Tag Archives: Data Breach

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Banks’ Inability to Protect Info “Almost Shocking”

Posted on by

Does the financial industry think it’s invincible? Or is the industry as a whole innocently ignorant as to how to keep up with certain emerging risks?

For example, Citigroup became the victim of a cyber thieves recently when banking giant realized hackers infiltrated their computer system and stole personal information from more than 200,000 credit card holders, making it one of the largest direct attacks on a major bank. As the New York Times points out:

Even more striking is that similar data breaches have been occurring for years — and the financial industry has failed to prevent them. Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers. “They’re not at all on top of it,” said Avivah Litan, a financial security analyst at Gartner Inc. “It’s almost shocking.”

Shocking indeed.

How, in 2011, are some of the world’s largest financial institutions unaware of the omnipresent threat of hackers? Though recent data breaches involving Sony, Amazon and Google have rightfully raised concerns regarding internet “security,” the Citigroup situation raises some serious red flags.

It raises a question as to whether flames of the ongoing cyber-war are leaping to financial banks. If so, prompt actions to combat the cyber-crime must be taken by both governments and private companies.

Writing about the overconfidence that banks exhibit reminds me of my post from yesterday in which I reference the Economist Intelligence Unit’s report that stated one of the many failings within the discipline of risk management is:

2. Finance executives remain unaware of risks

According to the survey, “Compared to colleagues in legal, risk and compliance functions, finance professionals are far more likely to say that their organizations haven’t suffered from significant risk or compliance failures.” This is yet another surprising finding since the financial department is considered one of, if not the, most important department in an organization, considered the oxygen to the life of a company. If they are operating with the mindset that their company is perfect, either they’re not being true to themselves or they honestly cannot see failures. Both scenarios are scary.

Though the above refers to finance executives in any industry and the Citigroup data breach involves one company within the banking industry, the idea remains the same: the severity of data breach risks is not being acknowledged among most companies — most of all, among those companies and executives dealing with money.

Yes, It’s Data Privacy Day

Posted on by

It may surprise you, as it did me, to learn that today is Data Privacy Day, an “international celebration of the dignity of the individual expressed through personal information.” But Data Privacy Day also highlights the need for individuals to protect their data and how they can go about doing so.

There are many organizations out there that aim to help individuals protect their personal information and help businesses comply with data protection laws and regulations. The Online Trust Alliance is one such organization, whose mission is to create an online trust community, promoting business practices and technologies to enhance consumer trust globally. They recently released their “2011 Data Breach Incident Readiness Guide” to help businesses in breach prevention and incident management.

According to their newest guide, the true test for organizations and businesses should be the ability to answer key questions such as:

  1. Do you know what sensitive information is maintained by your company, where it is stored and how it is kept secure?
  2. Do you have an incident response team in place ready to respond 24/7?
  3. Are management teams aware of security, privacy and regulatory requirements related specifically to your business?

  4. Have you completed a privacy and security audit of all data collection activities, including cloud services, mobile devices and outsourced services?
    buy rifadin online https://silvermancare.com/wp-content/uploads/2023/10/jpg/rifadin.html no prescription pharmacy

  5. Are you prepared to communicate to customers, partners and stockholders in the event of a breach or data loss incident?

With the White House, members of Congress, Commerce Department and the FTC calling for greater privacy controls and breach notifications, self-regulation by businesses is becoming more and more important.

Google, one of the supporters of Data Privacy Day and the initiatives of The Privacy Projects, is hosting a public discussion on privacy later this afternoon with representatives from the Electronic Frontier Foundation, the FTC and the National Institute of Standards and Technology scheduled to attend. If you can’t stop by Google’s DC office for this event, don’t worry — it will be captured on video and posted to YouTube soon after.

Ernst & Young’s Global Information Security Survey

Posted on by

Last week, I attended the Ernst & Young media roundtable to hear the results of its 2010 Global Information Security Survey (GISS). The survey includes responses from participants in 1,598 organizations in 56 countries across all major industries.

With the increase in the use of external service providers and the adoption of new technologies such as cloud computing, social networking and Web 2.0, companies are increasingly exposed to data breach threats. In fact, 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. And according to the survey, companies are taking a proactive stance as 46% indicated that their annual investment in information security is increasing. Though IT professionals are trying, not all are succeeding in keeping up with new tech threats.

“I’ve never seen this kind of shift in IT before,” said Jose Granado, the America’s practice leader for information security services within Ernst & Young. “Security professionals are trying to keep up with the pace, but aren’t really doing a great job. The have limited resources and a limited budget.”

A concern for IT professionals is mobile computing. Demands of the mobile workforce are driving changes to the way organizations support and protect the flow of information. In fact, 53% of respondents indicated that increased workforce mobility is a significant or considerable challenge to effectively delivering their information security initiatives. Aside from investing more on data loss prevention technologies, 39% of respondents are making policy adjustments to address the potential new or increased risks.

“You have to implement realistic policies,” said Chip Tsantes, principal within the financial services division of Ernst & Young. “They need to be liveable and workable, or else people will go around them. You can’t simply ban things.”

Another major concern for IT pros is the gaining popularity of cloud computing. Both Granado and Tsantes were shocked to learn that 45% of respondents (primarily those on the non-financial services side) are currently using, evaluating or are planning to use cloud computing services within the next 12 months.

“From the standpoint of a traditional IT security professional, endorsing or supporting a cloud environment is counter-intuitive,” said Granado. “How do I know where my data is and how do I know it is protected?”

So how do companies increase their confidence in cloud computing? According to the survey, 85% say that external certification would increase their trust.

So I asked Granado and Tsantes if they could tell me when they believed there would be a universal set of standards for cloud computing providers. Granado feels there is a two-to-three year timeline in regards to having something solidified. He says businesses are going to drive it; If businesses continue to push, “cloud providers would have to follow.” With more and more sensitive data calling the cloud home, let’s hope Granada is being conservative with his estimate.

cloud computing2

October: A Busy Month for Data Breaches

Posted on by

Every company, no matter what industry it is aligned with or what country it is based in, is vulnerable to losing sensitive data, either accidentally or by malicious endeavors. The Ponemon Institute has found that the average cost of a data breach in 2009 was an incredible $3.4 million. And, unfortunately, the frequency with which these breaches occurs appears to be increasing. Let’s take a look at some of North America’s more notorious breaches for October 2010:

October 14: In Lake County, Florida, a credit union employee stole customer’s credit information to take out loans — money which was used to help finance the attorney fees of her son, who is on death row for murder. The employee, Nazreen Mohammed, was accused of attempting to take $430,000 from banks such as RBC and Fairwinds Credit Union.

October 14: An employee of Accomac, Virginia had his laptop computer stolen while on vacation in Las Vegas. The computer held the names and Social Security numbers of approximately 35,000 county residents. The employee took the laptop on a personal vacation without permission from his superiors.

October 14: Though the incident occurred in August, it wasn’t recognized until October when the Veterans Benefit Administration Office in Boston realized they sent 6,299 benefit letters to the wrong address. All nine digits of Social Security numbers were on 3,936 of the letters. A Veteran’s Affairs report blamed the incident on programming error.

October 15: On this date, the University of North Florida reported that more than 100,000 people could be affected by a security breach. UNF stated that a file containing personal information on prospective students was possibly accessed by someone outside the United States. The university is working with the FBI “to determine the cause and intent of the breach.”

October 20: The personal information of 280,000 Medicaid members in Pennsylvania was compromised when a portable hard drive belonging to Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan was lost. “The insurers said they have beefed up security practices and will provide free credit-monitoring assistance to the people whose Social Security numbers, either in whole or in part, were on the missing hard drive.”

October 21: The Thames Valley District School Board in Ontario, Canada shut down its online student portal after it realized that the internet passwords of more than 27,000 high school students were compromised. The culprit in this incident posted a link on Facebook that directed users to a site that listed the names and passwords of students.

This, however, is only a partial list. More incidents can be found at DataLossDB.org.

Does your company have a solid cybersecurity strategy? If not, check out the article, The 5 Steps of a Cybersecurity Risk Assessment, by Peyton Engel, a data security expert at CDW.

keyboard