Archive

Posts Tagged ‘Technology Risks’

Safe Harbor exchange between EU and US data deemed invalid

p2pThe European Union’s highest court, the Court of Justice (CJEU), ruled on October 6, 2015 that the EU-US Safe Harbor Agreement is invalid, effective immediately. The agreement was a voluntary self-certification system that permitted over 4,000 eligible U.S. companies to receive the personal data of Europeans if they publicly agreed to treat the data according to the Safe Harbor Principles. After being deemed invalid, however, the agreement no longer provides a basis for transferring personal data from the EU to the U.S.

While data protection advocates praised the court’s decision, industry executives and trade groups claim that it left a lot of uncertainty for companies that rely on access to this data for lucrative businesses such as online advertising. Read more…

Marital affair website demonstrates new dimensions of personal data risk

man_computerCyber risk for most organizations has a focus on the personal data of customers.  Primarily this means social security numbers, date of birth, address, credit card numbers and the like.  All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.

The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level.  Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data.  Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers.  The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money. Read more…

Improving a tested method to combat the California drought

According to the California Department of Water Resources, the state is in the midst of its fourth year of drought.  As a result, Governor Edmund G. Brown Jr. signed a $1 billion emergency drought package in March to accelerate emergency food aid, conservation awareness, infrastructure and flood protection funding, drinking water, species tracking, water system modeling, and water recycling.  The Governor also ordered the first mandatory statewide reductions on April 1 due to the lowest snowpack ever recorded, and no end in sight to the drought.  These courses of action were taken in addition to Governor Brown declaring a Drought State of Emergency on January 17, 2014, as well as a Proclamation of a Continued State if Emergency a few months later on April 25, 2014. Read more…

Report cites criminal attacks as primary cause of healthcare data breaches

healthbreachIn the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.

Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for Read more…

Insurance industry leads the way for cyber best practices

April 27, 2015 Leave a comment

computers_techIt was reported earlier this month in the Wall Street Journal that many Corporate Information Security Officers (CISOs) are turning to the insurance sector for assistance and guidance when it comes to understanding cyber security.

Normally late to the party, insurance carriers tend to thoroughly examine years and years of loss experience in order for actuaries to set the rates for new areas of risk. But it is not the case when it comes to the rapidly developing area of cyber threats. Instead it is the insurance sector that many are turning to for guidance on how to deal with the uncertainty of cyber security. Read more…

Collaboration is the key when it comes to cybersecurity

February 23, 2015 Leave a comment

cyber_securityThe President, industry leaders, and lawmakers visited the tech-hub of Stanford University earlier this month for an official White House Summit on Cybersecurity and Consumer Protection. The discussions focused on increasing collaboration between the government and the private sector in order to prevent potentially crippling data breaches. The administration hopes that this will encourage Congress to pass cybersecurity legislation. Here are a few key takeaways from the summit:

  1. Cybersecurity is an issue for all sectors of the economy.
    The Identity Theft Resource Center found that 85 million records were exposed last year both in the public and private sectors. Cyber attackers trumped terrorists as the #1 threat to national security last year while data breaches on companies such as Sony Pictures Entertainment, Target, Home Depot, and most recently, insurance giant Anthem Inc., resulted in costly losses.

Read more…

Anthem data breach latest scare for health insurers

data-securityThe nation’s second largest health insurer, Anthem (which includes several major Blue Cross and Blue Shields brands), has reported a major data breach. Last Wednesday, security personnel discovered a hack in which cyber thieves accessed the names, birth dates, social security numbers, addresses and member IDs of up to 80 million current and former policy holders. Anthem’s President and CEO, Joseph R. Swedish, in a letter to its current and former members said that through its initial analysis of the breach “there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.” Nevertheless, the impact of this breach is significant. Read more…