Posts Tagged ‘Security Breaches’

h1

New EU Data Laws: Cloud Brings Increased Risk Of Massive Fines

April 4, 2012

That was the warning delivered by Vinod Bange, a top London-based IT lawyer, as the EU proposes new laws to penalise data breaches.

Bange said: “Regulatory sanctions have gone way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover. That’s big news and a big change.

“Organisations have moved on so much since the original legislation in 1995. In this globalised, outsourced, social media, cloud driven environment, you could end up with a third tier fine.”

The EU is proposing three tiers of fines, the first of which runs up to £209,000 or 0.5 per cent of turnover, the second up to £418,000 or 1 per cent of turnover. The top tier allows for a fine of up to £837,000 or 2 per cent of turnover.

The latter could be a potentially massive fine to the tune of hundreds of millions, with tier three penalties relating to international data transfers. Businesses using the cloud, and data centres across the globe, could be more vulnerable to this massive whack of a fine.

Currently, the ICO’s maximum imposition for those who aren’t careful with their data is a £500,000 penalty.

Source: Computerworld

Read more: http://www.itproportal.com/2012/04/02/new-eu-data-laws-cloud-brings-increased-risk-of-massive-fines/#ixzz1r2Ox2ptx

Advertisements
h1

RSA Unveils Industry-Leading Capabilities For Threat Information Sharing

February 28, 2012

“A shortage of specialized security expertise is a serious challenge for most organizations dealing with advanced threats,” says Bret Hartman, RSA’s chief technology officer. “Collaboration with outside partners is often the most efficient and convenient way to scale advanced threat capabilities and talent. Technology solutions such as RSA’s experimental collaboration platform will help companies with limited experience in advanced threats augment their capabilities, and will enable broader sharing of threat intelligence across the industry. We’d like others in the global security community to join us in exploring new methods, such as this type of framework, to share threat information on a much larger scale.”

h1

Cyber experts show vulnerability of GSM networks

February 21, 2012

A group of cyber experts stunned a conference here when they showed the vulnerability of GSM mobile networks which can be easily exploited by hackers enabling them to impersonate a user’s identity and make calls from his account without a clue to the consumer.

The ethical group — matrix shell — gave a demonstration of the hacker’s technique on a live network of a leading mobile service provider in which they managed to make a call using the number of a audience member without actually using his phone or SIM.

h1

Is the today’s cost of data security out of reach for most companies?

January 11, 2012

Price Tag: The cost of a currently available effective security platform depends on a firm’s current technology and risk, but it can range from tens of thousands of dollars to millions of dollars. Before devising a data security strategy, one must first must assess their risks and the potential consequences of a breach; then they must assess their existing tools and controls to identify weak points. The price tag on holistic fraud prevention includes external expenses (i.e., vendor software and implementation services) as well as internal development/integration costs.

 Source: http://www.wallstreetandtech.com/2012-outlook/data-security

GoSecure Enterprise Version is under development for customization for selected partners. Its underlying core technology is flexible, scalable and adaptable to support a broad portfolio of innovative products and solutions. GoSecure is committed to seamless end-point security solutions with zero incremental investment in infrastructure.

GoSecure is based on a simple principle: robust, innovative products that are easy to use will lead to mass adoption when they are reasonably priced. GoSecure will serve companies, government agencies, service organizations to the mass market. It can be customized for companies, countries and languages requirements.

h1

A Handful of 2012 Privacy & Security Predictions

January 3, 2012

A handful of thoughts on what 2012 may hold by Attorney Richard L. Santalesa:

  • The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena.  The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties.  We’ll see what happens when the rubber meets the road.
  • Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ?  The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
  • The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape.  The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills.  I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
  • Information security and data protection issues surrounding contracting for cloud services will begin the road to maturity in 2012 as the federal government continues its push of fed agency IT needs into the cloud.  The result will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
  • Finally, 2012 will unfortunately see no end in sight to advanced attacks resulting in data breaches, with attacks on mobile devices to ramp up significantly.  In response the move to Big Data and data hoarding may reverse as companies in specific sectoral areas begin paring back on how much data they retain.

For additional 2012 infosec and privacy predictions, pop over to Christine Marciano of Cyber Data Risk Managers’ collection, which includes the author’s  views of 2012, at  http://www.dataprivacyinsurance.com/wp-content/uploads/2012/01/2012-DATA-PRIVACY-AND-INFORMATION-SECURITY-PREDICTIONS.pdf

h1

The Criminal Cloud Criminals are using cloud computing to share information and to superpower their hacking techniques.

October 20, 2011

The cloud opens a world of possibilities for criminal computing. Unlike the zombie computers and malware that have been the mainstay of computer crime for the past decade, cloud computing makes available a well-managed, reliable, scalable global infrastructure that is, unfortunately, almost as well suited to illicit computing needs as it is to legitimate business.

The mass of information stored in the cloud—including, most likely, your credit card and Social Security numbers—makes it an attractive target for data thieves. Not only is more data centralized, but for the security experts and law enforcement agencies trying to make the cloud safe, the very nature of the cloud makes it difficult to catch wrongdoers. Imagine a virtual Grand Central Station, where it’s easy to mix in with the crowd or catch a ride to a far-away jurisdiction beyond the law’s reach.

Most of all, the cloud puts immense computing power at the disposal of nearly anyone, criminals included. Cloud criminals have access to easy-to-use encryption technology and anonymous communication channels that make it less likely their activities will be intelligible to or intercepted by authorities. On those occasions that criminals are pursued, the ability to rapidly order up and shut down computing resources in the cloud greatly decreases the chances that there will be any clues left for forensic analysis.

Source The Criminal Cloud

h1

Craig Scroggie Data Loss Prevention Interview

September 28, 2011