Katherine Gasztonyi writes: On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward. In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to…
Category: Commentaries and Analyses
Audit finds flaws remain in U. Maryland network security, even after data breach
Scott Dance reports: Nearly a year after a massive data breach at the University of Maryland, state auditors say the campus network is still vulnerable to hackers — in part because gaps they identified five years ago remain. While patching those holes would not have prevented the breach, auditors and university officials said Wednesday, some…
Widespread Employee Access to Sensitive Files Puts Critical Data at Risk – Survey
From the press release: Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent. As attention shifts from…
Report finds Colorado state computers vulnerable to hacker attack
Chris Halsne reports: A just-released audit finds that Colorado state computer systems are vulnerable to a cyber attack. The report mirrors the results of a year-long FOX31 Denver investigation. We found gaping holes in security, some of which exposed the Social Security and bank account numbers of state employees and contractors. Monday, the State Auditor`s Office blamed the…
A Breakdown and Analysis of the December, 2014 Sony Hack
Risk Based Security (RBS) has posted a chronology and detailed analysis of the data dumps to date in the Sony hack. This is a must-read article for journalists or those interested in the scope of data types involved.
Toward a Breach Canary for Data Brokers
It wouldn’t prevent breaches, but having data brokers incorporate dummy identities in databases (“canaries”) might make it easier to figure out when a data broker’s database has been compromised and when their stolen information goes up for sale on the underground, Brian Krebs writes. Getting Congress off the dime to do something about data brokers has…