Thanks to partisan politics and intensive industry lobbying, we have no strong federal breach notification law. This, of course, is not news to my readers. But in light of (1) Congress’s current interest in cybersecurity and sharing of information, (2) the fact that up to 40% of breaches are first detected by members of the…
Category: Commentaries and Analyses
Should the penalty be for the data breach or for aiding and abetting fraud?
Philip Virgo writes: I have just had interesting feed back from a number of CISOs on my posting on the EU data Protection Directive. Some are still stuck in the past, adding yet more electronic nappies to cope with severe cases of data diarrhoea. Others are seeking to make the transition to a future where attack is…
What can we learn from a statistic that 1 in 4 recipients of breach notification letters become victims of ID fraud?
I haven’t read the new Javelin Strategy & Research report because it’s pricey, but their press release on it contains some of its key findings. Of note: … nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging. If 1 in…
GAO Report: Americans’ Information Not Adequately Protected by Census Bureau
Kevin Glass reports: The Government Accountability Office released a report this week with a scary conclusion: The Census Bureau, tasked with collecting personal information on every single American, has not adequately protected this data. Specifically, the GAO found, the Census Bureau is not fully prepared in cybersecurity, making Americans’ information vulnerable to hackers. Read more on TownHall.com.
Trustwave: Detection of intrusions can sometimes take two years
Dan Raywood has a piece in SC Magazine about how long it takes to detect breaches: Companies are still failing to detect data breaches and hacking incidents, with outsiders getting access and sitting on the corporate network for up to two years in some cases. According to the Trustwave 2013 global security report, organisations fail…
Looking back at 2012 Data Breaches: RBS and OSF release QuickView report
Risk Based Security and the Open Security Foundation released a report this morning, Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012. The report summarizes some of the major statistics for 2012, based on analysis of the incidents compiled in OSF’s DataLossDB. As most readers know by now, I am involved in…