Week of May 5, 2017


Week of May 5, 2017

Financial Services Sector the #1 Target of Cybercriminals*:

  • A new report finds the most frequently targeted industry in 2016 was financial services – where attacks increased 29% year-over-year.
  • More attackers are launching attacks on financial services institutions, which saw an increase in breached records, vulnerability disclosures, and DDoS attacks in 2016.
  • Healthcare and retail targets can be profitable, but attackers targeting financial services are going straight to the source of the money.
  • In 2016, financial services companies saw the number of compromised records skyrocket 937% to exceed 200 million.
  • More than half (53%) of insider attacks come from are "inadvertent actors" compromised via phishing attacks, or internal attacks from another networked system.
  • Denial-of-service attacks and Web attacks are other top concerns; some businesses can afford to have their website go down for a day, but financial services organizations cannot.
  • Financial services companies are advised to evaluate their cybersecurity “immune system” to find their weaknesses and are encouraged to ensure everyone only has access to information they really need.
  • Businesses should also implement multi-factor authentication for all web applications.
  • Employee training is also key – they should be taught to identify suspicious emails.

*Source: Dark Reading, May 01, 2017


Unsuspecting Iowans Fall Into Cyber-Attack Web*:

  • Instances in which Iowans’ identities were stolen jumped a whopping 30 percent in one year, from a rate of 56 people for every 100,000 Iowans in 2014 to 73 a year later.
  • Thefts via the digital world – most of it happens on the internet – are on the rise as the crime evolves with technology.
  • Once inside a computer’s network, hackers can view documents and confidential data and use them for their own greed.
  • The rate of thefts per 100,000 people is a standard that considers the population for jurisdictions reporting crime data.
  • In 2015, Iowa recorded 2,214 total impersonation reports and it recorded 1,371 impersonations in 2011.
  • The vast majority of victims were individuals, but others were businesses, financial institutions, or governments.
  • Regaining your own personal information is difficult, and can mean getting new credit cards or even a new Social Security number and changing banking information.
  • The problem leaves banks and businesses with plenty of work to do, setting up firewalls and tests that consumers must pass to get into their systems.
  • Iowa lawmakers face a challenge when trying to legislate over crime in the internet’s virtual world the same way they legislate over other crime, and bringing online identity thieves to justice is complicated.

*Source: The Gazette, April 30, 2017


Two-Factor Security is so Broken, Now Hackers Can Drain Bank Accounts*:

  • Criminals have exploited a known flaw in how calls and text messages travel around the world to redirect a two-factor code for a person’s bank account.
  • We’ve known for years that a key protocol that allows global cellular networks to communicate with each other had vulnerabilities (one known as Signaling System 7) – and nobody really took it that seriously.
  • Now, financially driven hackers are using the weakness to intercept text messages that deliver two-factor codes to bank customers to break in and empty their bank accounts.
  • The attackers would try to get into a person's bank account and armed with their username and password (possibly from a previous breach).
  • When a code is sent to a trusted device for two-factor authentication, the attackers intercept the call or text using equipment that costs around $1,000; then the attackers can use the code to get full access to the bank account and send money to any other account they want.
  • Any text message based two-factor authentication might be at risk – social networking accounts, banking logins, and email accounts, to name a few.
  • Nobody has fixed the vulnerabilities, likely because of the thought-to-be low risk for consumers versus a high cost and difficulty to fix, but that may have to change.

*Source: ZDnet, May 04, 2017


One-Third of Federal Agencies Reported Data Breaches in 2016*:

  • One-third of federal government agencies reported experiencing a data breach in the last year, and 65% have experienced one in the past.
  • Nearly all (96%) respondents consider themselves "vulnerable" to data breaches; about half (48%) state they are "very" or "extremely" vulnerable.
  • Researchers found 61% of US federal respondents are increasing their security spend this year, which is an increase from last year's 58%, but still lower than healthcare (81%), retail (77%), and financial services (78%) industries.
  • Federal respondents claim their data insecurity is primarily due to budget constraints and lack of staff.

*Source: Dark Reading, May 01, 2017


Leaked Documents Reveal How the Government Will Demand Your Data Under the Snooper's Charter*:

  • Swiftly after the UK’s surveillance laws came into force at the end of last year, a legal challenge was launched by privacy campaigners to challenge bulk data collection allowed under the law.
  • The government's expansion of the Investigatory Powers Act is now continuing with a series of proposals for communications firms that would allow for almost real-time surveillance and the removal of encryption.
  • Draft technical regulations say telecom companies will have to provide “communications and secondary data” about a person “in near real time, “ if a warrant is obtained for collection of information about an individual.
  • There is also the requirement that companies "provide and maintain" the ability to intercept communications from 1 in every 10,000 customers at once.
  • UK comms companies will also have to “remove electronic protection” and provide information in “intelligible form” when requested with a warrant, which effectively refers to end-to-end encryption.
  • The document containing the information is a draft, and has been provided to companies in the UK as part of a four-week consultation.

*Source: Wired, May 05, 2017


10 Cybercrime Myths that Could Cost You Millions*:

  • Cybercrime is all over the place, with damages, according to one estimate by Cybersecurity Ventures, expected to double from $3 trillion in 2015 to $6 trillion by 2021.
  • A criminal was supposedly able to pocket $121 million within just six months, netting $94 million after expenses in a prominent 2016 ransom attack.
  • Too often people believe in the following myths that prevent them from building effective countermeasures:
    • Only large enterprises need to worry.
    • Threats are completely overrated.
    • Bad guys are always outsiders.
    • Companies are prepared to combat cybercrime.
    • I’d sign up for an insurance policy if I could.
    • All of our PCs are equipped with antivirus and encryption.
    • We have great firewalls and network security.
    • Millennials are digital natives and more cautious.
    • Strong passwords solve the issue.
    • We’ll be fine if we hire a few more capable IT security gurus.

*Source: Dark Reading, April 29, 2017


Last Year's ICO Fines Would be 79 Times Higher Under GDPR*:

  • Fines from the Information Commissioner's Office (ICO) against Brit companies last year would have been £69m rather than £880,500 if the pending General Data Protection Regulation (GDPR) had been applied.
  • As things stand, the ICO can apply fines of up to £500,000 for contraventions of the Data Protection Act 1998.
  • Once GDPR comes into force in May 2018, there will be a two-tiered sanction regime – with lesser incidents subject to a maximum fine of either €10 million (£7.9 million) or 2 per cent of an organisation's global turnover (whichever is greater). The most serious violations could result in fines of up to €20 million or 4 per cent of turnover (whichever is greater).
  • Using the current maximum penalty as a guide, a model was created to determine what tier the fine would fall into and what a maximum post-GDPR fine would likely be for fines from 2015 and 2016.
  • Fines given to small and medium-sized enterprises could have been catastrophic – for example, Pharmacy2U’s fine of £130,000 would balloon to £4.4m, which is a significant proportion of its revenues and potentially enough to put it out of business.
  • Most organisations will have to fundamentally change the way they organise, manage and protect data.
  • Although the UK is leaving the European Union, compliance with the GDPR will still be mandatory for British firms that handle EU citizens’ data.

*Source: The Register, April 28, 2017


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top