Author Archives: James M. Paulino II

(C) Luka Azman

Data Breach “Sky Is Falling”

Much like Chicken Little, data breach vendors and pundits continue to decry that the data breach sky is falling!  But is it?  A group of researchers set out to answer this very question. “Neither size nor frequency of data breaches has increased over the past decade,” concludes a new statistical analysis by Benjamin Edwards, Steven Hofmeyr and Stephanie Forrest presented during the June 2015 Workshop on the Economics of Information Security in the Netherlands. Instead, the three argue, the increases that have attracted recent media…

Continue Reading....
computer crime

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with…

Continue Reading....
iStock_000018506151_Large

Military Retaliation in the Age of Cyber Warfare

The Obama administration has concluded that the recent Chinese cyberattack on the Office of Personnel Management rises above the level of traditional espionage, and that retaliation is the most suitable response to the theft of 20 million American’s personal information. Exactly what the retaliation may entail and when it will come, however, are open questions. Over the past year, United States government and military computer systems have been compromised by what many believe are foreign governments, including Russian attacks on the White House, State

Continue Reading....

Millions Exposed in Multiple Heath Data Breaches

This summer, millions of medical patients have learned that their personal information, including names, addresses, birthdates, Social Security numbers, Medicare or health plan ID numbers, and some medical information (conditions, medications, procedures and test results) may have been exposed as a result of two separate security breaches. California’s UCLA Health announced on July 21, 2015 that their information system has been attacked, possibly beginning in November 2014, and that the unencrypted medical information of over 4.5 million patients may have been accessed.  This latest breach…

Continue Reading....

New Federal Cybersecurity Legislation and Regulations Proposed in Washington DC

This week, new legislation and regulations have been proposed to address cybersecurity concerns in new automobiles and the nation’s Bulk Electric System. On Tuesday, Senators Edward J. Markey (MA) and Richard Blumenthal (CT) introduced new legislation to address the hacking risks associated with “connected vehicles.”  The Security and Privacy in Your Car Act of 2015 would mandate that sensitive software systems be isolated and additional safeguards be added “to protect consumers from security and privacy threats to their motor vehicles”.  The legislation followed a 2014…

Continue Reading....

Federal Cybersecurity Problems “Decades in the Making”

Yesterday, the House Oversight Committee received testimony from federal officials regarding the April 2015 cyberattack on the Office of Personnel Management (OPM), which compromised the personal information of approximately 4 million government employees and retirees, including social security numbers.  The executive branch delayed reporting the incident until June 4, much to the dismay of the House Committee. OPM head Catherine Archuleta was under fire for what Committee Chairman Jason Chaffetz, R-Utah, called the “most devastating” cyberattack in United States’ history.  Ms. Archuleta attempted to avoid…

Continue Reading....

DOJ Issues Best Practices for Cyber Incident Response

The US Department of Justice, Criminal Division, Cybersecurity Unit has issued a 15-page best practices document “to assist organizations in preparing a cyber incident response plan and…in preparing to respond to a cyber incident.”  The document explains in detail steps necessary before, during and after a cyber attack or intrusion, summarized in a “Cyber Incident Preparedness Checklist” (see below).  “Any Internet-connected organization” is advised to review and adopt these best practices in order to provide a prompt, effective response to incidents, minimize resulting harm, expedite…

Continue Reading....

Senator Seeks Answers from President on White House Cyber Attack

Chairman of the Senate Committee on Commerce, Science and Transportation, John Thune, has sent an open letter to President Obama to address the cyber attack on the White House’s unclassified computer system in late-2014. The breach, allegedly by Russian hackers, was according to Senator Thune “more extensive than previously known,” and accessed “a great deal of sensitive information, such as schedules, policy discussions, and e-mails sent and received by” Mr. Obama, “including exchanges with ambassadors.” Following increased attacks across Executive Branch departments and agencies, Mr.…

Continue Reading....

House Overwhelmingly Passes Two Cyber Threat-Sharing Bills, Senate Poised for Third

On Wednesday, April 22, by a vote of 307-116, the House passed its first major cybersecurity bill of 2015, the Protecting Cyber Networks Act (PCNA), backed by the leadership of the Committee on Intelligence, which would shield private companies when sharing cyber threat data with government civilian agencies, including the Commerce and Treasury Departments. A second bill, The National Cybersecurity Protection Advancement Act of 2015 (NCPAA), which amends the Homeland Security Act of 2002, was passed by the House the following day, Thursday April 23,…

Continue Reading....

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10…

Continue Reading....