Cybersecurity News. PHOTO: Cybercrime Magazine.

Cybercrime Bytes: Healthcare Held Hostage, Passwords Are For The 1960s, CI$O Pay Rises

Weekly news that keeps you on the cutting edge of cybersecurity

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Apr. 13, 2020

This week’s rundown is sponsored by SmartBrief on Cybersecurity, your top resource for daily cybersecurity updates, delivered straight to your inbox.

 Ransomware attacks on healthcare organizations were predicted to quadruple between 2017 and 2020, and to grow to 5X by 2021, according to a report from Cybersecurity Ventures. 91 percent of cyberattacks (on all types of organizations) begin with spear-phishing email, which are commonly used to infect hospitals and healthcare providers with ransomware. Cybercrime Magazine

 Passwords were invented in the 1960s and were never intended to protect bank accounts, healthcare records, emails or a long list of other commandeered usages. They were invented for computer timeshare, and worked effectively enough for that use case at the time. Now compromised credentials are responsible for over 80 percent of all breaches, according to the latest Verizon Breach Investigations Report. ThePrint

CISO salaries at Fortune 500 companies range from $380,000 to $420,000 in the largest U.S. cities, and climb into the $1 million plus range for some of the top security leaders in our country. An executive headhunter shares insights and trends on compensation for the security head honcho role. Cybercrime Radio

 IT workers with security certifications tend to have significantly higher average salaries — around 15 percent more — than those without them, according to a global IT skills and salary study conducted by Global Knowledge. Which cybersecurity certifications are the most valuable? While some certifications pay more than others, the differences are negligible between some of them — and they’re all valuable. Cybercrime Magazine

A shortage of cybersecurity professionals willl create a staggering 3.5 million unfilled jobs by 2021, according to Cybersecurity Ventures. With such massive gaps between the demand and supply of skilled professionals, the cybersecurity industry is hanging by a thread, vulnerable to exploits and data breaches that may take a toll on their entire organization. HackerNoon

In 2020, a key cybersecurity concern is Advanced Persistent Threat (APT) groups, which are defined by Resilience360 as “highly sophisticated, long-lasting incursions into corporate IT systems.” Manufacturing industries are particularly at risk, with recent incidents affecting automakers and pharmaceutical companies. To address this threat, supply chain leaders must adopt a holistic approach to their supply chain’s cybersecurity. Thomas Insights

— According to the Dell Technologies Global Data Protection Index 2020 Snapshot, EMEA organizations are managing more than 16 petabytes of data on average, a whopping 975 percent increase since 2016 — and they struggle to find adequate data protection solutions for emerging technologies like 5G and edge infrastructure as well as AI and ML platforms. ITWeb

Cybercrime Radio: Spear Phishing Attack Steals More Than $500,000

Long Island woman tells her heartbreaking story of real estate wire fraud

For media organizations, being hit with a ransomware attack could mean complete loss of access to content, crippling the company entirely. The FBI has deemed ransomware the fastest-growing malware threat, with attacks increasing 97 percent over the past two years and a new organization falling victim every 14 seconds, according to Cybersecurity Ventures. Sports Video Group

Cybercriminals are taking advantage of the Coronavirus pandemic by creating new ways to scam people based on fear tactics. As a result of this, and the massive number of employees who have been sent home to work, Cybersecurity Ventures says that cybercrime damage costs may double due to the COVID-19 outbreak. PrivSec Report

Cybersecurity companies look to podcasts to keep their marketing going in light of canceled sales presentations and live events due to the Coronavius pandemic. Podcasts offer a far better ROI compared with webinars. Podcasts aren’t one-time events. So they have a much greater margin of marketing error compared to webinars. A podcast can be promoted over and over again. And the very nature of podcasts lends themselves to a much longer shelf life. Cybercrime Magazine

MSSPs will frequently provide security awareness training as a part of its suite of services, a market that is expected to reach $10 billion by 2027, according to Cybersecurity Ventures, a leading researcher and publisher. Examples of some of the larger MSSPs include SecureWorks, Verizon and AT&T. Many emerging and rapidly growing companies also provide managed security services. SecuritySales & Integration

—  The results from a KnowBe4 report found that phishing email attacks related to COVID-19 were up 600 percent in Q1 2020. Covering the entire first quarter, simulated phishing tests with an urgent message to check passwords immediately was most popular at 45 percent. Following this was a Coronavirus-related message as the second most popular at 10 percent. Social media messages are another area of concern when it comes to phishing. PR Newswire

The 2020 edition of the Directory Of U.S. State And Local Cybercrime Law Enforcement is out. The directory provides resources for U.S. citizens and businesses to report a cyberattack, data breach, or hack to the authorities in their home states, as well as the FBI and federal agencies. Cybercrime Magazine

Penn State is accepting applications for the bachelor of science in cybersecurity analytics and operations for admission in the fall 2020 semester, which starts in August. The degree program is being offered online through Penn State World Campus. The core courses will be taught online by the faculty from Penn State’s College of Information Sciences and Technology. Penn State News

The cybersecurity worker shortage is at record levels and is expected to persist through the end of next year. A new bundle of eight courses helps people break into this lucrative niche, with practical training and prep for two CompTIA certification exams. If you’re stuck at home with time on your hands, this courseware is worth looking into. XDA Developers

More next week.

Cybercrime Bytes Archives

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by SmartBrief on Cybersecurity

This week’s rundown is sponsored by SmartBrief on Cybersecurity, your top resource for daily cybersecurity updates, delivered straight to your inbox.

SmartBrief on Cybersecurity provides:

  • Summaries of what matters to you, written by expert editors to save you time and keep you informed and prepared
  • A daily snapshot of the latest advancements in cybersecurity with news from Politico, New York Times,, Inside Cybersecurity and other leading sources.

Sign up for SmartBrief on Cybersecurity.