TweakTown NewsRefine News by Category:
Company executives have observed Target, JPMorgan Chase, Home Depot, Anthem, and other major companies suffer devastating data breaches - and understand they need stronger cybersecurity protocols - but actually deploying new methods has been rather slow.
Seventy eight percent of company tech executives have not been briefed regarding internal security strategies within the past 12 months, according to a Raytheon survey. In addition, 75 percent said cybersecurity is a necessary cost, but only 25 percent of survey respondents said security is a strategic priority.
"The Target hack was very interesting," said Jack Harrington, VP of cybersecurity and special missions of Raytheon, in a statement published by the Christian Science Monitor. "It raised awareness across the entire retail industry certainly," but demand for chief information security officer (CISO) positions wasn't' a priority. "That tells you they felt they didn't even need that position. They just didn't feel at risk."
Lenovo is facing tremendous backlash after the company confirmed it pre-installed adware on consumer products, and now more people want to learn about Superfish.
"The Superfish software does not present a security risk," said Adi Pinhas, co-founder and CEO of Superfish, in a statement to the San Jose Mercury News. "In no way does Superfish store personal data or share such data with anyone. In this case, it appears the third-party add-on introduced a potential vulnerability that we did not know about."
However, the company is maintaining its innocence in the matter, instead directing blame towards Komodia. Media publications were quick to point out that Superfish leads users to be assaulted by pop-ups and intrusive ads on websites they visit, trying to entice them to purchase from e-tailers.
It took several high-profile data breaches before the United States publicly discussed the need for improved cybersecurity protocols. Democrats and Republicans agree that something must be done, but security experts hope politics don't get in the way of necessary change.
However, cybersecurity efforts could receive bipartisan support from the Obama Administration and the Republican-led Congress - and politics hopefully won't get in the way.
"In order to improve cybersecurity, it is critical to facilitate the sharing of cyberattack information," said Sen. Ron Johnson (R-Wisc), in the GOP weekly address. "By sharing threat signatures, vulnerabilities and other indicators of network compromise, within and between the private sector and government, many cyberattacks can be prevented."
There were 1,500 global data breaches in 2014, with the number rising almost 50 percent year-over-year, according to the Gemalto Breach Level Index (BLI) report. Of the 1 billion total compromised records, almost 800 million of them belong to US companies - a frightening figure that cybersecurity experts believe will rise.
Companies remain unsure how to address these sometimes sophisticated cyberattacks, while consumers are frustrated that their personal information is seemingly up for grabs. Banks and credit card companies are becoming more proactive in identifying - and informing customers - of fraud, but it can still be a chaotic process.
"Not only are data breach numbers rising, but the breaches are becoming more severe," said Jason Hart, VP of cloud services, identity and data protection at Gemalto. "Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding."
Millions of Anthem customers are at risk from the Anthem data breach, including tens of millions of children impacted from the data breach. Personal information ranging from names, date of brith, Social Security numbers and health care ID numbers were stolen, and some children could be at risk for decades, according to cybersecurity experts.
Information on children is tied to their parents, so attacks against adult account holders are expected to accelerate in the future as well. However, personal information of children is especially lucrative to criminals, as the data hasn't been tied to a credit file - so the government and credit reporting agencies aren't expecting fraud-related activities.
"Every terrible outcome that can occur as the result of an identity theft will happen to the children who were on that database," said Adam Levin, chairman and founder of IDentityTheft911, in a statement published by NBC News. "Criminals will use those stolen Social Security numbers to open accounts, get medical treatment, commit tax fraud, you name it."
The National Security Agency (NSA) believes North Korea is behind the Sony Pictures attack because of software used to breach the company. SPE was targeted in November by a group calling itself the "Guardians of Peace," with emails, employee personal information, movies, and other data stolen - and posted online.
"We ultimately ended up generating the signatures to recognize the activity used against Sony," said NSA Director Admiral Michael Rogers, in a statement during a security conference in Canada. "From the time the malware left North Korea to the time it got to Sony's headquarters in California, it crossed four different commanders' lines or areas in the US construct."
Cyberattacks are causing confusion for government agents, unexpectedly spending more time investigating breaches against private sector companies - as attacks mount against critical infrastructure and government agencies.
The US Department of Homeland Security (DHS) recommended Lenovo customers remove the Superfish adware from their computers and laptops. The Chinese electronics company installed the software on machines beginning in 2010 until January 2015, and Lenovo is no longer installing it on consumer products.
Despite Lenovo saying there were no cybersecurity issues, the National Cyber Awareness System said customers are vulnerable to SSL spoofing attacks. "Systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken," the DHS said in a statement published by Reuters.
"We should have known about this sooner," said Brion Tingler, Lenovo spokesman, in a statement to Reuters. "And if we could go back, we never would have installed this software on our machines. But we can't, so we are dealing with this head on."
Lenovo is under fire by cybersecurity experts and consumers over the discovery of Superfish adware installed on PCs and laptops. The company confirmed the software is no longer being installed on any Lenovo devices, and it was never installed on ThinkPad desktops, notebooks, tablets, smartphones or servers.
Lenovo shut down server connections that activate the controversial software in January, after customer complaints. Even though Lenovo said there were no security risks, cybersecurity experts noted that Superfish issued certificates for every secure Web page - and no protocols were in place that would have stopped the software from picking up confidential information, including passwords and credit card information.
"In reality, we had customer complaints about the software," the Lenovo statement reads. "We acted swiftly and decisively once these concerns began to be raised. We apologize for causing any concern to any users for any reason - and we are always trying to learn from experience and improve what we do and how we do it."
US State Department officials confirmed the agency temporarily shut down its unclassified email system because of hacker activity three months ago - and it looks like security experts still haven't been able to boot the unwelcome guests from its network.
It remains unknown where the attacks originated from, but specialists suggest it could be from Russia. No classified data has been accessed, but there is growing concern the hackers will be able to write false emails, delete emails and find a way to access classified networks.
"We have robust security to protect our systems and our information, and we deal successfully with thousands of attacks every day," said Marie Harf, State Department spokeswoman, in a statement to Bloomberg. "We take any possible cyber intrusion very seriously."
Google doesn't like the idea of the FBI being able to easily access Internet-connected devices owned by consumers, with the company sending a 14-page letter to officials.
"Law-abiding citizens who were the target of an unconstitutional search but are not charged with a crime will almost certainly never learn of the search and therefore will not be able to challenge the search," said Richard Salgado, director of information security and law enforcement for Google, in a letter to the US government.
Not surprisingly, the federal government thinks it needs access to user data to bust criminals and for better national security: