Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘cyber security’ Category

Too Fit To Hack?

leave a comment »

We’ve become aware of two more major cyber security breach events over the past several days.

First, Under Armour went public with the news that in February around 150 million MyFitnessPal user accounts were hacked, stating that “an unauthorized party acquired data associated with MyFitnessPal user accounts.”

That data included usernames, passwords, and email addresses, but not bank, driving license or social security information.

No word on whether or not how many steps you took on average per day was revealed!

And The New York Times is reporting that a well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. 

The company indicated that the data appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers.

Hudson’s Bay, the Canadian company that owns both firms, suggested that its e-commerce platforms appeared to have been unaffected by the breach.

The Times’ story suggests that the Lord & Taylor theft is one of the largest known breaches of a retailer, and demonstrates how difficult it is to secure credit-card transaction systems.

Check out this white paper from IBM Security to learn more how your organization can take a proactive approach to threat detection and prevention.

P.S. Another one that missed my radar…Boeing was hacked by the “WannaCry” virus last week. CBSNews reported Boeing announced that it “detected a limited intrusion of malware” that “infiltrated “a small number of systems.”

An initial report from chief engineer Mike VanderWel at Boeing Commercial Airplane production engineering that “the virus would affect equipment used in functionality tests of airplanes and potentially ‘spread to airplane software’” and that it was metastasizing rapidly.”

Fasten your seat belts.

Written by turbotodd

April 2, 2018 at 9:20 am

Posted in 2018, cyber security, e-commerce

Tagged with

A Pixel at a Time

leave a comment »

You know that whole Yahoo! data breach thing, the one where the company late last year revealed that a 2013 hack exposed the private information of over 1 billion users…yeah, well, Verizon (which bought Yahoo!, has revised the impact of the breach, suggesting that it impacted all 3 billion of its users.

While you get your head around that, a friendly reminder that former Equifax CEO Richard Smith testified on Capitol Hill yesterday before the House Energy and Commerce Committee.

On September 7, Equifax announced it had suffered a massive cyber breach in which the Social Security numbers, names, birthdates, and addresses of 145.5 million Americans were stolen.

How did Smith explain the hack? Equifax had learned of a weak spot in the Apache Struts software in a key computer system back in March, but never patched it. Smith then laid blame on a faulty scanner and a single Equifax staffer responsible for mishandling patches.

In a company of 9,900 employes, a single individual person was in charge of its patching process.

According to a C|NET report of the testimony, several House committee members suggested federal laws to regulate credit monitoring companies like Equifax.

Don’t hold your breath.

But if you do, let it go starting around 12 EST today, especially if you’re an Android, because Google is hosting an announcement event with news on the Android, smartphone, Chromebook, and related fronts.

Gizomodo’s sneak peak suggests that new Pixel 2 and Pixel 2 XL smartphones will be on offer. Also rumoured, a new Google Home Mini (think Google’s version of the Echo Dot) as well as a pricey Google “Pixelbook” that is expected to have a $99 optional Pixelbook Pen and a 360-degree hinge that allows the device to morph instantly into a tablet.

There’s also talk of a new Daydream VR headset, and possibly even more support for the increasingly popular Google Assistant.

The clock is ticking…you can follow the action starting at 9 AM PDT on The Verge.

Written by turbotodd

October 4, 2017 at 10:10 am

IBM & Ponemon Institute: Cost of Data Breaches Dropped 10 Percent Globally In 2017

leave a comment »

IBM Security has announced the results of a global study exploring the effects of data breaches on business.

Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach is $3.62M globally, a 10 percent decline from 2016.

This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study, these data breaches cost companies $141 per lost or stolen record on average.

Analyzing the 11 countries and two regions surveyed in the report, IBM Security identified a close correlation between the response to regulatory requirements in Europe and the overall cost of a data breach.

According to the 2017 Cost of Data Breach Study: Global Overview, “compliance failures” and “rushing to notify” were among the top five reasons the cost of a breach rose in the U.S. A comparison of these factors suggests that regulatory activities in the U.S. could cost businesses more per record when compared to Europe.

For example, compliance failures cost U.S. businesses 48 percent more than European companies, while rushing to notify cost U.S. businesses 50 percent more than European companies. Additionally, U.S. companies reported paying over $690,000 on average for notification costs related to a breach — which is more than double the amount of any other country surveyed in the report.

Some additional findings from the report:

  • By Industry, Healthcare Breaches Most Costly: For the seventh year in a row, healthcare has topped the list as the most expensive industry for data breaches. Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average across industries ($141 per record.)
  • Top Factors Increasing Cost of a Breach: The involvement of third-parties in a data breach was the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record. Organizations need to evaluate the security posture of their third-party providers – from payroll to cloud providers to CRM – to ensure the security of employee and customer data.
  • Top Factors Reducing Cost of a Breach: Incident response, encryption and education were the factors shown to have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.50 reduction per record). 
  • Positive Impact of Resiliency Orchestration: Business continuity programs are significantly reducing the cost of a data breach. The overall average data breach cost per day is estimated at $5,064 in this year’s study. Companies that have a manually operated Disaster Recovery process experienced an estimated average cost of $6,101 per day. In contrast, companies deploying an automated Disaster Recovery process that provides resiliency orchestration experienced a much lower average cost per day of $4,041. This represents a net difference of 39 percent (or a cost savings of $1,969 per day).

You can download the full study results here.

Written by turbotodd

June 21, 2017 at 8:24 am

IBM Named a Leader For Security Solution in Gartner Magic Quadrant

leave a comment »

IBM announced that Gartner, Inc. named the company as a leader in Application Security Testing (AST) in the recently published Gartner Magic Quadrant for Application Security Testing which analyzes vendors’ Static, Dynamic and Interactive Application Security Testing styles.

IBM has been named a leader by Gartner in Application Security Testing in four consecutive reports.

According to Gartner, IBM Security was recognized for its completeness of vision and ability to execute. As part of its AST portfolio, IBM has also added innovative Static Application Security Testing functionality to improve accuracy with Intelligent Code Analytics (ICA) and Intelligent Finding Analytics (IFA), both of which are delivered via the cloud to on-premises and cloud clients.

IBM’s Application Security Management platform gives businesses a risk-centric unified reporting dashboard with a complementary framework to manage security risks in applications across business operations.

IBM Security’s Application Security Testing solutions including IBM Security AppScan and IBM Application Security on Cloud, provide preemptive protection for mobile and web-based applications.

According to Gartner, “Security testing is growing faster than any other security market, as AST solutions adapt to new development methodologies and increased application complexity. Security and risk management leaders must integrate AST into their application security programs.”

To download the full report, visit https://ibm.co/2o0mHsI.  

To learn more about IBM security offerings go here.

Written by turbotodd

May 1, 2017 at 3:03 pm

%d bloggers like this: