during the coronavirus pandemic has led to improved productivity and work-life balance. The plan faces opposition from many in the center-right CDU (Christian Democratic Union of Germany) party, who believe that under usual circumstances, it should be up to employers where their employees work. There is also skepticism that working from home has the potential to be exploitative because employees are always on call. The drafters of the legislation say they will address those concerns by regulating work hours and protecting collective bargaining rights. Regardless of whether the legislation passes, the fact that it’s even being considered shows how much the coronavirus has changed our ideas around workplaces.

Read more

2. More Than Two-Thirds of Orgs Plan to Adopt Zero-Trust Architecture by James Coker

In a survey of 500 IT and security decision-makers across Germany, France, and the UK, over two-thirds said that they have adopted or are planning to adopt a zero-trust framework. The push to adopt a zero-trust framework springs from the surge of attacks and the increased vulnerabilities of insecure devices as a result of home working. As well, the respondents cited digital transformation (50%), shadow IT (45%) and employee education, (37%) as the biggest internal IT and security challenges over the next 12 months to three years. Ultimately, the survey highlights the myriad threats the modern cybersecurity industry faces and that a zero-trust framework is essential when building out an effective security program.

Read more

3. UHS hospitals hit by reported country-wide Ryuk ransomware attack by Sergiu Gatlan

Universal Health Services (UHS) - a Fortune 500 hospital and health care provider - was forced to shut down systems at its healthcare facilities around the US when it was hit by a cyberattack last Sunday. The attack on UHS is compounded by its size; between the US and UK it operates over 400 healthcare facilities and provides healthcare to approximately 3.5 million patients a year. While UK affiliates weren't impacted, affected hospitals were forced to redirect ambulances and patients in need of surgery to other hospitals. Reports from employees were that the attack was a ransomware attack and likely the Ryuk ransomware based on the extension in which the files were renamed and other signatures of the Ryuk program. Besides the damage caused by the disruption of medical services, there is also a fear that attackers stole patient and employee data. Considering the recent attack on a hospital in Germany, the trend of ransomware affecting hospital and healthcare centers is extremely worrying.

Read more

4. 'Insensitive' phishing test stirs debate over ethics of security training by Bradley Barth

A simulated phishing email that used the false promise of company bonuses has ignited a debate over the ethics of security awareness training. The email was considered offensive because it offered bonuses as a result of the recent cost-saving measures at the company in question, Tribune Publishing, which included cutting staff and slashing pay. The email attempted to exploit the potential financial desperation that employees were likely feeling from the cuts. There is also frustration that tests like this make people distrust their security and maybe not report mistakes they make in the future. Those who say that the test is appropriate argue that real-life phishing campaigns have no moral boundaries and seek to exploit any potential vulnerability, so a test should do the same. While some tests are definitively over the line, such as an email saying that someone they know has been infected with COVID 19, this a case where a training email was in the grey area. It’s important that the creators of tests debate ethics when they create cybersecurity training.

Read more

5. The Election Threats That Keep US Intelligence Up at Night by Lily Hay Newman 

As the 2020 election heats up, election officials are raising alarms over potential foreign interference in the election. Officials, including FBI Director Christopher Wray, stress that they remain confident in US election infrastructure and that there is no evidence of widespread fraud. However, some officials are very worried about misinformation that questions the legitimacy of the election, including the information coming from the president about election fraud. The warning signs of potential interference have already started showing: Over the course of a few days last week, Facebook announced that it had taken down disinformation campaigns from China, the Philippines, and Russia. The FBI and CISA are urging the American public to critically evaluate the sources of the information they consume and to seek out reliable and verified information from trusted sources, such as state and local election officials.

Read more

Tags: Ransomware, Phishing, Election

Recommended Resources

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Colin Mullins

Colin Mullins is a Social Media Marketing intern at Digital Guardian