John D. Sutter reports: Say goodbye to those wimpy, eight-letter passwords. The 12-character era of online security is upon us, according to a report published this week by the Georgia Institute of Technology. The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours. But when the researchers applied that…
Category: Commentaries and Analyses
Making Sense of Security Breach Cost Numbers
Larry Walsh writes: What is the most expensive security breach ever? Before you answer, read the rest of this blog (trust me, you’re probably wrong). According to a recent report by the Ponemon Institute, the mean corporate loss to IT security breaches last year was $3.8 million. During the four-week study period, participating companies reported…
Data breach demonstrates need for access control policies
Remember the breach reported a few weeks ago when a Freedom of Information request uncovered that a Canada Revenue Agency employee had been mining the database to identity high-wealth individuals that she might recruit as customers for her side business? The individuals whose data were accessed were never notified of the incident because the government…
Credit unions report merchants are biggest source of fraud attempts
David Morrison of Credit Union Times reports some of the key results in a Flash survey conducted by the National Association of Federal Credit Unions (NAFCU) concerning fraud rates and costs credit unions have experienced in the past few years: Credit union’s responding to NAFCU’s monthly Flash survey reported that merchants were the source of…
Yet Another Proposed Federal Data Security and Breach Notification Bill: Senators Rockefeller and Pryor Jump Into the Fray
Tanya Forsheit writes: Many of us have watched over the past few years as dozens of proposed federal data security and breach notification bills have been introduced, often with bipartisan support, but have failed to become law. This year has seen many of the usual proposals. For those of you keeping track, this year’s bills…
Most attacks on federal networks financially motivated
Jill R. Aitoro reports: Most malware attacks against federal agencies are financially motivated, seeking to trick computer users into buying fake security software or providing personal information that can be used to hack into their bank accounts. Although espionage and terrorism often are considered the primary motivations for breaking into government networks, 90 percent of…