I’m delighted that Adam Shostack has posted a critique of a study that is often cited as support for the claim that data breaches cause brand harm: Ponemon’s US Cost of Data Breach Study. As background, some of us have been discussing on Twitter, blogging, and otherwise debating whether data breaches do, in fact, cause…
Category: Commentaries and Analyses
Trustwave 2011 Global Security Report Reveals Shift in Cybercrime
Missed apress release from Trustwave last week, but worth noting: Today Trustwave unveiled its 2011 Global Security Report, which reveals the target of attacks has shifted from traditional infrastructure to mobile users and endpoint devices. This trend combined with the popularity of mobile devices and social media is providing the perfect recipe for cybercriminals looking…
NZ: Telecom’s customer data open to ex staff
Susie Nordqvist and Hamish Fletcher report: Former employees have questioned Telecom’s security policies and one can still look up customer details despite having left his job two months ago. Andrew Rozen, who worked in a customer service role from March to November last year, checked if he could access Telecom’s Wireline database after accusations of…
Sites go offline to patch security following media coverage of data for sale
Robert McMillan reports: If you’re a criminal looking for full control of the Web used by the U.S. Army’s Communications-Electronics Command (CECOM), you can get it for just under US$500. At least that’s what one hacker is offering in underground forums. Security vendor Imperva found the black market sales pitch Thursday and posted details of…
Criminal finance database security worries peers
Alex Stevenson reports: A database monitoring 1.5 million suspicious criminal transactions may be insecure, a committee of peers has warned. The House of Lords’ EU committee backed the view of the information commissioner that access to the Serious Organised Crime Agency’s Elmer database may be too wide. The database is Soca’s main tool in identifying…
Does a data breach hurt your brand?
Over on The New School of Information Security, Adam has a post that those of us who report on breaches or comment on the impact of breaches need to read, and I do encourage everyone to watch the video and read his entry. The bottom line of his post is that security breaches do not…