Scottrade, a well known investment company has recently announced a massive data security breach which could possibly affect about 4.6 million customers of the company. Unfortunately, the announcement came years after the actual breach, with Scottrade only learning about the problem after federal law enforcement officials alerted the company to the incident. As recent data breaches have shown us, this is not uncommon: average time to detect incidents is as much as 188 days!
Artist crowdfunding service Patreon has become the latest victim of a data breach. The breach has lead to theft and leaking of user data online. Patreon CEO and co-founder Jack Conte said a database containing user information had been compromised, leading to unauthorized access to data including registered names, email addresses, posts, and some shipping addresses in addition to a number of billing addresses stored prior to 2014. The breach occurred on September 28 by way of a debug version of the Patreon website which was publicly available.
UCLA Health recently announced that it was hit by a cyber-attack that may have put some personal information at risk. The damage was extensive: 4.5 million people’s PII has been exposed including names, addresses, birthdates, social security numbers, medical record numbers, Medicare or health plan ID numbers and personal medical information.
Yesterday three very large and prominent fortune 50 companies, NYSE, United Airlines and the Wall Street journal all reported “technical glitches” that resulted in impacts to normal business operations… At what cost?
This is a prime example of something we deal with all the time: human error. There is “no evidence” of malicious intent – so these are not targeted attacks at these companies, but in fact just “glitches.” A large portion of cyber security problems stem from non-malicious activity. They may simply start from a seemly harmless technology device that wasn’t upgraded appropriately, didn’t have its settings checked for vulnerabilities or still had the default password. These IT snafu’s aren’t uncommon, in fact we see these and many others at smaller clients all the time.
In the case of these companies, their IT divisions probably consist of hundreds of employees as well as internal or external contractors all across the world. I’m sure that as diligent as IT auditors are, there could be situations where a process or the technology supporting it isn’t deemed “high risk”… until you have situations like today.
As for responding to incidents: I’m sure the companies’ computer incident response plans have kicked in, and they each have contingencies to communicate and make their customers aware of the latest updates… at least we hope. As for the smaller organizations that use, rely or even depend on United, NYSE or the WSJ – I hope their contingency plans kicked in…
It takes companies an average of six months to find out they’ve had a data breach according to a new survey conducted by the Ponemon Institute. The survey examined 844 companies across the world in both the financial and healthcare sectors.
Once a data breach occurs, it takes an average of 98 days for financial service companies to detect the intrusion to their networks and 197 days in the healthcare industry. These long delay periods are known as the “dwell” time period. Every minute of dwell time increases the number of records compromised, data lost and cost of the breach.
To reduce the costs associated with breaches, companies are starting to integrate information security into every aspect of their business. One of the best ways to do this is to start investing in SecurITy practices and tools. Among the financial firms surveyed, 71% view monitoring technology as the most promising method of stopping or minimizing the threat of a breach. As a result, 45% of those surveyed have started implementing incident response procedures. That’s why we keep it simple with SecurITy: to help you assess, respond to and monitor the threats in your business.
Stop spending your time worrying about what you don’t know and let us arm you with the tools, processes and procedures to help you handle whatever comes your way. We can help! Get in touch.
Cyber security affects both large and small businesses alike. According to the 2015 Small Business & Cyber Security survey, 31% of small businesses in the United States have experienced a cyber-attack or attempted cyber-attack.
The Simda Botnet is targeting Microsoft computers with unpatched software. A botnet is a group of computers that have been infected with malware which allows them to be controlled by the attacker without the owner’s knowledge. This particular botnet has grown to 770,000 computers worldwide. Find out it if you're infected below.
If your business hosts a DNS (Domain Name Service) server, you may be at risk for attackers remotely connecting to your DNS server and gaining vital knowledge on your internal network structure, making attacks easier and more likely to occur. If not properly configured, your DNS server will respond to an attackers request for information about your internal network.
A technical alert to Microsoft users about AAEH malware has been released by the US Department of Homeland Security in a joint effort with Europol, the FBI and the Department of Justice.
Apple released new security updates for OS X, iOS, Safari and Apple TV in an effort to address several potentially hazardous vulnerabilities which could allow an attacker to gain control of the affected system. To keep OS X and Safari up to date, follow the instructions an Apple’s website. For iPhones, iPads and Apple TVs go to settings and run updates from the “General” section.