Incentives Not Enough for Quality InfoSec
By Laura Wilson
There are calls for incentives, rather than new legislative mandates. Many well-respected experts raise valid concerns about whether the changing tech and cybercrime landscapes will render any new legislation obsolete - worth bearing in mind, as poorly-understood and -constructed mandates are frequently worse than no mandate. However, I am of the firm belief that sticks are also needed. Carrots have not been, and are not now, enough to get industry and executives off the schneid.
ISR News: SSI Numbers Breached
Excerpt from the Louisville News BizJournal
RBS WorldPay, a subsidiary of Citizens Financial Group Inc. said law enforcement agencies are investigating a Nov. 10 breach of the company’s cyber security. The breach affected the personal information of 1.5 million cardholders. Up to 1.1 million Social Security numbers could have been accessed, according to the company.
ISR News: 16,000 Katrina Records Posted
Excerpt from The Times-Picayune’s Gwen Filosa
FEMA has confirmed that an “unauthorized breach of private information” resulted in the information release of 16,857 names, Social Security and phone numbers, and other private details of people who had applied for benefits. The information was flashed on a pair of privately run Web sites, but for how long was unclear.
ISR News: Employee Arrested for ID Theft
Excerpt by the LA Time’s Alexandra Zavis
Hospitals’ increasing reliance on computerized record-keeping has provided new avenues for identity theft and invasions of medical privacy. As recently as May, a Glendale man was convicted of using the names of hundreds of Los Angeles County and city employees to submit fraudulent claims for diagnostic services amounting to more than a quarter-million dollars.
ISR News: Hackers Steal 22K SSI Numbers
Excerpt from ChronicleT.com’s Lisa Roberson
“Educational organizations accounted for nearly one-third of all U.S. data-breach incidents during the past three years, according to the Privacy Rights Clearinghouse. About 58 percent of college IT officials nationwide have dealt with at least one computer-security incident in the past year with the increase in cyber attacks on college campuses has dramatically increased between 2006 and 2007 with 67.5 percent more incidences being reported in just one year.”
U.S.Banks Vulnerable to Sabotage
Feature Article By Anthony M. Freed, ♦ ISR Financial Editor
2009 will prove to be the year that this systemic weakness comes to the forefront of politics and the news:
The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said Thursday after participating in a two-day “cyberwar” simulation.
“There isn’t a response or a game plan,” said senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service, which ran the simulation.
Democratic U.S. Rep. James Langevin of Rhode Island, who chairs the homeland security subcommittee on cybersecurity, said: “We’re way behind where we need to be now.” Dire consequences of a successful attack could include failure of banking or national electrical systems, he said.
Cyber Security Tops 2009 Agenda
By Laura Wilson
“Last week, a group of outside experts recommended cybersecurity be moved from DHS — which “isn’t equipped to protect the federal government against cyberattacks” — to an office within the Obama White House. Many members of the Commission on Cyber Security for the 44th Presidency “felt that leaving any cyber function at DHS would doom that function to failure,” according to its recently-released 96-page report.” Security expert Bill Brenner of CIO.com
ISR News: Our Biggest Threat in 2009?
Excerpt from CIO.com’s By Dr. Larry Ponemon:
“The selection of cyber crime as the mega trend most likely to be a high or very high risk in the next 12 to 24 months can be partly based on the fact that 92 percent of respondents in our study reported that their companies have had a cyber attack. The biggest security risk associated with cyber crime is that such an attack will cause a business interruption followed by the theft of customer and employee data.”
ISR News: Joe Knows Too Much
Excerpt from InfoWorld’s ‘Anonymous’:
“At some point later that evening, he logged in and set all the modems in the POP to autodial 911 repeatedly. None of our customers could use the broadband service, but even worse, Joe effectively throttled the local 911 lines for many hours.”
ISR News: Data Exposure: Who Pays?
Excerpt from WGHP FOX-8:
“Employees at the University of North Carolina at Greensboro were notified Monday of a security breach of a computer that contained personal information used to process the school’s payroll.”
