Too many companies take too long to detect a
breach.
AP reports:
A health insurer in western New York and affiliates said Wednesday that their computers were targeted last month in a cyberattack that may have provided unauthorized access to more than 10 million personal records.
Excellus BlueCross BlueShield, headquartered in Rochester, and Lifetime Healthcare Companies said they’re offering affected individuals in upstate New York two years of free identity theft protection.
The companies said unauthorized computer access was discovered Aug. 5, and further investigation revealed that the initial attack occurred on Dec. 23, 2013.
Read more on NBC.
Related: Excellus
BCBS web site about incident.
It's like Willie Sutton for the Internet.
Automated crime, what a concept!
Cyber-Extortionists
Targeting the Financial Sector Are Demanding Bitcoin Ransoms
… DD4BC – which stands for “DDoS for
Bitcoin” (Distributed Denial of Service for Bitcoin) – has been
targeting firms since mid-2014, so far evading international police
forces.
… As cyber-attacks go, DDoS
is a blunt instrument. It involves hammering a target website
with traffic using a distributed network of computers under the
control of one attacker. The aim is to flood the site with traffic
to the point that its web server crashes and the site goes offline.
There is a commercial impact – estimated by
Neustar to cost up
to $100,000 per hour – but these attacks predominantly damage
brand perception. “It represents vulnerability,” says Cisco’s
Adam Philpott, who heads up cybersecurity in Europe. “If I can't
access the service of an organization that’s handling a significant
amount of my money, how can I trust it?”
DDoS extortion is not new, but DD4BC is
particularly prolific.
“They’ve
been industrializing their operation – doing it at a
scale and level that has not been seen before,” adds James
Chappell, co-founder of security firm Digital Shadows.
The group is going for second- and third-tier
financial organisations – ones that have money but not necessarily
the defences or technical acumen to deal with a DDoS assault.
If the door is locked, try a window. Another
piece of the dossier started with OPM?
Jacqueline Klimas reports:
Hackers infiltrated the Pentagon food court’s computer system, compromising the bank data of an unknown number of employees.
Lt. Col. Tom Crosson, a Defense Department spokesman, said on Tuesday that employees were notified that hackers may have stolen bank account information from people who paid for concessions at the Pentagon with a credit or debit card.
Read more on Washington
Examiner.
This was a big item on today's local news. No
idea why.
Hackers infiltrated the Department of Energy’s
computer system over 150 times between 2010 and 2014, according to
federal documents obtained by USA Today.
The records
— received through a Freedom of Information Act request — reveal
a blanket of digital attacks the agency has been struggling to thwart
for years. In total, hackers targeted DOE networks 1,131 times over
the four-year span, successfully cracking the network 159 times.
... But records show the assaults did hit some
of the agency’s most sensitive systems.
The National Nuclear Security Administration, a
sub-agency within DOE that secures the country’s nuclear weapons,
was hit with 19 successful cyberattacks over the four years.
… In a 2013 oversight
report, the agency’s inspector general noted “unclear lines
of responsibility” regarding cybersecurity and a
“lack of awareness by responsible officials.”
A rather strange survey. Do they think Hillary
“got schooled” in Computer Security?
64 Percent
of American Voters Predict a 2016 Presidential Campaign Will Be
Hacked
As the 2016 presidential race heats up, data
security company PKWARE
announced the results of a poll conducted by Wakefield Research that
examined American perceptions of the threat of political hacking, and
which of the leading U.S. presidential candidates are most qualified
to protect our nation from a growing onslaught of cyber-crime.
According to the survey, which was sponsored by PKWARE and conducted
in recent weeks, the majority (64 percent) of registered U.S. voters
believe it is likely that a 2016 presidential campaign will be
hacked.
… Despite Hillary Clinton's private email
controversy, 42 percent of registered voters think she is the
presidential candidate most qualified to protect the United States
from cyber-attacks. She is followed by Donald Trump (24 percent),
Scott Walker (18 percent) and Jeb Bush (15 percent).
I'm skeptical.
Stung by years of
criticism that it has coddled Wall Street criminals, the Justice
Department issued new policies on Wednesday that prioritize the
prosecution of individual employees — not just their companies —
and put pressure on corporations to turn over evidence against their
executives.
The new rules, issued in a memo to federal
prosecutors nationwide, are the first major policy announcement by
Attorney General Loretta E. Lynch since she took office in April.
The memo is a tacit acknowledgment of criticism that despite securing
record fines from major corporations, the Justice Department under
President Obama has punished few executives involved in the housing
crisis, the financial meltdown and corporate scandals.
“Corporations can only commit crimes through
flesh-and-blood people,” Sally
Q. Yates, the deputy attorney general and the author of the memo,
said in an interview on Wednesday. “It’s
only fair [Political
correctness? Bob] that the people who are responsible for
committing those crimes be held accountable.
(Related) Could we extend executive
responsibility to vendors who don't use security Best Practices?
Please.
When California State University
decided to purchase a We End Violence program, Agent of Change,
they reportedly did consider data security. The Press-Telegram
reports:
Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of three offered to campuses, when the sexual violence prevention program was rolled out, she said.
Weidner said in an email the vendor was one of several reviewed and was recommended by the White House task force on campus sexual violence prevention.
Did the White House task force review data
security of the products?
“The vendor agreed to the required contract terms and conditions regarding information security, including accepting CSU definitions for what constitutes confidential data, and the requirement to maintain the privacy (of) confidential information,” Weidner said.
And what, exactly, were those terms and
conditions? DataBreaches.net has emailed We End Violence to ask
whether the sensitive student information was stored in plain text.
Did CSU know the data would be stored in clear text? Did they accept
that?
CSU has no plans to change the screening process of vendors delivering the online sexual assault prevention training, Weidner said.
So CSU has no plans to learn from this
experience by investigating data security more before they make
arrangements with a vendor?
“The breach occurred with one vendor not the others,” she said in the email. “The CSU has other contracts with other vendors, and there has been no data exposure.”
Perhaps she should add, “… yet.”
Keep in mind that all enrolled students in the
23-campus CSU system are reportedly required by federal law and
the state auditor to take sexual assault prevention training. That
is a tremendous number of students who may have their sensitive
and/or personal information exposed through a vendor, as CSU’s
statement about over 79,000 students being impacted illustrates.
If the U.S. Education Department and Congress are
serious about data security and EdTech, maybe they should investigate
the We End Violence breach and all the vendors’ contracts and
assurances of data security (if they have not done so already).
And while the FTC cannot take action against CSU,
it does have authority to enforce data security in the vendors. Maybe
they, too, should look into whether We End Violence has a reasonable
security program or if they violated Section 5 by failure to deploy
commercially reasonable and appropriate safeguards for sensitive
information that left consumers at risk of substantial injury.
Perspective.
Dell says
to invest $125 bln in China over five years
Computer maker Dell Inc
will invest $125 billion in China over the next five years, its chief
executive said on Thursday, as the company continues to expand in the
world's second-largest economy.
The world's
third-largest maker of personal computers said the investment would
contribute about $175 billion to imports and exports, sustaining more
than one million jobs in China.
"The Internet is
the new engine for China's future economic growth and has unlimited
potential," Chief Executive Michael Dell wrote in a statement.
… Dell has been in
China for about two decades and, before it went private in 2013, saw
annual sales in the country of roughly $5 billion.
In January, it
announced partnerships with state-owned China Electronics Corporation
and the municipal government of Guiyang.
Perspective. For my IT Governance students.
The Talent
Imperative in Digital Business
MIT Sloan Management Review's 2015
Report on Digital Business revealed two surprising insights that
have profound implications for your organization’s digital
initiatives.
First, employees report to a surprisingly high
degree (80%) that they
preferred for work for digital leaders. This result is not
limited to Millennial employees, either; the percentage of employees
who express preference for working for a digitally enabled company
remains consistently above 70% for all age groups.
Second, fewer than half of all respondents
indicated that they were satisfied with their organization’s
digital efforts. As might be expected, this
result is strongly correlated with the organization’s digital
maturity — employees are least satisfied with those
organizations that are digital laggards.
Some hype still sneaks in, but out of hundreds of
articles this one looks readable.
A Hype-Free
Guide to the Latest Apple Event… [Tech News Digest]
Oh joy. The debates are only a way to sell ads?
… The cable network announced it will lift
that paywall from 6 p.m. to 11 p.m. the night of the debate and
feature the live stream on its homepage. The move is meant to
"showcase the value of 'TV Everywhere'" — the name the
CNN gives to its streaming service.
… Fox News scored about 24 million viewers to
the first GOP debate in August, breaking all previous debate and
cable news records. Those rating have reportedly boosted ad prices
for future debates, like the one hosted by CNN next Wednesday.
But Fox received some criticism for not offering a
free livestream, which forced those without cable subscriptions to
find a someone with a subscription or miss the live event.
Susan Crawford, a visiting professor at Harvard
University, called Fox's move "wrong" and said it
"shouldn't happen again." She
described it as a new kind of poll tax.
"Fox News felt no need to ensure that online
viewers could watch the debate. That meant that cord-cutters and
cord-nevers — basically, Millennials and an ever-increasing
chunk of Americans — whose high-speed Internet access wasn’t
sold to them by a cable company had to wait for re-runs," she
wrote in a Medium
post.
For my Business Intelligence students? Looks
interesting.
New Census
Web Tool Helps Business Owners Make Data Driven Decisions
by Sabrina
I. Pacifici on Sep 9, 2015
“The U.S. Census Bureau
today released Census
Business Builder: Small Business Edition, a new Web tool
that allows business owners and entrepreneurs to easily navigate and
use key demographic and economic data to help guide their research
into opening a new business or adding to an existing one. The Census
Business Builder was developed with user-centered design at its core
and incorporated feedback from customers and stakeholders, including
small business owners, trade associations and other government
agencies. The tool combines data from the American Community Survey,
the economic census, County Business Patterns and other economic
surveys to provide a complete business profile of an area. Business
statistics include the number of establishments, employment, payroll
and sales. American Community Survey statistics include population
characteristics, economic characteristics and housing
characteristics. The new tool also combines third-party consumer
spending data with the Census Bureau economic and demographic data.”
Some might even work for my students.
The Best 20
Apps for Students to Get Through a Day of School
No comments:
Post a Comment