Tag Archives: Data Breach

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

New Preliminary Cybersecurity Framework Champions Risk Management

Posted on by

Cybersecurity

In February, President Obama issued an executive order instructing the Commerce Department to lead a task force of security experts and industry insiders to develop a voluntary framework to reduce cyberrisk. Last week, the National Institute of Standards and Technology officially released an initial draft of the cybersecurity framework and announced a 45-day open comment period for public input.

The full Preliminary Cybersecurity Framework can be viewed here on the NIST website. After the review period and subsequent revisions, a more complete version will be released in February.

Risk management is a primary focus of the new framework, from the language used to analyze potential exposure to express endorsements in the policy itself. According to a press release, “The Preliminary Framework outlines a set of steps that can be customized to various sectors and adapted by both large and small organizations while providing a consistent approach to cybersecurity. It offers a common language and mechanism for organizations to determine and describe their current cybersecurity posture, as well as their target state for cybersecurity. The framework will help them to identify and prioritize opportunities for improvement within the context of risk management and to assess progress toward their goals.”

Under Secretary of Commerce for Standards and Technology and NIST Director Patrick Gallagher, who was tasked with overseeing development of the framework, emphasized the risk management as a critical component of strengthening national infrastructure in line with the president’s executive order. “We want to turn today’s best practices into common practices, and better equip organizations to understand that good cybersecurity risk management is good business,” Gallagher said.

buy xifaxan online orthomich.com/img/blog/jpg/xifaxan.html no prescription pharmacy

“The framework will be a living document that allows for continuous improvement as technologies and threats evolve. Industry now has the opportunity to create a more secure world by taking ownership of the framework and including cyber risks in overall risk management strategies.

buy trazodone online orthomich.com/img/blog/jpg/trazodone.html no prescription pharmacy

The framework outlines key functions that should organize cybersecurity activities: Identify, Protect, Detect, Respond and Recover. These functions are designed to aid the risk manager in evaluating, communicating and fortifying against cyberrisks. The document even suggests itself as a potential opportunity for risk managers to seize the opportunity to get involved in proactive cyberrisk strategy. It reads, “The functions also align with existing methodologies for incident management, and can be used to help show the impact of investments in cybersecurity.”

Authors also added the following visual to highlight the critical role of risk management at every level of suggested implementation:

Risk Management in Cybersecurity Framework

In a blog post, the White House encouraged businesses to evaluate the initial framework and their current cyberrisk position, and to consider their cyber risk appetite in the form of a projected target state for cybersecurity.

Twitter’s Data Mining Profits Show Lesser-Known Social Media Risk

Posted on by

Data Mining

In an interview for this month’s issue of Risk Management magazine, lawyer and social media specialist Adam Cohen cautioned businesses that the risks of social networking sites extend beyond explosive posting faux pas.

“In most cases, corporations don’t realize that what they put on these social media services is all subject to the privacy policies and terms and conditions of the services,” said the eDiscovery expert and author of Social Media: Legal Risk and Corporate Policy. “Those provide a shocking amount of access by the social media services where they may take your data.”

As Twitter prepares for its much-anticipated IPO, the social media giant has released a torrent of information on its financial standing and practices. One of the most important tidbits for users concerns the site’s lesser-known side-business: data mining. In the first half of 2013, Twitter made $32 million by selling its data—namely, tweets—to other companies, a 53% increase from the year before.

So far this year, the company has raked in $47.5 million from selling user data to companies that analyze the social media posts for insights into news events and trends. Because of its real-time nature, Twitter is the primary contributor to data mining, though other social networks are frequently used in professional analysis.

This analysis is then sold to businesses for a slew of uses. “The types of ways that businesses are using Twitter data has gone deeper and deeper,” Chris Moody, the CEO of original Twitter data mining company Gnip, told Time. “We’re seeing it in supply chain and inventory management. It’s not just consumer brands that are engaging on Twitter.”The United Nations uses Twitter algorithms to pinpoint areas of social unrest. Burger chain Five Guys used “social intelligence technology” from New Brand Analytics to monitor quality in restaurants across the country and evaluate the appeal of a new fry size offering. Wall Street subscribers to one service, Dataminr, got a leg up on the S&P Index drop following the Navy Yard shooting. Five minutes before the news broke, users received an alert to take action after the company’s algorithms picked up on eyewitness reports and deduced from their timing, influence, and location that something urgent was taking place.

Clearly, there’s money to be made on both sides. According to the Wall Street Journal, the “social listening” business is booming, partially funded by millions of dollars in venture capital. Research firm IDC estimates that the entire “big data” market has grown seven times as quickly as the information technology sector as a whole, and may be valued at $16.9 billion in two years.

Data is mined for a variety of purposes – ones your company may even want to explore – but while there are benefits to the ends, the means translate into cyber exposures of which you may never know the details or depth. While the reputational risk of social media garners a lot of the attention – and rightfully so – there are increasingly tremendous exposures that lay in the forms just to sign up. With Twitter going public, there will only be further incentive to maximize revenue by selling user data, and more reason to approach corporate social media with caution.

Don’t Get Careless with Your Passwords

Posted on by

With stories of identity theft and data breaches hitting the news on an almost constant basis, it’s no wonder that we all get a little tired of hearing how about how at risk we are from the prying eyes of cybercriminals. Of course, if you’re the victim of some sort of hacking incident, you’ll probably wish you paid more attention. The problem is that we have passwords for everything and keeping track of all of them is a giant hassle.

As the following infographic from security software provider ZoneAlarm demonstrates, this password fatigue tends to make us a little careless and puts us at greater risk. A strong password is the front line to keeping your data safe, so old standbys like “password” and “12345” are not going to cut it. There are many helpful guides out there for creating secure passwords that you can actually remember, so maybe it’s time to choose a new strategy. It certainly beats cleaning the bathroom (regardless of what 38% of people said below).

 

Managing Logins

A Breach a Day…Or More

Posted on by

 

More and more we are hearing of the increased frequency with which data breaches are occurring. You read about it the newspaper, see it on the news and sometimes you get notices in your inbox in real-time, like I do. What used to be a once-a-week data breach email alert from DataLossDB.org, an open security foundation, now comes as multiple emails, several times a day.

Quite frightening.

Here are some of the most recent data breach events:

February 27, 2013: TEKsystems, a company affiliated with Bank of America, was charged with monitoring hacker activity from groups targeting the bank — most likely, the collective hacking group known as Anonymous. Not liking the sound of that, a group affiliated with Anonymous released what it claims is “14GB of data belonging to the bank and other organizations, including Thomson Reuters, Bloomberg and TEKsystems.”

February 27, 2013: I thought the first email I received with the title “Laptop of Head of Israel’s Atomic Energy Commission Stolen” was bad, but then I received one the very next day that was even worse. According to various news reports, a second laptop belonging to Shaul Horev was stolen from his home in just one week. It might be time for tighter security.

February 26, 2013: Though this only counts as a potential data breach, it’s still quite alarming. According to the same open security foundation (OSF) from which I receive data breach email alerts, a hospital has left sensitive data belonging to patients and staff exposed on the internet. The worst part is, OSF has made “multiple phone calls, filled out a formal (outsourced) service desk ticket addressed to the hospital’s sysadmin and technical analyst, and sent a direct email to the hospital’s CEO.” Still, they’ve received no response.

February 25, 2013: We’ll head to Canada for this one. According to news reports from the great white north, the loss of a thumb drive has prompted an investigation that has widened to include the Justice Department. The drive contained information regarding Canada Pension Plan disability benefits related to more than 5,000 individuals.

February 21, 2013: Even peacocks are not immune. Last week, NBC announced it was the victim of an attack. Hackers added links to malware on the site, using the Citadel Trojan worm, the same one that plagued the websites of U.S. banks recently.

February 21, 2013: Zendesk, a customer service software provider, announced a security breach that allowed hackers into its system, where they had access to information from three customers — Twitter, Pinterest and Tumblr.

February 5, 2013: The U.S. government seems to be no match for sophisticated system spies. Earlier this month, The U.S. Department of Energy revealed that hackers breached 14 of its servers and 20 of its workstations, making off with personal information belonging to several hundred employees. “It’s a continuing story of negligence,” Ed McCallum, former director of the department’s office of safeguards and security, told the Free Beacon. “[The department] is on the cutting edge of some of the most sophisticated military and intelligence technology the country owns and it is being treated frivolously by the Department of Energy and its political masters.”

These are just a few of the many, many data breach alerts I’ve received in the month of February alone. It leaves one questioning whether we will ever win the war against hackers.