MENTIS

Week of December 30, 2016

MENTIS
news

Week of December 30, 2016

Mandating Encryption Backdoors Will Make Everything Worse*:

  • More entities involved in government work are coming out in support of encryption.
  • Many governments are still periodically entertaining backdoor legislation.
  • The European Union for Network and Information Security (ENISA) released a report on encryption and finds it to be essential for everyone’s security.
  • Mandating backdoors will hurt the countries where they're implemented, sending customers in search of secure computer equipment and services elsewhere.
  • Beyond that, all backdoors can be exploited – both by criminals and by government agencies, which may collect more information than they’re legally allowed to.
  • Ultimately, ENISA concludes that tech advancements do pose legitimate challenges to law enforcement/national security efforts, but backdoors are not the way to solve the problem.

*Source: Techdirt, December 21, 2016

 


Accused Hackers Make Millions off Insider Trading Info*:

  • The US district attorney charged three Chinese citizens for hacking two law firms and making more than $4 million from the information they allegedly stole.
  • The three had targeted seven law firms in New York that specialized in mergers and acquisitions and successfully breached two unnamed firms to siphon off insider trading scoops.
  • The hackers were able to buy shares for cheap before anyone else knew how much they would shoot up in value from the acquisition.
  • The malware helped the three men allegedly steal about 2.8 GB of insider trading information.
  • The three are also accused of hacking into rival robotics companies and stealing confidential designs from their email servers between April 2014 and late 2015.

*Source: CNET, December 28, 2016

 


Russian Election Related Hacking Details Declassified*:

  • The Obama administration has announced sanctions against Russia - including the expulsion of 35 intelligence operatives - as punishment for cyber-attacks that interfered with the U.S. presidential election.
  • The administration has declassified technical information on Russian intelligence services’ malicious cyber activities to help network defenders identify and disrupt Russia’s campaign of mischievous cyber actions.
  • President elect Donald Trump said he’ll meet with intelligence community leaders about the breaches.
  • In the past months, Trump had said he didn't believe the U.S. intelligence community's analysis that the Russians were behind the cyber-attacks.
  • In addition to the sanctions against the Russians, the Department of Homeland Security and FBI plan released a joint analysis report that includes information on computers Russian intelligence services have co-opted without the knowledge of their owners.
  • The Russians used those computers, located around the world, to launch cyber-attacks in ways that made it difficult to trace them back to Russia.
  • The administration says it hopes network defenders will use this information to identify and block Russian malware.

*Source: Data Breach Today, December 30, 2016

 


Shoppers Willing to Punish Hacked Retailers*:

  • Retailer hacks like Target and Home Depot could prove disastrous for stores as a recent consumer survey found that many holiday shoppers would stop shopping at any retailer that suffered a similar attack.
  • A survey commissioned by Thales e-Security found that 20 percent of shoppers would simply stop shopping at any retailer that reported a breach.
  • The survey found consumers would be willing to institute a workaround in order to keep shopping at their favorite retailers, even if they had suffered a breach.
  • Fifty-five percent said they would keep shopping, but would avoid using payment cards by sticking to cash.
  • Most modern societies are moving to cashless based payments systems to simplify and improve the consumer experience.

*Source: SC Magazine, December 20, 2016

 


Estimating the Cost of a Data Breach*:

  • Quantifying the financial impact of a data breach before it occurs is like assuming you can win roulette using insider trading.
  • When estimating the monetary ramifications of a data breach, calculating the direct costs for resolution matters such as technical services and notifications is easier than predicting indirect expenditures such as customer retention and employee loss.
  • Those obscure indirect costs adversely impact business reputation and productivity.
  • The identifiers that can affect the total cost of a breach are:
    • Cause of the attack
    • Type of industry or sector
    • Total records lost
    • Current notification costs
    • Service costs, such as legal, communications, technical (forensics), credit monitoring and assessments
    • Insurance protection
  • The elements of an economic solution that can mitigate unforseen expenses of a breach are:
    • An incident response team
    • Employee training
    • Use of technologies for data loss prevention
    • Escalation processes for auditing purposes
    • Activities that preserve brand and control reuptation
  • The direct and known costs of data breaches shouldn’t be the sole determinant for quantifying your risk.

*Source: Info Security, December 28, 2016

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top