Why I teach so many Computer Security classes.
IBM Security on Wednesday released its latest
report examining the costs and impact associated with data
breaches. The findings paint a grim portrait of what the clean up is
like for companies whose data becomes exposed—particularly for
larger corporations that suffer so-called “mega breaches,” a
costly exposure involving potentially tens of millions of private
records.
According to the IBM study, while the average cost
of a data breach globally hovers just under $4 million—a 6.4
percent increase over the past year—costs associated with so-called
mega breaches (an Equifax
or Target,
for example) can reach into the hundreds of millions of dollars. The
average cost of a breach involving 1 million records is estimated at
around $40 million, while those involving 50 million records or more
can skyrocket up to $350 million in damages.
… The average time to identify a data breach
is 197 days, and the average time to contain a data breach once
identified is 69 days.
Download Full Reports
& Register for the Webinar
To download the 2018
Cost of a Data Breach Study: Global Overview, visit
https://www.ibm.com/security/data-breach/
To view the digital
infographic with study highlights, visit:
https://costofadatabreach.mybluemix.net
To register to attend
the IBM Security and Ponemon Institute webinar on July 26th
at 11 a.m. ET, visit: https://ibm.biz/BdYDvf
Willie Sutton robbed banks because “that’s
where the money’s at.” If you want insider, ‘don’t tell
anyone the secret plans’ kind of information, law firms are the new
target.
Jennifer Schlesinger and Andrea Day report:
It would be hard to walk into to a major business and walk away with all its sensitive information. But sometimes that’s not the case when it comes to online networks.
Q6 Cyber, a cybersecurity firm that specializes in monitoring the dark web, showed CNBC a forum post in Russian where the cybercriminal was offering access to a New York City law firm’s network and files, and was willing to send screenshots as evidence he had broken in.
The price for the access was $3,500.
Read more on CNBC.
Law firm
hacks and leaks are pretty much a dime a dozen these days.
As one of my regular sources notes, another day, another law firm
leak. To what extent are hackers trying to extort the law firms or
just putting access up for sale? I wouldn’t be surprised if law
firms were quietly paying extortion after they get hacked, but I also
wouldn’t be surprised if the majority of compromised law firms
don’t even know that they are leaking data unless they are
fortunate enough to be notified by some whitehat or independent
researcher. So depending on what kind of law they practice and
what’s in their files, they may be exposing some really sensitive
IP or financial information, etc.
I think I’ve just discovered the next project
for my Computer Security students.
Would
Asking People To Hack America’s Election Systems Make Them More
Safe?
There are four months until the midterm elections,
and the security of state election systems remains a
concern. The clock is ticking to ferret out problems and fix
them before Nov. 6. Websites associated with voting continue to have
poor
cybersecurity hygiene, even after the revelation that hackers
probed the systems of 21 states in the lead-up to the 2016 election.
And while Congress has increased
the funds available to states to improve their election systems,
many are still
jumping through bureaucratic hoops to actually access the money.
Geez Mugsey, I didn’t think the cat would rat us
out!
Chloe Nordquist reports:
Well now, those photos you post of your cat could lead strangers straight to your home.
The metadata hidden beneath those cute furry Instagram pics include your geo-location. And one website, IKnowWhereYourCatLives.com, highlights just that.
They took the metadata from cat photos on Instagram and compiled a visual map of where those photos were taken.
Read more on Fox4.
What could possibly go wrong?
Federal
court rules that TSA agents can’t be sued for false arrests, abuse,
or assault
TSA agents and security
screeners can’t be sued for false arrests, abuse, or assault,
according to a ruling from a federal appeals court in Pellegrino
v. the United States of America Transportation Security
Administration, reports
travel news and advice site The Points Guy.
According to the US Court of
Appeals for the Third Circuit, TSA
officials have sovereign immunity while working in their
official functions as screeners and security agents under the Federal
Tort Claims Act. While that law ordinarily doesn’t cover law
enforcement officers, the court ruled in a 2-1 decision that TSA
agents aren’t considered law enforcement and therefore are covered
under the law.
Per the court’s decision,
TSA searches are considered “administrative searches,” and as
Circuit Judge Cheryl Ann Krause notes
in the decision, “Congress to date has limited the proviso to
‘investigative or law enforcement officers,’” which the TSA
searches wouldn’t fall under. According to Judge Krause, it would
be up to Congress to enact legislation that could hold TSA agents
accountable. But as the law stands now, it seems that there’s very
little that individuals wronged by the TSA can do to have their
problems addressed.
Does this disqualify me for law school?
No comments:
Post a Comment