Headline grabbing data breaches are such a fixture of our modern business environment that they’ve even spawned a knock-off market: phony data breaches designed to harm a company’s image by making it look as if the firm has lost control of critical data. That’s the conclusion of a research note from Deloitte, which warns that malicious actors are increasingly using false claims about massive data breaches to bedevil established firms – inflicting real economic and reputation damage.
Cyber incidents these days tend to follow a familiar pattern: law enforcement is contacted and will begin criminal investigations. Cyber forensic investigators are hired to piece together what happened and security consultants will analyze and remove the malware from any affected systems. Finally: customers who were affected are notified and – typically -offered free credit monitoring services. All of these services come at a cost, of course, as does the business disruption that results. Current cyber insurance policies are structured to recover some or most of those costs. Now companies – from the Fortune 10 on down – are looking to hedge their online risks with various kinds of business insurance. That demand, in turn, is fueling a rapid expansion of the cyber insurance industry that was little more than a niche offering five years ago. But insurance industry experts and corporate security professionals offer words of advice for companies that think they […]
The White House’s cyber security czar, Michael Daniel, said the Obama Administration is deeply concerned about the reported hack of systems belonging to banking giant JP Morgan Chase & Co. but sees the incident as part of a larger trend of attacks against U.S. critical infrastructure. Asked about the targeted attack against JP Morgan and other banks and financial institutions, Daniel said that the White House was concerned, but not surprised by the incident. “We have watched for several years the trend of malicious actors in cyber try to figure out how to target critical infrastructure,” he said. “Financial services is critical infrastructure.” The White House was concerned that a major U.S. bank would fall victim to hackers, but sees it in the context of a “broad trend,” rather than an isolated incident, he said. Speaking with Michael Farrell, the Cybersecurity Editor at Christian Science Monitor, Daniel hit on many of the now-common talking […]
In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]
Register now for our CISO Hangout with Jon Trull of Qualys, the former Chief Security Officer for the State of Colorado. Chief Information Security Officers (CISOs) are in the news a lot these days. The breaches at prominent corporations like Target, Home Depot and (this week) JP Morgan have solidified the consensus that the CISO is a necessary complement to the CIO. They’ve also shone a spotlight on what many consider to be the toughest job in corporate America. After all, successful cyber attacks and data breaches are the quickest path to a ruined corporate reputation. And a strong and capable CISO is increasingly seen as the best defense against such an unfortunate occurrence. (Target’s misfortune was the direct result, some argued, on its lack of a CISO.) With all that in the air, the time couldn’t be better to sit down with some of the top CISOs in industry and the public […]
