A recap of security news from the past week includes a Facebook privacy controversy and arrests in the hack of AT&T last year. – Malware threats, Facebook privacy and criminal charges all made their way
into various security stories in the past week.
The week started out with another battle tied to privacy and security on
Facebook, this time stemming from the social network’s decision to allow
applications to access user…
Its no longer enough to protect the network from just external hackers because there are plenty of insiders who have too much access to data, according to a security expert. – Two recent incidents at a hospital and a radiology lab
highlight the importance of securing medical data from both internal and
external threats.
Three employees and a contracted nurse at Tucsons
University Medical Center were fired for accessing confidential patient
records, according to the …
The Identity Theft Resource Center said 662 data breaches reported in 2010 is not the actual number and that mandatory reporting is required for consumers to protect themselves. – There
were 662 reported data breaches in 2010, of which most involved thefts of
Social Security data, according to a report from the Identity
Theft Resource Center.
The
actual number is considerably higher because current regulations in the United
States don’t require all data breaches to be…
News Analysis: Real security depends on a belief that somebody, somewhere, will get into your network. The real question is, what do you do about it? – When Deborah Plunkett, the head of the National Security Agency’s Information Assurance
Directorate, said at a security conference that systems must be built with the
assumption that adversaries
will get in, her statement wasn’t exactly a revelation. True security is
multilayered, and it’s desig…
A report by the Ponemon Institute and ID Experts finds hospitals suffering from breaches in the rush to adopt electronic health records. – As hospitals look to cash in on government incentives for meaningful use of electronic health records starting in 2011, they’re leaving themselves vulnerable to $6 billion lost a year to data breaches industrywide, according to a benchmark study by the Ponemon Institute privacy and data-management r…
An analysis of PCI DSS audits by Verizon revealed PCI-compliant businesses are less likely to experience data breaches than those that aren’t. – Compliance regulations may not be a perfect gauge for security, but a
new report from Verizon Business underscores how important they can be.
In the quot;Verizon
Payment Card Industry Compliance Report [PDF], quot; the company
analyzes compliance with the Payment Card Industry Data Security S…
Security pros talk about the challenges higher education faces when it comes to protecting user data. – Reports surfaced this week that the University of Virginia fell victim to a cyber-attack that stole nearly $1 million. Unfortunately for administrators at colleges and universities, their institutions are just as vulnerable to data breach woes as enterprises.
According to reports, attackers used ma…
Security pros are talking about the challenges educational institutions face when it comes to protecting user data. – The University of Virginia reportedly fell victim to a cyber-attack the week
of Aug. 23 that resulted in the theft of nearly $1 million. Unfortunately for
administrators at colleges and universities, their institutions are just as
vulnerable to data breaches as enterprises.
According to KrebsOnS…
Of the 385 organizations hit with data breaches so far this year, 113 were in health care, according to the Identity Theft Resource Center’s report for July 28. Just 39 breaches have been reported in banking and finance according to the ITRC. Experts cite a lack of compliance and improper data access by insiders as culprits. – A total of 113 health care facilities have been hit with data breaches in
2010, compared with only 39 banking/finance firms, according to a July 28
report by the Identity Theft
Resource Center.
Hospitals are vulnerable to insider data breaches with the multitude of
doctors, nurses, lab technici…
An exhaustive data breach report from Verizon, in collaboration with the U.S. Secret Service, finds while data breaches are declining, businesses of all sizes remain at risk, and many breaches could be easily avoided. – Breaches of electronic records last year involved more insider threats,
greater use of social engineering and the continued strong involvement of
organized criminal groups, according to communication giant Verizon’s 2010 Data
Breach Investigations Report, in collaboration with the U.S. Secret Ser…
This has been a busy year for both hackers and computer forensic specialists. Whether it was the 4 million usernames and e-mail addresses swiped in a hack of The Pirate Bay or AT&T’s Website hack that exposed the e-mail addresses of iPad 3G owners, the first six months of 2010 are a reminder of the realities of today’s IT security landscape. With this backdrop, security professionals will meet the week of July 26 at the Black Hat security conference in Las Vegas to discuss the latest threats and what can be done about them. While each of the most serious hacks and malicious breaches are different, many have a key similarity – insecure code. Others highlight the dangers of phishing and criminals exploiting potential gaps in physical security. Here are some of the more notable data breaches, hacks and exposures that made the news so far this year. – …
Ponemon Institute’s latest report on data breaches shows putting the CISO in charge of the detection and notification process can makes a difference in your bottom line.
– When data breaches occur, strong leadership from the chief
information security officer can make a difference in the damage
done to your corporate budget, according to new research from the
Ponemon Institute.
In its latest look at data breaches the institute found that in the
five countries s…
Symantec’s latest Global Internet Security Report reveals that while the largest percentage of data breaches were caused by the physical theft or loss of a device with corporate information, hacking was the greatest cause of data records being exposed in 2009.
– That credit card number swiped in a data breach may go for as
little as 85 cents in the cyber-underground, according to Symantecs
latest Global Internet Security Report.
The massive, 97-page document details the companys review of the
threat landscape in 2009. While there was a significant drop…
Data breaches carried out by malicious insiders may be uncommon, but the damage they wreak can be catastrophic if detected too late. Enterprises need to take an active approach to dealing with the problem, which means understanding who the malicious insiders are, what drives them and how that should influence security policy.
– As intriguing as the idea of a mysterious cyber-criminal hacking his way
into a corporate network sounds, the majority of data breaches are the work of
insiders.
An employee copies data to a USB device
and leaves it in a cab; a contractor misplaces a CD with customer
information these are commo…
Malware has caused the industry to rethink its security best practices, introducing tools such as transaction verification to guard against real-time, man-in-the-middle attacks. Out-of-band authentication mechanisms are growing rapidly in popularity. While it is certain that malware will continue to evolve, Knowledge Center contributor Steve Dispensa offers four simple steps you can take to significantly reduce your malware-induced security breach exposure.
– Malware represents one of the biggest, most rapidly changing challenges facing corporate security today. The threat landscape is always evolving and last year was no different. Google reported a doubling of malware sites, and there were troubling reports last summer of a new kind of active, man-in-t…
The Federal Trade Commission has warned approximately 100 organizations that their private customer and employee data is being shared on peer-to-peer networks. Businesses need to review and change their security policies to protect such information, the FTC says.
– quot;The Federal Trade Commission has notified almost 100
organizations that personal information, including sensitive data about customers
and/or employees, has been shared quot; from their computers
via peer-to-peer networks, the FTC said in a release Feb. 22.
quot;In the notification
let…
An analysis of data breaches by Trustwave found just 9 percent were uncovered internally by the companies that were breached. The report mirrors other studies and underscores the importance of having visibility into your IT environment as well as being able to correlate disparate events on a network.
– You might expect an
enterprise to be the first to notice its records had been breached. But as a
report from Trustwave illustrates, that is rarely the case.
According to a study
of more than 200 data breaches that occurred in 2009, Trustwave found that just
9 percent were uncovered by the organ…
Acting too quickly after a data breach can cost companies even more money, the Ponemon Institute reports.
– Data breaches are not getting any cheaper to deal with, and companies that
jump the gun on notifications can end up paying the most.
In its fifth
annual study on data breaches, the Ponemon Institute discovered that about
36 percent of participants notified
their breach victims within one month,…
One of the most common ways of preventing insider security breaches is to have an auditing system in place, which monitors who is doing what within the system. Another method of preventing insider security breaches is to implement a system of job rotation or separation of duties. But Multi-Party Authorization is a better method for proactively preventing insider security breaches because, as Knowledge Center contributor Craig Palmore explains here, Multi-Party Authorization requires two or more people in order to allow access to certain sensitive files.
– XYZ
Corporation’s trusted employee, Harry, scanned his computer screen,
whistling through his teeth. quot;Nearly there now, quot; he thought. quot;Just a
few more clicks and I’ll get what I need to know. They’re going to pay
me for what I find out. quot; Harry’s fingers flew over the keyboard,…
Facebook, Twitter, MySpace, blogs and other Web 2.0 technologies have created new opportunities for individuals, enterprises and governments. But where law-abiding users go, cyber-criminals quickly follow. It’s critical for users to be wary of increasingly sophisticated online threats from the recently discovered Botnet platform to cyber-criminals who infiltrate networks to steal data and identities. Here, Knowledge Center contributor Yuval Ben-Itzhak explains how users can protect their systems from cyber-criminals, phishing, botnets, viruses, Trojans and other malware.
– In today’s Web 2.0 world, information sharing, online shopping and remote working are just a few examples of the many benefits the Internet and Web 2.0 technologies offer us. Blogs and social networks such as Facebook, Twitter and MySpace are becoming increasingly popular, with individual users and …
