A quarter of businesses stop a data breach every day | ITProPortal …

IT managers have to defend their organisations from a data breach at least once a month, according to a new report from data security firm WinMagic.

Out of 250 IT managers asked, 23 per cent said they stop a breach every day. Defining what a breach is, the report says it can be either an attack on the network, or an employee sending or grabbing information from the corporate network without being careful enough.

Out of 1,000 employees, 41 per cent believe IT security is not their concern, but the IT departments’, alone. Slightly more than a third (37 per cent) believe they are part of IT security, as well.

A fifth of IT managers (20 per cent) want to help employees use personal devices for work, while 36 per cent said such access should be given only to approved employees.

Both IT managers and employees agree that it is the employees who are a big risk to security (24 per cent), just before hackers. Employees (17 per cent) said it was ‘somewhat likely’ that they’d open an attachment, even though it came from a stranger.

“Encryption itself can be a complex task open to human error,” says Andreas Jensen, Enterprise Director for EMEA at WinMagic. “IT managers must recognise this and ensure they have the processes and tools in place to facilitate effective encryption across the entire device estate.  Devices change and move as much as the data itself and encryption is not a tick box task.  By using automation and effective tools, businesses can ensure that the last of defence from hackers and human error, is robust and minimizes the chance and impact of a data breach.”

Encryption has become too complex to manage across both enterprise and personal devices, as well as on-premise infrastructure and the cloud, the report says.

Leave a comment on this article

Article source: http://www.itproportal.com/2016/07/26/a-quarter-of-businesses-stop-a-data-breach-every-day/


No Comments

WinMagic survey finds 23% of businesses claim to stop a data breach a day

LONDON, UK – July 26, 2016 – WinMagic Inc., the intelligent key management and data security company, has today released survey data in which IT managers say they thwart an attempted data breach at least once a month. The survey of 250 IT Managers found that a staggering 23% stop a breach every day. A data breach can be the result of an attack on the network, or an employee inadvertently sending or taking information out of the corporate network without adequate care.

The survey also spoke with 1,000 employees, 41% of whom believe IT security is solely the IT department’s responsibility – A further 37% say they have a role to play in IT security too. Even though so many employees seemingly abdicate themselves of responsibility for IT security, a fifth of IT managers want to be able to empower them to use personal devices to access work documents. Interestingly only 36% felt such access should be restricted to approved employees.

WinMagic logo

IT managers also rated employees as the second biggest risk behind hackers to security (24%). Employees also agreed they were a risk with 17% freely admitting they are “somewhat likely” to open an attachment from an unknown sender. It only takes a single action by one employee to lay the crown jewels bare. Unprotected devices are also a big risk; with an ever increasing attack surface from networked devices, the network is at a greater risk than ever before from a combination of internal and external threats.

A breach of data, can be loss as much as theft; The proliferation of mobile personal devices and their use for accessing work documents has not left IT managers feeling comfortable. The last line of defence from internal and external threats is encryption, but it has become complex to manage across enterprise and personal devices, on-premise infrastructure and cloud services – a deeply complicated multifaceted environment. It is not simply a case of managing ‘what’ is encrypted, but also the encryption keys themselves, which must pass seamlessly between different operating systems, hardware and standards, in a way that is frictionless: enabling business and the productivity of employees.

All the firewalls in the world can’t overcome the fact that human error can carve a huge hole to the heart of a business, whether losing a device, or becoming a victim of a phishing or malware attack. Encryption is the last line of defence against human error and the complexity and distributed nature of modern IT systems.

Andreas Jensen, Enterprise Director for EMEA at WinMagic commented, “Encryption itself can be a complex task open to human error. IT managers must recognise this and ensure they have the processes and tools in place to facilitate effective encryption across the entire device estate. Devices change and move as much as the data itself and encryption is not a tick box task. By using automation and effective tools, businesses can ensure that the last of defence from hackers and human error, is robust and minimizes the chance and impact of a data breach.”

- Ends -

About WinMagic, Inc.
WinMagic provides application aware intelligent key management for everything encryption, with robust, manageable and easy-to-use data security solutions. WinMagic’s SecureDoc secures data wherever it is stored, providing enterprise grade data encryption and application aware intelligent key management policies across all operating systems. SecureDoc is trusted by thousands of enterprises and government organisations worldwide to minimise business risks, meet privacy and regulatory compliance requirements, while protecting valuable information assets against unauthorised access.

For more information, please visit www.winmagic.com, call 1-888-879-5879 or e-mail us at [email protected]

WinMagic, and SecureDoc are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2016 WinMagic Inc. All rights reserved.

WinMagic’s 1,000 person employee and 250 person IT manager surveys were undertaken in April 2016 by independent research company OnePoll.

Press Contacts:
Duncan Gurney
Ginger PR Ltd
[email protected]

Mandy Luya
Corporate Communications Manager
WinMagic Inc.
[email protected]

Article source: http://www.realwire.com/releases/WinMagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day


No Comments

O2 denies data breach

UK mobile network operator O2 has confirmed that it has not been the victim of a data breach in response to the BBC’s report that customer details were found on sale on the dark web.

According to the company, some O2 customers have been targeted by cyber criminals using a technique commonly known as “credential stuffing” to log in to accounts.

This refers to the process of obtaining username and password combinations by breaching one organisation and then testing them on other websites to see if they allow access.

This testing is typically automated, which means millions of credentials can be tested across thousands of popular websites in a relatively short time.

O2 said its investigations into unauthorised access of some of its users’ accounts led to a reported data breach from the gaming website XSplit in 2013.

“We have not suffered a data breach,” an O2 spokesperson said.

“Credential stuffing is a challenge for businesses and can result in many company’s customer data being sold on the dark net.”

O2 said it had passed all the information it has on to law enforcement and the company continues to help with the investigations.

“We act immediately if we are given evidence of personal credentials being taken from the internet and used to try and compromise a customer’s account,” the O2 spokesperson said.

“We take fraud and security seriously and if we believe a customer is at risk from fraud we inform them so they can take steps to protect themselves.”

Each time an organisation such as XSplit is breached, any account holders who have used the same log-in details on other sites open those accounts up to compromise too.

For this reason, security experts routinely warn against using the same password to log in to multiple online accounts. Creating unique passwords for every online service means that if one is compromised, none of the others is affected. 

If cyber criminals are able to find a match on other sites, they are able to log in to accounts as if they are the account holders. Consequently they are able to access all the account holder’s details.

Attackers are also able to hijack the accounts for other criminal purposes, such as committing fraud and sending spam email messages as part of a campaign to spread malware through malicious links.

Data stolen from O2 accounts accessed in this way reportedly included phone numbers, emails, passwords and dates of birth.

Simple protection measures ‘overlooked’

Kevin Cunningham, president and founder of identity and access management firm SailPoint, said password management is a critical element of security, but one many consumers and organisations are still struggling to get right.

“Many of the major security breaches that have occurred over the past couple of years have all been related to passwords,” he said.

According to Cunningham, the most obvious and simple measures – such as password managers to ensure strong and unique passwords – are still being overlooked.

“Business users are often simply unaware of the potential dangers, which will only get worse as we continue to adopt applications – both cloud and web applications – across the organisations at the rate we have been over the past couple of years, especially without any control or oversight from IT,” he said.

Two-factor authentication

In June 2016, remote device management firm LogMeIn was among several suppliers that took the precautionary step of resetting some users’ log-in credentials.

It did this after cross-checking the log-in credentials of its user base against lists containing “hundreds of millions” of passwords stolen during past data breaches at LinkedIn, Tumblr and MySpace.

The main catalyst for the checks was the news in May 2016 that 167 million LinkedIn account details stemming from a 2012 breach were for sale on the dark web.

In addition to password managers, security experts have urged the use of two-factor authentication (2FA) processes wherever they are available.

“Passwords are a relic from a bygone age, and they simply don’t provide adequate protection for the volume of information we all store and access online today,” said Brian Spector, chief executive at distributed cryptography firm MIRACL, formerly known as Certivox.

“Passwords do not scale for users, they do not protect the service itself and they are vulnerable to multiple attacks,” he said.

Because it is impossible to know with absolute certainty that a password has not been compromised, security advisors say changing passwords regularly ensures that even if a password has been compromised, the exposure to risk will be minimised.

Article source: http://www.computerweekly.com/news/450301005/O2-denies-data-breach


No Comments

How predictive analytics discovers a data breach before it happens …

Ben Dickson is a software engineer and freelance writer. He writes regularly on business, technology and politics.

How to join the network

Cybersecurity experts and analysts are constantly trying to keep pace with changes and trends in the volatile and ever-shifting landscape of IT security.

Despite sophisticated tools and solutions that are being rolled out by cybersecurity vendors, every IT security officer knows that data breaches eventually happen — it’s not about the if but the when — and they usually go undetected for a long time.

Machine-learning-powered solutions have somewhat remedied the situation by enabling organizations to cut down the time it takes to detect attacks. But we’re still talking about attacks that have already happened.

What if we could stay ahead of threat actors and predict their next attack before they take their first destructive step? It might sound like a crazy idea out of Spielberg’s Minority Report, but thanks to the power of predictive analytics, it might become a reality.

Predictive analytics is the science that is gaining momentum in virtually every industry and is enabling organizations to modernize and reinvent the way they do business by looking into the future and obtaining foresight they lacked previously.

This rising trend is now finding its way into the domain of cybersecurity, helping to determine the probability of attacks against organizations and agencies and set up defenses before cybercriminals reach their perimeters. Already, several cybersecurity vendors are embracing this technology as the core of their security offering. Here’s how predictive analytics is changing the cybersecurity industry.

Moving beyond signatures

The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack. These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats.

While signature-based solutions will continue to remain a prevalent form of protection, they do not suffice to deal with the advanced and increasingly sophisticated cybercriminals who threaten organizations.

“In the past decade or so, the landscape of cyber security threats has changed dramatically,” explains Amir Orad, CEO of analytics company Sisense. “The bad actors have transitioned from ‘script kiddies’ to organized crime and state actors, which direct highly sophisticated attacks against specific targets, for example via APTs — agents that infiltrate your IT systems and surreptitiously trickle minute amounts of data outwards.”

A Verizon Data Breach Investigations Report reveals that more than 50 percent of data breaches remain undiscovered for months. In contrast, thanks to the array of innovative malware, botnets and other advanced data-theft tools at their disposal, attackers only need minutes to gain access to the critical data they seek after they compromise a target.

Moreover, threat signatures are gradually becoming a thing of the past. “The most significant change in the cyberthreat landscape is the rise of point-and-click exploit kits,” says Dr. Anup Ghosh, founder and CEO of cybersecurity firm Invincea. These exploit kits enable attackers to create unique signatures for each attack. “This approach breaks most traditional security systems because the products haven’t seen the attack before in order to detect it,” explains Ghosh, who’s done a stint as cybersecurity expert at the Defense Advanced Research Projects Agency (DARPA).

“Current cybersecurity solutions leave a wide gap in coverage,” says Doug Clare, vice president for cyber security solutions at analytics software company FICO. “It’s like having a burglar alarm that doesn’t go off until after the burglar’s done his work, left the premises and crossed the county line.

FICO’s solution, dubbed Cyber Security Analytics, utilizes self-learning analytics and anomaly detection techniques that monitor activity across multiple network assets and real-time data streams in order to identify threats as they occur without having specific knowledge of the exact signature. These analytics immediately detect anomalies in network traffic and data flows, while also quickly recognizing new “normal” activity, thus minimizing false-positive alerts. FICO also takes advantage of threat intelligence sharing in order to continually enhance its model with insights gained from data contributed by a consortium of users.

Finding the needle in the haystack

Though a very promising trend, predictive analytics has some hefty requirements when applied to cybersecurity use cases. For one thing, the variety and volume of data involved in identifying and predicting security threats are overwhelming. This necessitates the use of analytics solutions that can scale to the huge storage, memory and computation requirements.

“Organizations today work with large volumes of data from multiple disparate sources, which makes it difficult to trace the signals of a cyber-attack as it is happening due to the need to quickly analyze this data and perform advanced calculations on it in near real-time,” says Sisense’s Orad.

“The challenges are the same, yet amplified, as those encountered when applying analytics in general,” says Lucas McLane (CISSP), Director of Security Technology at machine learning startup SparkCognition. “This is because predictive analytic processing requires a lot more computing resources (i.e. CPU, memory, disk I/O throughput, etc.). This is especially true when the algorithms are operating on large-scale data sets. Predictive analytics engines need to be paired with computing resources that are designed to scale with the volume of data targeted for analysis.”

Further complicating the situation, Orad explains, is “the fact that the cyber-attack’s signal is often very weak and obstructed by a lot of organizational noise, i.e. there will only be a very slight change in patterns recognizable.” This is in turn means that using the wrong algorithms can easily create a lot of false positives, Orad warns.

That is why cybersecurity companies are teaming up with analytics firms, such as Orad’s own startup. Sisense provides a set of proprietary tools and features that enables cybersecurity companies to quickly analyze huge sets of scattered data. They leverage the platform to identify suspicious patterns, then they can open a Sisense dashboard that lets them query terabyte-scale datasets, investigate a potential attack and drill into the data to see whether further security measures are necessary.

Forging alliances across industries certainly has its benefits. As Orad explains, advanced analytics platforms such as Sisense enable cybersecurity firms to obtain “an end-to-end solution for modeling, analyzing and visualizing data, without investing vast resources into building a data warehouse as traditional tools would necessitate.”

Predictive analytics and machine learning

“Predictive analytics in security provide a forecast for potential attacks — but no guarantees,” says McLane from SparkCognition. That’s why he believes it has to be coupled with the right machine learning solution in order to be able to harness its full potential.

SparkCognition’s platform, SparkSecure, uses “cognitive pipelining,” a technique that involves the combination of machine-learning-based predictive analytics with the company’s own patented and proprietary static and dynamic natural language processing engine, called DeepNLP.

According to McLane, cognitive pipelining automates the tedious research steps that descriptive and predictive analytics require, which results in “an acceleration of the analyst’s ability to discover the real malicious traffic from the anomalous outliers and forecasting provided by ML.”

The use of predictive analytics coupled with machine learning and natural language processing allows for cybersecurity to move beyond the cumbersome strategy of maintaining black-lists.
“Signature-free security allows us to detect, with high confidence, new threats that have never been seen before,” says McLane.

Predictive analytics is not panacea

Not everyone believes that predictive analytics is the ultimate solution to deal with advanced threats. Arijit Sengupta, CEO of business analysis company BeyondCore, suggests that we look at the problem from a different perspective.

According to Sengupta, cybersecurity challenges stem from two factors. Firstly, the value and volume of online assets are exploding at and exponential rate. Secondly, hackers are increasingly growing in sophistication due to their easy and inexpensive access to large compute resources through cloud computing.

While predictive analytics can help deal with today’s challenges, as both data and computing resources continue to expand, we’ll be facing a problem, Sengupta believes. “If the surface area of your data is growing exponentially and the resources accessible to your attacker is growing, then even predictive analytics is no longer good enough because you simply don’t have the resources to react,” he says.

The correct approach, Sengupta believes, is to “rethink why and how we store valuable data in the first place.”

We also have to consider that the tools and tactics of our adversaries will evolve and change in parallel with ours, warns Olivier Tavakoli, CTO of cybersecurity startup Vectra Networks. “After several years spent trying to perfect predictive analytics, attackers will counter with feints and pattern randomization,” he predicts.

The future of predictive analytics

Nonetheless, with big data and machine learning starting to take a decisive role in every industry, it is only fair to estimate that predictive analytics will have a pivotal role in shaping the future of cybersecurity.

“In the near future, and even today, there will be no cyber security without predictive analytics,” says Orad from Sisense. “Threats have become so sophisticated, and they evolve and change so rapidly, that the only way to identify them on time is via advanced statistical analysis of big data.”

Invincea’s Ghosh believes it is inevitable the security industry will need to re-tool to address an ever-changing threat. “We are making our bet on artificial intelligence is the solution to predict our adversaries’ next moves,” he says.


Article source: https://techcrunch.com/2016/07/25/how-predictive-analytics-discovers-a-data-breach-before-it-happens/


No Comments

The hidden costs of a data breach – Journal of Accountancy

Much of the business discussion around cybersecurity relates to protection of key assets such as customer information and intellectual property, often after the news that another company has suffered a large data breach. While strengthening defenses against cyberattackers is important, companies also must be prepared to handle the reputational and financial hits that a cyber incident can produce for years down the road.

Cybersecurity has the attention of CFOs and other decision-makers. And for good reason: The average cost of a data breach has risen 29% since 2013, to about $4 million per incident, according to an annual report from IBM and Ponemon Institute. And a 2015 survey of U.S. finance decision-makers shows that organizations are increasing spending on cybersecurity.

A new report by Deloitte addresses issues that go beyond data protection, pointing out the hidden costs that go along with responding once a cyberattack has occurred.

“The conversation has been a technical one to date. It’s focused on the vulnerabilities, and the threats and the adversaries out there,” said Emily Mossburg, principal in Deloitte Touche LLP’s cyber-risk practice and a report author. “Much of what is talked about is the number of records that were compromised: Social Security numbers and financial account information. That’s important, but that was sort of where the conversation was ending.”

Cyber readiness, the Deloitte report said, is not just about what happens after an attack. In other words, it is far more involved than following through on a six-week or six-month incident response plan with technology upgrades and planned communication with customers and other stakeholders.

The report lists 14 impact factors of a cyberattack, including seven classified as “beneath the surface” and having less visible costs:

Insurance premium increases: A company might need to buy or renew its cybersecurity insurance after a cyber incident. But that doesn’t mean it’s renewing or buying for the same cost as its previous policies. Deloitte said it was not uncommon for companies to face premium increases of 200% for the same coverage, or to be denied coverage until demonstrating to the insurer that is had strengthened cyber defenses. Insurers could cite any number of issues with a company in the aftermath of a data breach, Mossburg said, citing weak access controls, an insufficient incident response plan, or insufficient monitoring as among the possible factors. Basically, insurers are in position to tell a company what it needs to fix before coverage will be continued.

Increased cost to raise debt: Perception becomes reality when an organization has suffered a cyberattack. A company’s credit rating can be lowered in the aftermath of a data breach, and that can affect a company’s ability to raise debt or renegotiate its existing debt, Deloitte said. The corporate credit rating of U.S. retailer Target was downgraded from “A+” to “A” in March 2014 by ratings agency Standard Poor’s months after a cyberattack. While Standard Poor’s has kept a stable outlook for the company and says it believes the data security issues are largely behind Target, it has not bumped Target’s credit rating back to “A+.” Deloitte’s analysis said that credit ratings agencies typically downgrade by one level companies that have experienced a cyber incident.

Impact of operational disruption or destruction: Any disruption of normal business operations will have financial repercussions. Resources from one part of a company could be diverted to other parts in the wake of a data breach. If a company’s e-commerce site has to be shut down temporarily, for example, the company will lose out on current and potentially future business when customers go to a competitor.

Lost value of customer relationships: If those customers like what they see from the competitor, they might not return to the business that suffered a breach. Deloitte’s hypothetical analysis showed that customer attrition rate increases 30% in the wake of a cyber incident and doesn’t return to normal until three years later. In the case of Target, SP said in March 2014: “We expect the data breach to have a somewhat lingering effect on customer traffic at least through the first half of fiscal 2014.”

Value of lost contract revenue: Similar to the effect on a company’s ability to raise debt, contract negotiation with other entities is more difficult after a data breach. And that’s in addition to contracts that might be terminated as a direct result of a cyberattack. A company may have built cost increases for services into its financial models, Mossburg said, so those models must be recalculated in the event of a data breach. The IBM and Ponemon Institute report said the “biggest financial consequence to organizations that experienced a data breach is lost business.”

Devaluation of trade name: If a company’s business is offering services to other companies, the company on the receiving end of the services is less likely to seek additional services from a company that has suffered a data breach. And a company such as a retailer obviously must rebuild brand loyalty after a data breach. “Now that this has happened, that relationship has been damaged, and companies have to start over in that investment process,” Mossburg said.

Loss of intellectual property: This can be the most crippling effect for a company that suffers a data breach. The effects could be long-lasting or potentially fatal to the company’s survival, depending on what type of intellectual property is lost. “If you lose plans, if you lose designs, or lose [research and development] that you’ve been working on for months or years, and that then is brought to market by another organization faster and cheaper than you can do it, that impact can be reverberating for decades,” Mossburg said.

Neil Amato ([email protected]) is a JofA senior editor.

Article source: http://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html


No Comments

Top firm warns Australian firms on lack of data breach program

Australian companies need to craft and implement data breach programs and they need to do it now lest they face increased risk of aggressive litigation, Jones Day warned.

The warning comes as Australia is likely to require compulsory data breach reporting requirements this year.

“Based on our experience in other jurisdictions that have introduced mandatory data breach notification, such as the U.S. and the EU, companies that are not adequately prepared are at greater risk of being sued by their corporate customers (for breach of privacy obligations embedded in their customer contracts) and by consumer customers,” said Adam Salter, partner in Jones Day’s Cybersecurity, Privacy and Data Protection practice.

Noting that the bill for data breach requirements currently before the Parliament has bi-partisan support, Salter said that businesses should be taking action now to ensure they are ready to comply with the law once it takes effect.

In the 2016 Cost of Data Breach Study: Australia by the Ponemon Institute, it was found that the average total cost of a data breach is $2.64 million while the average cost per lost or stolen record is $142.

Though it was found in the study sponsored by IBM that the average total cost of data breach decreased 6.6 percent and the per capita cost decreased 1.4 percent, the financial impact is still very substantial.

In the 2016 Cost of Data Breach Study: Global Analysis, it was revealed that the average total cost of a breach is $4 million, an increase of 29 percent since 2013. The per capita cost is $158, an increase of 15 percent since 2013.
These costs are likely to increase if companies face more aggressive litigation if they neglect to comply with new requirements such as mandatory disclosure of a breach, hence the warning from Jones Day.

Alastair MacGibbon, Australia’s first Special Adviser to the Prime Minister on Cybersecurity, agreed with the global law firm’s advice.

“The Australian government recognizes that we must lead by example when it comes to detecting, deterring, and responding to cyber threats and risks. But we cannot do this in isolation. It is absolutely critical we partner with and have the support of businesses to drive and implement the initiatives we outlined in our Cyber Security Strategy,” MacGibbon said.

“Strong cyber defenses have much wider-ranging implications than most people realize—it has huge benefits to our economy, improves social opportunities of connecting online, and boosts our national prosperity,” he added.
Meanwhile, while data breach disclosure benefits potentially affected people from harm, it can also negatively impact companies, Mauricio Paez, a New York-based partner in Jones Day’s Cybersecurity, Privacy Data Protection practice, noted.

“Breach notification also means that cyber breaches could now be very public events that can result in private litigation and reputation and brand harm, and lead to governmental investigations, thereby increasing the legal risks to the reporting business,” Paez said.

The key steps for Australian businesses to be prepared are to regularly review and strengthen their IT and data security systems, policies, and procedures and prepare for how they would report a potential data breach to authorities and customers, Salter said.  

“In particular, businesses should review (or, if not already in place, develop) risk management and compliance policies and procedures to both prevent data breaches and deal with them, in the unfortunate but increasingly likely event that they occur,” Salter explained.


Article source: http://www.australasianlawyer.com.au/news/top-firm-warns-australian-firms-on-lack-of-data-breach-program-220274.aspx


No Comments

Data Breach Exposes 1.6 Million Accounts from Clash of Kings …

The official forum of Clash of Kings, the popular mobile game, was breached, and the hacker stole nearly 1.6 million accounts. The stolen data included usernames, email addresses, IP addresses, device identifiers, Facebook data and tokens. Fortunately, user passwords were protected, as they were hashed and salted.

On July 14, the attacker exploited a weakness in the forum’s security software to steal the information. The company was using a 2013 version of vBulletin, which is vulnerable to a number of well-documented security flaws.

After stealing the information, the hacker notified LeakedSource, a website which allows users to search for their login credentials to see if they’ve been hacked. A LeakedSource member told ZDNet that the hacker was looking for websites running out-of-date forum software, and Clash of Kings was the largest site listed.

“At this point, any unpatched vBulletin 4 forum with over 100,000 users is probably hacked,” the LeakedSource member told ZDNet.

Clash of Kings is one of the most popular mobile games on the market. There have been over 100 million installs on Android devices alone.

Article source: http://www.lowcards.com/data-breach-exposes-1-6-million-accounts-from-clash-of-kings-forum-43802


No Comments

Illinois voters at risk in recent data breach | SiliconANGLE

Illinois voters took the time to make their voices heard, and in return, they received a data breach. The online voter registration portal has recently suffered from a hack, and as a result, voter registrants are at risk of having their personal information stolen.

According to BatBlue, the Illinois State Board of Elections discovered a breach on July 12, which may have compromised the data for multitudes of voters. The full extent is not yet known, but it could have compromised information such as names, addresses, birth dates, driver’s license numbers, and the last four digits of Social Security numbers.

While that’s not as bad as one’s full Social Security number, those four digits alone can be used to do no small amount of damage. However, Illinois News Network notes, as voters registering would use either their driver’s license numbers or Social Security numbers, those who had one stolen would not have put the other at risk.

Fortunately, the breach did not include the voters’ digitized signatures or voting histories. The Chicago Sun Times notes that the voter system was shut off as soon as the breach was found, and the board assures voters that no information was altered.

All it took was a small opening, a minor weakness in one data field in the online registration system, and the hacker could get in. However, this should not discourage anyone from voting, as elections loom in the near future. We have a right to our vote and voice, and data breaches and hacks do not take that away.

Photo by Andrew Dupont
  • About
  • Latest Posts

Robert Pleasant

Robert Pleasant is a writer and unabashed nerd, contributing news coverage and editorial articles to SiliconANGLE. His experience includes writing articles for websites such as UCStrategies, G33k-HQ, and Green Tea Graffiti, covering a range of subjects in technology, gaming, and entertainment. Robert, known to his friends as Robbie, earned his degree in Creative Writing from University of California, Santa Cruz, before getting into the tech news field, and in addition to the writing he does for SiliconANGLE, enjoys creating original comedic stories in his downtime.


Join our mailing list to receive the latest news and updates from our team.


Join our mailing list to receive the latest news and updates from our team.

Submit a Comment Cancel reply

Article source: http://siliconangle.com/blog/2016/07/25/illinois-voters-at-risk-in-recent-data-breach/


No Comments

11 Real Costs Of A Corporate Data Breach | Twice

Security breaches cost a lot of money. In the U.S., the average data breach costs $5.4 million. The average cost, globally, of a compromised record rose 9 percent in 2014 to $145; costs in the U.S. rose to $201 per record. The 2014 Target breach was estimated at a gross cost of $162 million, with a net cost of $105 million after reduction for insurance payments and tax deductions.

It was originally reported that the Anthem breach of 80 million patient records would cost over $100 million just to notify the victims and provide free identity-theft and credit monitoring. Altogether, the Anthem breach is estimated to have cost $31 billion, more than the federal government has spent to incentivize digital medical records since 2009.

For all the quantifiable costs, there is also a range of hard-to-measure costs like brand reputation, consumer loyalty, board and stakeholder relations, distraction from normal business activities, regulatory fines and potential class action lawsuits.

When a data breach happens there are 11 cost areas to consider:

1. In-house investigations: The immediate response to a breach requires the diversion of internal information technology resources to investigate the breach, take immediate damage control actions, and secure short-term security for all assets.

2. Forensic experts: An independent forensics team is usually engaged to investigate and determine how the system was breached, who was responsible internally or externally or both, what data was affected, and whether data was stolen and/or deleted and/or altered.

3. Vulnerability controls: Once vulnerabilities have been identified, the controls and safeguards that should have been in place to prevent the breach must be implemented.

4. Hotline support and notification: In order to avoid overly diverting resources from ongoing customer relations, companies typically outsource hotline support, development of incident response media, and first-class mail notifications to comply with federal regulations.

5. Free credit-monitoring subscriptions: This goodwill gesture may appease some customers, but others may still join class-action lawsuits.

6. Discounts for future product and services: Additional goodwill gestures to reinforce customer loyalty may include discounts on future products or services, gift cards and value-added services.

7. Customer churn and diminished acquisition: It can be difficult to quantify the number of customers lost to a data breach, but it is a logical consequence of tarnished brand trust.

8. Leadership turnover: Data breaches have resulted in the exit of senior executives as brands make public statements of accountability.

9. Regulatory fines: Fines and penalties vary by industry and by whether oversight is through the Federal Communications Commission (FCC), Federal Trade Commission (FTC), or Health and Human Services (HHS).

10. Class-action lawsuits: While most class-action lawsuits typically fail due to the difficulty of proving injury — especially future injury — companies can be forced to settle the suits at substantial costs.

11. Insurance premiums: Cyber liability insurance includes first-party and third-party coverage. First-party coverage applies to the breached company and the direct expenses it incurs — notifying clients, client credit monitoring, public relations, loss of business income and extortion. Third-party coverage applies to any lawsuits, penalties and settlements that arise from the breach.

Despite the massive costs of a data breach, some economists wonder if breaches cost enough to incentivize deeper investment in security. When Target’s publicly available breach-related costs were reported to its stockholders, they only amounted to 0.1 percent of its gross sales for 2014 and so no related loss of store revenue was reported.

Many firms have no internal consensus around appropriate security investments; however, three camps of opinion are apparent:

1. The Minimally Compliant Camp: Companies with security standards focused on minimal regulatory compliance cite overspending on security as irresponsible business practice. As regulation often lags advances in hackers’ strategies and security technology, this approach is primarily reactive to security breaches.

2. The Reasonably Secure Camp: With consideration for regulatory compliance and the current state of security threats, this moderate approach takes a responsive posture as it seeks to balance best practices with costs. Companies document critical discussion of their judgments about what is reasonable, what is probable, and the value/liability of different types of data. Their goal is to develop a comprehensive, intensely pragmatic, security strategy.

3. The Building-In Security Camp: The forward-thinking security community takes a predictive approach. It perceives compliance as a low-bar standard and current security threats as indicative of trends to anticipate. Drawing on the maturity model first used to improve quality assurance in the automotive industry, the Building Security in Maturity Model (BSIMM) community values defense-in-depth security initiatives built on the practices of industry-leading companies.

The BSIMM community understands security as an emergent property of the entire company system that is continuously monitored for progress on 112 activities. Seventy-eight companies are currently enrolled in the BSIMM. As they continually monitor their progress on 12 key practices, they can compare themselves not only to their own benchmarks but also to the progress of all the companies in the community. Rather than base security initiatives on hypothetical speculation about what they should be doing, these companies focus on the success of practices in which companies are actually engaged. Using a long-term, big picture, highly data-driven view, the companies strive to build in the best security protocols at every stage of software development and utilization. The BSIMM is a model for collaboration among companies across a range of industries, including financial services, telecommunications, technology firms, healthcare, retail, energy, Cloud and security services. 

Brad Russell is research analyst at market research firm Parks Associates.


Article source: http://www.twice.com/blog/executive-insight/11-real-costs-corporate-data-breach/62272


No Comments

Defining ransomware and data breach disclosure | CSO Online

Earlier this year, Hollywood Presbyterian Medical Center paid a $17,000 ransom in Bitcoin to unlock the hacker-imposed encryption on its data. A recent federal interagency report announced that since Jan. 1, 2016, there have already been over 4,000 reported ransomware incidents per day, more than three times the 1,000 such daily attacks that occurred throughout all of 2015.

What are the effects of ransomware that have caused its recent rise to fame?

First, it must be established what happens during a ransomware incident. A miscreant hacker gets through whatever protective physical and/or digital barriers are in place to keep unauthorized persons from reaching specific business critical data. The purpose of this attack is not so the hacker can obtain a copy of the critical data. Instead, the perpetrator encrypts the victim’s data to make it unusable by the authorized possessor. The hacker can then extort money from the victim in order to decrypt the data and return it to its usable format.

Second, this significant increase of such attacks has recently caused the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services, the federal agency responsible for investigating HIPAA breaches, to recently issue a guidance analyzing whether a ransomware incident constitutes a reportable health care breach under federal law.

Is ransomware a HIPAA breach of electronic Protected Health Information (ePHI)?

Title 45 of the Code of Federal Regulations contains the relevant HIPAA provisions. Section 164.402 of Title 45 provides the definition of the term breach as it pertains to ePHI: “Breach means the acquisition, access, use, or disclosure of protected health information…which compromises the security or privacy of the protected health information.” So the question becomes “does a ransomware attack cause the “acquisition, access, use or disclosure” of ePHI?”

No court decision has yet to address this issue, but expert commentators have taken either side of the argument.

Some believe that a ransomware attack is a HIPAA violation, because the systems being accessed are no longer under the control of the healthcare provider. There are others, however, that posit that ransomware would not result in a reportable breach since ransomware doesn’t actually provide the hacker access to ePHI. Of course, whatever side you take on the HIPAA violation/no violation argument, one important fact cannot be ignored: The victim of the attack is unable to use the encrypted data.

What is OCR’s view?

The recent guidance issued by OCR does definitely state that the “HIPAA Security Rule requires implementation of security measures that can prevent the introduction of malware, including ransomware” and also requires that covered entities and business associates “implement policies and procedures that can assist…in responding to and recovering from a ransomware attack.”

The guidance further acknowledges that the presence of ransomware does constitute a “security incident” pursuant to 45 C.F.R. § 164.304, which requires the initiations of “security incident and response and reporting procedures,” per 45 C.F.R. § 164.308(a)(6). The guidance advises that upon discovery of a ransomware attack, the health care entity should immediately implement its incident response plan which should include, at a minimum, “measures to isolate the affected computer systems in order to halt the propagation of the attack.” The entity should also consider reporting the incident to the appropriate FBI or U.S. Secret Service Field Office so that necessary federal, state and local law enforcement agencies are appropriately deployed to “pursue cyber criminals globally and assist victims of cybercrime.”

What other response factors should be considered?

To date, no court or regulatory judge has ruled that a ransomware incident constitutes a reportable HIPAA breach. If an affected entity has a backup copy of its data that has been encrypted by ransomware, it is possible this copy could be used to regenerate that entity’s operational systems. The backup copy should be reviewed first by competent professionals to ensure that it does not also contain the ransomware or other malicious malware.

This article is published as part of the IDG Contributor Network. Want to Join?

Article source: http://www.csoonline.com/article/3096758/application-security/defining-ransomware-and-data-breach-disclosure.html


No Comments