Blog Posts: Information Security
In data-breach class-action lawsuits, plaintiffs' biggest problem often is convincing the court that the unauthorized disclosure of their personal information caused some type of injury. Often they cannot and this leads the court to dismiss their case on the ground that plaintiffs lack standing to sue.
A recent study by ThreatTrack Security found malware analysts are better equipped to protect against cyber-attacks but continue to face internal challenges to network defense. Additionally, many organizations are not disclosing data breaches to the customers, partners and others who entrusted their data to them.
For the second consecutive year, survey results show that companies are ignoring the risks to company data posed by employee use of mobile devices. Coalfire, an independent information technology governance, risk and compliance firm, surveyed individuals in a cross-section of industries across North America; survey participants did not work in their company's IT departments. The survey responses indicate that companies are not educating employees on the necessary security measures for mobile devices in connection with work-related activities.
Most U.S. organizations know that state and federal laws require them to protect personal data stored on employees' personal mobile devices (also known as "BYODs"), but few do anything about it, according to "The Risk of Regulated Data on Mobile Devices & in the Cloud," a June 2013 Ponemon Institute survey.
A recent study by the Ponemon Institute revealed glaring weaknesses in the data-security practices of many U.S. companies. The participants — consisting of 471 privacy and compliance professionals — each answered a series of questions about their company’s preparedness for a data breach. The responses led to some shocking results, among which was a lack of security protocols for mobile devices. Approximately 58% of respondents either admitted that devices were not tested before connecting to company networks or were unsure if this was a requirement, even though 78% indicated that their employer permits personal mobile devices in the workplace.
According to a recent study published by the Ponemon Institute, combating insider fraud and the growing threat it poses to intellectual property and corporate security should be a higher priority for employers. "Insider fraud" includes malicious or criminal attacks on business or governmental organizations — by employees and contractors — that result in the theft of financial or information assets. Even employees' casual misuse or mishandling of data may have severe consequences for companies.
A United States security firm, Mandiant Corp., recently released a report linking China’s military to a hacking ring that stole massive amounts of information from roughly 141 U.S. and foreign entities, including military contractors, government agencies, law firms and corporations. Mandiant traced the attacks to a building in Shanghai run by a Chinese military unit, but China has vehemently denied the report’s findings.
Technology increases efficiency and productivity by allowing instant access and transfer of electronic data. And yet, unlike its physical counterpart, electronic data is vulnerable to attack from anywhere in the world. As the use of social media, cloud computing and mobile-device technology increases, so does the level of related security threats. Consequently, businesses are constantly threatened with cybercrime, privacy breaches, theft of intellectual property and business interruption, all of which compromise competitiveness and productivity.
A recent survey conducted by the National Cyber Security Alliance and Symantec, a computer security software provider, reveals that many small and medium-size businesses (SMBs) in the U.S. are inadequately prepared to deal with threats to cyber security. Out of 1,015 SMBs surveyed, 77% of owners believed cyber threats posed no risk to their company, while 83% did not have a formal plan in place to address such threats. Furthermore, 59% of SMBs did not have a contingency plan in place to deal with data loss from a cyber attack.
The Department of Justice recently announced that two Romanian hackers pleaded guilty to conspiracy charges for stealing credit, debit and payment-account data from hundreds of U.S. merchants’ computer systems. The scheme compromised the security of 146,000 payment cards and caused losses greater than $10 million.