[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
States with the most identity theft complaints
In 2014, data theft reached record levels. According to the Identity Theft Resource Center, there were 783 data breaches last year, a substantial increase from both the previous year and the previous 2010 peak. In addition, the Federal Trade Commission (FTC) recorded 332,646 identity theft complaints in 2014, up slightly from 2013. All forms of fraud, including identity theft, cost Americans about $1.7 billion in 2014, or an average of more than $2,000 per incident.
Toporoff suggested that the large populations in the states with the most identity theft is also a factor. Florida, California, Georgia, and Michigan, for example, are all among the 10 most populous states in the nation, as well as top states for identity theft. “People want to live [in these states] and so do thieves,” who go to “places where there are people, so they can apply their trade, so to speak.” Toporoff noted.
The causes behind a state’s high incidence of identity theft are difficult to pin down. Toporoff pointed out that a higher incidence of these crimes could be due simply to better reporting methods or to greater attention paid in the media, which encourages people to file complaints. Still, generally speaking, for “people facing hard times, if they’re inclined to engage in criminal activity, [identity theft] is a relatively easy one to get involved in.” Similarly, a person suffering financial distress is perhaps more vulnerable to scams than many others.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=239cf0624d&e=20056c7556
Cybersecurity Issues – Is Continuous Monitoring Enough?
Continuous monitoring is poised to do for information security what cloud deployment did for global productivity. Continuous monitoring not only has a role to play in preventing large-scale data breaches but it can also help compliance-sensitive organizations save money by facilitating long-term compliance continuity and reducing annual audit overhead.
If you want a transformative approach to security, continuous monitoring has the potential to deliver it. However, at its core, monitoring will only report the results of the human factor – not correct them. If employees are exposing data to risk by ignoring policies or using unauthorized devices, even the most well-monitored assets are still at risk.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bca94d8636&e=20056c7556
New Threats Pressure Companies to Implement GRC
Here are four types of escalating threats prompting companies, health care organizations and government agencies to act with a greater sense of urgency.
– External threats – Audit threats
– Operational threats
– Third-party threats
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6c2e702731&e=20056c7556
DDoS, Lizard Squad and Preparing for Cyber-War
The DDoS attacks were part of a marketing campaign for the Squad’s new commercial offering – the ‘Lizard Stresser’ DDoS-as-a-service tool, quoted as having 60tbps of bandwidth. Putting that into context, that’s the equivalent of streaming 7500 hours of Netflix video in a single second. That’s not an idle boast, if you consider that the DDoS’d Xbox Live network was quoted by Microsoft in 2013 as having 30,000 systems online to support gamers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=274e365607&e=20056c7556
Macro malware makes a comeback with BARTALEX attack
Described as an “outbreak” of spam messages by Trend Micro in a new blog post, attackers are sending phishing emails claiming to be from Automated Clearing House (ACH), an electric fund transfer company. The emails are sent to various company employees, along with a link to “view the full details” of a transfer, faxed message or some other financial transaction-related endeavor.
The link leads to a Dropbox page that attempts to convince the victim to enable the macros on Microsoft Office to view a hosted document. If enabled, the BARTALEX malware-laden document will then drop Dyre banking malware.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1f652d5722&e=20056c7556
Cloud giants locked out of Australia’s cyber security strategy
Cloud computing giants are willing to give the Australian government information about hacker attacks on them but want the government to play ball too.
If the AIIA’s suggestions are adopted, it would mark a significant shift in relations between the government and private sector over cyber security. The AIIA said its members, including Apple, Google, HP and Microsoft, face a one-way street with the government: they have a plethora of agencies to report cyber attacks to the government but don’t receive much back.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a62f5c435&e=20056c7556
6 Ways to Protect U.S. Grid from Cyber Attacks
As hacktivists, insiders, nation states, and other actors step up their cyber surveillance of the grid, President Barack Obama and lawmakers are urging utilities to respond accordingly and better protect the critical infrastructure they operate. Consequently, some utilities are beginning to adopt a Secure.Vigilant.Resilient.™ approach to addressing the mercurial threat landscape and managing cyber risks. The following six activities cover each of the three tenets of Secure.Vigilant.Resilient.™ and represent major focus areas for electric utilities:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f0d90593fc&e=20056c7556
A Day in the Life of a Stolen Healthcare Record
Health records are huge targets for fraudsters because they typically contain all of the information thieves would need to conduct mischief in the victim’s name — from fraudulently opening new lines of credit to filing phony tax refund requests with the Internal Revenue Service. Last year, a great many physicians in multiple states came forward to say they’d been apparently targeted by tax refund fraudsters, but could not figure out the source of the leaked data. Chances are, the scammers stole it from hacked medical providers like PST Services and others.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7419990ae0&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=326a13e879)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)