Friday, July 13, 2018

Why I teach so many Computer Security classes.
IBM Security on Wednesday released its latest report examining the costs and impact associated with data breaches. The findings paint a grim portrait of what the clean up is like for companies whose data becomes exposed—particularly for larger corporations that suffer so-called “mega breaches,” a costly exposure involving potentially tens of millions of private records.
According to the IBM study, while the average cost of a data breach globally hovers just under $4 million—a 6.4 percent increase over the past year—costs associated with so-called mega breaches (an Equifax or Target, for example) can reach into the hundreds of millions of dollars. The average cost of a breach involving 1 million records is estimated at around $40 million, while those involving 50 million records or more can skyrocket up to $350 million in damages.
… The average time to identify a data breach is 197 days, and the average time to contain a data breach once identified is 69 days.
Download Full Reports & Register for the Webinar
To download the 2018 Cost of a Data Breach Study: Global Overview, visit
To view the digital infographic with study highlights, visit:
To register to attend the IBM Security and Ponemon Institute webinar on July 26th at 11 a.m. ET, visit:

Willie Sutton robbed banks because “that’s where the money’s at.” If you want insider, ‘don’t tell anyone the secret plans’ kind of information, law firms are the new target.
Jennifer Schlesinger and Andrea Day report:
It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that’s not the case when it comes to online networks.
Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.
The price for the access was $3,500.
Read more on CNBC.
Law firm hacks and leaks are pretty much a dime a dozen these days. As one of my regular sources notes, another day, another law firm leak. To what extent are hackers trying to extort the law firms or just putting access up for sale? I wouldn’t be surprised if law firms were quietly paying extortion after they get hacked, but I also wouldn’t be surprised if the majority of compromised law firms don’t even know that they are leaking data unless they are fortunate enough to be notified by some whitehat or independent researcher. So depending on what kind of law they practice and what’s in their files, they may be exposing some really sensitive IP or financial information, etc.

I think I’ve just discovered the next project for my Computer Security students.
Would Asking People To Hack America’s Election Systems Make Them More Safe?
There are four months until the midterm elections, and the security of state election systems remains a concern. The clock is ticking to ferret out problems and fix them before Nov. 6. Websites associated with voting continue to have poor cybersecurity hygiene, even after the revelation that hackers probed the systems of 21 states in the lead-up to the 2016 election. And while Congress has increased the funds available to states to improve their election systems, many are still jumping through bureaucratic hoops to actually access the money.

Geez Mugsey, I didn’t think the cat would rat us out!
Chloe Nordquist reports:
Well now, those photos you post of your cat could lead strangers straight to your home.
The metadata hidden beneath those cute furry Instagram pics include your geo-location. And one website,, highlights just that.
They took the metadata from cat photos on Instagram and compiled a visual map of where those photos were taken.
Read more on Fox4.

What could possibly go wrong?
Federal court rules that TSA agents can’t be sued for false arrests, abuse, or assault
TSA agents and security screeners can’t be sued for false arrests, abuse, or assault, according to a ruling from a federal appeals court in Pellegrino v. the United States of America Transportation Security Administration, reports travel news and advice site The Points Guy.
According to the US Court of Appeals for the Third Circuit, TSA officials have sovereign immunity while working in their official functions as screeners and security agents under the Federal Tort Claims Act. While that law ordinarily doesn’t cover law enforcement officers, the court ruled in a 2-1 decision that TSA agents aren’t considered law enforcement and therefore are covered under the law.
Per the court’s decision, TSA searches are considered “administrative searches,” and as Circuit Judge Cheryl Ann Krause notes in the decision, “Congress to date has limited the proviso to ‘investigative or law enforcement officers,’” which the TSA searches wouldn’t fall under. According to Judge Krause, it would be up to Congress to enact legislation that could hold TSA agents accountable. But as the law stands now, it seems that there’s very little that individuals wronged by the TSA can do to have their problems addressed.

Does this disqualify me for law school?

No comments: