British Airways Faces Landmark $230 Million Data-Theft Fine*:

 

  • The U.K. plans to fine British Airways 183.4 million pounds ($230 million) over computer attacks that exposed customer data

 

  • This marks the first major British application of far-reaching European Union rules requiring companies to tighten anti-hacking measures.

 

  • The proposed penalty relates to data theft affecting about 500,000 customers between June and September last year.

 

  • BA parent IAG SA said the fine amounts to 1.5% of the airline’s 2017 revenue.

 

  • The ICO said the hack involved BA’s website traffic being diverted to a fraudulent site through which customer details were harvested.

 

  • IAG shares fell 1.5% to 449.9 pence at 12:13 p.m. in London.

 

  • “We are surprised and disappointed in this initial finding from the ICO,” British Airways Chief Executive Officer Alex Cruz said in the statement.

 

  • “We were expecting the ICO to hand down some pretty hefty fines to coincide with the first GDPR anniversary and it has now started to do so,” Patrick Wheeler, a lawyer at law firm Collyer Bristow, said in a statement.

 

  • He also added that, the fine imposed on British Airways may be the first, but it will not be the last: several large commercial and public sector entities will all be in the ICO’s spotlight.

 

*Source: Bloomberg, July 8, 2019

 

Internet of Things: Counting the Cost of Cyberattacks*:

 

  • According to IHS Markit, by 2025, it’s estimated that 73 billion IoT devices will be connected globally.

 

  • The United States is ranked one of the earliest adopters of the IoT, with 69 percent of American households owning a connected device.

 

  • Yet, IoT is still in its infancy, and manufacturers have been neglecting to build in security measures at the point of design.

 

  • As various industries become increasingly connected, this is where we could see an extremely costly impact of IoT-focused cyberattacks, if security is not prioritized.

 

  • The key issue is that many of the industries experiencing a connectivity boom never expected the IoT to apply to them.

 

  • This isn’t to say that organizations aren’t doing their part to implement cybersecurity technology and strategies.

 

  • However, without proper steps being taken the consequences could be extremely severe, a point which was outlined by the results of the “Irdeto Global Connected Industries Cybersecurity Survey”, which revealed that cyberattacks targeted at IoT devices could cost the U.S. economy a staggering $8.8 billion per year.

 

  • It’s clear therefore that, if not addressed, a lack of IoT security could pose a serious financial threat to the wider U.S. economy.

 

  • While these findings may paint a gloomy picture of IoT security, the research also suggests that the previous mindset of security as an afterthought is changing and organizations are beginning to think more strategically about security.

 

  • Of the security decision makers surveyed in the U.S., 99 percent agreed that a security solution should be an enabler of new business models, not just a cost – an indication that today’s businesses do realize the value add that security can bring to their organization.

*Source: ibtimes, July 07, 2019

 

Insulin Pumps Recalled by FDA For Cybersecurity Risks*

 

  • The U.S. Food and Drug Administration (FDA) is warning patients and healthcare providers that some insulin pumps carry cybersecurity risks.

 

  • In an alert published on June 27, 2019, the FDA said that certain Medtronic MiniMed™ insulin pumps carry potential cybersecurity risks and that patients with diabetes using these models should switch their insulin pump to other models.

 

  • According to the FDA website, Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks.

 

  • It allowed a person to change a pump’s settings to either “over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” Both are life-threatening.

 

  • Medtronic was founded in 1949 as a medical equipment repair shop, which eventually went on to create a wearable, battery-powered cardiac pacemaker.

 

  • This recall follows a report from Siemplify that found that healthcare companies lacked maturity when it came to cybersecurity.

 

  • The report was based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs).

 

 

*Source: infosecurity-magazine, July 01, 2019

 

 

How to Protect Your Digital Privacy*

 

  • In the past decade, data breaches and password leaks have struck companies such as Equifax, Facebook, Home Depot, Marriott, Target, Yahoo, and countless others. 

 

  • Want to know which of your accounts have been compromised? Search for your email address on Have I Been Pwned? to cross-reference your email address with hundreds of data breaches.

 

  • You can avoid this by using password manager such as LastPass and enabling two factor authentications to access your account.

 

  • Companies and websites track everything you do online. Every ad, social network button, and website collects information about your location, browsing habits, and more.

 

  • The data collected reveals more about you than you might expect. This is part of how targeted ads remain one of the Internet’s most unsettling innovations.

 

  • A browser extension like uBlock Origin blocks ads and the data they collect. The uBlock Origin extension also prevents malware from running in your browser and gives you an easy way to turn the ad blocking off when you want to support sites you know are secure.

 

  • Combine uBlock with Privacy Badger, which blocks trackers, and ads won’t follow you around as much.

 

  • Simple opt Out has direct links to opt-out instructions for major sites like Netflix, Reddit, and more.

 

  • Viruses might not seem as common as they were a decade ago, but they still exist. Malicious software on your computer can wreak all kinds of havoc, from annoying pop-ups to covert bitcoin mining to scanning for personal information.

 

  • If your computer runs Windows 10, you should use Microsoft’s built-in software, Windows Defender. Windows Defender offers plenty of security for most people, and it’s the main antivirus option that Wire cutter recommends.

 

*Source: NYTimes, July 7, 2019

 

Econ Survey: Anonymized data should be treated as ‘public good’*

 

  • The Economic Survey 2018-2019 has said that data must be treated as a public good, which can be used for social welfare and can also be monetized to ‘ease pressure on government finances.

 

  • But it also cautioned that privacy implications of the anonymized information need to be factored in.

 

  • Data, ‘of the people, by the people and for the people’ must therefore become the mantra of the government,” India’s chief economic advisor Krishnamurthy V. Subramanian highlighted in the Survey.

 

  • In its 20-page document dedicated to data generated by Indian users, the Survey touched upon the need for storing, using and disseminating it for public and private use.

 

  • Subramanian said that government intervention was needed in harnessing data in social sectors such as education and healthcare where private investment remains inadequate.

 

  • “The social sectors of the economy, such as education and healthcare, have lagged the commercial sectors in exploiting data. Because the private sector cannot internalize the social benefits of data in these sectors, the market for data in these sectors has so far not developed,” the Survey said.

 

  • The Survey underlined the requirement of creating a centralized system for putting data from different government sources together, which will hold far greater value as a collective than information in silos.

 

  • “People can always opt out of divulging data to the government, where possible,” the Survey stressed.

 

  • The CEA further said that the data collected digitally would be worthless if government officials working on it lack the analytical skills to make use of it in real time.

*Source: Economic times, July 05, 2019