FBI Alleges Former PPG Employee Gave Trade Secrets to Chinese Firm
Associated Press (05/08/15)
Thomas Rukavina, a retired PPG Industries Inc. employee, stole trade secrets worth “hundreds of millions of dollars” for plastic windows used on aircraft and high-speed trains and shared some of the information with a Chinese firm, the Federal Bureau of Investigation said. Rukavina retired from coatings-and-paint manufacturer PPG in July 2012 and had been in contact with J.T.M.G. Co. of Jiangsu, China since March 2013, according to emails in the criminal complaint. The Chinese company makes glass for automotive and other specialty purposes and has not been criminally charged. The company asked Rukavina if he had signed a confidential agreement with PPG, and he responded, “When you join and when you leave PPG you are forced to sign these documents. (If) you followed these documents as written you could never work again.” He claims he had not agreed to leave PPG and was “forced out.”
The Millennial Security Risk
eSecurity Planet (05/13/15) All, Ann
The United States workforce is statistically dominated by young people ages 22 to 31, according to the U.S. Bureau of Labor Statistics. This may sound like good news, but it could spell trouble for your company’s data. A report from Absolute Software found that millennial employees are significantly more likely to put corporate data at risk in comparison to their elder counterparts. The biggest issue is that millennial respondents consistently failed to recognize activities that create risk, such as modifying default settings. The fact that millennials have grown up in the digital age is one reason why they seem to treat security so lackadaisically. To solve this issue, you need to install a security policy that clamps down on stragglers. It is important to make the ramifications for poor judgment visible so that younger employees know that there are consequences for failing to act correctly. The policy must be available to view, and employees must be trained on the proper actions to take in order to avoid mistakes. Most importantly, a company must maintain control over devices. If employees, especially millennials, have the ability to access and transport sensitive data (even if they’re doing it unaware), it could spell major trouble for the company as a whole.
Payment Innovation Outpacing Security: Study
Credit Union Times (04/29/15) Urrico, Roy
A new survey by Experian and Ponemon Institute reveals concerns that virtual currencies, mobile payments, e-wallets, and other new payment technologies increase breach risks. Of the 748 U.S. based professionals involved in their company’s payment systems, 68 percent indicated that pressure to migrate to new payment systems jeopardizes customer data. While 59 percent said EMV chip-and-PIN cards were an important part of their firm’s payment strategy, just 53 percent believed they would reduce data breach risks. As for the innovations most likely to boost data breach risks, 65 percent cited virtual currencies, followed by mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices/apps (57 percent), and near field communications (54 percent). Forty-five percent of respondents said financial institutions were most responsible for ensuring payment systems security, while credit card companies and conventional or Internet retailers were cited by 40 percent and 21 percent of respondents, respectively. The researchers said, “Throughout our study, we found a large percentage of companies are likely to keep moving forward with deployment of new technologies despite concerns about security. More than half of respondents say customer convenience was a higher priority to their organization than security.”
Insider Threats Force Balance Between Security and Access
CIO (04/23/15) Corbin, Kenneth
Speaking at a recent Symantec-hosted panel discussion on insider threats and other cybersecurity issues, Fairfax County, Va., CISO Michael Dent said IT leaders can help their cause with prudent policies that limit who can access what kinds of data. Organizations must broaden their understanding of what constitutes an insider threat, as the typical enterprise access to sensitive systems and information runs beyond in-house staff, Dent says. He notes insider threats are not just employees, but “also are your contractors, your vendors—your volunteers, potentially—that come in and work for you.” Traditional perimeter defenses such as firewalls and intrusion detection are not going to protect against threats coming from within the organization, Dent warns. Although putting in policies to address bad actors is relatively easy, it is far more difficult to develop an appropriate framework for access and permissions that balances strong security protocols and an open workplace where employees are increasingly expecting to be able to work remotely and on a variety of devices. Dent says Fairfax County currently runs on a least-privilege system, strictly limiting access to certain data assets based on job function and responsibility. The county also has implemented a tough policy for offenders who violate the organization’s data-access rules.