Mandating Encryption Backdoors Will Make Everything Worse*:
- More entities involved in government work are coming out in support of encryption.
- Many governments are still periodically entertaining backdoor legislation.
- The European Union for Network and Information Security (ENISA) released a report on encryption and finds it to be essential for everyone’s security.
- Mandating backdoors will hurt the countries where they're implemented, sending customers in search of secure computer equipment and services elsewhere.
- Beyond that, all backdoors can be exploited – both by criminals and by government agencies, which may collect more information than they’re legally allowed to.
- Ultimately, ENISA concludes that tech advancements do pose legitimate challenges to law enforcement/national security efforts, but backdoors are not the way to solve the problem.
*Source: Techdirt, December 21, 2016
Accused Hackers Make Millions off Insider Trading Info*:
- The US district attorney charged three Chinese citizens for hacking two law firms and making more than $4 million from the information they allegedly stole.
- The three had targeted seven law firms in New York that specialized in mergers and acquisitions and successfully breached two unnamed firms to siphon off insider trading scoops.
- The hackers were able to buy shares for cheap before anyone else knew how much they would shoot up in value from the acquisition.
- The malware helped the three men allegedly steal about 2.8 GB of insider trading information.
- The three are also accused of hacking into rival robotics companies and stealing confidential designs from their email servers between April 2014 and late 2015.
*Source: CNET, December 28, 2016
Russian Election Related Hacking Details Declassified*:
- The Obama administration has announced sanctions against Russia - including the expulsion of 35 intelligence operatives - as punishment for cyber-attacks that interfered with the U.S. presidential election.
- The administration has declassified technical information on Russian intelligence services’ malicious cyber activities to help network defenders identify and disrupt Russia’s campaign of mischievous cyber actions.
- President elect Donald Trump said he’ll meet with intelligence community leaders about the breaches.
- In the past months, Trump had said he didn't believe the U.S. intelligence community's analysis that the Russians were behind the cyber-attacks.
- In addition to the sanctions against the Russians, the Department of Homeland Security and FBI plan released a joint analysis report that includes information on computers Russian intelligence services have co-opted without the knowledge of their owners.
- The Russians used those computers, located around the world, to launch cyber-attacks in ways that made it difficult to trace them back to Russia.
- The administration says it hopes network defenders will use this information to identify and block Russian malware.
*Source: Data Breach Today, December 30, 2016
Shoppers Willing to Punish Hacked Retailers*:
- Retailer hacks like Target and Home Depot could prove disastrous for stores as a recent consumer survey found that many holiday shoppers would stop shopping at any retailer that suffered a similar attack.
- A survey commissioned by Thales e-Security found that 20 percent of shoppers would simply stop shopping at any retailer that reported a breach.
- The survey found consumers would be willing to institute a workaround in order to keep shopping at their favorite retailers, even if they had suffered a breach.
- Fifty-five percent said they would keep shopping, but would avoid using payment cards by sticking to cash.
- Most modern societies are moving to cashless based payments systems to simplify and improve the consumer experience.
*Source: SC Magazine, December 20, 2016
Estimating the Cost of a Data Breach*:
- Quantifying the financial impact of a data breach before it occurs is like assuming you can win roulette using insider trading.
- When estimating the monetary ramifications of a data breach, calculating the direct costs for resolution matters such as technical services and notifications is easier than predicting indirect expenditures such as customer retention and employee loss.
- Those obscure indirect costs adversely impact business reputation and productivity.
- The identifiers that can affect the total cost of a breach are:
- Cause of the attack
- Type of industry or sector
- Total records lost
- Current notification costs
- Service costs, such as legal, communications, technical (forensics), credit monitoring and assessments
- Insurance protection
- The elements of an economic solution that can mitigate unforseen expenses of a breach are:
- An incident response team
- Employee training
- Use of technologies for data loss prevention
- Escalation processes for auditing purposes
- Activities that preserve brand and control reuptation
- The direct and known costs of data breaches shouldn’t be the sole determinant for quantifying your risk.
*Source: Info Security, December 28, 2016