Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘cyber security’ Category

A Pixel at a Time

leave a comment »

You know that whole Yahoo! data breach thing, the one where the company late last year revealed that a 2013 hack exposed the private information of over 1 billion users…yeah, well, Verizon (which bought Yahoo!, has revised the impact of the breach, suggesting that it impacted all 3 billion of its users.

While you get your head around that, a friendly reminder that former Equifax CEO Richard Smith testified on Capitol Hill yesterday before the House Energy and Commerce Committee.

On September 7, Equifax announced it had suffered a massive cyber breach in which the Social Security numbers, names, birthdates, and addresses of 145.5 million Americans were stolen.

How did Smith explain the hack? Equifax had learned of a weak spot in the Apache Struts software in a key computer system back in March, but never patched it. Smith then laid blame on a faulty scanner and a single Equifax staffer responsible for mishandling patches.

In a company of 9,900 employes, a single individual person was in charge of its patching process.

According to a C|NET report of the testimony, several House committee members suggested federal laws to regulate credit monitoring companies like Equifax.

Don’t hold your breath.

But if you do, let it go starting around 12 EST today, especially if you’re an Android, because Google is hosting an announcement event with news on the Android, smartphone, Chromebook, and related fronts.

Gizomodo’s sneak peak suggests that new Pixel 2 and Pixel 2 XL smartphones will be on offer. Also rumoured, a new Google Home Mini (think Google’s version of the Echo Dot) as well as a pricey Google “Pixelbook” that is expected to have a $99 optional Pixelbook Pen and a 360-degree hinge that allows the device to morph instantly into a tablet.

There’s also talk of a new Daydream VR headset, and possibly even more support for the increasingly popular Google Assistant.

The clock is ticking…you can follow the action starting at 9 AM PDT on The Verge.

Written by turbotodd

October 4, 2017 at 10:10 am

IBM & Ponemon Institute: Cost of Data Breaches Dropped 10 Percent Globally In 2017

leave a comment »

IBM Security has announced the results of a global study exploring the effects of data breaches on business.

Sponsored by IBM Security and conducted by Ponemon Institute, the study found that the average cost of a data breach is $3.62M globally, a 10 percent decline from 2016.

This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study, these data breaches cost companies $141 per lost or stolen record on average.

Analyzing the 11 countries and two regions surveyed in the report, IBM Security identified a close correlation between the response to regulatory requirements in Europe and the overall cost of a data breach.

According to the 2017 Cost of Data Breach Study: Global Overview, “compliance failures” and “rushing to notify” were among the top five reasons the cost of a breach rose in the U.S. A comparison of these factors suggests that regulatory activities in the U.S. could cost businesses more per record when compared to Europe.

For example, compliance failures cost U.S. businesses 48 percent more than European companies, while rushing to notify cost U.S. businesses 50 percent more than European companies. Additionally, U.S. companies reported paying over $690,000 on average for notification costs related to a breach — which is more than double the amount of any other country surveyed in the report.

Some additional findings from the report:

  • By Industry, Healthcare Breaches Most Costly: For the seventh year in a row, healthcare has topped the list as the most expensive industry for data breaches. Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average across industries ($141 per record.)
  • Top Factors Increasing Cost of a Breach: The involvement of third-parties in a data breach was the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record. Organizations need to evaluate the security posture of their third-party providers – from payroll to cloud providers to CRM – to ensure the security of employee and customer data.
  • Top Factors Reducing Cost of a Breach: Incident response, encryption and education were the factors shown to have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.50 reduction per record). 
  • Positive Impact of Resiliency Orchestration: Business continuity programs are significantly reducing the cost of a data breach. The overall average data breach cost per day is estimated at $5,064 in this year’s study. Companies that have a manually operated Disaster Recovery process experienced an estimated average cost of $6,101 per day. In contrast, companies deploying an automated Disaster Recovery process that provides resiliency orchestration experienced a much lower average cost per day of $4,041. This represents a net difference of 39 percent (or a cost savings of $1,969 per day).

You can download the full study results here.

Written by turbotodd

June 21, 2017 at 8:24 am

IBM Named a Leader For Security Solution in Gartner Magic Quadrant

leave a comment »

IBM announced that Gartner, Inc. named the company as a leader in Application Security Testing (AST) in the recently published Gartner Magic Quadrant for Application Security Testing which analyzes vendors’ Static, Dynamic and Interactive Application Security Testing styles.

IBM has been named a leader by Gartner in Application Security Testing in four consecutive reports.

According to Gartner, IBM Security was recognized for its completeness of vision and ability to execute. As part of its AST portfolio, IBM has also added innovative Static Application Security Testing functionality to improve accuracy with Intelligent Code Analytics (ICA) and Intelligent Finding Analytics (IFA), both of which are delivered via the cloud to on-premises and cloud clients.

IBM’s Application Security Management platform gives businesses a risk-centric unified reporting dashboard with a complementary framework to manage security risks in applications across business operations.

IBM Security’s Application Security Testing solutions including IBM Security AppScan and IBM Application Security on Cloud, provide preemptive protection for mobile and web-based applications.

According to Gartner, “Security testing is growing faster than any other security market, as AST solutions adapt to new development methodologies and increased application complexity. Security and risk management leaders must integrate AST into their application security programs.”

To download the full report, visit https://ibm.co/2o0mHsI.  

To learn more about IBM security offerings go here.

Written by turbotodd

May 1, 2017 at 3:03 pm

%d bloggers like this: