• Cyber-Crime and Business: Think of a Number and Double It
    Economist (01/17/15)

    Chick-Fil-A and Morgan Stanley are the most recent big names to join the long list of major U.S. companies to have their systems hacked into, putting customers’ financial data at risk. The concern, though, is those companies that are not publicly admitting that they’ve been infiltrated by cyber bandits. This is partly due to the fact that much hacking goes undetected. At the same time, businesses sometimes try to cover up breaches of data security to avoid public embarrassment and loss of confidence. Earlier this month, the White House launched a new drive to improve data security and privacy via the Personal Data Notification and Protection Act, which would require companies to tell customers within 30 days of discovering that their information has been hacked into. Currently, there is just a patchwork of state-level laws that offer consumers very little real protection. In the absence of a strong federal disclosure law, the losses that companies suffer from hacking are largely a matter of conjecture. If there were more disclosures — and, consequently, more information on the amount, types, and costs of cyber-crime — the thinking is companies would have a better idea how to spend their information-security budgets. In addition, it would be easier to work out what sort of insurance coverage to buy. American businesses’ spending on such policies soared from $1.3 billion in 2013 to roughly $2 billion last year, calculates Andreas Schlayer, a senior underwriter at Munich Re.

    Web Link

  • Secret U.S. Cybersecurity Report: Encryption Vital to Protect Private Data
    The Guardian (01/15/15) Ball, James

    A newly uncovered U.S. National Intelligence Council cybersecurity report from 2009 warned that government and private computers were being left vulnerable to online attacks from Russia, China, and unaffiliated criminals because encryption technologies were not being implemented fast enough. One of the biggest challenges is an imbalance between offensive versus defensive capabilities due to the slower than expected adoption of encryption and other technologies, according to the report. The National Intelligence Council document made clear that encryption was the “best defense” for computer users to protect private data. An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data,” especially if made particularly strong through “multi-factor authentication” or biometrics. These measures remain all but impossible to crack, even for the NSA. The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled U.S. and allied information systems.” It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries.”

    Web Link

  • Hospitals Using Stun-Guns for Workplace Violence Prevention See 41 Percent Difference in Incidents
    Security (12/14) Vol. 51, No. 12, P. 14

    Workplace violence in hospitals is rising and facilities are implementing training components to help mitigate assaults. According to a survey from Duke University Medical Center and the International Healthcare Security and Safety Foundation, 99 percent of hospitals have security policies that include at least one of the following: employee involvement, management commitment, incident reporting and record keeping, training of security staff, hazard prevention and control, and worksite analysis. Fifty-five percent include all six components. While 98 percent of hospitals train security staff on workplace violence policies, only 14 percent require such training for all staff. Respondents indicated a need for continued efforts to enhance training availability, content and reach. Most hospitals provide security staff with handcuffs, followed by batons, OC products, hand guns, Tasers, and K9 units. The study also found a 41 percent lower risk of physical assault for hospitals that provided their security staff with Tasers compared to those that did not.

    Web Link

  • Addressing 21st Century Threats – Corporate Espionage
    Security (12/14) Vol. 51, No. 12, P. 36 Dodge, Robert

    Corporate espionage is the essential risk to corporations in the 21st century, which is often referred to as the information age. The threat to information based assets is rapidly rising, with annual losses to corporate espionage now estimated to total $300 billion annually. The likely threats to businesses include insiders with access, criminal organizations, marketplace competitors, foreign intelligence agencies or state entities, as well as inadvertent disclosure. Corporate espionage can involve anything that gives an organization an advantage in the marketplace, and thus they should look to safeguard trade secrets and patents, executives and board members, human resources and staffing, research and development, manufacturing, sales and marketing, and company operations. Threat actors use methods such as recruiting insiders, hiring competitors’ staff, hacking into and surveillance of computer systems, and unsolicited inquiries via telephone and email. A corporate espionage program can help mitigate the threat and the key is to have a holistic risk management approach. The program should address personnel, physical and information security as well as legal support, education and awareness, intelligence, partnerships with government and industry, and internal communication.

    Web Link

« Previous Entries   

Recent Posts

Recent Comments