TweakTown NewsRefine News by Category:
Companies and enterprises are seeing the negative impact of cybersecurity issues, such as data breaches can cause, but aren't using information protection strategies to help combat the problem, according to a recent survey published by CSO Magazine and PwC.
Three out of four companies experienced some type of security problem in the past year, with an average of 135 incidents per company. To make matters worse, improving cybersecurity still isn't company priority when compared to other day-to-day business activities.
"While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organizations' cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries," according to the survey.
New York City has a new financial cybercrimes task force with the Federal Bureau of Investigation (FBI) teaming up with the New York City Police Department and Metropolitan Transportation (MTA) authority. The three agencies will share threat assessment data and study cyberattacks in which money and funds have been compromised.
The FBI has become active in partnering with local agencies across the United States, as part of its Next Generation Cyber Initiative - understanding that cyberattacks continue to expand and evolve at a rapid pace.
"The task force model that has been successfully employed in response to bank robbery and terrorism cases is now being applied to the cyber realm," said George Venizelos, FBI Assistant Director, in a statement. "The FBI continues to develop positive working relationships with our fellow law enforcement officers in our joint efforts to tackle criminal activity, and we look forward to working with our partners at the NYPD and MTA to combat cybercrime."
Source code hosting service Code Spaces recently suffered a massive cyberattack that started with a distributed denial-of-service (DDoS) attack. The second phase of the attack occurred when a cybercriminal compromised the company's Amazon EC2 control panel, demanding a ransom from Code Spaces before the DDoS attack ended.
Code Spaces were unable to access company private keys, and the Amazon EC2 password was changed, but the hacker was still able to begin deleting artifacts from the control panel. Trying to restore the service back to normal will be too expensive and cumbersome, so Code Spaces folded up shop.
"Code Spaces will not be able to operate beyond this point... the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility."
Businesses struggle to keep their data secure, but find it even harder to deal with data breaches once they already happen. Companies that try to bury their heads in the sand and keep breaches secret could be harming themselves more than anything else, and should be more transparent.
Some companies try hiding data breaches or only confirm the news after security incident details are released. That can lead to major problems from shareholders, customers, and law enforcement officials.
"It's brought it to a point now where businesses have to pay attention," said Al Pascual, Javelin Strategy & Research senior analyst, in an interview with journalists. "Before, it was more of a concern for folks in the back office. They may have had some minor concerns about regulators or government officials, but now they have to worry about being punished by their shareholders, being punished by consumers who are pretty likely not to come back or to reduce their patronage."
Medical company Medtronic said it was breached by cyberattacks in separate incidents last year, with some patient records compromised. A number of medical records in the diabetes business unit was taken, but the company didn't disclose how many patients were affected, or what information was at risk.
Medtronic is the biggest standalone medical device maker in the world, and is a significant problem that rivals should pay attention to.
"Medtronic, along with two other large medical device manufacturers, discovered an unauthorized intrusion to our systems that was believed to originate from hackers in Asia," Medtronic confirmed in a filing to the Securities and Exchange Commission (SEC).
The Record Industry Association of America (RIAA) has been busy submitting reporting pirate links for removal on Google, recently topping its 50 millionth URL. The RIAA and music studios report millions of links each month - most of them directed to Google - with the filestube.com search engine receiving two million requests alone.
Google acts quickly to remove infringing links from the massive search engine's index, but the RIAA has voiced numerous complaints about the process. It's a difficult battle to deal with for the RIAA, because foreign websites ignore takedown notices, or slightly alter the URL and go back online immediately.
Just a few months ago, the RIAA take down requests number sat at 10 million, with the trade group always scanning for online music piracy locations.
The Motion Picture Association of America (MPAA), the leading movie copyright group in the United States, wants to invest $20,000 in research towards an "unbiased" report focused on online piracy. Following past published reports that claimed piracy harms sales, there was a public backlash that the trade group reportedly wasn't expecting.
"We want to enlist the help of academics from around the world to provide new insight on a range of issues facing the content industry in the digital age," said Chris Dodd, former U.S. Senator and MPAA CEO, in a statement. "We need more and better research regarding the evolving role of copyright in society. The academic community can provide unbiased observations, data analysis, historical context and important revelations about how these changes are impacting the film industry and other IP-reliant sectors."
It's refreshing to hear the MPAA wants to better analyze the current state of online piracy - a shift in strategy, when just a few years ago the MPAA was hesitant to embrace online solutions. However, past efforts to crack down on piracy only led to confusing legal legislation and ineffective, costly strategies.
Former NSA contractor Edward Snowden rejected a request from German officials to sit down and discuss NSA spying activity targeting Germany. The U.S. government reportedly spied on German Chancellor Angela Merkel and several German intelligence agency officials, and former cabinet members, Snowden revealed.
"The [parliamentary] investigation committee must respect Edward Snowden's decision not to make himself available as a witness, even for an informal meeting," Roderich Kiesewetter, committee lawmaker on an eight-member investigation committee, told the media. "It's surprising that Mr. Snowden doesn't want to respond to the investigation committee's questions in detail, but rather just sees his role as one of an expert with specialist knowledge."
It seemed unlikely that Snowden would agree to an in-person meeting, but German officials still hope to chat with him via telephone or video conference.
Mobile app Yo, which only allows members to say "Yo" to one another, was recently hacked, company officials confirmed. Even if users try to delete the app from their devices, user personal information is now located on the company's databases.
"Some of the issues have been fixed and we are still working on the others," said Or Arbel, Yo founder, in a statement. "I cannot reveal any information about the hacks to prevent misuse of this information. We brought in a specialist security team to deal with the issues, and we are taking this very seriously."
Students from Georgia Tech reportedly contacted Arbel about the breach, and received a phone call in return. The students claim they can snag phone numbers and spoof Yo's from other users, along with spamming other users. Other people have reported rather lax security protocols by the mobile app, and that should now be improved by the company.
The addition of the "Activation Lock" on Apple iPhone smartphones, starting with iOS 7 last year, has led to a drop in iPhone thefts and robberies, according to police reports. San Francisco police authorities saw a 38 percent drop in iPhone robberies, while London saw a 24 percent drop, police said.
"The introduction of kill switches has clearly had an effect on the conduct of smartphone thieves," said Eric Schneiderman, New York Attorney General, in an interview with the New York Times. "If these can be canceled like the equivalent of canceling a credit card, these are going to be the equivalent of stealing a paperweight."
A new survey from Lookout found that one in 10 smartphone owners have had devices stolen, and some of the thefts are violent robberies. Smartphone theft has led to a flurry of laws created to force mandatory kill switches, however, manufacturers and wireless carriers were initially hesitant. They gave in due to rising political pressure, able to work with lawmakers and police authorities.