• 2013: Highest Rate of Employee Theft in 6 Years
    Security Magazine (02/15)

    According to the 2013 Marquet Report on Embezzlement released in December 2014, Vermont topped the list of highest embezzlement risk states in the country for the third time in the last six years. It was followed by the nation’s capital, West Virginia, Montana, South Dakota, Virginia, Idaho, Oklahoma, Texas, and Missouri. The research shows that the number of U.S. embezzlement cases rose 5 percent over the previous year. In total, 554 major cases — those with more than $100,000 in reported losses — were active in the United States in 2013. Only around 5 percent of major embezzlers were found to have a prior criminal history. The Marquet report went on to draw several conclusions, ranging from the reality that embezzlers are most likely to hold financial positions with enterprises to the most common embezzlement scheme being the forgery or unauthorized issuance of company checks. The study further determined that perpetrators typically begin embezzlement schemes in their early 40s. Finally, while females are more likely to embezzle on a large scale, males embezzle significantly more money on average.

    Web Link

  • Another Giant Security Gap at Airports: Lack of Criminal Background Checks
    CNN (02/04/15) Devin, Curt; Griffin, Drew; Zamost, Scott

    Gary Perdue, the FBI’s deputy assistant director of counterterrorism, recently admitted that once airport employees complete an initial background check, no one reviews criminal backgrounds after they are hired. These security loopholes were critiqued at a hearing before the House Subcommittee on Transportation Security, where lawmakers questioned current airport security regulations. A CNN investigation discovered that only two of the nation’s major airports, Miami International Airport and Orlando International Airport, require all employees with secure access to pass through metal detectors. The Miami airport also organizes random criminal background checks after hiring employees. Miguel Southwell, the general manager of Hartsfield-Jackson Atlanta International Airport where breaches have occurred, expressed support for implementing full screening of employees with access to secure areas. But he did not specify if and when the screening will begin. Mark Hatfield, the acting deputy administrator of the Transportation Security Administration, said his agency is working to determine what investments and policy changes may be necessary.

    Web Link

  • Anthem Hacked in ‘Sophisticated’ Attack on Customer Data
    Bloomberg (02/05/15) Harrison, Crayston

    Anthem Inc., the second largest U.S. health insurer in terms of market value, said hackers obtained data on tens of millions of current and former customers and employees in a sophisticated attack that has led to an FBI probe. The information included everything from names, birth dates, and Social Security numbers to street and e-mail addresses and employee data, including income. The company has pledged to notify all customers who were affected and provide credit and identity-theft monitoring services for free. An Anthem statement read: “As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI, and began fully cooperating with their investigation.” The Anthem breach is believed to be the largest in the health-care industry since Chinese hackers swiped Social Security numbers, names, and address from 4.5 million patients of Community Health Systems Inc., the second-biggest for-profit hospital chain, in 2014.

    Web Link

    Experts Suspect Lax Security Left Anthem Vulnerable to Hackers
    New York Times (02/06/15) Abelson, Reed; Goldstein, Matthew

    The cyberattack on Anthem, one of the country’s largest health insurers, highlights the vulnerability of health care companies. Anthem’s data was vulnerable because the company did not take steps, such as using encryption, in the same way it protected medical information that was sent or shared outside of the database. Anthem officials say they do not know who is behind the attack, but several security consultants have noted that in the past Chinese hackers have shown an interest in going after health care companies. The hackers are thought to have infiltrated Anthem’s networks by using a sophisticated malicious software program that gave them access to the login credential of an Anthem employee. The insurer, along with federal investigators and security experts from FireEye’s Mandiant division, is now trying to determine whether there were other requests that it did not detect, a process that could take several more weeks. Security professionals say the company’s decision to make the breach public quickly means that it is early in the investigation into exactly what happened and what information may have been compromised. “You can spend months doing the forensics,” said Fred Cate, a law professor and cybersecurity expert at Indiana University. While he praised Anthem for taking the “unusual and quite laudable step in coming forward quite quickly,” he cautioned that company officials might not know the scope of the attack at this point. Still, Cate said the medical information was not likely to result in the public unveiling of sensitive medical information, unlike smaller attacks aimed at finding something embarrassing or derogatory about an executive or celebrity. “As a general matter, huge breaches often result in less harm than targeted breaches,” he said. “The notion that someone’s poring over this data is highly unlikely.” The decision by Anthem to bring in the Federal Bureau of Investigation and go public with the breach is the kind of move that law enforcement officials have been encouraging for the last several months. FBI officials have appeared at a number of industry conferences urging corporate executives to promptly report breaches and, when possible, share information about the breach with competitors.

    Web Link

  • Cyber Security Is Growing in Importance for Medical Devices Too
    Forbes (01/19/15) Poremba, Sue

    As the issue of cybersecurity draws more attention, experts are pointing out that many medical devices are at risk for potential hacks. Although designers of medical equipment have never made cybersecurity a priority, new Food and Drug Administration (FDA) guidelines will change that. Manufacturers must now build new medical devices with cybersecurity functionality, although these functions will differ based on the devices’ intended use, overall vulnerability concerns, and risks to the patient. The security functions to be included may be layered authentication levels, or timed usage sessions to ensure that the device is not connected to the network longer than necessary. These standards will not make the medical devices 100-percent effective against potential hackers, and they do not address the security risks of older devices already in use, which may not have the proper software for patches and fixes. “Many of these medical devices are implanted in their owners,” says Don Weber, Senior Security Analyst with InGuardians. “However, if security vulnerabilities of a device or solution have been identified and disclosed, the owner and their physician can make educated decisions about these risks and determine how best to move forward with future care.”

    Web Link

« Previous Entries