Nicole Lindsey reports that a new report from NTT Security suggests that as many as 75 percent of all cyber security threats may be internal in nature. Only 25 percent of threats are from what the researchers deem to be “hostile” sources. Yes, that’s right, the “real” cyber threats for organizations today are insider threats,…
Category: Commentaries and Analyses
U.S. intel: Russia compromised seven states prior to 2016 election
Cynthia McFadden, William M. Arkin, Kevin Monahan, and Ken Dilanian report: The U.S. intelligence community developed substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed covert operatives prior to the 2016 election — but never told the states involved, according to multiple U.S. officials. Top-secret intelligence requested by…
No concrete injury? No standing – Ninth Circuit
Shades of Spokeo. The Court of Appeals for the Ninth Circuit affirmed the dismissal of Bassett v. ABM Parking over the display of a full credit card number on a parking lot receipt: The panel affirmed the district court’s dismissal due to lack of standing in a putative class action alleging a violation of the…
Arkansas Man Sentenced to Prison for Developing and Distributing Prolific Malware
February 23 – An Arkansas man was sentenced today to 33 months in prison for aiding and abetting computer intrusions by selling malicious software, or “malware,” to individuals who used the malware to steal sensitive information, surreptitiously activate webcams, and conduct other illegal intrusions. Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal…
Understanding Data Breaches as National Security Threats
Susan Landau writes: For decades the theft of private individuals’ data has been treated as an annoyance. Activist state attorneys general and the Federal Trade Commission have pursued cases, but U.S. laws fail to treat theft of personal data as a serious crime in itself. The indictment detailing Russian activity during the 2016 presidential campaign…
EDUCAUSE Challenges the US DOE’s Guidance on Data Breach Reporting
Kathleen Dion of Robinson & Cole writes: On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and…