Leadership Solutions

Strategic News


Security Firm Discloses Details of Amazon Fire Phone Vulnerabilities

The operating system update released in May by Amazon for its Fire Phone resolves three vulnerabilities discovered by researchers at information security consultancy MWR InfoSecurity.
Security Week

Honeywell, Intel Team on Industrial Cyber Security

Honeywell Process Solutions (HPS) and Intel Security said this week that they will combine forces to boost protection of critical industrial infrastructure and the “Industrial Internet of Things” (IIoT).
Security Week

Default SSH Keys Expose Cisco's Virtual Security Appliances

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.
Security Week

FAA panel to focus on top cybersecurity risks to aircrafts

An advisory committee formed by the U.S. Federal Aviation Administration (FAA) aims to develop international design and testing standards that will thwart cyberattacks against aircrafts.
SC Magazine

Study: Click-fraud malware often leads to more dire infections

Although often considered relatively innocuous, click-fraud malware infections could be the start of serious enterprise security issues.
SC Magazine

Malware on Tactical Assault Gear website targets customer information

North Carolina-based LC Industries, Inc., which operates the Tactical Assault Gear website, is notifying thousands of customers that malware discovered on the website was being used to gain access to personal information.
SC Magazine

Employee with California bank puts customer loan data at risk

An employee with California-based Bank of Manhattan Mortgage Lending handled mortgage loan files stored on a removable disk drive in a manner contrary to the bank's policies and instructions, possibly leading to the unauthorized disclosure or use of customer information in the files.
SC Magazine

Fourth of July Terror Warning Issued by FBI, Homeland Security

Federal authorities have warned local law enforcement officials across the country about a heightened concern involving possible terror attacks targeting the July 4th holiday.
Security Magazine

OSHA to Increase Enforcement at Hospitals, Nursing Homes over Work-Related Injuries

The U.S. Department of Labor's workplace safety division is increasing its enforcement efforts in hospitals and nursing homes.
Security Magazine

DOD’s Infrastructure Capabilities Must Be A Priority For Chemical And Biological Defense, GAO Says

From North Korea’s weapons of mass destruction (WMD) program to the 2014 Ebola virus outbreak, the United States faces—and will continue to face—a number of ever-evolving chemical and biological threats that threaten to undermine the peace, stability and security of the nation.
Homeland Security Today

China, U.S. Plan Cyber 'Code of Conduct'

At the end of a two-day China-U.S. strategic summit in Washington, U.S. Secretary of State John Kerry said June 24 that both sides had agreed on the need to create and abide by a new cyber "code of conduct."
Data Breach Today

Survey: 75 percent of companies have significant risk exposure

A misallocation of resources may account for nearly 75 percent of the respondents in RSA's inaugural Cybersecurity Poverty Index believing that their companies have significant cybersecurity risk exposure, results of the survey indicated.
SC Magazine

AeroGrow says malware likely compromised payment card data

Colorado-based AeroGrow International, Inc. is notifying an undisclosed number of individuals who shopped on its website – AeroGarden.com – that malware was likely used to infiltrate AeroGrow's online servers, and that payment card data may have been compromised.
SC Magazine

Incumbent TSA Leader Shares Worries about Airport Security

Coast Guard Vice Adm. Peter Neffenger has said that he plans to fully identify any gaps in airport security and close them if he is to be confirmed by the Senate to lead the TSA.
Security Today

Online Exclusive: Who's Minding Your Surveillance Systems' Performance?

Video surveillance has undergone a rapid evolution in recent years. What was once a high-tech luxury has grown into a crucial element of physical security.
Security Today

International Operation Takes Down Cyber Fraudsters; Duqu Returns

This week, a joint international operation led to the dismantling of a group of cybercriminals active in Italy, Spain, Poland, the United Kingdom, Belgium and Georgia who are suspected of committing financial fraud involving email account intrusions.
Homeland Security Today

How To Check The Box … And Box-Out The Hackers - Identity Has Become The New Security Perimeter

Recent high profile attacks ranging from Sony Pictures Entertainment and Anthem, Inc. to the Office of Personnel Management and the United States Postal Service have accentuated the massive vulnerabilities that exist in the present security framework.
Homeland Security Today

The Unmanned Helping Hand: The Role Of UAVs In Disaster Recovery

While privacy and safety concerns lead the fight against the developing equipment, the ability to have a rapidly deployable eye-in-the-sky can provide vital assistance to first responders in emergency and disaster responses -- providing unprecedented situational awareness to those making decisions and allocating the limited assets available.
Homeland Security Today

Analysis: Ponemon Breach Cost Study

Larry Ponemon, founder and chairman of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.
Data Breach Today

Cisco to Launch New Security Platform

Organizations are awash in security-related information, but too often they use too little of it - at least until it's too late. In part, that's because trying to link data from disparate security tools - such as firewalls, sandboxes, intrusion protection systems, anti-virus and identify management tools - by using back-end integration isn't always successful, and thus is not stopping data breaches, says Martin Roesch, chief architect for security at Cisco Systems.
Data Breach Today

Report: OPM Breach Found During Demo

The massive data breach at the U.S. Office of Personnel Management reportedly wasn't discovered by U.S. government sleuths - or the Department of Homeland Security Einstein intrusion detection system - but rather during a product demo.
Data Breach Today

Trade secrets allegedly sold to China by Temple physics chair

The chair of Temple University's physics department has been charged with four counts of wire fraud after allegedly selling trade secrets to China, according to the U.S. Justice Department.
South Jersey Times

Breach Of OPM Employee Records Raise More National Security Concerns, Officials Say

The theft of up to 4 million sensitive federal employees’ records maintained by the Office of Personnel Management (OPM) likely had a lot more to do with a foreign government’s spying and espionage activities than anything else, US counterintelligence authorities told Homeland Security Today on background because they aren’t authorized to officially discuss the matter.
Homeland Security Today

Canada Expands Biometric Screening Measures To Better Protect Its Borders PM Announces

Canadian Prime Minister Stephen Harper announced Thursday that a number of new measures that will increase the safety and security of Canadians are being implemented to protect Canada’s borders.
Homeland Security Today

Highlighting the Hotsheet: Cargo Theft Spikes Dramatically in Q1 2015

CargoNet announced the Q1 statistics for cargo theft and they were dramatic: a full $23 million worth of property was stolen, $14 million more than during the same period last year
Security Today

Insurer Seeks Breach Settlement Repayment

Columbia Casualty, a cyber-insurer that paid more than $4 million, plus defense attorney expenses, to settle a class action suit that was filed against its client, Cottage Health, in the wake of a 2013 data breach is now trying to claw back the payments.
Data Breach Today

Report: NSA Expanded Internet Spying

The National Security Agency secretly expanded its warrantless surveillance of Americans' international Internet traffic to seek evidence of malicious computer hacking, according to documents leaked by former NSA contractor Edward Snowden, Pro Publica and The New York Times report.
Data Breach Today

Small businesses surveyed on EMV awareness, many still unclear on liability shift

A survey of management-level employees at small businesses in the U.S. found that 42 percent were unaware of the EMV liability shift deadline this October.
SC Magazine

Texas Lawmakers Pass Bill Allowing Guns on College Campuses

Students and faculty members at public and private universities in Texas could be allowed to carry concealed handguns into classrooms, dormitories and other buildings under a bill passed by the Texas Legislature.
Security Magazine

Making the CSO the Next Enterprise Leader

Congratulations, security executives, soon you will officially be the “corporate rock-star.”
Security Magazine

HOUSTON FLOODING - BUSINESS IMPACT

In a recent Firestorm and Black Swan webinar, Michelle Colosimo, Black Swan Solutions Director, explains the financial impact of closing down an airport for a day.
Firestorm

State-Sponsored Cybercrime: A Growing Business Threat

It’s not just governments that are feeling the disastrous effects of state-sponsored cyber warfare and crime.
Dark Reading

US Banks Close Branches Along Mexico Border to Prevent Money Laundering

Major US banks have recently closed branches along the southern border with Mexico in an attempt to crack down on money laundering, a reflection of the ease with which Mexican drug traffickers can legitimize illicit proceeds north of the border.
In Sight Crime

Nasty Police Scareware Triples Ransom If Users Try to Unlock Device on Their Own

A stubborn piece of police scareware holds Android devices hostage until a fee is paid via Money Pak and PayPal My Cash transfers, and it increases the ransom to $1,500 / €1,400 if users attempt to unlock the device on their own.
Softpedia

IRS cut its cybersecurity staff by 11% over four years

The Internal Revenue Service, which disclosed this week the breach of 100,000 taxpayer accounts, has been steadily reducing the size of its internal cybersecurity staff as it increases its security spending.
Computerworld

IRS believes massive data theft originated in Russia

The Internal Revenue Service believes that a major cyber breach that allowed criminals to steal the tax returns of more than 100,000 people originated in Russia, Rep. Peter Roskam confirmed to CNN on Thursday.
CNNMoney

Most Organizations Still Unable to Identify Phishing Emails, Survey Finds

Recent research has shown that individuals and organizations continue to be susceptible to email phishing, failing to correctly identify phishing emails and clicking on malicious links.
Homeland Security Today

Millennials Represent Greatest Risk to Corporate Data

The Millennial generation poses a greater risk to data security than other categories of users, according to an Absolute Software survey of 762 North American adults.
eweek

Survey Finds Median Employee Theft Loss of $280,000 for US Organizations

According to the 2015 Hiscox Embezzlement Watchlist, United States organizations with less than 500 employees experienced a median loss of $280,000 per year due to employee theft.
Security Magazine

An Elephant in the Living Room

Employers and security managers are becoming increasingly aware of potential security threats, but one area is still a concern because of how easily hackers can utilize it.
Security Today

Financial Firms Grapple With Cyber Risk in the Supply Chain

Last year saw a record high of 783 data breaches, the Identity Theft Resource Center reports, and access to systems through compromised third parties or subcontractors was the second most common cause of IT breaches in 2013 and 2014.
Wall Street Journal

Employees Still Visit Dangerous Sites at Work, Despire Awareness of Risk

A new study conducted by market researchers Vanson Bourne and published by security firm Blue Coat finds that despite being "fully aware" of the risks, many employees still visit inappropriate websites while at work.
FierceCIO

Average Cost of Computer Breach is $3.79 Million

A Ponemon Institute and IBM survey revealed that the average cost of a computer breach at large companies globally was $3.79 million.
USA Today

Bots Now Outnumber Humans on the Web

Bot traffic has surpassed human traffic on the Internet, according to a Distil Networks report.
CSO Online

PSA Security Network Announces New National Deployment Program

PSA Security Network unveiled a new platform for its National Deployment Program, bringing real time integrator search and mapping capabilities online to PSA integrators.
Security Today

Online Exclusive: How Perimeter Security is Improving Rail Transportation Security

An emerging effective and cost-efficient solution to help freight rail carriers improve security is integrated security technology including smart thermal cameras, PTZ tracking solutions and target-mapping display software.
Security Today

United Airlines Will Pay Bug Hunters in Air Miles

United Airlines has announced it will reward anyone who is capable of proving a remote code execution on any of its planes’ Wi-Fi networks in airline miles.
Security Today

Hacker leaks sensitive info of millions of Adult FriendFinder users

Information of over 3.5 million users of dating site Adult FriendFinder has been stolen and leaked online, and is being used by spammers, scammers and phishers, a Channel 4 investigation into the Deep Web has revealed.
Help Net Security

Trojanized, info-stealing PuTTY version lurking online

A malicious version of the popular open source Secure Shell (SSH) client PuTTY has been spotted and analyzed by Symantec researchers, and found to have information-stealing capabilities.
Help Net Security

U.S. Charges 6 Chinese with Insider Theft

Federal authorities have indicted six Chinese nationals for economic espionage, and apprehended the ringleader, a Chinese professor, accusing him of pilfering trade secrets from the computer systems of two American high-tech companies, where he and a co-conspirator once worked.
Data Breach Today

Massive 'Logjam' Flaw Discovered

Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - that rely on Transport Layer Security have a 20-year-old flaw that could be exploited by an attacker "to read and modify any data passed over the connection."
Data Breach Today

IBIA Says Expanding PreCheck Should Be Based On Strong, Proven Security Standards

The Transportation Security Administration's (TSA) exclusive use of biographic data solutions “in its prospective attempt to expand the PreCheck travel screening program” is “strongly” being questioned by the International Biometrics & Identification Association (IBIA
Homeland Security Today

Cyber Experts Warn Airlines Should Be In A Cyber Panic Over Potential Vulnerabilities

“I really believe in this. This is serious shit,” exclaimed The Security Awareness Company CEO and veteran cybersecurity guru Winn Schwartau in response to recent concerns terrorists or malicious actors could hack into the computerized systems of passenger aircraft and take control of them.
Homeland Security Today

Most Organizations Still Unable To Identify Phishing Emails, Survey Finds

Despite a number of reports over the last year indicating phishing scams continue to be a primary method of accessing personal information and breaching an organization, individuals continue to take the bait.
Homeland Security Today

How a hacker could hijack a plane from their seat

Reports that a cybersecurity expert successfully hacked into an airplane’s control system from a passenger seat raises many worrying questions for the airline industry.
Homeland Security News Wire

DHS S&T completes Virtua Shooter robotic device, delivers it to ICE

The U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) the other day announced the successful completion of a robotic device that tests multiple types of handguns and ammunition.
Homeland Security News Wire

Subway's New Anti-Theft Measure Sprays Dyes on Thieves

Subway will be soon adding an extra measure of security to protect its tens of thousands of franchise locations around the country, reports WATE. Instead of extra alarms or bells, the new security system, manufactured by SelectDNA actually sprays intruders, robbers, or other criminals, with a chemical that marks offenders as they try to exit the shop, reports Fox News.
Security Magazine

New Law Will Allow Teachers to Carry Guns in Oklahoma Schools

A bill signed into law this week will allow certain school employees in Oklahoma to carry guns on school property.
Security Magazine

Cyber Attacks on News Organizations: ISIS Changes Tactics to Win Mindshare

As part of its arsenal of battlefield tactics, the Islamic State (ISIS) has added cyber-attacks to its list.
Security Magazine

Hackers Have Figured Out How to Steal from Starbucks Cards

According to multiple users, hackers who get a username and password can steal money through a Starbucks’ card until the customer or credit-card company stops them. Thieves can transfer the balance onto a card they hold, wait for the Starbucks’ card to reload, then repeat the process over and over.
Security Today

Sensitive customer data leaked following mSpy data breach

mSpy, a company that sells "customized and user-friendly mobile and computer monitoring solutions," has apparently suffered a data breach.
Help Net Security

Plan OK'd to Drill into BP's Ill-Fated Macondo Reservoir

Deep-water drilling is set to resume near the site of the catastrophic BP PLC well blowout that killed 11 workers and caused the nation's largest offshore oil spill five years ago off the coast of Louisiana.
Continuity Insights

MKS Makes a Big Industry Splash at ISC West 2015

Kicking off their 30th year as a company, the newly rebranded MKS (Micro Key Solutions) made a big splash within the industry during ISC West 2015. The first recognition was for MKS President, Victoria Ferro who was selected by the Women’s Security Council as one of the Woman of the Year in the Security Industry.
Security Today

Statue of Liberty Evacuated

The Statue of Liberty and Liberty Island were evacuated Friday afternoon due to reports of a suspicious package, law enforcement officials said.
Security Today

Verizon Data Breach Study Finds Olds Flaws Still Dangerous

The 2015 edition of the DBIR provides insight into the state of cyber-security in 2014
Security Today

100,000 web shops open to compromise as attackers exploit Magento bug

A critical vulnerability found in Magento, the most popular content management system for e-commerce sites, is being exploited by hackers to get their hands on users' personal and payment card information, Ars Technica reports.
Help Net Security

High-profile data breaches made most CEOs re-examine security programs

There has been increased board- and C-level interest in information security programs in light of recent high-profile data breaches such as those affecting Sony, Anthem and JP Morgan, the results of a Netskope survey have revealed.
Help Net Security

RSA 2015: In the healthcare industry, security must innovate with business

The cost per healthcare record stolen in a data breach in 2014 was $359, a figure that Frank Kim, CISO with the SANS Institute and former executive director of cyber security with Kaiser Permanente, said he found alarming.
SC Magazine

Microsoft expands bug bounty program to include Project Spartan

Microsoft announced plans on Wednesday to expand its bug bounty program to include Project Spartan, the company's new browser, and Azure, the company's cloud platform.
SC Magazine

Data at risk for 9,000 individuals following unauthorized access to SRI Inc. website

Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.
SC Magazine

Banks Try to Block Target Settlement

A group of financial institutions affected by the 2013 Target data breach that exposed at least 40 million payment cards is asking a court for a preliminary injunction to block the proposed settlement between the retailer and MasterCard that would provide $19 million to card issuers.
Data Breach Today

Beyond HIPAA Risk Assessments: Added Measures for Avoiding PHI Breaches

Last year, several high profile security incidents occurred at healthcare organizations where a HIPAA Risk Assessment (HSRA) had previously been conducted.
Data Breach Today

Chandler Says Leadership is Critical in Avoiding Ethical Disasters

Dr. Robert Chandler, Director of the Nicholson School of Communications at the University of Central Florida, discussed the impact of ethical disasters and the role of upper management in preventing them at the 2015 Continuity Insights Management Conference on Tuesday, April 21.
Continuity Insights

Water Scarcity Could Become an Emerging Topic for BC Pros

Forbes discussed potential consequences of water scarcity, including terrorism, supply chain disruption and competitive advantage, that would impact business continuity and resilience professionals.
Continuity Insights

The Rise of the Chief Security Officer: What it Means for Corporations and Customers

At the urging of the board, CEOs are putting a premium on hiring a first-rate Chief Security Officer (CSO) to lead the charge to protect company and consumer data.
Forbes

Implementing new food safety measure hampered by lack of funding

Roughly forty-eight million Americans have food-borne illness each year, and according to the Centers for Disease Control and Prevention, 128,000 of them are hospitalized, and 3,000 die.
Homeland Security News Wire

Insider Breach Costs AT&T $25 Million

AT&T is paying a hefty price - $25 million - for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
Bank info Securityi

Anti-Hacker Executive Order: 5 Concerns

Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers.
Bank Info Securityi

U.S. grid vulnerable to cyber, physical attacks

The U.S. electric grid remains vulnerable to cyber and physical attacks, putting millions of households at risk from outages that could last a few days or weeks.
Homeland Security NewsWire

California imposes first mandatory water restrictions in state history

Standing on a patch of brown grass in the Sierra Nevada mountains, which is usually covered with several feet of snow at this time of the year, California governor Jerry Brown announced the first mandatory water restrictions in state history.
Homeland Security News Wire

Extended Oregon drought raises concern over states water security

Facing the fourth straight year of drought, Oregon officials are worried that the state’s water security may be in jeopardy, as is already the case in California, which has just announced its first-ever mandatory water restrictions.
Homeland Security News Wire

Water scarcity a contributing cause of wars, terrorism in the Middle East, North Africa

The UN defines a region as water stressed if the amount of renewable fresh water available per person per year is below 1,700 cubic meters.
Homeland Security News Wire

Police department pays ransom after hackers encrypt department's data

Last December, cyberterrorists hacked into servers belonging to the Tewksbury Police Department, encrypted the data stored, and later asked for a $500 bitcoin ransom to be paid before department officials could regain control of their files.
Homeland Security News Wire

China increasing significantly funding for cyber warfare capabilities

U.S. intelligence officials have warned that China is increasing significantly its investment in cyber warfare programs in an attempt to compete with the U.S. military.
Homeland Security News Wire

Accounting Fraud, Meet the SEC's 'Robocop"

Companies are also leveraging data analytics to find their own accounting problems before the government does.
Corporate Counsel

Disconnect Between Audit Committee and Audit Executives, Survey Shows

Chief audit executives and audit committee members see internal audit priorities differently, according to an annual Grant Thornton survey.
CGMA Magazine

8 Steps to Stronger Information Risk Management

How CFOs can balance the risk/reward equation to spark CEOs' interest in information risk management decisions?
CFO

OECD releases draft mandatory disclosure

Countries should require mandatory disclosure of certain tax planning strategies from both companies and tax advisers, the Organisation for Economic Co-operation and Development (OECD) recommended in a draft proposal issued on Thursday.
CGMA Magazine

3 steps to a more socially responsible supply chain

Prioritising sustainability issues in the supply chain yields a number of quantifiable benefits to organisations, including increased competitiveness.
CGMA Magazine

HID Global Unveils ActivID Tap Authentication Solution

HID Global introduced the ActivID Tap Authentication platform for convenient and secure multi-factor authentication to cloud applications and web services.
Security Today

Blend of old and new techniques help attackers dodge detection, report says

The report, which zeroes in on eight behavioral and technique-based trends regarding cybercrime, found that cybercrime has become easier as threat actors can rent exploit kits, take advantage of malware-as-a-service (MaaS) and even use subcontractors to create and execute attacks aimed at stealing data.
SC Magazine

Russian hackers executed the US State Department, White House network breaches

The October 2014 breaches of some of the computer systems of the US State Department and the White House have been executed by Russian hackers, unnamed US officials familiar with the investigation told CNN reporters.
Help Net Security

Cyber crooks go after enterprise millions with Dyre malware, social engineering

An experienced and resource-backed cybercrime gang" is using the relatively new Dyre/Dyreza banking Trojan coupled with effective social engineering to steal millions from businesses, IBM Security Intelligence researchers John Kuhn and Lance Mueller warned.
Help Net Security

Are you prepared for dealing with a breach?

RSA, The Security Division of EMC, released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000.
Help Net Security

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers

Researchers have long studied the relationship between mental illness and terrorism, particularly lone-wolf terrorists.
Homeland Security News Wire

IT security spending grows, but confidence in cyber protection measures does not

A new report looking at how organizations view the future of cyberthreats and these organizations’ current defenses, found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining.
Homeland Security News Wire

IBM will invest $3 billion in new IoT unit

IBM plans to invest $3 billion over the next four years to create an Internet of Things (IoT) business unit along with a cloud-based platform to help build (IoT) solutions.
SC Magazine

Infostealer Laziok targets energy companies

Energy sector companies based in the Middle East are the most recent targets of a reconnaissance campaign aimed at infecting systems to gather information about companies' inner-workings, according to Symantec researchers.
SC Magazine

Brink's cash management unit in India being eyed for acquisition

A host of potential buyers have lined up to buy global security and protection company Brink’s’ cash management business in India, as the Richmond, Virginia (US)-headquartered firm looks to hive off the unit as part of global strategic review.
Security Today

3 Big-Picture Themes CISOs Should Track At Interop

Preparations are well underway for staging one of the biggest Interop conferences yet.
InformationWeek

Yahoo releases e2e encryption source code and launches 'on-demand' passwords

Yahoo took advantage of South by Southwest's (SXSW) opening weekend this week to make major announcements surrounding its security protocol. Primarily, the company announced its new “on-demand” passwords, and followed up with news that its end-to-end encryption source code for Yahoo Mail was available on GitHub.
SC Magazine

U.S. senator introduces bill aimed at federal breach notification standard

U.S. Sen. Mark Kirk will be introducing a bill aimed at putting a place a federal breach notification standard that all organizations companies across the nation would have to abide by. The legislation would require companies to notify its customers if more than 1,000 credit card numbers are compromised in the breach, a number which he finds reasonable, according to the Alton Daily News.
SC Magazine

Genetec and Prism Skylabs Help Retailers Gain In-store Insights

Genetec, a manufacturer of unified IP security solutions, announced that its flagship security platform, Security Center, now supports the Prism analytics package from Prism Skylabs, to provide cloud-based, business intelligence tools for retailers.
Security Today

A billion data records leaked in 2014

2014 was the year when "designer vulnerabilities" emerged, when breaches and security incidents were being announced so fast that we struggled to keep up, when old financial malware began being used to hit new targets.
Help Net Security

Search for vulnerable servers unearths weak, thousands-times repeated RSA keys

A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public keys a week after the public disclosure of the FREAK flaw. On March 3, the number of vulnerable HTTPS servers reached around 26 percent of the total. A week later less than 10 percent of them did.
Help Net Security

What pokes holes in virtual environments?

While most companies believe virtualization technology is a strategic priority, there are clear risks that need to be addressed. Ixia surveyed more than 430 targeted respondents in South and North America (50 percent), APAC (26 percent) and EMEA (24 percent).
Help Net Security

Class Action Lawsuit Filed Against Uber for Data Breach

Ride-hailing service Uber has been hit with a proposed class-action lawsuit over a recently disclosed data breach involving the personal information of about 50,000 drivers, Reuters reports.
Security Magazine

The CSO’s New Role: Guarding Company Reputation

The highly-publicized data breaches of 2014 changed the role of corporate security professionals as we know it. Now, more than ever, security IT issues have high-priority business impact and, as a result, companies face tougher expectations around protecting individuals affected by a data breach.
Security Magazine

Investigation Finds Hundreds of Airport Security Badges Missing

An investigation found hundreds and potentially thousands of airport security badges are unaccounted for across the country.
Security Today

Mall of America Heightens Security after Al-Shabab Threat

The Mall of America has heightened its security efforts after a video claiming to be posted online by a Somali group affiliated with al Queda called for attacks against the mall, according to a report.
Security Today

U.S. Government Contracts with Quebec Biotech Company to Make Anti-Ebola Drug

A Quebec City biotech company has been awarded a contract to make a ZMapp-like product to fight Ebola.
Continuity Insights

Critical vulnerabilities affecting SAP business critical apps

Onapsis released five security advisories detailing vulnerabilities in SAP BusinessObjects and SAP HANA enterprise software.
Help Net Security

Clapper: Cyberthreats to Worsen

National Intelligence Director Blames Iran for Casino Hack

The director of national intelligence, James Clapper, paints a grim picture of the cyberthreats the nation faces, saying as bad as 2014 was, 2015 and the coming years will be worse.
Data Breach Today

NEWS ALERT: Hacktivists claim to have accessed files from private U.S.-based defense group

In an email sent to an SC Magazine editorial executive, a group identifying itself as CyberBerkut – reported pro-Russian hacktivists – said it had gained access to files on the mobile device of a Green Group official who “recently visited Kiev as a member of American military delegation.”
SC Magazine

Researchers investigate link between Axiom spy group, Anthem breach

When news of the Anthem breach first surfaced, investigators claimed that malicious tools, linked exclusively to Chinese cyber attackers, were used against the health insurer. Now, an Arlington, Va.-based security firm has released its own research that expands on these findings.
SC Magazine

Benefits, costs of hydraulic fracturing

Hydraulic fracturing and horizontal drilling have had a transformative, positive effect on the U.S. economy, producing societal gains that likely outweigh negative impacts to the environment and human health from an economic perspective, according to a new paper.
Homeland Security News Wire

Poor decision-making may lead to cybersecurity breaches

Recent high-profile security breaches, such as those at Target, Anthem Inc., and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.
Homeland Security News Wire

U.S. Sees Major Q4 Spikes in Cargo Thefts

The 2014 SC –ISAC Q4 report details a major surge in the volume of cargo thefts in the U.S. According to the report, “We had been seeing a somewhat downward trend in the incidents, but this trend has stopped and reversed.”
Security Today

Hackers Stole from 100 Banks

Kaspersky Labs reported that it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft, said CNN Money.
Security Magazine

Lawmakers seek to create single food safety agency to improve oversight

Lawmakers are seeking to pass a bill which would a single food safety agency to replace the current multi-agency system, which critics say is "hopelessly fragmented and outdated.
Homeland Security News Wire

Growing demand for cyber insurance, especially by small and mid-size businesses

Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier.
Homeland Security News Wire

Breach index: Mega breaches, rise in identity theft mark 2014

A global study found that more than one billion records were compromised in data breaches last year.
SC Magazine

Ransomware delivered via fake Chrome and Facebook emails, tied to PayPal phishing

Researchers with Trend Micro are seeing upgraded CTB-Locker ransomware being delivered in fake Google Chrome and Facebook emails as part of an attack that is also tied to a PayPal phishing campaign.
SC Magazine

16 million mobile devices infected by malware

Security threats to mobile and residential devices and attacks on communications networks rose in 2014, threatening personal and corporate privacy and information.
Help Net Security

Corporate users hit with fake Microsoft email delivering sneaky malware

A well-crafted and extremely legit-looking spam email campaign is currently targeting corporate users around the world, ultimately leading the victims to difficult-to-detect malware that downloads additional malicious programs on the target's computer.
Help Net Security

CIO of Year' on Defending Against Hackers

Bolstering defenses against phishing, malware and remote attacks, as well as broader implementation of encryption and a rollout of multifactor authentication, are among this year's information security priorities at the University of Michigan Hospitals and Health Centers, says CIO Sue Schade.
Data Breach Today

Obama to Issue Cybersecurity Executive Order

President Obama has gone to Silicon Valley to pitch his cybersecurity agenda and issue an executive order to encourage more private sector information sharing.
Data Breach Today

Zero days' last up to six months for some malware

The majority of new malware is added to antivirus signature databases within 24 hours of first appearance, and 93 percent is detected within a month, but it can take as long as six months for antivirus to catch the remaining 7 percent, according to a new study by Atlanta-based security vendor Damballa, Inc.
CSO Online

CISOs cut out of cyber-insurance decision making, study suggests

Most large enterprises in the UK still aren't managing risk through dedicated cyber-insurance policies and the few that do buy based on recommendations by legal rather than IT departments, an analysis by non-profit the Corporate Executive Programme (CEP) has found.
CSO Online

Massive breach at health care company Anthem Inc.

Anthem, the nation's second-largest health insurance company, is the latest target of a security breach. Eighty million customers, including the company's own CEO, are at risk of having their personal information stolen.
US Today

TurboTax Temporarily Suspended E-Filings on Fraud Concerns

The largest online tax-software company in the U.S. temporarily halted electronic filing of all state returns after more than a dozen states spotted criminal attempts to obtain refunds through its systems.
Wall Street Journal

Why Fraud Is Shifting to Mobile Devices

As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, who heads up the anti-fraud services group at security firm RSA, which just released its 2014 Cybercrime Roundup report.
Data Breach Today

Sony Exec Steps Down After Breach

In the aftermath of the Sony Pictures Entertainment cyber-attack in late November 2014, Amy Pascal is stepping down as co-chairman of the film studio.
Data Breach Today

Tax fraud concerns prompts TurboTax developer to pause state e-filings

Intuit – developer of TurboTax, QuickBooks and Quicken – announced on Friday that it is working with state governments to address a growing tax fraud problem.
SC Magazine

Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers.
CSO Online

Some hackers are unknowingly gathering intel for the NSA

The U.S. National Security Agency and its intelligence partners are reportedly sifting through data stolen by state-sponsored and freelance hackers on a regular basis in search of valuable information.
CSO Online

Who's Hijacking Internet Routes?

Information security experts warn that Internet routes are being hijacked to serve malware and spam, and there's little you can do about it, simply because many aspects of the Internet were never designed to be secure.
Data Breach Today

Report Claims Russians Hacked Sony

Russian hackers, using spear-phishing attacks, successfully breached the network of Sony Pictures Entertainment in November 2014, and continue to have on-demand access to Sony's network, according to a new report from cybersecurity firm Taia Global.
Data Breach Today

How Much Is Cyber Crime Costing U.S. Businesses?

Frankly, it’s costing U.S. businesses more than other nations’ enterprises worldwide, according to data collected in the 2014 Cost of Cyber Crime Study: United States from the Ponemon Institute and HP Enterprise Security.
Security Magazine

Adobe rolling out new Flash Player version, includes fix for latest zero-day bug

Adobe began rolling out Flash Player 16.0.0.305 on Wednesday for users who have auto-update enabled.
SC Magazine

NAFCU asks Congress to create bipartisan data breach working group

As the number of data breaches continues to grow and increase in severity and as the White House throws its weight behind data beach notification legislation, a credit union organization has beseeched Congress to create a bipartisan data breach working group.
SC Magazine

Payment cards targeted in attack on pet supplies website

Tennessee-based ValuePetSupplies.com is notifying several thousand customers that unauthorized persons accessed its servers and installed malicious files to capture personal information – including payment card data – entered into its website.
SC Magazine

Future Cyber Security Army Needs More Than Just Programmers

Securing financial information, personal data and proprietary plans along government, corporate and personal networks will require filling the growing demand for skilled cyber security professionals with a diverse pipeline of talent, including consulting,
Security Today

Court Rules in Favor of Breached Retailer

A breached retailer has won a court ruling against its payments processor and merchant bank, setting a $500,000 cap on how much it must pay for a point-of-sale breach it suffered in late 2012. Now the processor and bank must pick up the rest of the breach-related tab.
Data Breach Today

Cybersecurity readiness: Widening gulf between perception and reality

Attackers have become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity, according to Cisco.
Help Net Security

Will 2015 bring a stronger focus on IT security?

2014 has seen more high-profile targeted attacks with motivations of stealing information, making a statement and permanently destroying sensitive/valuable data.
SC Magazine

Nike Lawsuit Against Former Designers Will Test Company Security Initiative

Athletic sportswear maker Nike filed suit on Dec. 8 in Multnomah County, Ore., Circuit Court against three of its former designers on grounds that they misappropriated Nike's trade secrets to launch a competing business venture with Adidas.
National Law Review

NSA's Rogers Calls for More Forceful Response to Cyberattacks

The government should more forcefully respond to foreign countries that engage in cyberattacks, because some hackers have come to believe there is minimal risk in stealing U.S. government or corporate data, according to NSA director Navy Adm. Mike Rogers.
Wall Street Journal

Survey: Security Is by Far the Top Spending Priority for CIOs in 2015

Security will be CIOs' top spending priority in 2015, with heightened cyberattack concerns possibly slowing cloud adoption, according to a Piper Jaffray survey.
CSO Online

Sony Hack Prompts U.S. Review of Public Role in Company Security

In the aftermath of the cyberattack on Sony Pictures Entertainment, U.S. officials are questioning when the government should step in to help private companies fight hackers, according to National Security Agency Director Michael Rogers.
Bloomberg

The Security Pitfalls of Airport Worker Access

After more than 150 guns were discovered in a smuggling ring on Delta Air Lines in December of last year, security officials are turning towards those who work at airports and the access they have.
Security Today

President Obama wants Congress to pass federal data breach notification legislation

President Barack Obama on Monday proposed strengthening laws against identity theft by requiring notification when consumer information is hacked, providing more free access to credit scores and protecting students' private data.
Security InfoWatch

Study: Majority of enterprises breached in first half of 2014, regardless of vertical

From January to June of 2014, 100 percent of retail organizations had their systems breached, as did 100 percent of agriculture, auto/transportation, education, and healthcare/pharmaceutical organizations, according to a new study.
SC Magazine

Study Shows Employee Theft Involves Money and is Rarely Reported

A study of 314 small business owners in Cincinnati found that 40 percent of thefts in small businesses are of money. The study also found that 64 percent of small businesses have experienced employee theft, only 16 percent of those reported the incident to police.
Security Magazine

Sony Hackers Threaten Attack on US News Media

The Sony hackers have set their sights on attacking a news organization, according to a report.
Security Magazine

Microsoft Protests Bug Disclosure By Google

After Google discloses Win 8.1 vulnerability two days prior to planned patch, Microsoft argues in favor of vulnerability publication schedules.
InformationWeek

Revenues for private contract security services to rise, study finds

According to a study recently published by The Freedonia Group, global revenues for private contract security services are expected to increase by nearly 7 percent per year to $267 billion in 2018.
Security InfoWatch

Russian hackers stole millions from banks, ATMs

Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals.
Help Net Security

Digital crime landscape in 2015

Based on its work this year in the fields of cyber security and financial crime, BAE Systems Applied Intelligence and Scott McVicar, its Managing Director of Cyber Security, offer these top five predictions for the digital crime landscape in 2015
Help Net Security

Quality Control and Measurement of Business Continuity Management Systems: Final Survey Results

In 2013 Continuity Central conducted a survey to explore quality control methods that are being used within business continuity management systems. This survey has now been repeated to see how the trends in this area have changed.
Continuity Central

DHS IT Security Suffers From Noncompliance, Inspector General Audit Finds

The Department of Homeland Security’s (DHS) Office of Inspector General (OIG) disclosed in a new 62-page audit report that DHS “has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort.”
HSToday.US

Mental Illness & Terrorism

About 40 percent of lone-wolf terrorists are driven by mental illness, not ideology: Researchers
Homeland Security News Wire

Survey: Losses from holiday return fraud to cost retailers $3.8B

According to the National Retail Federation's 2014 Return Fraud Survey, retailers estimate that losses from return fraud will cost them $3.6 billion this holiday season.
Security InfoWatch

Report: Another security clearance investigation contractor hacked

Federal officials say the private files of 48,439 workers may have been compromised by a computer breach at government contractor KeyPoint Government Solutions Inc.
Security InfoWatch

Shock, dismay and disappointment: P&C insurance industry's reaction to TRIA news

Despite strong encouragement from the insurance industry and business groups around the country, the U.S. Senate has adjourned for the year without passing the Terrorism Risk Insurance Program Reauthorization Act of 2014 (TRIPRA).
Property Casualty 360

How to Implement an Optimized Video Surveillance Plan for Protecting Business Assets

The use of global security technology continues to skyrocket and extend better service to businesses. The global market for video surveillance equipment grew more than 12 percent in 2014, reaching $15.9 billion in sales.
Security Today

7 Lessons from Target's Breach

One Year Later, What Retailers, Bankers Have Learned.
Data Breach Today

Bill OK'd to Enhance NIST Cybersecurity Role

With cybersecurity already a NIST priority, as evidenced by its publication of the cybersecurity framework, the Cybersecurity Enhancement Act would codify existing practices.
Data Breach Today

Cloud security: Do you know where your data is?

The rapid move towards virtualization and cloud infrastructure is delivering vast benefits for many organizations. In fact, Gartner has estimated that by 2016, 80% of server workloads will be virtualized.
Help Net Security

North Korea Denies Role in Sony Hack

North Korea released a statement Sunday that clearly relished a cyberattack on Sony Pictures, which is producing an upcoming film that depicts an assassination plot against Pyongyang's supreme leader.
Security Magazine

Board Members Unhappy With Information on IT, Cyber Security

A new survey of more than 1,000 directors at public companies by the National Association of Corporate Directors (NACD) showed that 52.1 percent say they are not satisfied with the quantity of the information provided by management on cyber security and IT risk.
FierceCFO

Study: Role of Security Directors Changing

A recent study by ASIS International and the Institute of Finance & Management, "The United States Security Industry," includes a profile of security directors and the challenges they face.
Security InfoWatch

Hacked vs. Hackers: Game On

Over the last 12 years, there has been a more than 10,000-fold increase in the number of new digital threats, and cryptographer Paul Kocher and other security experts attribute the problem to a lack of liability and urgency.
New York Times

Most U.S. Companies Under Cyberattack

More than four in five U.S. companies have experienced a cyberattack in the last year, according to the results of a new Malwarebytes survey of IT decision makers.
ReadWrite

Contractor Rejected for Employment Allegedly Infected Power Firm's Network

The Cleveland man was indicted for sending malware designed to destroy data on computers at Eaton, after the company did not hire him for a position.
Nextgov

Hackers attacked the U.S. energy grid 79 times this year

Hackers attacked the U.S. energy grid 79 times this year, gaining the opportunity to potentially flip off switches.
CNNMoney

Foreign Powers Steal Data on Critical U.S. Infrastructure, NSA Chief Says

National Security Agency Director Adm. Michael S. Rogers said Nov. 20 that several foreign countries have infiltrated the computers of critical industries in the U.S. to steal information that could be used in the planning of a destructive attack.
Washington Post

U.S. Orders Electric Utilities to Secure Sites From Attack

The Federal Energy Regulatory Commission on Thursday adopted a rule that requires U.S. power companies to identify and take steps to secure key transmission substations and other hubs that could cause major problems if they were out of service.
Wall Street Journal

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.
CFO

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop."
feiDaily

In Defense of the Enterprise Against Criminal Hackers

One of the most prevalent ways that that attackers breach systems is by using a method called SQL injection.
Forbes

Airport Raids Target Fraudsters

"Big Data" Operation Snares 118 Suspected Ticket Fraudsters
Bank info Security

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hackers well-versed in Wall Street vernacular hack publicly traded companies

Security firm FireEye’s recent reporton a group of hackers who have been infiltrating e-mail correspondence from more than 100 organizations, differs from the company’s previous reportson cyber criminals operating from China or Russia.
Homeland Security Newswire

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security InfoWatch

Study finds spike in cost of retail crime in the U.S.

According to the results of the annual Global Retail Theft Barometer released on Thursday, losses from shrink, which includes shoplifting, employee or supplier fraud and administrative errors, costs retailers around the world more than $128 billion last year, $42 billion of which was from the U.S. alone.
Security Info Watch

The Mercenarieis: Ex-NSA Hackers and Their Corporate Clients

Ex-NSA hackers and their corporate clients are stretching legal boundaries and shaping the future of cyberwar.
Slate

SECRET MANUALS SHOW THE SPYWARE SOLD TO DESPOTS AND COPS WORLDWIDE

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices.
The Intercept

Hacker Group Targets Email Accounts of CFOs, Others

A group of financially sophisticated cyber-criminals has been hacking into the email accounts of CFOs of publicly traded companies and others with access to market-moving information, according to the cyber-security firm FireEye.
CFO

Tattletales Embraced as Whistle-Blower Programs Gain Support

Whistle-blowing as a means to police corporate misconduct is gaining support.
New York Times

Sleep Deprivation Is Killing You and Your Career

Pushing late into the night is a health and productivity killer.
Forbes

The Future of Financial Reporting Part 2

One initiative that has been moving forward in the U.S. is the development by the SEC of a data mining system called the Accounting Quality Model” (AQM), otherwise known in the industry as “Robocop.”
fei Daily

In Defense Of The Enterprise Against Criminal Hackers

I’m sitting here on a Sunday evening reading about more data breaches. This has transformed from something of note to a common occurrence. Days that end in “y” is that thought that sticks with me. So, what is the underlying problem here? Are the attackers really that good? Or are we collectively failing to defend our perimeters?
Forbes

Airport Raids Target Fraudsters

A massive international operation has resulted in the arrest of 118 people - many at airports - on suspicion of using fake tickets, or using stolen card data to purchase airline tickets.
Bank Info Security

U.S. national security prosecutors shift focus from spies to cyber

The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions.
Reuters

Visionworks notifies 75K Maryland customers of missing database server

Visionworks notifies 75K Maryland customers of missing database server Texas-based eye care services provider Visionworks is notifying as many as 75,000 customers who received services at its Jennifer Square location in Annapolis, MD that an investigation is underway to locate a missing database server potentially containing their personal information.
SC Magazine

Survey Says 90 Percent of Americans Feel They Have Lost Control of Their Personal Information on the Web

More than 90 percent of Americans feel they’ve lost control over how their personal information is collected and used by companies, according to the results of a survey by the Pew Research Center.
Security Today

Guardly Enterprise E911 Solution Improves Active Shooter Response

Guardly announced that its Enterprise E911 solution for smartphones can now be used to enable faster, more effective response during active shooter incidents.
Security Today

NOAA Reveals Four Websites Compromised

The National Oceanic and Atmospheric Administration has revealed that four of its websites were compromised by a cyber-attack.
Data Breach Today

Russian Malware 'Blackenergy' Infiltrates Us Critical Infrastructure

Industrial control systems used to operate US critical infrastructure have been compromised by a destructive Russian hacking campaign that has been going on since 2011, according to the Department of Homeland Security (DHS).
HSToday.US

AT&T Ditches Tracking Header Program; Verizon Still Refuses

Julia Angwin reported late Thursday that AT&T is dropping their tracking supercookie program. This comes in the wake of massive customer pressure over the discovery that AT&T and Verizon were quietly inserting unique tracking identifiers in their customers' web browsing and app data, by means of an HTTP header.
Eff.org

Nurses Strike Over Patient Care Standards, Ebola

As many as 18,000 nurses went on strike Tuesday and picketed in front of Kaiser Permanente facilities in Northern California to express their concerns about patient-care standards and Ebola.
Continuity Insights

NIST Releases Guide for Threat Intelligence Sharing Efforts

The paper, titled 'Guide to Threat Information Sharing', is aimed at providing guidance for improving the effectiveness of cyber-security efforts through strong information sharing practices.
Global

Survey of Risks and Competencies Released

The Security Industry Survey of Risks and Professional Competencies has been released by the ASIS Foundation and the University of Phoenix. The survey exposes the talent and training needs of the security industry.
Security Management

Cybersecurity: Why It's Not Just About Technology

"Governing" reports that organizations -- both private and public -- need to build a culture of risk management from the ground up to safeguard their systems from cyberattacks.
Governing

Supreme Court Weighs Whistleblower Protections

The U.S. Supreme Court on Tuesday heard oral arguments in a case involving an air marshal, Robert MacLean, who was fired for revealing reduced protection on Las Vegas flights despite a potential terrorist threat
The Wall Street Journal

Even with Crisco, Cargo Theft is no Joke

Cargo theft costs about $30 billion annually, and Florida accounted for nearly 25 percent of U.S. cargo thefts reported between March and May, according to the state's Department of Transportation.
Tampa Bay Times

Banks Ready New Defense Against Hackers

A group backed by the nation's biggest banks plans to launch the Soltra Edge platform on Dec. 2 to enable financial firms to more quickly communicate about potential cyber breaches.
Wall Street Journal

How Companies Blow it With Security Breaches

McKinsey & Co. Global Managing Director Dominic Barton said he sees three common mistakes companies make when they have a security breach. The first is an inability to make efficient decisions.
The Wall Street Journal

Nearly Half of Holiday Shoppers Won't Shop at Breached Retailers

A new CreditCards.com survey that asked credit and debit card holders if they would shop this holiday season at retailers where personal information has been exposed found that 45 percent of respondents answered "definitely not" or "probably not."
MarketWatch

Lone Wolves' Responsible for Disproportionate Number of U.S. Terrorist Acts, Research Finds

New research suggests that lone wolf terrorists are responsible for a disproportionate number of terrorist attacks in the U.S. While lone wolves only represent about 8 percent of all terrorists in the United States, they were involved in about 25 percent of incidents since 1980, according to an Oct. 29 research brief from the National Consortium for the Study of Terrorism and Responses to Terrorism (START).
Fierce Homeland Security

Internet Experts: 'Widespread Harm' Likely From Cyberattack in Next Decade

The Pew Research Center and Elon University's Imagining the Internet Center recently conducted a survey of more than 1,600 computer and Internet experts on the future of cyberattacks and found most respondents believe there is a significant threat.
Philadelphia Inquirer

Government Hands Down New Cyber Framework

The Obama administration has issued a cyber threat information-sharing framework designed to help government and industry officials better identify and stop cyberattacks.
The Hill

Security Firms Tie Russian Government to Utilities Hacks

Cyberattacks involving malware infections of three popular human-machine interface (HMI) systems used by utilities in North America are believed to have been the work of Russian hackers, cybersecurity firms said Oct. 30.
Bloomberg

House CISO Talks Threat Landscape, Challenges With Information Sharing

U.S. House CISO Darren Van Booven says he experiences many of the same challenges his private-sector counterparts do in their efforts to protect their IT assets from cyberattacks, including how much information to divulge about attacks and vulnerabilities
CIO Journal

Lack of federal authority makes fashioning coherent national Ebola policy difficult

Earlier this week, the Centers for Disease Control and Prevention(CDC) issued new guidelines on how states should deal with travelers from Ebola-stricken regions, but a lack of federal authority to mandate such guidelines has led to conflicting strategies, varying from state to state, which includes mandatory at-home quarantine for some travelers.
Homeland Security News Wire

New report details Russia’s cyber-espionage activities

Researchers at FireEye, a Silicon Valley-based computer security firm, are connecting the Russian government to cyber espionage efforts around the world.
Homeland Security News Wire

Georgia Tech releases 2015 Emerging Cyber Threats Report

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspace in nation-state conflicts.
Homeland Security News Wire

Evaluating readiness: A must-do security assessment

Assessing the readiness of an organization to handle various types of situations extends well beyond typical emergency preparedness planning.
Security InfoWatch

Banks Demand That Law Firms Harden Cyberattack Defenses

In response to recent cyberattacks, big banks are demanding law firms that they work with take additional steps to protect sensitive bank information.
Wall Street Journal

Study: Cyberattacks Up 48 Percent in 2014

The number of dedicated cyberattacks rose 48 percent in 2014, totaling 42.8 million, according to a new PricewaterhouseCoopers study.
The Hill

Regular Online Attacks Hit 40% of US Citizens, Microsoft Study Shows

Forty percent of U.S. adults have experienced weekly or daily attempts to access their personal data while using a PC online, according to a Microsoft survey.
ComputerWeekly.com

Symantec Sees Rise in High-Traffic DDoS Attacks

A recent Symantec study found a 183 percent increase in Domain Name System (DNS) amplification attacks from January through August.
CSO

Wearable Devices Pose Security Risk as Use Is Stretched"

A former National Security Agency official this week warned about the unanticipated security and privacy risks that employers are likely to face as wearable medical devices find their way into the workplace.
Wall Street Journal

U.S. National Security Prosecutors Shift Focus From Spies to Cyber

The Justice Department's national security prosecution team is shifting its focus to cyber threats and preventing sensitive technology from ending up in the wrong hands.
Reuters

Cybersecurity Help Coming for Franchises

The Hill reports that several industry groups are teaming up to help franchise businesses learn more about cybersecurity.
The Hill

China Steals Confidential Data on the Vulnerabilities of Major U.S. Dams

National Weather Service hydrologist Xiafen Chen was arrested Oct. 20 for allegedly breaching an Army database that contained sensitive files on U.S. dams
Homeland Security News Wire

Hacking Trail Leads to Russia, Experts Say

The cybersecurity firm FireEye on Tuesday will release the results of an investigation into what it says are cyberattacks sponsored by the Russian government.
Wall Street Journal

In West, ISIS Finds Women Eager to Enlist

A growing number of young Muslim women from the West are attempting to join radical Islamist groups, such as the Nusra Front and the Islamic State (IS).
The New York Times

US 'Foreign Fighters' Could Have Passports Revoked, but May Still Have Right to Re-Enter

The secretary of state may revoke the passports of U.S. citizens who fight in terrorist groups overseas, but this may not keep them from re-entering the country, two Congressional Research Service (CRS) reports suggest.
FierceHomelandSecurity

Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.
Wired

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte, a major player in financial consulting and enterprise risk services, has released research that can help companies determine if they've been the victim of a data leak – or the casualty of an online hoax
SC Magazine

NSA Chief Warns Companies Against Revenge Hacking

Businesses, under siege from hackers looking to steal sensitive information, increasingly want to take matters into their own hands. But the head of the National Security Agency is warning them not to become hackers themselves.
Nextgov

Today Apple CEO Discusses Privacy Talks with Chinese Government

Apple CEO Tim Cook has acknowledged talks with Ma Kai, China’s vice premier, regarding the discussion of the protection of users’ information.
Security Today

Layering EMV chip, tokenization, encryption bolsters card payment security

While Error! Hyperlink reference not valid. chip technology continues its roll out in this country, a whitepaper from the Smart Card Alliance Payments Council contends that payment industry stakeholders can better protect against card fraud by layering EMV chip and two other security technologies, encryption and tokenization.
SC Magazine

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

The Arizona State Retirement System (ASRS) is notifying nearly 44,000 individuals enrolled in ASRS dental plans that two unencrypted discs containing their personal information – including Social Security numbers – were sent to a benefits company in Missouri, but were not received.
SC Magazine

Retailers Facing Intensified Cyberthreat This Holiday Season

After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
Dark Reading

Espionage Hacks Tied to Russians

Information security experts say espionage-focused attackers, apparently operating from Russia, have been using phishing e-mails and malware in multi-stage attacks designed to evade detection and steal political and military secrets.
Data Breach Today

'Social Resilience' Has Major Impact on Community Preparedness

An Associated Press-NORC Center for Public Affairs Research survey suggests that those factors — collectively termed "social resilience"— have a big impact on how prepared communities feel for disasters such as Superstorm Sandy, and are seen as more valuable in a crisis than even government.
Continuity Insights

Attackers Breach PoS Systems of Delaware Ferry Service

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.
Security Week

Can We Talk: Creating a Common Language for Cybersecurity

Experts are hopeful that a new framework released by the National Institute of Standards and Technology will give agencies a method to evaluate the security of their computing environments against their peers.
Government Technology

IBM Says Most Security Breaches are Due to Human Error

IBM has released a report that discusses the characteristics that are usually seen in cyberattacks, as well as which industries are being commonly targeted by cybercriminals.
Tech Republic

Enterprises Will Move from Perimeter Defense to Risk-Based Security, Says Gartner

Enterprises as a whole are likely to move away from the concept of the 100-percent secured environment and perimeter defense to a risk-based model of security, according to a new Gartner report.
FierceITSecurity

Banks Harvest Callers' Voiceprints to Fight Fraud

Financial firms and call centers are increasingly turning to voice biometric technology to help screen calls for potential fraud.
Associated Press

The Morning Risk Report: Business Leaders' Cybersecurity Divide

Relentless attacks from hackers have C-suites and boards of directors divided on what measures to take and how much to spend on beefing up cybersecurity.
Wall Street Joutnal

Hydraulic fracturing caused earthquakes in Ohio

Hydraulic fracturing triggered a series of small earthquakes in 2013 on a previously unmapped fault in Harrison County, Ohio, according to a new study
Homeland Security News Wire

FBI Warns Industry of Chinese Cyber Campaign

The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies
The Washington Post

Researcher Builds System to Protect Against Malicious Insiders

Virginia Polytechnic Institute and State University professor Daphne Yao is developing algorithms that can alert companies when an employee might be acting maliciously on their network.
Computerworld

The Role of Chief Security Officer Is More Vital Than Ever

Security leaders sound off: The CSO role may look different in every organization, but in an increasingly connected and open society, it's a critical one.
Government Technology

U.S. should emulate allies in pushing for public-private cybersecurity collaboration

Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.
Homeland Security News Wire

Disaster preparation business booms

Concerns about future manmade and natural disasters are driving the U.S. market for survival kits.
Homeland Security News Wire

U.S. Cyber Command Plans to Recruit 6,000 Cyber Professionals, as U.S. Mulls Offensive Cyber Strategy

U.S. Cyber Command is planning to step up its efforts to protect the nation's networks from cyberattackers.
Homeland Security News Wire

Jihadi Online Chatter Discusses Using Ebola as Weapon Against the West

There has been a growing number of discussions on jihadist social media Web sites about the possibility of terrorists using poisons and virulent pathogens such as Ebola in attacks against the United States and other Western nations, reports the Middle East Media Research Institute (MEMRI).
HSToday.US

Cyberattacks on State Databases Escalate

A continuing disconnect exists between state officials and their IT security officers, even as major breaches of state databases become more frequent, according to a new report from NASCIO and Deloitte & Touche.
Pew Charitable Trusts

Insider Threat to Critical Infrastructure 'Underestimated,' Says DHS

Even strong preventative programs may not be able to completely remove the threat of a malicious insider to critical infrastructure, according to a December 2013 report from the Department of Homeland Security (DHS).
Fierce Homeland Security

"Many ‘Loopholes’ in Cyber Insurance Policies, L’Oreal CISO Says

Companies are investing millions of dollars in insurance policies to protect themselves from cyber security breaches. Zouhair Guelzim, chief information security officer of L’Oreal Americas, a subsidiary of the L'Oreal Group, says the market is fraught with high premiums, incomplete coverage, and costly mistakes.
Wall Street Journal Online

Cyberattacks Trigger Talk of 'Hacking Back

The continuing attacks on U.S. corporate networks are firing talk among some executives and officials of going on the offensive, or "hacking back," against those that hack their systems.
Washington Post

007 Nemesis Le Chiffre Bolsters France in Cyber Attacks

France is enforcing a new cybersecurity law aimed at defending vital businesses, in response to growing concerns about U.S. and Chinese technology.
Bloomberg

'Shellshock' Attacks Could Already Top 1 Billion: Report

The Shellshock vulnerability is dangerous because it can be exploited to remotely execute code on affected machines, which could lead to malware injections, data theft and server hijacking.
Security Week

Banks Face Rising Threat From Cyber Crime

Banks must now contend with a new type of cyber crime called vishing, which is similar to phishing but aims to trick people out of their money using someone's voice instead of an email.
Financial Times

"Report: Cost of Cybercrime Up 10% This Year

Average cybercrime costs for U.S. companies have risen almost 10 percent from last year, according to a new report.
Politico Pro

Cybersecurity Experts Pin Hopes on Cyber Insurance Market

The Obama administration hopes the growth of cyber insurance will encourage companies to improve cybersecurity practices.
Politico Pro

Boeing urges airlines to be vigilant of cyber security threats

LONDON: Airline bosses ignore cyber security concerns at their peril, and must ensure that thorough mitigation plans are in place to deal with potential hacking of their systems, as aircraft move ever closer to becoming fully e-enabled. This was the warning given to the industry by Boeing’s chief engineer cabin and network solutions, John Craig, during Aircraft Commerce magazine’s recent Aircraft e-Enablement conference in London.
Runway Girl Network

Yahoo Claims a Server Attack was not the Shellshock Bug

Yahoo has fixed a bug in their system which was initially discovered by hackers who were attempting to exploit the Shellshock bug on the company’s network. According to a report, Yahoo made a statement issuing the attack.
Security Today

Infected ATMs give away millions of dollars without credit cards

Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars.
Help Net Security

How Technology Helps Mitigate Risk at Sporting Events

Out of sheer necessity, sports security has been evolving rapidly since the Boston Marathon bombing, and most sports security professionals refer to that particular event as a turning point.
Security Magazine

Malware Attacks Drain Russian ATMs

Interpol Warns Attacks Could Spread Worldwide. Criminals have infected at least 50 ATMs in Eastern Europe, including Russia, with malware that enables them to drain ATMs of their cash via "jackpotting" attacks, netting attackers millions of dollars.
Data Breach Today

Dallas Ebola Patient Dies

DALLAS—The Liberian man who was diagnosed with Ebola in Dallas, the first case of the deadly disease in the U.S., died on Wednesday morning, the hospital treating him announced.
Wall Street Journal

Active Shooter/Mass Casualty Incidents

The FBI has released a study of 160 active shooter incidents that occurred between 2000 and 2013 throughout the U.S.

FBI Facial Recognition SystemCompleted

The FBI’s Next Generation Identification (NGI) system that we spoke about in April is fully operational and includes a controversial feature known as Interstate Photo System (IPS).
Security Today

Highlighting the Hotsheet: 2nd Quarter Cargo Theft Update

DHS identified transportation systems as one of 16 critical infrastructures to nation's supply chain and cargo theft as a constant threat to stability.
Security Today

Senate: China hacked military contractor networks

China's military hacked into computer networks of civilian transportation companies hired by the Pentagon at least nine times, breaking into computers aboard a commercial ship, targeting logistics companies and uploading malicious software onto an airline's computers, Senate investigators said Wednesday.
Security InfoWatch

Home Depot: 56 Million Cards Breached

Home Depot says an estimated 56 million payment cards were exposed in the data breach at its U.S. and Canadian stores.
Data Breach Today

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

The bulk of mobile applications (75 percent) will fail basic security tests over the next 15 months or so – through the end of 2015 – leaving businesses vulnerable to attack and violations of their security policies, according to a report from Gartner.
SC Magazine

Workplace Violence: OSHA Findings of "Willful Violation"

On August 11, 2014, OSHA fined Brooklyn-based Brookdale University Hospital and Medical Center $78,000 because of dozens of incidents in which patients and visitors assaulted employees, one of which left a nurse with severe brain injuries.
Threat Assessment Group (TAG, Inc.)

What security experts think about Apple Pay

Some of the comments that Help Net Security received from the security community on Apple's Apple Pay, a new category of service that works with iPhone 6 and iPhone 6 Plus through a NFC antenna design, a dedicated chip called the Secure Element, and the security and convenience of Touch ID.
Help Net Security

Home Depot investigates possible payment card breach

Home Depot is the latest retailer to begin investigating a possible data breach.
SC Magazine

PG&E Faces $1.4 Billion for Deadly California Pipeline Blast

California regulators want PG&E Corp.’s utility to pay $1.4 billion in fines and penalties over a fatal natural gas pipeline explosion in San Bruno, California.
Wall Street Journal

Apple Not Hacked In Celebrity Nude Photo Breaches

Apple confirmed that stolen and leaked private photos of several celebrities were not due to a breach in its iCloud nor Find my iPhone services.
Dark Reading

New Security Breach at Metcalf Substation, Site of 2013 Sniper Attack

An electrical substation near San Jose, Calif., that was the target of a sniper attack that caused $15 million worth of damage and destroyed 17 transformers last April, experienced a new security breach on Wednesday that saw burglars cutting through the fence line to steal construction equipment.
NBC Bay Area

Breach of Homeland Security Background Checks Raises Red Flags

A breach at US Investigations Services (USIS) this month exposed the background-check records of 25,000 Department of Homeland Security staffers, including undercover investigators.
Dark Reading

Cybersecurity and the National Association Of Corporate Directors

Metropolitan Corporate Counsel recently sat down with National Association of Corporate Directors (NACD) Director of Research Robyn Bew to discuss how cybersecurity is a current area of focus for the association.
Metropolitan Corporate Counsel

DHS Cybersecurity Program Finds Few Takers

The U.S. Department of Homeland Security was directed by President Obama last year to launch a program to share classified and unclassified cybersecurity data to 16 critical infrastructure sectors.
Government Technology

Dangerous Economy Thrives in South Africa's Abandoned Gold Mines

South Africa has become the world capital of illegal gold mining, with tens of thousands of former miners wandering abandoned mine shafts, risking injury, death, or arrest to look for the precious metal.
Wall Street Journal

DHS Seeks to 'Mature' Program to Ensure Security, Safety of High-Risk Chemical Facilities

The Homeland Security Department is seeking input on developing better security standards for high-risk chemical plants.
FierceHomelandSecurity

21% of Manufacturers Hit by Intellectual Property Theft

One in five manufacturing firms in a recent survey reported a loss of intellectual property in a cyberattack in the past year due such things as malware, software vulnerabilities, and information leaked on mobile devices.
ComputerWeekly.com

Feds admit cooperation remains obstacle with corporations, cyber threats

A key to reducing cyber crime is getting victims - often major corporations - to cooperate with authorities, two top federal law enforcement officials said on Wednesday during visits to Pittsburgh.
Trib Live News

How the Role of CSO is Changing

In this podcast recorded at Black Hat USA 2014, Rick Howard, CSO at Palo Alto Networks, talks about the role of the CSO and how it's fundamentally changing.
Help Net Security

What can we learn from the top 10 biggest data breaches?

While some may be suffering from “breach fatigue” and becoming jaded, it’s more important than ever to take cyber threats seriously.
Help Net Security

Hospital Security Breach Steals Data from 4.5 Million Patients

According to a report, hackers have stolen personal information belonging to patients who received treatment at several Central Florida hospitals.
Security Today

UPS announces breach impacting 51 U.S. locations

More than 50 of The UPS Store's U.S. locations were found to have malware on their computer systems, and in some cases, it's been present since mid-January.
SC Magazine

Illicit Medicines Made Up the Bulk of Seizures by Customs Enforcement Agencies Worldwide

The World Customs Organization's (WCO) Illicit Trade Report finds that illicit pharmaceutical products made up more than three quarters of the contraband that was intercepted by customs enforcement agencies around the world last year.
HSToday.US

Dow Corning Battles Counterfeiters of its Silicone Sealants

Law enforcement in the Chinese city of Wuxi have broken up a counterfeiting ring that sold fake Dow Corning silicone sealant.
Security Magazine

Chief Information Security Officers Viewed as Scapegoats in C-Suite Survey

A survey found that most C-suite executives blame chief information security officers for cyber security lapses, but a significant portion of CIOs and others say CISOs should not be held accountable for cyber security purchasing decisions.
Bloomberg BNA

Protecting the Nation's Electric Grid From Terrorist Attacks is a Top Priority

A report by the Washington-based Congressional Research Service said the U.S. electric grid may be vulnerable to a terrorist attack, and the Federal Energy Regulatory Commission has proposed regulations to protect the grid, largely prompted by last year's armed attack that took out high-voltage transformers in California.
Business Insurance

Military Companies Brace for Rules on Monitoring Hackers

Defense Department contractors are preparing for new regulations mandating they report data breaches to the Pentagon and subsequently provide the government access to their networks.
Bloomberg

86 Percent of Hackers Don't Worry About Repercussions

Thycotic has released the results of a survey that provided some rare insight into the beliefs and motivations of hackers.
Help Net Security

City CIOs Battle Surge of Politically Motivated Cyberattacks

Ferguson, Mo., is the latest U.S. city to become the target of hacktivists linked to the Anonymous hacker collective.
The Wall Street Journal

Behavior Patterns That Can Indicate an Insider Threat

Organizations that pay attention to the red flags that appear during the planning stages of insider threats such as trade secret theft, workplace shootings, and the sabotaging of information systems may be able to prevent these threats from being perpetrated.
Wall Street Journal

The Internet of Things Brings Far-Reaching Security Threats

U.S. Defense Advanced Research Project Agency (DARPA) program manager Randy Garrett warns the advent of the Internet of Things (IoT) will create a large number of new threat vectors that could be exploited by malicious hackers.
CIO

7 Emerging Technology Risks

Experienced risk professionals know that in the real world, claims and losses are inevitable. After all, it’s called Risk Management, not Risk Avoidance.
Risk and Insurance

Cyber security: ugly gorillas and the fiduciary board

The frequency of cyber breaches, the reputational and financial effects of breaches, and their prevalence have become manifest.
idaho Business Review

1.2 Billion Unique Credentials, 500 Million Email Addresses Stolen by Russian Cyber Gang

After a research of more than seven months, a security company from the United States discovered that a Russian cyber gang managed to collect 1.2 billion unique credentials from more than 420,000 websites and FTP locations.

Emerging POS Attacks Target Small Merchants

A new point-of-sale malware strain known as Backoff has been linked to numerous remote-access attacks, putting small merchants at greatest risk, according to an alert from federal authorities.
Bank Info Security

Sovereign Citizens Seen as Top Terrorist Threat by US Law Enforcement

A new survey of U.S. law enforcement entities by the National Consortium for the Study of Terrorism and Responses to Terrorism (START) finds that the sovereign citizens movement is seen as the leading threat to U.S. communities, ahead of both Islamist extremists and militia/patriot groups
RT

Researchers Find About 25 Security Vulnerabilities Per Internet of Things Device

The market for Internet of Things devices is estimated to reach $1 trillion by 2020, when 26 billion units are expected to comprise the IoT. However, HP Security Research says 70 percent of today's 10 most popular types of IoT smart devices are vulnerable to being hacked or compromised, and each device has about 25 vulnerabilities.
Computerworld

US Homeland Security Contractor Acknowledges Computer Breach

A company that performs background checks for the U.S. Department of Homeland Security said on Wednesday it was the victim of a cyber attack, adding in a statement that "it has all the markings of a state-sponsored attack."
Reuters

Security Holes Found In Some DLP Products

It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.
InformationWeek

New PCI Guidance for Third-Party Risks

Council Offers Best Practices to Prevent Payments Breaches
Data Breach Today

Teen researcher publishes PayPal 2FA bypass exploit

Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal's two-factor authentication feature.
Help Net Security

DefCon: Traffic control systems vulnerable to hacking

Traffic control systems used in the U.S. and other countries can be hacked to cause significant traffic problems, or can even be “bricked” to cause millions of dollars in damages to infrastructure.
SC Magazine

Gemalto acquires SafeNet for $890 million

A Dutch digital security company, announced plans to acquire U.S.-based SafeNet for $890 million.
SC Magazine

What's Trending Now

Based on our interactions with many security practitioners, the following is a snapshot of what we see trending from December 2013-May 2014.
SEC

Scientists urge making critical infrastructure more resilient to solar storms

Scientists predict the probability of a massive solar storm striking the Earth in the next decade to be 12 percent. The 23 July 2012 solar storm was pointed away from Earth and blasted safely into space, but had it been directed towards Earth, it would have produced the worst geomagnetic storm in more than four centuries, causing extensive electricity problems that could take years to resolve.
Homeland Security Newswire

Georgia Tech Launches Early Warning System for Cyberthreats

The Georgia Tech Research Institute (GTRI) developed the open source system called BlackForest, which will complement the institute's malware and spear-phishing intelligence systems.
NetworkWorld

Terror Threats at Chemical Plants Underestimated

A report from the Senate Homeland Security Committee's Republican staffers has concluded that the Chemical Facility Anti-Terrorism Standards (CFATS) program is a failure and that it is not helping to protect the U.S. from a chemical terrorist attack.
Wall Street Journal

Rising Cargo Thefts Prompt New Security Solutions

http://www.hstoday.us/briefings/industry-news/single-article/rising-cargo-thefts-prompt-new-security-solutions/2b7831973e958832bdd262fe62d6bb41.html
Homeland Security Today

Monsanto Faces Dual Threat After Intellectual Property Theft

The seed company Monsanto is one of a number of companies that face serious threats from hackers, according to Fontbonne University cybersecurity professor Al Carlson.
CBS St. Louis

Understanding Vulnerabilities Key to Improving U.S. Cybersecurity Posture

A new report from the Center for a New American Security diagnoses some of the cybersecurity challenges facing the U.S. government and offers possible ways of addressing those challenges.
Homeland Security Today

Survey Confirms AETs are Real and Dangerous Threats

IT security professionals around the world are facing challenges in their efforts to protect against advanced persistent threats (APTs) that use advanced evasion techniques (AETs) to hide their presence within a network, according to a new McAfee survey.
Tech Republic

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

Report: Explosion of Electric Grid-Connected Devices will Complicate Security

The growing use of smart-grid technology and the integration of more devices into the nation's electric system could complicate efforts to secure the nation's electric grid, according to a report by the nonpartisan policy organization the Center for the Study of the Presidency and Congress.
Fierce Homeland Security

The Growing Threat of Network-Based Steganography

Researchers at the Hungary-based Laboratory of Cryptography and System Security have uncovered Duqu, an unusual form of steganography-based malware that embeds itself in Microsoft Windows machines, gathers information about industrial control systems, and then transmits it to its command-and-controlcenter.
Technology Review

Testing Your APT Response Plan

ISACA's Robert Stroud says one of the best ways enterprises can defend themselves against advanced persistent threats (APTs) is to develop and aggressively vet planned responses to APTs in the same way they create and vet business continuity plans.
GovInfoSecurity.com

Illinois Governor Signs 'Ban the Box' Hiring Legislation

Illinois Gov. Pat Quinn has signed a law requiring employers to evaluate a job applicant's skills before inquiring about criminal history.
Progress Illinois

Botnets Gain 18 Infected Systems Per Second

According to industry estimates, botnets have caused over $9 billion in losses to US victims and over $110 billion in losses globally.
Help Net Security

Survey: 53 percent change privileged logins quarterly

A survey of IT security professionals revealed that most individuals stick to a infrequent schedule for updating privileged credentials.
SC Magazine

Sony to Shell out $15M in PSN Breach Settlement

Sony has agreed to a $15 million preliminary settlement in hopes of quashing even heftier costs associated with its massive PlayStation Network hack three years ago.
SC Magazine

'Masquerading': New Wire Fraud Scheme

A new impersonation scheme is taking aim at business executives to perpetuate ACH and wire fraud, says Bank of the West's David Pollino, who explains steps institutions should take now to protect their customers.
Data Breach Today

Michael's Breach Lawsuits Dismissed

In a 20-page ruling, U.S. District Judge Elaine Bucklo says the six plaintiffs named in the consolidated suits failed to prove that they suffered "actual economic damage" as a result of using their credit and debit cards at Michaels during the time of the breach.
Data Breach Today

Target Request to Halt Discovery Denied

A federal judge has denied Target's motion to halt the discovery process in the class action lawsuits filed against the retailer in the wake of its December 2013 data breach.
Data Breach Today

Medical groups: Shootings underscore risks of workplace violence

Pennsylvania Psychiatric Society and Pennsylvania Medical Society officials Friday expressed sympathy and offered advice for those affected by Thursday’s shootings at Mercy Fitzgerald Hospital’s Sister Marie Lenahan Wellness Center that resulted in the death of a caseworker, the wounding of a psychiatrist and the critical injury of a psychiatric patient who is the suspected perpetrator.
Daily Times News

Hackers exploiting Internet Explorer to expose security flaws on a huge scale

Exploits can expose software and security systems, researchers warn, helping hackers attack remote machines undetected
The Guardian

"Lawmakers, Experts Urge Tougher Safety Measures at Government Labs

A U.S. House subcommittee held a hearing July 16 that focused on the recent problems at government-run labs associated with the handling of dangerous microbes, such as anthrax and smallpox.
Wall Street Journal

Florida City Considers Allowing Electrified Fences

The St. Petersburg, Fla., City Council is debating whether or not to allow businesses to install electrified fences in parts of the city. The city council was divided on matters of safety and security for businesses.
Security InfoWatch

Google’s Project Zero Targets Cybersecurity Research

Google announced July 15 that it will launch a new cybersecurity research effort called Project Zero. The project is intended to improve security throughout the Internet and reduce the number of people affected by cyberattacks.
Wall Street Journal

Businesses Are Deprioritizing Information Security

Although 86 percent of executives are aware of legal requirements surrounding confidential data, 20 percent never performed a security audit, according to a new survey of small-business owners and c-suite executives by Shred-It.
Help Net Security

SEC Launches Investigations of Hacked Firms

The SEC has opened investigations of multiple companies in recent months examining whether they properly handled and disclosed cyberattacks. The focus is on whether the companies adequately guarded data and informed investors about the breaches, say insiders
Bloomberg

Drilling for Opportunity

The U.S. energy market, particularly for oil and natural gas, is expected to grow significantly in the coming years, providing an excellent opportunity for security professionals to help protect production and processing facilities
Security Today

NIST Goes Global With Cyber Framework

NIST has been sending delegations around the world to discuss its framework describing how governments and commercial sectors can collaborate to respond to cyberthreats.
FCW

Why 'Data in the Dark' is the No. 1 Worry for IT Managers

A recent Ponemon Institute survey of 1,587 IT professionals responsible for protecting sensitive or confidential structured and unstructured data has found a lack of knowledge about where such data resides is their biggest security concern.
eWeek

97 Percent of Key Industries Doubt Security Compliance Can Defy Hackers

New research suggests that just 3 percent of information technology leaders at utilities and other critical infrastructure businesses believe security standards and rules can reduce threats to the systems running their operations.
Nextgov

Expert: U.S. Utilities Unprepared for EMP Threats

An electromagnetic pulse (EMP) event could potentially wipe out 90 percent of the U.S. population if the resulting blackout lasted longer than a year, warns Dr. Peter Pry, executive director of the Task Force on National and Homeland Security. "
Security InfoWatch

CHINESE HACKERS PURSUE KEY DATA ON U.S. GOVERNMENT WORKERS

CHINESE HACKERS PURSUE KEY DATA ON U.S. GOVERNMENT WORKERS
The New York Times

63% OF BUSINESSES DON'T ENCRYPT CREDIT CARDS

In its third study on unencrypted card data, SecurityMetrics found that 63.86% of businesses store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN)
Help Net Security

LEW: CYBERATTACKS AIM TO DISRUPT U.S. FINANCIAL SYSTEM

The hundreds of cyberattacks against U.S. banks and other institutions in recent years represent a targeted attempt to more broadly disrupt the U.S. financial system, Treasury Secretary Jack Lew said on Wednesday.
Reuters

AUTOMOBILE INDUSTRY ACCELERATES INTO SECURITY

The Alliance of Automobile Manufacturers and the Association of Global Automakers today officially announced plans to address growing concerns over security weaknesses and vulnerabilities in new and evolving vehicle automation and networking features that could put cars at risk for nefarious hacking. The industry is in the process of forming a voluntary mechanism for sharing intelligence on security threats and vulnerabilities in car electronics and in-vehicle data networks -- likely via an Auto-ISAC (Information Sharing and Analysis Center), the officials say.
Dark Reading

RANSOMWARE: 5 THREATS TO WATCH

As Windows software vulnerabilities have gradually decreased in the wake of Microsoft's secure development lifecycle approach to writing code, the bad guys have been forced to raise the bar and get more creative. Enter ransomware, a nasty form of malware that not only infects your machine but also locks you out of it -- and in many cases, encrypts the data so you can't retrieve it.
Dark Reading

Cybersecurity Fears Drive SMBs to Third-Party Payment Services

Small merchants are less willing to handle transactions involving credit card or personal consumer data because of cybersecurity and cost issues, and are turning to third-party payment services.
Network World

Survey: Corporate Security Thwarted by Dialog Failure Between IT Dept. and Management"

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.
Network World

The responses to a recent Ponemon Institute survey of 4,881 IT and security professionals offer a glimpse into the state of cybersecurity efforts at companies around the world.

Pennsylvania State University (PSU) researchers performed experiments examining how people with high-status job assignments assessed security and privacy and how impulsive or patient they were in making decisions.
Penn State News

Report Says 5 Percent of Organizational Revenues Lost to Internal Theft

A survey of Certified Fraud Examiners (CFEs) found that companies around the world lose about 5 percent of their annual revenues to occupational fraud.
Security Magazine

Millennial Enterprise Excellence

....I believe that there is a tremendous groundswell of new mindsets and talent being developed below all the bad press of gaming systems, iPhones and other technologies. I observe my son and his friends interacting globally and suddenly realize that essentially, this interconnected network of geographically dispersed teens entertaining themselves within graphically represented processes could most likely become the way we work in the near future.
Industry Week

Details Emerge of Boeing Hack
FBI: Chinese Nationals Stole Data on C-17 Transport

Three Chinese nationals seeking to make "big bucks" broke into the computers of Boeing and other military contractors, stealing secrets on transport aircraft, a U.S. criminal complaint says.
Info Risk

Strategic Planning: Program Life Cycle

This is an abbreviated portion of the Security Executive Council's strategic planning process that can be used to assist in building your security strategic plan.
SEC

Hard Proof That Wiping Your Phone Doesn't Actually Delete Everything

Have you ever sold an old smartphone on eBay? You might be interested to know that the apps, photos and even Google searches on your phone can still be recovered — even if you performed a factory reset.
Mashable

Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee

The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA).
Forbes

Chinese Journalists Warned Not to Work With Foreign Media

The Chinese government, which already maintains tight restrictions on the country’s media, has issued new warnings to local journalists not to cooperate with foreign news agencies.
Sinosphere

Chinese Hackers Pursue Key Data on U.S. Workers

Chinese hackers in March broke into the computer networks of the United States government agency that houses the personal information of all federal employees, according to senior American officials.
New York Times

Banks Dreading Computer Hacks Call for Cyber War Council

Wall Street’s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document.
BloombergBusinessweek

How the Target Breach Has Affected Small Business Data Security

Small and medium-sized businesses may think they're immune to the kinds of attacks that wreaked havoc on Target last year, but they're susceptible to the same nefarious forces – sometimes even more so, as they can lead hackers to a bigger prize.
CIO

Chemical Facility Security, Border Security, Emergency Communications Bills Passed by House

On Tuesday, the U.S. House of Representatives passed a quartet of homeland security bills focusing on the security of chemical plants, emergency communications, and border security.
Homeland Security Today

Europeans a Focus of Enhanced Search for Extremists

Eight European nations on Tuesday agreed to enhance surveillance of Europeans who went to Syria, or are at risk of going, to fight with Islamic extremists in the civil war.
Wall Street Journal

Security Weakness Found in Wi-Fi Enabled LED Light Bulb

Researchers at Context Information Security have identified a security vulnerability affecting a brand of Wi-Fi-enabled energy efficient light-emitting diode (LED) light bulb made by LIFX.
Help Net Security

Hackers Find Open Back Door to Power Grid With Renewables

Cybersecurity experts say that the addition of renewable energy sources such as solar and wind along with the move towards smart meters are creating new cybersecurity vulnerabilities for the electric grid in the U.S. and some other countries.
Bloomberg

"Chinese Woman Charged in Trade Secrets Theft Case

FBI agents in Des Moines, Iowa, on July 1 arrested a Chinese woman who allegedly conspired to steal trade secrets from seed corn companies in the U.S.
AP

Oil Industry Forms Clearinghouse for Cyberattack Data

The American Petroleum Institute recently announced that it has established the Oil and Natural Gas Information Sharing and Analysis Center, in which cybersecurity experts will analyze malicious software attacks on networks used to run energy infrastructure such as offshore rigs, refineries, and pipelines.
Security InfoWatch

Corporate Boards Race to Shore Up Cybersecurity

Corporate boards are waking to cyberthreats, grappling with security issues they once relegated to technology experts.
Wall Street Journal

Cybersecurity: Monitoring Risk in the Supply Chain

Outsourcing providers may promote themselves as trusted partners to their clients, but when it comes to cybersecurity risk, financial services firms would be wise to treat them as an extension of their own business.
FinOps Report

PayPal Two-Factor Authentication Broken

Security researchers have discovered a way to bypass the two-factor authentication in PayPal's iOs and Android apps.
Dark Reading

For Audit Committees, a Growing Role in Cybersecurity

High-profile retail data breaches, the discovery of the Heartbleed vulnerability, and a slate of regulatory developments have made cybersecurity a top priority for board and audit committees.
Wall Street Journal

Samsung Says Insurance to Cover Costs From Brazil Theft

Samsung Electronics reports that its insurance will cover most of the costs associated with Monday's theft of truckloads of merchandise from its factory in Campinas, Brazil.
Bloomberg

New Background Check Survey Reveals Security Issues in the Screening Process

The 2014 HireRight Employment Screening Benchmark Report has found that 72 percent of security and HR professionals had found concerns related to applicants or employees using thorough background checks.
Security InfoWatch

Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions"

Cybercriminals have infiltrated Brazil's Boleto Bancário online payment system to steal potentially billions of dollars, according to RSA. Nearly 200,000 computers in Brazil have been infected in order get access to payment vouchers with an estimated value of $3.75 billion, RSA has determined
eWeek

Blackphone In The Wind: Officially Ships To Market

Blackphone is the first smartphone built with the user’s privacy as its core mandate.
Forbes

Cyberspying Campaign Comes With Sabotage Option

New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
InformationWeek

Cyberthreat Bill Backers Threatened

The hacktivist group Anonymous, in its latest posting, is threatening the "loved ones" of supporters of a Senate cyberthreat information sharing bill that critics contend weakens privacy protections.
GovInfoSecurity.com

NATO updates cyber defence policy as digital attacks become a standard part of conflict

Reflecting how all international conflicts now have some digital component, NATO has updated its cyber defence policy to make it clear that a cyber attack can be treated as the equivalent of an attack with conventional weapons.
ZDNet

Anti-Hacking Team Sees 'Red Threat' Unless Firms Share Data

In an 11-story office building in the Washington suburbs, hundreds of U.S. cybersecurity analysts work around the clock to foil hackers.
BloombergBusinessweek

School Security Plans Should Prepare Students to Expect the Unexpected

According to the National Center for Education Statistics, in 2011 the highest percentages of students most afraid of an attack or being harmed while at school were children between the ages of 12-18.
Security InfoWatch

Two Months Later, Heartbleed Patching Stalls Out With 300k Servers Still Vulnerable

Efforts to patch servers vulnerable to the Heartbleed bug have more or less ceased, according to Errata Security's Robert Graham. Graham had previously performed two scans of servers over 443 since Heartbleed was discovered in April. In
PC World

Hedge Fund Hackers Disrupting Trades for Profits, BAE Says

Hackers disrupted high-speed trading at a large unnamed hedge fund and rerouted data that might be used to make money in rogue stock-market transactions, said Paul Henninger, global product director for BAE Systems Applied Intelligence
Bloomberg

U.S. Ambassador Baucus Says China Cyber Theft is a Threat

The U.S. Ambassador to China, Max Baucus, said June 25 that the cyber theft of trade secrets by state actors in China has become a major threat to the U.S. economy and national security
Bloomberg

Card Fraud Impacts 1 in 4 Consumers Worldwide

One in four consumers worldwide have been the victim of card fraud in the last five years, according to a survey of consumers in 20 countries by ACI Worldwide and the Aite Group
Help Net Security

5.5 Billion Users of Mobile and Wearable Biometrics by 2019: Goode Intelligence

There will be 5.5 billion worldwide users of mobile and wearable biometric technology by 2019, according to a new Goode Intelligence report.
Biometric Update

Employers Have an Obligation to Address Workplace Violence

The Occupational Safety and Health Administration estimates that about two million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides.
Tallahassee Democrat

Montana Health Record Hackers Compromise 1.3 Million People

Officials say hackers gained access to a computer server tied to the Montana Department of Public Health and Human Services in early May, potentially exposing the data of patients, agency employees, and contractors.
Reuters

Gartner: Top Trends in IT Security Technology

Gartner analysts who spoke at the organization's recent Security and Risk Management Summit say there are several trends that will change the way IT security is practiced.
Network World

Do Consumers REALLY Care about Payments Privacy and Security?"

A May 2014 research study by idRADAR found that risk managers typically know consumers are concerned with security, but at the same time consumers are not active in adopting strong practices to safeguard their online privacy and security.
Portals and Rails

Hacker Tactic: Holding Data Hostage

Organizations are taking some novel approaches to addressing the threat from increasingly sophisticated cyberattackers who seek to steal their sensitive information.
New York Times

DHS Investigating Havex Trojan Which Targets Energy Companies

The Department of Homeland Security (DHS) on June 25 reported that it is currently investigating whether the Havex Trojan may have been used in earlier breaches in critical infrastructure
Wall Street Journal

PG&E Will Begin Metcalf Substation Security Upgrades This Year

The California electricity provider PG&E said June 18 that it plans to spend $100 million over the next three years on security improvements at an unspecified number of substations.
Contra Costa Times

Ukraine Suspects Terrorism in Pipeline Explosion

The explosion occurred only a day after the Russian energy company Gazprom announced that it would be cutting off natural gas supplies to Ukraine due to a dispute regarding pricing.
New York Times

Meet Bob, Britain's First Robotic Security Guard

Bob, the first robotic security guard in the United Kingdom, is helping G4S to help secure its headquarters in Gloucestershire. When the metal minder spots something out of place, he stores the information on his internal hard-drive and quickly reports it to his human counterparts.
Daily Mail

First Major Mobile Banking Security Threat Hits the U.S

Once the malware enters a mobile device, it looks for mobile banking apps from USAA, Citigroup, American Express, Wells Fargo, Bank of America, TD Bank, JPMorgan Chase, BB&T, and Regions Bank. It then locks the phone, displays a fake FBI penalty notification letter, and demands $200 in Green Dot MoneyPak cards to unlock it
http://www.americanbanker.com/issues/179_114/first-major-mobile-banking-security-threat-hits-the-us-1068100-1.html

Popular HTTPS Sites Still Vulnerable to OpenSSL Connection Hijacking

Malicious hackers could potentially exploit a new vulnerability in OpenSSL to decrypt and modify traffic to and from some of the most popular websites, according to experts.
IDG News Service

Security Barometer - What is the Driving the Disconnect with the C-Suite?

A recent survey conducted by the Risk and Insurance Management Society (RIMS) and Marsh LLC found the following top risks in 2014 as determined by the C-Suite respondents compared to risk professional respondents:
SEC

Security and Threat Information Exchange Platform Launched by Microsoft

To help make response time even quicker, reducing the amount of time it takes to respond to a threat, Microsoft launched Interflow, a security and threat information exchange platform that allows quick communication between cybersecurity professionals who respond to cyber threats, hoping to give security professionals an edge.
Security Today

Senate committee passes FISMA reform bill

Legislation aimed at modernizing the 12-year-old Federal Information Security Management Act (FISMA) has passed a vote by the Senate Homeland Security and Governmental Affairs Committee on June 25 and is headed to the Senate floor.
SC Magazine

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report

Increased Security Risks At Nnsa Sites, Says New GAO Audit Report Despite the implementation of security reforms at US nuclear weapons and research and development facilities from 2009 to 2012 that “generally varied among National Nuclear Security Administration (NNSA) sites … some of these efforts helped manage security costs and enhance productivity … but may also have increased security risks and reduced security performance at the Y-12 National Security Complex (Y-12) in Tennessee and other NNSA sites, depending on how the sites implemented the reforms,” a new government audit report said.
HSToday.US

Center for Disease Control and Prevention Workers May Have Been Exposed to Anthrax

The Centers for Disease Control and Prevention says some of its staff in Atlanta may have been accidentally exposed to dangerous anthrax bacteria because of a safety problem at one of its labs.
Continuity Insights

Undetected malware concerns two-thirds of small business owners, survey finds

The biggest security concern for small businesses is undetected malware, according to a survey – conducted by CSID and Research Now – of 505 owners of U.S. companies with one to 99 employees.
SC Magazine

Twitter Disables TweetDeck After Security Breach

Twitter said Wednesday it fixed a security vulnerability in its TweetDeck application and turned the service back on following a breach that affected users for a few hours.
Wall Street Joutnal

P.F. Chang's confirms breach in credit card data

P.F. Chang's China Bistro said there has been a breach involving data from customers' credit and debit cards used at its restaurants, confirming a report out earlier last week.
USA Today

600,000 customer details compromised at Domino’s

Today’s news that 600,000 customer records have been stolen from Domino’s France and Belgium yet again raises questions about just how seriously large corporations and big brands are taking data protection.
Help Net Security

Technology sites "riskier" than illegal sites in 2013, according to Symantec data

The “riskiest” pages to visit in 2013 were technology websites, according to data from users of Norton Web Safe, which monitors billions of traffic requests and millions of software downloads per day.
SC Magazine

Class-action filed against payroll company Paytime over massive data breach

A class-action complaint has been filed by Kraemer, Manes & Associates LLC and Carlson Lynch LTD against Paytime, a Pennsylvania-based payroll company that experienced a massive data breach in April.
SC Magazine

“Human error” contributes to nearly all cyber incidents, study finds

Even though organizations may have all of the bells and whistles needed in their data security arsenal, it's the human element that continues to fuel cyber incidents occurring, according to one recent study.
SC Magazine

More than 500 AT&T users victims of security breach

An undisclosed number of AT&T wireless customers has had their accounts broken into, exposing sensitive personal data including Social Security numbers and dates of birth, according to the company.
The Columbus Dispatch

Senate Panel to Examine 'Stalking Apps

Sen. Al Franken (D-Minn.) will hold a hearing next week on “stalking apps,” which can secretly track people through their smartphones.
The Hill

U.S. Treasury's Top Terrorism Cop: How Financial Tools Fight Foes

As the United States continues to reduce its formal military presence in the war on terror, the administration plans to rely more on financial tools to aid counterterrorism efforts, says Treasury Undersecretary for Terrorism and Financial Intelligence David Cohen.
Wall Street Journal

Study Reveals DHS Cyber Initiative Needs to Pick Up the Pace

A new study examining the progress of the Department of Homeland Security’s (DHS) Continuous Diagnostics Mitigation (DHS-CDM) program, which standardizes security monitoring across the federal government, indicated that while implementation of CDM has been impressive so far, federal security managers are anxious to pick up the pace.
Homeland Security Today

Cargo Theft: 2013 in Review

The Supply Chain and Information Sharing and Analysis Center (ISAC) has released its 2013 Cargo Theft report, which shows a drop in the total number of reported cargo thefts for the first time since 2005.
Security Today

ONVIF and SIA Announce Memorandum of Understanding on Access Control Standards

A Memorandum of Understanding has been signed by ONVIF and the Security Industry Association (SIA), under which the two will work cooperatively toward the development of Internet Protocol-based interoperability standards in access control.
Security Today

What are the Top Security Concerns of Senior IT Executives?

Two polls of the senior IT security executives who attended Courion's recent annual user conference found that cyberattacks carried out by insiders are common at some organizations, and executives are finding it difficult to reduce the threat of such attacks.
Help Net Security

NSF Dear Colleague Letter--Cybersecurity Education EAGERs

The U.S. National Science Foundation (NSF) Directorate for Education and Human Resources and Directorate for Computer and Information Science and Engineering have released a Dear Colleague Letter announcing interest in using Early Concept Grants for Exploratory Research (EAGERs) to foster collaboration between the cybersecurity research and computing education research communities.
CCC Blog

Make Your Case

Obtaining funding for security projects can be difficult, but if security managers learn how to present a strong and interesting business case, they can improve their chances of having their funding request approved.
Security Management

Security Guard Industry Lacks Standards, Training

A study by Michigan State University criminologists that was published in Security Journal has found that many states lack adequate training standards for security guards.
MSU Today

University Researchers Test Cyber-Defense for Nation's Power Grid

Researchers at North Carolina State University (NCSU) and the University of North Carolina, Chapel Hill have developed a prototype software-based system that would coordinate the activity of networked computers during a cyber attack.
CSO Online

Large Electric Utilities Earn High Security Scores

New data from BitSight Technologies shows that major electric utilities rank as among the most secure organizations.
Dark Reading

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study. More than 80 percent of websites that were examined had subpar password security standards, according to Dashlane's Password Security Roundup report.
CNBC

Rooting Out Fraud

On May 6, Florida-based Baptist Health System Inc. was the latest in a long line of organizations to resolve a federal lawsuit accusing it of violating the False Claims Act (FCA).
Risk & Insurance

Riskier business: Travelers index exposes worries, lack of planning

The business environment is becoming riskier, and companies don’t feel they are prepared to manage the risks they believe are the most serious.
Risk Network

Senate Panel Confronts Backlog of Chemical Facility Security Plans

At a recent Senate Committee on Homeland Security and Governmental Affairs hearing, the Department of Homeland Security (DHS) reported it has taken steps to speed the process of completing the reviews of the approximately 3,120 chemical facility security plans.
Homeland Security Today

Experts Fear Major Attack Only Way to Stir Corporate Action on Cyber Security

The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.The number of reports of cyber incidents the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team responded to nearly doubled last year from 2012, but critical infrastructure companies remain reluctant to spend the money needed to upgrade their aging equipment.
Insurance Journal

Study Says Amazon, Groupon Among Sites with Worst Password Security

Even after the Heartbleed bug, some of the most popular websites aren't taking password security seriously, according to a study.
CNBC

Why the Security Talent Gap is the Next Big Crisis

Security experts believe that the next national security crisis will be related to the growing security talent gap, which could potentially leave companies at risk of losing the battle against online criminals because they will not have the manpower to handle attacks.
Security

Cyber Crooks are Winning Tech War, and Silicon Valley is Losing

During the National Venture Capital Association's annual meeting on May 14, a panel of cybersecurity experts commented that tech companies in Silicon Valley are under frequent attack from foreign countries and groups looking to take advantage of potential vulnerabilities.
Wall Street Journal

Hackers Ramp Up Computer Attacks That Demand 'Ransom'

Hackers operating on the Internet's "Dark Web" are spreading a new, more sophisticated generation of the malicious software known as "ransomware," anonymously shaking down anyone with an unprotected computer, from lawyers and cops to small businesses.
USA Today

Cybersecurity Options Lag Behind Hackers' Abilities

A computer hacker once told a congressional committee that he could take out the entire Internet in a half-hour. That was back when the World Wide Web was in its infancy and Google didn't even exist yet.
Stars and Stripes

FBI PLANS CRACKDOWN ON CYBER CRIME, WITH ARRESTS IMMINENT

The Federal Bureau of Investigation will aggressively crack down on cyber crime over the next few weeks, with a bureau official advising the public to anticipate indictments, searches, and multiple arrests
Reuters

US RETAILERS SET UP CENTER FOR CYBER INTELLIGENCE SHARING

The US Retail Industry Leaders Association (RILA), along with several of America's most recognized retail brands, launched the Retail Cyber Intelligence Sharing Center (R-CISC).
Net Security

FBI SEEKS LICENSE TO HACK BOT-INFECTED PCS

A Department of Justice proposal would make it easier for FBI investigators to hack into remote devices that have had their location purposefully obscured or that are acting as part of a botnet.
Dark Reading

STUDY: DATA BREACHES MAKE HUGE IMPACT ON BRAND REPUTATION

Consumers rank data breaches and poor customer service high in their effects on brand perception.
Dark Reading

NEW NIST GUIDANCE: HOW TO BAKE SECURITY INTO CRITICAL SYSTEMS

The government's standards-making body on Tuesday announced guidelines for agency technologists and industry engineers on how to bake security into critical systems.
Nextgov

NIST SEEKS COMMENTS ON MAJOR REVISION TO INDUSTRIAL CONTROL SYSTEMS SECURITY GUIDE

The National Institute of Standards and Technology (NIST) has issued for public review and comment a proposed major update to its Guide to Industrial Control Systems (ICS) Security
NIST

States Lack Expertise, Staff to Deal With Cyberthreats to Utilities

Federal utility regulators and electric utility industry safety groups are increasingly aware of how vulnerable the national electric grids are to cyberattack, but the state commissions that regulate local utilities have responded to the growing risks slowly.
Homeland Security News Wire

What Chemical Facilities Need to do to Protect CVI

In order to protect Chemical-terrorism Vulnerability Information (CVI), the Department of Homeland Security (DHS) established rules for determining what qualifies as CVI, who has access to CVI, how it must be protected, stored, and transmitted.
Israel Foreign Affairs

UF a Showcase for Orlando Firm's Campus-Security App

Orlando, Fla., startup TapShield LLC has designed a mobile app that draws on cloud-based computing, GPS, and social media to connect users to campus security at colleges and universities.
Orlando Sentinel

Most Security Professionals Helpless to Stop Data Theft, Study Shows"

A recent study by the Ponemon Institute has found that 63 percent of IT security professionals have concerns about their ability to prevent data theft due to shortcomings in their current security systems.
Computer Weekly

Consumers Ditch Their Breached Retailers, Banks and Doctors

One-third of consumers stop shopping at retailers that have been breached, and 24 percent of consumers say they will leave banks or credit card companies that have been breached, according to a Javelin Strategy & Research survey.
Dark Reading

Meet the Fed's First Line of Defense Against Cyber Attacks

The U.S. Federal Reserve's first line of defense against cyberattacks is the National Incident Response Team (NIRT), which includes about 100 closely monitored employees who sift through the Fed's networks daily looking for indications of hacking.
Foreign Policy

The Internet of Things Likely to Drive an Upheaval for Security

The Internet of Things will catalyze a major paradigm change in IT security on a scale even larger than the shift to mobile, according to a new analysis by Gartner.
Computerworld

There's No Such Thing as a Good Data Breach

Limiting data breaches is complicated by myriad state and territorial laws with different breach notification requirements, incomplete notification disclosures, and suspicions that breaches are underreported or even not disclosed at all, writes the Atlanta Fed's David Lott.
Portals and Rails

Security Officers to Receive Firearms at Mo. Hospital

Derek Conz, the security team leader at Heartland Regional Medical Center in Missouri, says that 13 security guards will be authorized to carry and use a .9-millimeter pistol during patrol duty on the hospital's campus beginning May 1
St. Joseph News-Press

Keeping the Campus Healthy

Baptist Health Care Network is the largest, non-governmental employer in northwest Florida, with employees and physicians totaling more than 6,000.
Security Today

U.S. Officials Told Lawmakers Israel’s Industrial Espionage Efforts in U.S. 'Crossed Red Lines'

Officials from the Department of Homeland Security (DHS), the State Department, the FBI, and the National Counterintelligence Directorate said that Israel goes to far in its efforts to spy on the United States.
Homeland Security News Wire

Hackers Capture Dynamic Data to Prepare for Effective, Stealthy Attacks"

Cybersecurity experts are warning organizations about the threat from cyberattacks that use offensive forensics techniques to steal data stored in a computer's memory.
CSO Online

Hackers Stole Doctors’ Tax Refunds By Breaking In To Payroll Software

Last week, we shared the scary news that a ring of tax refund fraudsters appeared to have filed tax returns on behalf of hundreds of doctors and other health care professionals, harvesting their refunds.
Consumerist

Encryption in the cloud is scarcer than you think

Ponemon Institute report shows more encryption across cloud environments, but only a modest increase over the years.
InfoWorld

Cyber firms look to move the electrical grid

At a keynote speech in Washington last month, former CIA director Leon E. Panetta warned that cyberspace is the "battlefield of the future."
The Washington Post

Phishing Attacks on Telco Customers Grow

Phishing attacks targeting telecommunication companies' customers, which result in account takeovers, are on the rise, according to the Federal Bureau of Investigation and the Internet Crime Complaint Center.
Bank info Security

Phishing Attacks on Telecommunication Customers Resulting in Account Takeovers Continue

The schemes involve using automated telephone calls, or vishing, and SMS texts, or smishing, to lure customers to phishing sites that replicate telecommunication companies' sites, requesting the victims' log-in credentials and the last four digits of their Social Security numbers.
FBI

The Marketing of Heartbleed

Engineers at the security company discovered on April 4 the flaw in the cryptographic protocol OpenSSL and christened it the Heartbleed bug (see: Heartbeat Bug: What You Need to Know).
Bank info Security

2014 Data Breach Investigations Report

Read an excerpt from the 2014 Data Breach Investigations Report.
Verizon

Cybersecurity: Top Priorities in 2014

Cybersecurity frameworks, supply chain risks and malicious insiders - these are among 2014's hot topics, according to Alan Brill, senior managing director at Kroll Advisory Solutions.
Bank info Security

NCCIC: Combating the Insider Threat

From the National Cybersecurity and Communications Integration Center (NCCIC): Threats, to include sabotage, theft, espionage, fraud, and competitive advantage continue to materialize from those considered to be insiders of an organization.
US Department of Homeland Security

Innovative U.S. cybersecurity initiative to address cyberthreats

Cyberattacks on computer networks around the world reached 1.7 billion in 2013, up from 1.6 billion in 2012.
Homeland Security News Wire

GOOGLE EMBEDS CAMERA IN SMART CONTACT LENS

Earlier this year, Wired.co.uk wrote about Google's invention of a smart contact lens that could monitor blood glucose levels through tear fluid. Now, the tech giant has invented another pair of lenses with an in-built camera.
wired.com.uk

Top Information Security Threats in the Near Future

Each year, the Internet Security Forum, a nonprofit association that researches and analyzes security and risk management issues, releases its 'Threat Horizon' report to provide members with a forward-looking view of the biggest security threats over a two-year horizon. Here are the top 10 threats through 2016.
CIO

Proposal to Prevent Grid Attack Lacks Power, Critics Say

Critics say that the North American Electric Reliability Corp.'s proposed rules for protecting the power grid are not strong enough, partly because they do not include specific suggestions made by federal regulators following the 2013 attack on a substation near San Jose, Calif.
Wall Street Journal

From Shoplifting to Cyber Security, Businesses Advised to Check the Locks

While more than $35 million of goods are stolen from U.S. retailers every day — costing businesses more than $13 billion a year — external theft is just one of a host of security threats businesses face
South Coast Today

Big Bucks Going to Universities to Solve Pressing Cybersecurity Issues

The U.S. Federal Emergency Management Agency announced a three-year, $800,000 grant to several universities to research ways to prepare for, detect, and respond to cyberattacks.
Network World

Americans Report a Big Jump in Personal Data Theft

Eighteen percent of U.S. adults with Internet access say their personal information was stolen in a data breach, according to a Pew Research Center survey, up from 11 percent in July.
Washington Post

Chase Ramps Up Security: Is It Enough?

The nation's largest financial institution, JPMorgan Chase, is taking an appropriate leadership role by describing how it's ramping up its security efforts, say analysts, who assess the bank's plans for three cybersecurity centers.
Bank info Security

Heartbleed Bug: The Latest Alerts

Mobile applications can be as vulnerable to the Heartbleed bug as websites, warns security vendor Trend Micro.
Bank info Security

National Retail Federation to Establish Cybersecurity Program

The National Retail Federation (NRF), the world’s largest retail trade association, has announced plans to create a retail and merchant industry information sharing and analysis center that will help companies deal with cyber threats.
Softpedia

All the passwords you should change because of Heartbleed, in one handy graphic

The Heartbleed security flaw was fixed in the newest version of OpenSSL, but you should still change your passwords on all of the sites affected by the bug.
VB News

These Sites Tell Which of Your Accounts Have Been Hacked

Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business.
Forbes

KKR CIO Surveys Cyber Risk Among Private Equity Holdings

BitSight, a company that collects large quantities of data every day from sensors located in public servers and from partners, recently conducted a cyber vulnerability survey for KKR that examined the levels of cyber risk for 75 of the private equity firm's portfolio companies.
Wall Street Journal

Survey: Small Retailers Feeling Insecure

A new survey commissioned by ADT has found that only a third of small- and medium-sized retailers have complete confidence in their current security systems.
Security Director News

2 Regulators Issue Guidelines on Sharing Cybersecurity Information

Sharing data between companies about cybersecurity threats will not cause antitrust concerns, according to guidelines issued by the Federal Trade Commission and Justice Department on Thursday.
New York Times

Federal Energy Regulator to Take Steps to Protect Grid

Federal Energy Regulatory Commission (FERC) acting Chairwoman Cheryl LaFleur told lawmakers Thursday that her agency will perform a full review of the chain of custody of all documents following the release of sensitive information about the impact of a physical attack on the nation's electric power grid.
Wall Street Journal

56 Percent of Employees Still Receive no Security Awareness Training

A new EMA survey of employees in government, public and private companies, and nonprofits conducted found a majority still receive no security awareness training whatsoever.
Help New Security

Advanced Attackers Go Undetected for 229 Days

Organizations are generally discovering cybersecurity breaches earlier, and they are increasingly having to turn to outside help to do so, according to a new FireEye report.
Help Net Security

Trove of Software Flaws Used by U.S. Spies at Risk

Trove of Software Flaws Used by U.S. Spies at Risk
BloombergBusinessweek

Cybersecurity Is a Puzzle—Where Does Your Piece Fit?

Cindy Fornelli, the executive director of the Center for Audit Quality, writes that deepening collaboration and ensuring effective communications among key players is the key to effectively fighting cybercriminals.
Pulse

Aviation Industry and Government to Share Cyber Threats in New Intelligence Center

The U.S. government and the aviation industry on April 15 launched the Air Domain Intelligence Integration Center and an analysis center, which will be used by government and industry officials to share information on cyber threats.
Wall Street Journal

113 People Detained and 70 Arrested in Action Day Tackling Airline Fraud

On 8 and 9 April 2014 law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces with the airline, travel and credit card industries in the largest ever attack upon online fraud and illegal immigration.
Europol

Sharing cyber threat details not antitrust violation, U.S. says

The U.S. government on Thursday urged companies to share information with each other about cyber threats and issued guidance making clear that doing so would not violate antitrust laws.
Reuters

Power Companies Struggle to Maintain Defenses Against Cyber-Attacks

When experts rank U.S. industries' abilities to ward off potentially damaging cyberattacks, the electric utilities are normally near the bottom.
insurancenewsnet.com

PrecisionHawk's drones collect data on crops from hundreds of feet above.

These companies are mining the world’s data by selling street lights and farm drones.
Quartz

DHS Turns to Mentors to Strengthen Cyber Workforce

The U.S. Department of Homeland Security (DHS) has adopted a rotation and mentorship strategy to find and develop qualified cybersecurity professionals.
Federal News Radio

With Rare Support, Chemical Security Legislation Advances in House

A bill that provides long-term authorization for the Department of Homeland Security's chemical-facility antiterrorism security (CFATS) standards was approved by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies on Thursday.
National Journal (DC)

Experian Faces Connecticut, Illinois Probes of Data Breach

Representatives for Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan have confirmed that they are investigating Experian following a breach of a company database by Hieu Minh Ngo, a Vietnamese man who has pleaded guilty to selling credit-card data, Social Security numbers and other personal information to fraudsters that had been taken from the Experian database.
Wall Street Journal

Pentagon to Triple Cyber Staff to Thwart Attacks

U.S. Defense Secretary Chuck Hagel recently made his first major speech on cyber policy, which focused on significantly growing the ranks of the Pentagon's cyberwarfare unit in an effort to defend against foreign attacks on important U.S. networks.
Associated Press

Cost of Advanced Evasion Techniques in Recent Data Breaches

There is a great deal of misunderstanding, underestimation, and ignorance of advanced evasion techniques (AETs) among CIOs and security managers, according to a new McAfee report.
Help Net Security

Internet of Things: Mitigating the Risk

Tony Sager, chief technologist of the Council on Cybersecurity and former COO of the U.S. National Security Agency's information assurance directorate, has turned his attention to mitigating the cybersecurity threats facing Internet-connected embedded devices, the Internet of Things.
GovInfoSecurity.com

Law Firms are Pressed on Security for Data

Large corporations and banks are increasingly pressing the law firms they work with to demonstrate that their computer systems are using the best technologies to identify and mitigate online intrusions and to take extra steps to ensure that their systems are well protected.
New York Times

NIST, DHS Push for More Engagement Around Cyber Framework

The White House's cybersecurity framework to safeguard the nation's critical infrastructure was implemented six weeks ago, and federal officials say they are seeing progress but need Congress to address liability protection for companies.
Federal News Radio

Security Firm Trustwave Says Target Data Breach Claims Baseless

Credit-card security firm Trustwave Holdings, which has been sued along with Target over a sweeping data breach, says it did not process cardholder data for the retailer or handle Target's data security as a lawsuit alleges.
Reuters

Credit Card Issuers Seek Out New Ways to Increase Data Security

Reports of major data breaches continue to rise even though major retailers are required to comply with cybersecurity guidelines set by the credit card industry.
US Finance

Navy-Base Shooting Raises Concerns Over Port-Security Program

Sen. Mark Warner (D-Va.) sent a letter to Homeland Security Secretary Jeh Johnson and Navy Secretary Ray Mabus on March 28 to express his concerns about the effectiveness of the Transportation Worker Identification Credential (TWIC) program in the aftermath of a shooting at a Norfolk, Va., naval base last week.
Wall Street Journal

Could Our Food Supply be a Target for Terrorists?

The Food and Drug Administration has proposed new rules that would require domestic and foreign companies that process and manufacture food and ship it to the U.S. to take steps to mitigate the risk of potential terrorist attacks against their facilities.
NPR Online

Cargo-Theft Recovery Program Launched in Canada

On March 18, the Insurance Bureau of Canada (IBC) and the Canadian Trucking Alliance (CTA) introduced a new phase of the Cargo Reporting Program, which was designed to help combat the country's growing $5 billion cargo theft problem.
Security Director News

Defense Firms Find Work Battling Corporate Hackers

Defense contractors that have traditionally served the federal government are now hoping to help corporate clients defend against cyberattacks through software or consulting services.
Wall Street Journal

Banks' Suit in Target Breach a 'Wake Up Call' For Companies Hiring PCI Auditors

Trustmark National Bank and Green Bank filed a lawsuit in federal court against Target and Trustwave Holdings on Monday in response to the massive data breach the retailer suffered last year.
CSO Online

Visa's Chief Risk Officer on the Future of Credit Card Fraud

Visa Chief Risk Officer Ellen Richey acknowledges it will take several years for the U.S. to achieve widespread use of credit cards with embedded chips.
MarketWatch

US Not Waging Industrial Espionage

Senior U.S. intelligence officials speaking on condition of anonymity say that the U.S. is not spying on foreign companies in order to give American firms a competitive advantage, despite claims by Edward Snowden to the contrary.
Sky News

Target, Visa Say Fraud Limited in Wake of Data Breach

Target has seen relatively little fraudulent activity on its payment cards since the massive data breach last year, said chief financial officer John Mulligan, speaking at a Senate Commerce Committee hearing on Wednesday.
Wall Street Journal

Half of IT Execs Don't Tell Boards Truth About Breaches

According to a survey of 1,083 IT and IT security workers conducted by Ponemon Institute in January, half of CIOs and CISOs do not tell executives at their companies the truth about cybersecurity breaches.
Wall Street Journal

Changes Proposed to US CFATS Facility Security Rules

According to Pharmaceutical Research and Manufacturers of America (PhRMA), it is too early to predict the impact that changes to the Chemical Facility Anti-Terrorism Standards (CFATS) proposed by Rep. Patrick Meehan (R-Pa.) will have on the pharmaceutical industry.
in-Pharma Technloogist

Why Identity is the New Firewall

Identity management is becoming the new firewall that keeps out those who are not allowed to gain access to an area within a building, facility, or campus.
Security Magazine

U.S. Utilities Tighten Security After 2013 Attack

Two electric utilities have announced that they are taking steps to improve the security of their facilities following increased concerns about the possibility of terrorist attacks on the nation's power grid.
Wall Street Journal

Big Data Analytics: The Enterprise's Next Great Security Weapon

The use of big data analytics by companies to better protect data and secure networks will more than triple in the next two years, according to a new Gartner report.
ZDNet

Can Threat Modeling Keep Security a Step Ahead of the Risks?

Cybersecurity experts say it is important for organizations to perform threat modeling on a regular basis in order to stay ahead of potential threats.
CSO Online

Study Shows Those Responsible for Security Face Mounting Pressures

IT security professionals are increasingly feeling stress in their jobs, according to a new Trustwave survey of 833 security decision makers in the U.S. and several other countries.
CSO Online

Microsoft Takes to the Front Lines in the War on Cybercrime

Stepping up to fight the cyber war, Microsoft unveiled a new state of the art Cybercrime Center specifically designed to battle botnets, malware and other various forms of internet crime.
Entrepreneur

Assault on California Power Station Raises Alarm on Potential for Terrorism

Former Federal Energy Regulatory Commission (FERC) Chairman Jon Wellinghoff and others are warning that a little-known attack on an electric substation in Santa Clara County, Calif., last year could be a herald for larger attacks aimed at causing widespread power outages.
Wall Street Journal

Point of Sale System Attack Campaign Hits More Than 40 Retailers

The ChewBacca Trojan has infected more than 40 merchants and stolen payment card and personal information from approximately 50,000 customers by targeting point of sale systems (POS), according to RSA FirstWatch.
Dark Reading

Data Security Is Not Their Responsibility, Say 23 Percent of Employees

A new survey of employees by Absolute Software finds that nearly a quarter believe that data security is not their responsibility.
Computer Weekly

Security Professionals Identify IT Risks Associatied With Cloud Computing

ESG recently surveyed 211 enterprise security professionals about what they saw as the biggest security risks associated with using cloud infrastructure services.
Network World

Target Traces Security Breach to Stolen Vendor Credentials

Target spokeswoman Molly Snyder confirmed that the company's ongoing investigation into the recent data security breach has revealed that hackers were able to gain access to Target's systems by using a vendor's credentials which they had stolen.
ZDNet

The Economics of a National Cyber Immune System

At the recent Cyber Innovation Forum in Baltimore, White House cyber czar Michael Daniel spoke about the need to strengthen the federal government's "cyber immune system."
Federal Computer Week

Stumbling Blocks That Faceplant Security Analytics Programs

here are a number of obstacles that often prevent enterprises from effectively integrating security analytics into their IT security infrastructure. First among these is siloed organizational units that impede the effective gathering and sharing of data.
Dark Reading

SURVEY: WORKPLACE MISCONDUCT AT HISTORIC LOW

Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.
ERC Ethics Resource Center

Preparing Utilities to Respond to Cyberattacks

Sharon Chand, a director with Deloitte & Touche's Security & Privacy, notes that the decades of experience utilities have in preparing for natural disasters can be used to help guide their responses to cyberattacks.
Wall Street Journal

Three Ways to Better Secure Your Data in 2014: It’s Time for Two-Factor Authentication"

According to technology consultant Geoffrey Fowler from the Wall Street Journal, every business' priority should be security in 2014. In light of recent security breaches by Skype and SnapChat, Fowler says businesses must be vigilant about upholding security.
Wall Street Journal

Hacker Threats Rise, With Defenders Lacking: Report

The Cisco Annual Security report, which was released on Thursday, showed that the technology and techniques used by hackers and other online criminals has outpaced security professionals ability to defend against such threats.
Agence France-Presse

Is Rapid Detection the New Prevention?

Many IT security experts say the time when a strong perimeter defense could be counted on to defend a network is over, and that what is needed is a greater focus on technologies that detect network breaches and cut them off before they can do any serious damage.
Network World

Senior Managers Are the Worst Information Security Offenders

Senior managers pose a major security risk for companies, according to a Stroz Friedberg nationwide survey of 764 information workers
Help Net Security

Algorithms are Changing the Face of Situational Awareness and Online Security

The adoption of algorithms is changing the face of both situational awareness and online security, as algorithms only take a few seconds to perform technical tasks, which allows humans to concentrate on more complex problems.
Security InfoWatch

"Top Six Data Breach Trends for 2014

The theft of debit and credit card information from Target in November and December was just one of many data breaches that took place in 2013.
Security InfoWatch

Game Theory Helps Corporate Risk Managers Analyze Terrorism Risks

Corporate risk managers have found that game theory can improve terrorism risk analysis by helping them prepare for unexpected situations.
Homeland Security News Wire

US Employee Prescription Drug Use Booms as Workers Evade Positive Marijuana and Cocaine Tests

A new study by Quest Diagnostics has found that U.S. workers are becoming more knowledgeable about how to game pre-employment drug screening.
International Business Times

Cybersecurity Training a Top Priority for Industry, Government

Cybersecurity professionals are expected to be in high demand through 2020 and beyond, and private- and public-sector organizations are launching outreach programs to train workers.
eWeek

Spear Phishing Poses Threat to Industrial Control Systems

Security experts say that energy companies that use supervisory control and data acquisition (SCADA) systems need to ensure that their anti-phishing programs are strong, as a successful phishing attack could be as devastating as the Stuxnet attack.
CSO Magazine

7 Simple Ways You Can Protect Your Ideas From Theft

There are a number of ways that businesses and individuals seeking investors, partners, or employees to support their ideas or discoveries can prevent those associates from marketing that innovation as their own.
Forbes

Executive Bad Habits, Including Porn, Endanger Corporate Security

A recent study conducted by Opinion Matters for ThreatTrack Security showed that company executives may pose one of the biggest security risks to organizations.
PC World

Schools Safe as Ever Despite Spate of Shootings, Scares

According to the departments of Justice and Education, school safety has improved and violence has fallen for students and teachers.
USA Today

Kelihos Botnet Thrives, Despite Takedowns

Kaspersky Lab's sinkholing of one version of the Kelihos botnet 19 months ago—together with CrowdStrike, the Honeynet Project, and Dell SecureWorks—along with other significant eradication efforts, have resulted in a sharp decline in related botnet activity, according to research the lab recently published.
Information Week

Security Is Top Concern in 2014 for State CIOs

Security is the top concern next year for state CIOs, according to NASCIO's State CIO Top Ten Policy and Technology Priorities for 2014 survey.
FierceCIO

Attack Ravages Power Grid. (Just a Test.)

Nearly 10,000 cybersecurity specialists, electrical engineers, FBI agents, and utility executives took part in the more than 48-hour long continental-scale war game known as GridEx II.
New York Times

Personal Devices Pose Biggest Threat to Corporate Security

Security software provider, Check Point, has found that 93 percent of US and UK companies use mobile devices to connect to corporate networks, while 67 percent allow employees to connect personal devices.
Financial Times

Employee Theft on the Rise, Survey Reveals

Jack L. Hayes International's Annual Retail Theft Survey shows that retail theft increased 5.5 percent in 2012, which was the second increase in as many years.
Digital Journal

Early Stage Startups Vulnerable to IP Theft

David DeWalt, the chairman and CEO of the cybersecurity firm FireEye Inc., has warned that there is a clear correlation between press releases detailing a startup's acquisition of venture capital funding and attacks by thieves seeking to steal the startup's intellectual property.
Wall Street Journal

The Many Faces of Financial Fraud

Improvements in payment protections and security practices are beginning to shift the liability for financial fraud onto the least-secure party involved in the transaction.
CSO Magazine

Ridge Warns Utility Officials on Threat of Attack

During the "Grid 20/20: Focus on Resilience" conference in Philadelphia on Tuesday, former Homeland Security Secretary Tom Ridge warned regional utility officials that they need to explore more ways to protect the nation's electric grid from attack.
Philadelphia Inquirer

PCI council publishes updated payment security standards

On Thursday, version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) became available for merchants, who'll have until January 1, 2014 before the requirements become effective.
SC Magazine

Bipartisan Cybersecurity Measure to be Introduced in Congress

Sen. Saxby Chambliss (R-Ga.) reported last week that he planned to introduce cybersecurity legislation to improve data sharing between the public and private sector.
Home Security News Wire

Chinese Army's Industrial Espionage Continued Even After Exposure

The Chinese military continues to support widespread corporate espionage against U.S. companies, according to a report from the US-China Economic and Security Commission, a congressional advisory panel
International Business Times

Mobile Phone Use a Significant Security Risk for Companies

New research from the U.K.'s University of Glasgow finds that the improper use of corporate mobile devices by employees is exposing companies to potentially serious security and legal risks.
Home Security News Wire

NSA Chief Likely to Be Stripped of Cyber War Powers

Senior military officials are strongly considering removing the National Security Agency director's authority over U.S. Cyber Command.
The Hill

Security Check Now Starts Long Before You Fly"

Airline passenger screening is being expanded by the Transportation Security Administration, as a search of several government and private databases will now be conducted prior to passengers' arrival at the airport.
New York Times

4 Ways Metrics Can Improve Security Awareness Programs

It is important to use the right metrics in the right way to properly evaluate and make the case for security awareness programs.
CSO Online

Despite Drop in Fraud, Businesses Told to Remain Vigilant

The percentage of companies reporting instances of fraud has fallen from 75 percent to 61 percent, according to the latest version of Kroll's annual Global Fraud Report
CSO Online

Millions of Employees Victims of Workplace Violence

The federal Occupational Safety and Health Administration (OSHA) has begun paying closer attention to violence between workers and to violence directed at employees by customers, clients or other outsiders, said Thomas Fuller, an assistant professor at Illinois State University who teaches a course on workplace violence
Pantagraph

Cybersecurity Talent Pipeline Not Being Fed by High Schools, Survey Finds

Less than a quarter of the 1,000 adults between the ages of 18 and 26 who took part in the recent Raytheon Millennial Cybersecurity Survey expressed an interest in a career in cybersecurity.
Homeland Security Today

Report indicates insider threats leading cause of data breaches in last 12 months

The National Insider Threat Policy aims to strengthen the protection and safeguarding of classified information by: establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch.
CSO Online

What litigation tells us about the dangers of IP theft

While many companies are now stepping up security measures to better identify and protect their IP, still too many companies and employees fail to grasp the seriousness of protecting IP (and the repercussions that often flow from failing to do so).
Network World

How Awareness and Communication Improve Workforce Protection: Building workforce protection on awareness, communication

Violence in the workplace is a greater issue in the United States than elsewhere in the world, says Paul N. Whelan, a senior manager at global staffing provider Kelly Services who is focused on preventing workplace violence.
Security Magazine

Security Perspectives Surveyed

National security is no longer solely about defending the borders; it now includes making society resilient in the face of a wide range of threats.
Security Management

The Mars-and-Mercury Problem of Cybersecurity

Half of all federal cybersecurity breaches are caused by personnel who fail to comply with security measures in place at their agencies, according to a new Meritalk study.
FCW

A Real-World Approach to Risk-Based Security Planning

Investing in security technology is no guarantee of protection against cyber threats, according to a new global study by the Ponemon Institute, which found that despite serious business investment in modern security solutions, malware incidents increased 58 percent between 2011 and 2012.
CSO Online

Are We Too Busy for Metrics?

Tripwire and Ponemon Institute have some surprising findings in their latest survey on the state of risk-based security management.
Security Technology Executive

New California Law Requires Employers to Make Security Accommodations for Domestic Violence Victims

California Gov. Jerry Brown signed a bill on Oct. 11 that will require employers to make security accommodations for employees who are victims of domestic violence, sexual assault, or stalking.
Security InfoWatch

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
The National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

Report Indicates Insider Threats Leading Cause of Data Breaches in Last 12 Months

Forrester Research recently released its Understand the State of Data Security and Privacy Report, which draws on a survey of small and medium businesses and other enterprises in the United States, Canada, Britain, France, and Germany.
CSO Online

Pilots Union Warns of Possible Terrorism 'Dry Runs'

An internal memo from the US Airlines Pilots Association indicates that there have been several recent cases throughout the airline industry of "dry runs" aimed at determining how airline personnel respond to in-flight threats.
USA Today

Google Now Taking Down Eight 'Pirate' Links Every Single Second

Google processed a record 5.3 million Digital Millennium Copyright Act (DMCA) notices to remove pirate links in the last week of September, and is now taking down nearly nine URLs per second, according to its transparency report.
Torrent Freak

The student loan bubble is starting to burst

JPMorgan Chase has sent a memorandum to colleges notifying them that the bank will stop making new student loans in October, according to Reuters.
Economic Policy Journal

What Litigation Tells Us About the Dangers of IP Theft

A recent study commissioned by Symantec found that half of all departing employees retain confidential corporate files after being terminated. In addition, more than half of employees feel it is acceptable to move corporate data to personal devices, email accounts, or cloud services without prior company approval.
Network World

IT Security Industry To Expand Tenfold

The IT security industry is already a $60 billion business that includes about 80 categories of products, but industry observers say it is expected to grow tenfold in the next ten years as the threats represented by hackers and government surveillance continue to diversify.
Forbes

Illinois Enacts Concealed Carry Employment Policies

The new concealed carry law in Illinois has employers worried about balancing the need to comply with the law and the need to ensure the safety and security of employees.
Lexology

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

ERM: Old Concept, New Ideas

Enterprise risk management (ERM) is still not close to being standard operating procedure in the majority of enterprises. A
CSO Online

Multinationals in Egypt Hunker Down to Keep Workers, Infrastructure Safe

The political violence in Egypt has prompted multinational companies to deploy their own emergency strategies to protect their employees, supply chains, and bottom lines, reports the Wall Street Journal.
Wall Street Journal

U.S. security industry a $350B market

A new study released this week by ASIS International and the Institute of Finance and Management found that the U.S. security industry is a $350 billion market, the majority of which consists of private sector spending ($282 billion) followed by federal government spending on homeland security ($69 billion).
securityinfowatch.com

FBI Taps Hacker Tactics to Spy on Suspects

The FBI has started using hacking tools to track terrorism and other suspects using new communications technology. Unlike phones, these communication methods cannot be accessed via conventional wiretaps, so FBI agents have had to innovate to keep up.
Wall Street Journal

The Future of BioWatch

The Department of Homeland Security (DHS) is currently conducting an analysis of alternatives to determine how to best proceed with the next stage of BioWatch, its system for detecting biological terrorist threats.
Homeland Security Today

Threat Intelligence Needed Quickly or Not at All, Ponemon Study Finds

Companies can mitigate their losses by 40 percent if they use information on current threats, but the value of that information diminishes quickly, according to a recent survey of security professionals by the Ponemon Institute.
eweek

Attackers Turning to Legit Cloud Services Firms to Plant Malware

Malware writers are escalating their use of commercial file-hosting sites and cloud services to distribute malware programs, according to security researchers.
Computerworld

How CISOs Help Lower Breach Costs

The cost per record exposed in a data breach is lower for organizations with a chief information security officer, according to the 2013 Cost of Data Breach Study by the Ponemon Institute and Symantec.
GovInfoSecurity.com

'Ban the Box' Laws Make Criminal Pasts Off-Limits

City officials in Richmond, Calif., recently passed an ordinance banning city contractors from inquiring about the criminal histories of job applicants.
Wall Street Journal

Report: Comcast to Send Real-Time Notifications of Copyright Infringement

Comcast is currently testing a new strategy for cracking down on copyright infringement that will detect whether or not a customer is trying to download a movie from a site like BitTorrent.
TechHive

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.
abaNOW.org

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.
GovInfoSecurity.com

Hackers Pose as Department of Homeland Security in Ransomware Web Scam"

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users.
V3.co.uk http://www.v3.co.uk/v3-uk/news/2286201/hackers-pose-as-department-of-homeland-security-in-ransomware-web-scam

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.
abaNOW.org

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.
GovInfoSecurity.com

Hackers Pose as Department of Homeland Security in Ransomware Web Scam

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users
V3.co.uk

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News http://gcn.com/articles/2013/07/26/stanford-network-security-breach-university-attacks-soar.aspx

GOP lawmakers boycott DHS nominee hearing

Senate Republicans boycotted a hearing last Thursday to consider President Obama’s nominee for deputy DHS secretary.
Homeland Security Newswire

Senate panel to vote this week on cybersecurity bill

The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess.
Homeland Security Newswire

North Carolina’s biothreat warning system receives funding

The North Carolina Bio-Preparedness Collaborative (NCB-Prepared), a project to develop an early warning system to detect biothreats, has received $3 million in funding.
Homeland Security Newswire

The arithmetic of gun control and gun violence

The most comprehensive statistical study of gun violence in the United States – examining data going back to the First World War – finds that, in more common domestic and one-on-one crimes, reduced legal gun availability, if properly enforced, is likelier to lower deaths.
Homeland Security Newswire

Research priorities for understanding public health aspects of gun-related violence

A new report from the Institute of Medicine (IOM) and National Research Council (NRC) proposes priorities for a research agenda to improve understanding of the public health aspects of gun-related violence.
Homeland Security Newswire

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 design data is helping U.S. adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers.
Network World

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks.
Harvard Business Review

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plots

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
The Washington Post

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
The Washington Post

What Story Would You Tell?

A security manager is typically given a budget target, but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs, George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive.
Security Technology Executive

Plans to Centralize Cybersecurity With DHS Seen as Step Forward

The Department of Homeland Security (DHS) has proposed the creation of a $6 billion shopping network that would allow government agencies to protect unclassified networks from cyberattacks.
CSO Online

How CIOs Should Talk to the Board About Security

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) must discuss cybersecurity issues with company boards to ensure their organization is prepared to deal with potential cyberattacks.
Deloitte

Firms Fortify Fraud Defenses

Internal controls for preventing fraud and other risks at companies have, until now, been based on a 20-year-old framework that did not consider the risks posed by cloud computing, mobile technology, outsourcing, and shifts in corporate governance.
Wall Street Journal CFO Journal Blog

Universities Face a Rising Barrage of Cyberattacks

American research universities are looking to improve cybersecurity in the face of a rising tide of hacking attempts against their networks.
New York Times

NC Companies' Secrets at Risk, Cyber Terrorism Experts Say

Cyber terrorism experts say that companies in North Carolina remain vulnerable to attacks from hackers looking to uncover trade secrets.
WRAL.com

Annual U.S. Cybercrime Costs Estimated at $100 Billion

The cost of cyberespionage and cybercrime to the United States is as much as $100 billion per year, according to a recent Center for Strategic and International Studies (CSIS) and McAfee study.
Wall Street Journal

Why Help Desk Employees Are a Social Engineer's Favorite Target

A new report from the SANS Institute and RSA finds that help desk workers are some of the softest targets for social engineering attacks.
CSO Online

One Big Threat to Cybersecurity: IT Geeks Can't Talk to Management

The communications disconnect between IT staff and senior management on security issues is often the result of the inability or unwillingness of IT staff to communicate technical matters in a way that executives can understand, according to a new report from the Ponemon Institute and Tripwire.
Quartz

Is Anyone Really Responsible for Your Company's Data Security?

While protecting a company's trade secrets, confidential business plans, and other critical information is vital to the bottom line, very often there is no one within the company who is responsible for information security.
Harvard Business Review

Viewing Cyber Security as a 'Whole Business' Issue

Only 40 percent of Canadian executives are concerned about cyber security threats despite many recent high-profile attacks, according to the latest annual C-Suite survey from Gandalf Group and sponsored by KPMG.
Toronto Globe & Mail

Senior Management Officials Do Not Understand Security Metrics As It Is Too Technical

Tripwire and the Ponemon Institute surveyed more than 1,300 IT professionals and found that nearly half -- 49 percent -- were unsure that their organizations' metrics could convey security risk management efforts to senior executives.
SC Magazine

Banks Gird for Battle Against Cyberattackers

JPMorgan, Bank of America, and Citigroup are among the banks that are taking part in a simulated cyberattack on Thursday.
Associated Press

U.S., Firms Draw a Bead on Chinese Cyberspies

In an effort to curb cybersecurity and hacking, the U.S. government earlier in the year gave U.S. Internet service providers addresses associated with a hacking group with suspected ties to the Chinese military.
Wall Street Journal

Make Way for State and Local Cyber-Ranges

The U.S. government has wanted a nationwide network of unclassified cyberexercise facilities for years, and now that idea is coming to state and local governments.
Government Technology

Experts: Obama's Plan to Predict Future Leakers Unproven, Unlikely to Work

The Insider Threat Program, which the Obama administration launched in October 2011 to identify government employees or contractors likely to leak sensitive information, has come under harsh criticism in light of the recent National Security Agency (NSA) leaks by contractor Edward Snowden.
McClatchy Washington Bureau

20 Critical Controls Do Improve Cybersecurity, But Are You Using Them?

A new survey of security professionals by the SANS Institute shows that acceptance and implementation of the 20 Critical Security Controls developed by SANS and other institutions is maturing slowly.
Government Computer News

Darkleech' Malware Undertakes Ransomware Campaign

Eset security researchers are warning of a new malware campaign called Darkleech that utilizes compromised Apache servers to lock users' computers and tries to extort money from the victims to release their machines.
IDG News Service

U.K. Lawmakers Sound Alarm on Cyberattacks

The United Kingdom parliament's intelligence and security committee on Wednesday released a report warning that the cyberattack threat "is at its highest level ever" and likely to rise.
Wall Street Journal

Exploiting Prepaid and Alternative Currencies

Sources say a new type of mobile card reader has been developed for use by U.S. Immigration and Customs Enforcement agents that could recognize the value on prepaid cards and allow law enforcement to get a court order to temporarily freeze and hold the funds if criminal activity is suspected.
Prepaid Press

U.S. research universities subject to sustained cyberattack campaign by China

Leading U.S. research universities report that they have been subject to millions of Chinese hacking attempts weekly. The Chinese are aware that universities, and the professors who do research under the schools’ auspices, receive thousands of patents each year in areas such as prescription drugs, computer chips, fuel cells, aircraft, medical devices, food production, and more.
Homeland Security Newswire

Dealing with man-made earthquakes

Between 1967 and 2000, central and eastern United States experienced on average 20 earthquakes above a magnitude 3.0 a year. Between 2010 and 2012, the number of earthquakes above a magnitude 3.0 in these regions has dramatically increased to an average of 100 a year
Homeland Security Newswire

ebay Director Hired to Solve £30Bn Retail Problem

ebay Director John Mearls has been elected vice chair of the Online and Mail Order Loss Prevention Forum to help tackle a £30billion U.K. cybercrime problem.
Retail Gazette

The Price of Surveillance: Gov't Pays to Snoop

Some telecommunications and Internet companies are taking advantage of a provision in federal law that allows them to charge law enforcement and intelligence agencies to complete some surveillance requests.
Associated Press

Can Agencies Team Up in Responding to Cyber Attacks

The U.S. National Institute of Standards and Technology is seeking input for planned guidance on interagency cooperation and response during cybersecurity incidents.
Government Computer News

DHS Report: Energy Sector Now a Bigger Target for Cyber Attackers

A report issued by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that there has been a significant increase in the number of cyberattacks in the energy sector over the past year
Wall Street Journal

For NSA, Hackers Are Needed, Risky

Rapidly improving technology and growing pressure to outsource important government services have forced spy agencies such as the National Security Administration (NSA) to increasingly turn to "hackers" like Edward Snowden.
Wall Street Journal

Banks to Heighten Mobile Wallet Security by Walling Off Data

Citigroup, U.S. Bancorp, and other members of the Clearing House industry trade group are collaboratively developing technology designed to boost the security of mobile wallets by walling off customer account data from merchants and other third parties.
American Banker

What's Wrong With Cybersecurity Training?

While federal agencies have been increasing their efforts in training, education, recruiting, and hiring, the government still faces a shortage of skilled cyberprofessionals
Federal Computer Week

Cybercriminals Expand DDOS Extortion Demands

Extortion by threatening to launch a distributed denial-of-service against a target site if one of an increasing number of schemes being used by criminals as DDoS tools become increasingly powerful, accessible, and cheap.
InformationWeek

A Sign of Cyber Threats to Come

Chief information officers of American companies have been warned against the dangers of widespread cyberattacks on their systems as well as the need to prepare defenses against such attacks, following cyberattacks against six South Korean banks and media companies in March that shut down operations and destroyed data on nearly 48,000 computers.
Wall Street Journal

U.S. Looks to Blunt Corporate Espionage by Chinese Firms

Benjamin Bai, a partner at Allen & Overy in Shanghai, commented that a recent law strengthening the U.S. Economic Espionage Act is likely to encourage U.S. companies to file criminal charges against Chinese companies that steal their intellectual property.
Wall Street Journal

Packaging Design Aims to Reduce Theft of Infant Formula

Tyco Integrated Security and Perrigo Nutritionals have jointly developed a theft-resistant infant formula container in an effort to combat increasing retail theft of baby formula.
Security Director News

'Password Fatigue' Haunts Internet Masses

Millions of Internet users know that passwords are not safe when hackers can steal them en masse from banks, email services, retailers, or social media sites that fail to fully protect their servers.
Agence France-Presse

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012. Budgets exceeded $100,000 a year for some 44 percent of respondents, while 20 percent said that they had an annual budget of more than $500,000. These
Security Systems News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters/Yahoo News

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers. He says the first of these myths, all of which consist of misperceptions and exaggerations about the cybersecurity threats facing organizations and the technologies that are used to guard against those threats, is the belief among security professionals that their organization will never be targeted by malicious hackers.
Newwork World

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse"

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks. However, the human factor is critical for stopping hackers, considering a recent Trend Micro report reveals that 91 percent of all cyber attacks start with a targeted phishing email.
Harvard Business Review

Why Are We So Slow to Detect Data Breaches?

A recent McAfee survey of senior IT decision makers shows the disconnect between enterprises' perceived capacity to detect and remediate data breaches and the reality.
Dark Reading

What Story Would You Tell?

George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive that a security manager is typically given a budget target but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs.
Security Technology Executive

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
Washington Post

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plot

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
Washington Post

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Patients Put at Risk by Computer Viruses

The U.S. Food and Drug Administration (FDA) is cautioning medical device makers that computer viruses are threatening to infect their equipment and place patients at risk. The FDA for the first time advised manufacturers to submit security plans to thwart cyberattacks when seeking approval for their products, and also recommended that hospitals practice more vigilance in reporting cybersecurity failures.
Wall Street Journal

Ponemon and Symantec Find Most Data Breaches Caused by Human and System Errors

Human errors and system problems caused two-thirds of data breaches in 2012 and pushed the global average to $136¹ per record, according to the 2013 Cost of Data Breach Study: Global Analysis. Issues included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations. Heavily regulated fields including healthcare, finance and pharmaceutical incurred breach costs 70 percent higher than other industries.
Symantec

More Than 280,000 Complaints of Online Criminal Activity Reported in 2012

In 2012, the Internet Crime Complaint Center received and processed 289,874 complaints, averaging more than 24,000 complaints per month.
SIA

Americans Worry about Data Breaches but Disagree About Private Companies to Notify about Cyber Attacks

According to research by Unisys Corporation , a majority of Americans are concerned about data breaches involving large organizations, but are evenly mixed on whether legislation should require private businesses to share cyber attack information with the government.
SIA

Colonel Richard Kemp: U.K. Businesses Unprepared for Al-Qaida Terror Threat"

Al-Qaida terrorists will likely target British businesses that are unprepared for such an attack, according to Col. Richard Kemp, a former commander of British forces in Afghanistan.
IB Times

Hagel Says Chinese Cyberattacks a 'Growing

Defense Secretary Chuck Hagel warned attendees at the International Institute for Strategic Studies' annual conference on June 1 that there is a "growing threat" of cyberattacks against the United States.
Homeland Security News Wire

Americans Don't Fret Over Cybersecurity

The latest edition of the Unisys Security Index shows Americans' concern about cybersecurity issues at its lowest level since 2007. The index, based on surveys measuring the attitudes of more than 1,000 Americans toward cybersecurity, stands at 120 for the first half of 2013, in contrast to the index's all-time high of 164 in 2011.
GovInfoSecurity.com

Cyber Theft: A Hard War to Wage

The U.S. government is currently working to take diplomatic action against Chinese hackers suspected of stealing trade secrets from both public and private entities.
Financial Times

Cyber Security: The 'Immune System' of Enterprise IT

Deloitte & Touche principals Kelly Bissell and Kieran Norton say that current cyber threat solutions require a specific understanding of a threat before responding effectively to it.
Wall Street Journal

"Corporate Security's Weak Link: Click-Happy CEOs

An article in The Wall Street Journal warns that the biggest threat to the security of corporate networks could be the CEO
Wall Street Journal

ATM Theft Puts Indian IT in Unwelcome Spotlight

The recent theft of $45 million from ATMs around the world has renewed debate about the security implications of the banking industry's outsourcing of certain functions to Indian companies.
ATM Security

IP Theft Costs US $300 Billion Per Year: Report

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

IP Theft Costs US $300 Billion Per Year: Report"

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

"Few Utilities Complying With Voluntary Anti-Stuxnet Measures

According to a survey by Rep. Henry Waxman (D-Calif.) and Rep. Edward Markey (D-Mass.) to 150 businesses, most electric utilities are not compliant with rules meant to protect against the Stuxnet virus
The Hill

Former CIA Director Warns About Cyber Threats From North Korea

Former CIA Director R. James Woolsey testified before the House of Representatives Energy and Commerce Committee Hearing on May 21 on cyber threats and security solutions, saying that the country was at risk of being hit with a particular type of cyber attack by North Korea.
Wall Street Journal

California Launches Cybersecurity Task Force

The California Cybersecurity Task Force had its first closed-doors meeting on May 13, marking a first for state-led public-private collaborations on cybersecurity.
Government Technology

In Focus- Healthcare: The Cure for Security Inconsistency

The security team at the Cambridge, Mass.-based biotechnology company Genzyme has for a little over a decade worked to integrate the various aspects of its security system with different departments in the company, including human resources, finance, and IT. Security at the company was from the onset defined in a broader sense, tackling enterprise risk, supply chain risk, insurance, competitive technical information, IT security, physical security, and product security.
Security InfoWatch

Cybersecurity Strikeback Will Strike Out in the Private Sector

Network penetrations by hactivists, cybercriminals, and nation-states have become so commonplace that many have begun to consider striking back directly against the attackers.
NetWork World

Utilities Targeted by Hackers Raise Dire U.S. Warnings

Charles Edwards, the U.S. Department of Homeland Security's (DHS) top investigator and acting inspector general, said in testimony for the House Homeland Security Subcommittee on Cybersecurity that the number of cyberattacks on the computers that run the nation's critical infrastructure are increasing, with potentially lethal effects.
Bloomberg

Many State and Local Networks Unprepared for Cyberattacks

The networks and IT systems used by many state and local governments are not prepared for cyberattacks, according to a Consero survey
Government Computer News

Companies launch 'cyber war games' to prepare for hackers

Taking on make-believe hacking scenarios is helping firms better prepare for the real thing.
Star Tribune

Report: Chinese hackers resume attacks on U.S. targets

After a few months of silence, Chinese government-backed hackers are back on the hunt and going after U.S. targets, according to a New York Times report.
New York Times Report on CBS News

New 'Benefit-Denial Approach' to Retail Shrink

Best Buy and an undisclosed office-supply chain are working with MeadWesvaco and ProTeqt Technologies to promote a new consumer-friendly approach to combat theft along the entire supply chain.
Security Director News

Criminals Target the Data Merchants Hold

Nearly a quarter of 621 data breaches reported in 2012 targeted multichannel merchants and restaurants, according to a new report from Verizon Enterprise Solutions.
Internet Retailer

Researchers Find Hundreds of Insecure Building Control Systems

Cylance researchers warn that hundreds of Australian organizations are using out-of-date industrial control systems to control the lights, heating and cooling, access controls, and elevators.
Computer World

New Survey: Employee Theft No Longer An If - Now It Is How Much

New Kessler Survey finds that 95 percent of employees steal from employers, up from 79 percent in Kessler's 1999 study.
Kessler International

Military Grooms New Officers for War in Cyberspace

The U.S. Army, Navy, and Air Force academies have announced plans to expand cyber security training.
Wall Street Journal

"Texas Fertilizer Plant Had a History of Theft, Tampering"

Police investigating the explosion of a Texas fertilizer plant that killed 14 people say the facility had been repeatedly targeted by thieves tampering with the chemical tanks.
Milwaukee-Wisconsin Journal Sentinel

A Homemade Style of Terror: Jihadists Push New Tactics

The strong U.S. response to the Sept. 11 attacks has forced al-Qaida to shift its focus from carrying out spectacular attacks to smaller ones executed by lone wolf terrorists.
New York Times

U.S. Officials Seek Lessons in Bombing Catastrophe

The U.S. Department of Homeland Security (DHS) is using the Boston Marathon bombing as a catalyst for change, taking lessons learned from the attack and using them to increase community policing, in part by preparing religious and community leaders to spot warning signs of extremism.
Boston Globe

DHS Chemical Plant Security Program Hobbled by Problems, Poor Oversight

The U.S. Department of Homeland Security (DHS) inspector general released a report in March that brought to light poor planning and poor execution of the Chemical Facility Anti-Terrorism Standards (CFATS) program, which is responsible for the security of chemical facilities like the West Fertilizer Company plant in Texas.
Homeland Security News Wire

U.S. Used 'Distributed Intelligence' to Investigate Boston Marathon Bombing

The clear, imminent danger of the Boston Marathon bombing drove U.S. citizens, emergency medical crews, law enforcement officials, elected officials, government agencies, and the media to act as a "distributed intelligence" network where several nodes come together to form a massive computing platform, according to Irving Wladawsky-Berger, the former vice president of technical strategy and innovation at IBM.
Wall Street Journal

Cyberattacks Triple in 2012, Akamai Says

The number of distributed denial of service (DDoS) attacks more than tripled in 2012 from the previous year, according to Akamai.
CNet

Eletropaulo Plans Biggest Brazil Smart Grid to Fight Power Theft

The Brazilian power company Eletropaulo Metropolitana de Eletricidade de Sao Paulo is planning to invest in a smart-grid project that it says will help cut down on the theft of electricity.
Bloomberg

Enterprises Are Experiencing a Wide Variety of Web Application Attacks

ESG recently surveyed 200 security experts and found that 79 percent of enterprise organizations have experienced Web application security attacks in the past year.
Network World

Cyber Compliance: Defense Strategies Neglect 'Know Your Enemy' Rule

Experts say that the cybersecurity industry uses blanket protections to ward off would-be intruders, but that such defense measures could begin to falter as corporate resources become strained and hackers become more innovative.
Wall Street Journal

China Cyberspies Outwit U.S. Stealing Military Secrets

Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East.
Bloomberg

Technology Fuels New Advances and Challenges in Predictive Policing

While yesterday’s criminals relied on guns, knives and threats of physical harm, tomorrow’s criminals are likely to be more effective in spreading fear or stealing millions by simply sitting behind a laptop or using their mobile or a tablet device.
Reuters

Chinese Hackers Targeting the Healthcare Industry

Gangs of Chinese hackers are targeting the U.S. healthcare industry, going after intellectual property associated with new drugs and devices as well as business processes that improve efficiency.
Dark Reading

Pepsi Suddenly Scarce in Thailand after Bottler Breakup

The day after PepsiCo Inc.'s bottling deal in Thailand expired, its partner of 59 years launched its own soft drink that has knocked Pepsi off store shelves.
Reuters

Pain Killer Abuse Now Strikes the West

The epidemic in painkiller-abuse gripping the Southern and Eastern U.S. is tightening its hold on the Western part of the country, having blindsided law enforcement and public health authorities.
Wall St. Journal

Drug Side Effects Found on the Internet

A new study shows that Internet searches can uncover drug side effects before the FDA can.
The New York Times

Older, Quieter Than WikiLeaks, Cryptome Perseveres

Since its creation in 1996, Cryptome has amassed more than 70,000 files — lists of secret agents, high-resolution photos of nuclear power plants, and much more.
Associated Press

New Anti-Smuggling Center Uncovers Internal Surprises

E2C2 finds a match whenever one agency reports it has information on another agency's target, whether that information is a smaller file with standard information or full-fledged investigation.
Reuters

Pentagon Forming Cyber Teams to Prevent Attacks

Gen. Keith Alexander, the top officer at U.S. Cyber Command, warned in recent congressional testimony that the threat of cyber attacks against U.S. institutions and infrastructure was very real.
Associated Press

2012 economic losses from disasters set new record at $138 billion

The UN Office for Disaster Risk Reduction (UNISDR) reported that for the first time in history, the world has experienced three consecutive years in which annual economic losses have exceeded $100 billion.
Homeland Security News Wire

Cyberattacks: The Complexities of Attacking Back

Some in the the cyber security industry say that now is the time to have a debate over the use of offensive strategies in combating the threat from malicious hackers.
Politico

Former CFO Faces Sentencing for Hedge Fund Theft

A New York man is accused of embezzling more than $1 million from a hedge fund where he served as CFO.
Associated Press

Health Employees Seek Legislation to Address Workplace Violence

Health employees in Maryland have recently taken their concerns over workplace violence to Annapolis, where they hope state legislators will work to enact laws to protect them from irate or otherwise unhinged patients.
Baltimore Sun

The Enemy of Risk Management Starts With a C (and It's Not China)

The National Institute of Standards and Technology's Ron Ross says a growing solution for network risk management is the use of cloud services, in particular emerging public cloud options.
Government Computer News

Mass shootings since 2006 claim 934 lives

More than 900 people died in mass shootings in the past six years, the majority killed by people they knew, according to a report in USA Today.
Security Director News

Earthquake catastrophes and fatalities to rise in 21st century

Predicted population increases in this century can be expected to translate into more people dying from earthquakes. There will be more individual earthquakes with very large death tolls as well as more people dying during earthquakes than ever before, according to a new study.
In Menlo

Making communities more resilient to climate-induced weather disasters

Mounting scientific evidence indicates climate change will lead to more frequent and intense extreme weather that affects larger areas and lasts longer. We can reduce the risk of weather-related disasters, however, with a variety of measures.
Sustainable Cities Collective

U.S. responds to China’s cyberattacks with anti-theft trade strategy

The Obama administration yesterday (Wednesday) unveiled the details of a broad strategy to counter the systemic theft by Chinese government agencies of U.S. trade and technology and trade secrets.
Seattle pi

Chinese set to buy yet another U.S. taxpayer-backed hi-tech firm

Lawmakers yesterday expressed their concerns about the likelihood that U.S. taxpayer dollars could end up bolstering the Chinese economy. The lawmakers reacted to reports that a Chinese firm, Zhejiang Geely Holding Group, is leading the list of companies bidding for a majority stake in government-backed Fisker Automotive, and that the only serious rival of that Chinese company is a Chinese auto maker.
Homeland Security NewsWire/Scoop It

BP Stations Were Greater Safety Risk Than Production Sites

Internal records from U.K. oil giant BP show that the company's deadliest operating locations over the past 14 years were retail fuel stations in the United States.
Wall Street Journal

Supreme Court Justice: Monsanto Seed Saving by Indiana Farmer is Like Bank Robbery

The U.S. Supreme Court is in the process of deciding whether seeds produced from patented genetically modified crops can be used to resow fields without violating intellectual property laws.
Heffington Post

The State of the Homeland Security Market in 2013

President Barack Obama Tuesday warned the nation and Congress about the debilitating impact that $1 trillion in automatic spending cuts.
HS Today.US

Plans to Prevent Workplace Violence Urged

While homicides at work are statistically rare, they do happen. In all, 358 employees were killed or injured on the job by gunfire in 2011.
Pittsburgh Post-Gazette

Malicious Web-Based Attacks Up 600 Percent Year-over-Year

The number of malicious Web sites playing host to malware and launching cyberattacks has grown by nearly 600 percent year-over-year worldwide, according to Websense Security Labs report.
TechJournal

Security Pros Say Their Companies Invest in the Wrong Technologies

More than a third of security professionals say they are not confident they are spending money on the appropriate technologies for protecting valuable data, according to a SafeNet survey.
CSO Online

U.S. Said to Be Target of Massive Cyber-Espionage Campaign

The United States is the target of a massive, sustained cyber-espionage campaign that threatens the country's economic competitiveness, according to the National Intelligence Estimate (NIE).
Washington Post

Is Identity the New Perimeter?

The proliferation of cloud and mobile computing has "completely destroyed the old, fortress-style model of security that was based on network security, firewalls, and VPNs," says Identropy's Nishant Kashik.
Dark Reading

New Policies Ordered on Federal Workplace Violence

Federal agencies have been told to produce within four months more comprehensive policies for addressing domestic violence, sexual assault and stalking in their workplaces.
Washington Post

Proposed Legislation Would Let Hospitals Form Own Police Departments

Indiana State Sen. Dennis Kruse recently introduced a bill that would allow hospitals to set up their own private police departments to defend against active shooters and other threats that might arise.
FOX 59

Cyberattack Threatens Most Businesses, Deloitte Survey Says

Although 88 percent of companies believe they are not vulnerable to a cyberattack, all businesses are at risk and should be prepared to rebound rapidly following a security incident, according to a Deloitte survey of 121 technology, media, and telecommunications firms worldwide.
Computerworld Australia

Chinese Army Unit is Seen as Tied to Hacking Against U.S.

A report from the computer security firm Mandiant links a number of recent cyber attacks on American companies to the Chinese military.
New York Times

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses.
Wall Street Journal

Nations Prepare for Cyber War

The anti-virus company McAfee says that nation states are more likely to be behind major cyber attacks in the coming year and that these attacks are likely to be more and more destructive.
CNN Money

Major Security Issues With Cloud Computing Being Ignored

End users have a number of concerns in the ever-changing industry, but an exclusive Security Director News survey pinpoints the chief issues that keep security professionals up at night. The survey results were released at TechSec 2013.
Security Director News

Major Security Issues With Cloud Computing Being Ignored

A new Imperva report says many organizations are not aware of the security problems facing them as they move to the cloud. The report notes that Yahoo was hacked because its security measures failed to address insecure third-party code.
International Business Times

Private Security Group Assembles First Private Navy Since East India Company to Protect Indian Ocean Shipping Convoys from Somali Pirates

In order to mitigate the risks and costs associated with piracy on the high seas, the private security company Typhon is setting up the world's first private navy since the East India Company closed down about 220 years ago.
Daily Mail

Norway Considers Sharing Risk Intelligence with Businesses

Norwegian officials have announced that they will consider sharing risk assessments with businesses operating in unstable countries.
Wall Street Journal

Most Hospital Shootings Are Not Preventable

Recent research from Johns Hopkins University found that most hospital shootings are undertaken by a determined shooter with a specific target, making them very hard to prevent.
Hospital Employee Health

New Threat Emerges at Intersection of Terrorism, Syndicated Crime

Terrorist groups in Africa and the Middle East have recently shown a shift in funding practices to support their operations in the regions, moving beyond relying on larger donors and instead resorting to illicit and high-paying criminal practices like drug trafficking, kidnapping, and robbery.
NPR Online

Self-Deleting E-mails: An Enterprise Nightmare

Many network administrators will soon find themselves mired in a quandary related to the use of apps and Web sites that enable the sending of self-deleting communications.
Government Computer News

Cisco Flags Threat That Generation Y Poses to Corporate Security

The new Cisco Connected World Technology Report (CCWTR) has warned employers that younger workers, particularly those in Generation Y, are more likely to share personal information online than their older colleagues.
IT Pro

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.
Associated Press

Hackers Hijacking Security Cameras for Malware and Spying

Researchers say hackers increasingly are targeting unsecured Internet-connected devices, such as printers, networking equipment, and even networked surveillance camera systems.
CIO

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.11
Associated Press

FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures

The Federal Trade Commission, the nation’s chief privacy agency, issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.
Federal Trade Commission

Healthcare facilities seek antidote to epidemic of violence

The IAHSS found that 2012 earned title of the year with the greatest number of fatalities reported.
Security Infowatch

Chinese Hackers Hit U.S. Media

Chinese hackers believed to have government links have attempted to tap into computers of Wall Street Journal and New York Times reporters to uncover the sources for articles relating to China.
The Wall Street Journal

Major Security Issues with Cloud Computing Being Ignored

Security expert Barry Shteiman with Imperva believes that organisations aren't even aware of the security problems facing them as they move to the cloud, following the attack on Yahoo last month
International Business Times

China Accused of Java, IE Zero Day Attacks

The Chinese government is being blamed for targeted attacks against recently disclosed vulnerabilities in Java and Internet Explorer.
Information Week

'Red October' Response Shows Importance of Threat Indicators

Kaspersky Lab and Alien Vault issued a new report on the Red October cyberespionage campaign, this time containing indicators of compromise (IOCs) that organizations can use to check their systems for signs that they were affected by the attack.
Dark Reading

Startup Clamps Down on Energy Theft

The Electric Power Research Institute estimated that electricity theft or tampering cost the industry $6.5 billion in 2006.
MIT Technology Review

Red Flags in Filings of Firm Linked to Caterpillar Fraud

China-based ERA Mining Machinery Ltd. has been accused of running a widespread accounting fraud as well as shady insider loans and asset transfers prior to being purchased by Caterpillar Inc.
Fox Business

Employees Put Critical Infrastructure Security at Risk

Security experts say a lack of cooperation between IT and operators is contributing to the ongoing vulnerability of critical infrastructure to cyberattack.
CSO Online

Chinese Hackers Attack NYTimes Journalists Following Blockbuster Story

The New York Times reported on Jan. 31 that Chinese hackers had launched a series of cyber attacks against the publication for about four months following the newspaper's publication of an article that exposed the $2.7 billion wealth of outgoing Chinese Premier Wen Jiabao.
Voice of America

Healthcare Facilities Seek Antidote to Epidemic of Violence"

The 2012 Crime and Security Trends Survey released by the Foundation of the International Association for Healthcare Security and Safety (IAHSS) found that 2012 earned the title as the year with the greatest number of fatalities reported by IAHSS members since the survey was first issued 20 years ago, with eight homicides being reported in such healthcare facilities in the past year.
SecurityInfoWatch.com

CEOs Open to Cybersecurity Rules

Many Fortune 500 companies support the creation of voluntary cybersecurity standards, according to a survey by the Senate Commerce Committee.
Wall Street Journal

Millions of PCs Exposed Through Network Bugs, Security Researchers Find

Common bugs in networking systems are threatening the security of PCs, printers, and storage devices, with up to 50 million devices worldwide at risk, warn Rapid7 researchers. They say hackers can attack the devices through a vulnerability in the Universal Plug and Play (UPnP) standard, a set of networking protocols that enables devices to communicate and discover each other's presence

Survey: 71 Percent of Organizations Using Unsanctioned Cloud Apps

A new OneLogin survey found that 71 percent of respondents admitted to using unsanctioned cloud apps.
Talkin' Cloud

Workplace Homicides Up 50 Percent in 2012

A recent shooting at Lone Star College in Texas marks the latest in a recent string of shootings at schools, universities, and other workplaces.
Cypress Creek Mirror

'Cyber 9/11' May Be on Horizon, Homeland Security Chief Warns

U.S. Homeland Security Secretary Janet Napolitano reiterated the need for cybersecurity legislation during a talk at the Wilson Center think tank on Jan. 24, saying that a "cyber 9/11" could happen "imminently," according to a report from Reuters.
CNet

CIOs Make Tough Calls on the Cost of Cyber Security

Cyber attacks against major corporations have been increasing in number and in sophistication, prompting many companies to move their IT security from the lower echelons of corporate ranking to the highest levels of corporations.
Wall Street Journal

U.S. to adopt tougher stance toward China’s persistent cyberattacks

The Obama administration let it be known that it is examining the adoption of more assertive stance against China in response to a persistent cyber-espionage campaign waged by Chinese government hackers U.S. companies and government agencies.
Homeland Security Newswire

Study: Many Businesses Overconfident About Cybersecurity

A new report form the business advisory firm Deloitte on the cyber security practices of technology, media, and telecommunications companies finds that while many security executives say they are aware of security risks and that their organizations are not vulnerable, far fewer have vital security measures in place.
Security InfoWatch

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses. Business interests were among those who applied pressure to kill legislation before Congress last year that would have set up voluntary cyber security regulations .
Wall Street Journal

What's Your Total Cost of Risk (TCOR)?

Companies that do not know their Total Cost of Risk (TCOR) may need a better connection to their own risk managers, who measure risk by what can be insured and what it costs to do so. While the measurement of operational risks is still a bit of a puzzle for CSOs, risk managers have used TCOR for ages.
CSO Online

Verizon to Test Support for One Password for Whole Internet

Online identity and technology companies are collaborating to test whether consumers would trust a single, highly secure user-password combination for all of their online accounts.
eWeek

How to Create a Domestic Violence Policy at Your Workplace"

Experts say that all employers need to develop policies for dealing with domestic violence, since the problem can sometimes spill over into the workplace. Developing such policies takes only a small amount of time, perhaps about 20 minutes.
HR.BI.R.com-Business and Legal Resources

China Dominates 2012 Cybersecurity Talking Points"

China dominated discussions of cyber security in the Asia-Pacific region in 2012, leading numerous trends including increased concern over cyber espionage, the incorporation of cyber and hacking attacks into regional politics, and attempts to curb cyber crime through new legislation.
ZDNet

Marvell Slammed With $1.2 Billion Patent-Infringement Judgement

The U.S. District Court for the Western District of Pennsylvania on Wednesday ordered computer chip maker Marvell Technology to pay Carnegie Mellon University $1.17 billion in damages for willfully infringing on its patents.
San Jose Mercury News

Mobile Phone Services Suspended in Karachi Over 'Terror Threat

Officials in Pakistan suspended cell phone service in Karachi for much of the day on Friday in response to concerns about the threat from terrorism.
Tribune

Ransomware Scammers Push Panic Button With Bogus Claims

Symantec researcher Jeet Morparia issued an advisory on Dec. 24 about a new variant of ransomware called "Trojan.Ransomlock.G," saying that the malware's threat of erasing victims' hard drives is an empty one.
Computerworld

Poor SCADA Security Will Keep Attackers and Researchers Busy in 2013

The security of supervisory control and data acquisition (SCADA) and other types of industrial control systems (ICS) has been a hotly debated topic in the IT industry since the Stuxnet malware was discovered in 2010.
Computerworld

Four Security Trends Defined 2012, Will Impact 2013

Security experts say the cybersecurity trends that were visible in 2012 will continue to be seen next year. One of those trends is the growing threat to the security of mobile devices.
CNET News

U.S. Appeals Court Revives Workplace-Cybertheft Lawsuit

The 2nd U.S. Circuit Court of Appeals in New York on Wednesday ruled that a Denver-based chemical company's lawsuit against a former account manager accused of unauthorized computer access and the misappropriation of trade secrets can proceed, overturning a ruling by a lower court.
Reuters

China Takes Chilling Look at Security in its Schools

A Dec. 14 attack at China's Chenpeng Village Primary School in Guangshan County, Henan Province, which left 23 children injured at the hands of a man wielding a meat cleaver, has called into question the nation's efforts to secure its schools after a series of such attacks over the past three years.
New York Times

Beware iPhone and Android Fraud, Javelin Warns

Javelin is warning banks about a growing threat to the security of mobile transactions. The company noted that smartphone users who use their handsets to make purchases and perform banking transactions face a rising threat from mobile malware because they are increasingly utilizing mobile browsers rather than native apps to perform these transactions. Mobile browsers are less safe than apps because they make users more prone to phishing, Web site spoofing, and man-in-the-mobile attacks.
American Banker

How often should you change your passwords?

How often do you need to change your passwords for all your other logins (if at all)?
NBCNews.com

Ruby Resident Martin Kimber Pleads Guilty to Placing Mercury at Albany Medical Center

A retired pharmacist from Ulster County, N.Y., pleaded guilty on Nov. 29 to spreading mercury on food, and prep and cooking surfaces in Albany Medical Center earlier this year.
Daily Freeman

As Cyberwarfare Heats Up, Allies Turn to U.S. Companies for Expertise

Middle Eastern nations have been scrambling to beef up their cyber defense capabilities after the Shamoon malware wiped data and destroyed thousands of computers belonging to Saudi Aramco earlier this year.
Washington Post

Mimicking Public Health Strategies Could Improve Cyber Security

Cybersecurity could benefit from the strategies and research methodologies used by the public health community, according to a team of economists and public health researchers at RTI International.
RTI International

Anti-Botnet Efforts Still Nascent, But Groups Hopeful

An effort by a coalition of ISPs and the U.S. government to help ISPs more effectively combat botnet activity on their networks is still fighting to gain broad acceptance.
Dark Reading

Former US Spy Chief Warns on Cybersecurity" Financial Times

Former Director of National Intelligence Mike McConnell said urgent action is needed to prevent a cyber attack against the U.S.'s banking system, power grid, and other essential infrastructure.

How Best to Respond to DDoS Attacks

The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack.
Gov Info Security

DIA Sending Hundreds More Spies Overseas

The Defense Intelligence Agency is planning to vastly expand its clandestine spying activities in the coming years through the creation of a new unit known as the Defense Clandestine Service.
Washington Post

5 Reasons for Conducting Micro-Assessments

A micro-assessment is a narrowly-focused, short assessment that provides support for decision-making and planning.
SecurityInfoWatch.com

Workzone: Firms Lack Sound Policies to Fight Domestic Violence

There are a number of steps companies can take to combat domestic violence affecting their employees.
Pittsburgh Post-Gazette

Cybercriminals Are Increasingly Abusing .EU Domains in Attacks

Cybersecurity researchers have noticed that cybercriminals are increasingly exploiting Web sites using the .eu TLD to launch cyberattacks.
IDG News Service

5 Strategies to Combat Workplace Bullying

Filmmaker Cynthia Lowen and school social worker Cindy Miller offer five anti-workplace bullying strategies in their new book "The Essential Guide to Bullying: Prevention and Intervention.
EHS Today

Dual-identity Smartphones to Bridge BYOD Private, Corporate Divide

Consumers will be able to buy smartphones that either come with native hypervisor software or use an app allowing them to run two interfaces on the phone: one for personal use, one for work.
Equities

In Fairfax County, the Classroom Is a (Cyber) Battlefield

Thousands of students across the U.S. recently participated in the opening round of the CyberPatriot challenge, the premier high school cyberwarfare competition.
Washington Post

US Gov Galvanises Aust Cyber-Security Experts

The U.S. Defense Advanced Research Projects Agency recently awarded an $18 million contract to a consortium of research groups, including National ICT Australia (NICTA), to develop software to protect critical systems from cyberattacks.
FutureGov

Black Friday, Cyber Monday Prompts Security Precautions

The security of online merchant Web sites is becoming a concern now that Cyber Monday, the Monday after Thanksgiving when many people do some holiday shopping online, is upon us.
SC Magazine

This Is Your Brain on Organizational Change

The NeuroLeadership Summit, which took place in New York in mid-October, gave organizational behavioral experts and senior executives the opportunity to explore connections between neuroscience and organizational change, and how leaders can effectively deal with human resistance to change.
Harvard Business Review

Anonymous Declares 'Cyberwar' on Israel

The hacktivist collective Anonymous says that it has carried out a series of cyber attacks on Israeli targets in retaliation for Israel's attacks on the Gaza Strip.
CNN.com

How Safe is Your Company's Twitter account?

Did Twitter force you to change your password last week? While it may have been an inconvenience, the micro-blogging giant very good reasons.
CNN Money

Social Media Takes Workplace Harassment to New Levels

Recent legal decisions highlight the need for employers to take a stance against the use of social media to enable workplace harassment.
HR.BLR.com

Hacking Contest Seeks to Attract Women to Information Security

The Power of Community ecurity conference in Seoul recently held the final round of a hacking contest called the Power of XX.
IDG News Service

Ransomware Scams Rising in North America, Europe: Symantec Report

Ransomware is making a comeback in Western Europe and the United States, according to a report from Symantec.
eWeek

Build Roadblock for Attacks Through Rule of Least Privilege

Cybersecurity analysts say privileged accounts have become a lucrative target for hackers in recent years.
DarkReading

Common Language: IT and Corporate Security Cooperation Makes Progress

Corporate, physical and IT security need to work together but real cooperation only starts as risk management functions operate in separate spheres without interaction.
PC Advisor

Corporate Espionage Versus Competitive Intelligence

Neither competitive intelligence nor the ethics surrounding the topic are taught much at business schools, according to academics familiar with the topic.
Globe and Mail

At Least 5 Killed in Moscow Office Shooting

At least five people were killed and two others were injured in a shooting at the offices of the Rigla pharmaceutical company in Moscow on Wednesday.
Moscow Times

China Most Threatening Force in Cyberspace, Panel Says

Chinese hackers intent on gathering intelligence rather than launching attacks, according to U.S. panel.
Treasury & Risk

MasterCard Rolls Out Credit Card with Display and Keypad

Next time you get a new card from your bank, don't be surprised if it has a keypad and an LCD on it.
CNET

Briton Killed in China Had Spy Links

An investigation into the death of Neil Heywood, a British consultant living in China, has revealed that he was an informant for Britain's MI6 spy agency.
Wall Street Journal

Mexico Shuts Down Korean Firm After Workplace Violence

Officials in the Mexico's Queretaro state closed the operations of Korean electronics supplier following an investigation after a worker was attacked by his Korean supervisor
Fox News Latino

Fracking: fact vs. fiction

In communities across the United States, people are hearing more and more about a controversial oil and gas extraction technique called hydraulic fracturing....

NIST Provides Draft Guidelines to Secure Mobile Devices

The National Institute of Standards and Technology has issued a draft publication that outlines guidelines for securing mobile devices.
NIST Tech Beat

US, Canada Launch Joint Cybersecurity Plan

Canada and the United States have announced a joint cybersecurity initiative to protect critical infrastructure.
AFP

Insecure Industrial Control Systems, Hacker Trends Prompt Federal Warnings

The exposure of vulnerabilities in industrial control systems combined with troubling trends in the hacker underground have led the DHS to issue a warning.
CSO Online

Ernst & Young's IT Security Survey Shows Struggle to Control Cloud Computing, Social Media and Mobile Risks

IT security professionals are struggling with cloud computing, social media, and mobile security issues, according to Ernst & Young's 2012 Global Information Security Survey.
Network World

Intelligence Community Cloud Coming Online in Early 2013

Director of National Intelligence told the GEOINT symposium that the shared IT infrastructure of INCITE will achieve initial operating capacity in March 2013.
Federal News Radio

Critical Report Faults University Security

The University of Michigan Board of Regents released a report on Oct. 19 that helped set in motion the consolidation of the university's three security departments.
The Michigan Daily

Draft Order Would Give Companies Cyberthreat Info

The latest draft of a proposed executive order calls on the DHS to run a cyber security information-sharing network.
Associated Press

Man Held After Molotov Cocktail is Dropped at Arlington Mall

Ballston Common Mall in Arlington County, VA evacuated and surrounding streets closed when a man threw what is believed to be a Molotov cocktail into the mall's food court.
Washington Post

Cyber criminals target small businesses

A recent study conducted by the Nat'l Cyber Security Alliance and Symantec found 77% of small business owners think their company is safe from cyber criminals.
Homeland Security Newswire

New security threat at work: Bring-your-own-network

Even as IT pros wrestle with the bring-your-own-device (BYOD) trend, corporate security is being further complicated by another emerging trend: bring your own network (BYON)
Computerworld

Panetta Lays Out New Cyber Policy

Delivering what Defense Dept. officials termed a major policy speech to prevent cyber attacks, Defense Secretary Leon Panetta described the U.S. as in a “pre-9/11 moment” in need of immediate action.
Defense News

Growing Prevalence of Industrial Espionage Threaten Automakers

Automotive News reports that industrial espionage in the U.S. has been rising steadily in several sectors, including the auto industry.
iMotor Times

Illinois Man Faces Terrorism Charge After Plan to Destroy Oklahoma Churches Found

On Oct. 5, an Illinois man was charged with possessing an incendiary device and violating the Oklahoma anti-terrorism act after police found notes on plans to destroy 48 churches and the ingredients for Molotov cocktails.
Tulsa World

Cybercrime Costs on the Rise, HP-Sponsored Study Finds

The cost and frequency of cybercrime has gone up for the third consecutive year, with the cost of such crime to U.S. organizations averaging $8.9 million in 2012, according to a new study from Hewlett-Packard and the Ponemon Institute.
WebProNews

Cybercriminals Plot Massive Banking Trojan Attack

The security firm RSA reports that it has received information that a gang of cyber criminals plans to use a little-known Trojan program to target customers at 30 or more major U.S. banks.
Computerworld

Three Reasons Major Corporations Lag on Cyber Security

Verizon has found that there were 855 corporate data breaches in the U.S. in 2011.
Boston Globe

Scenario-based Gaming Exercise to Improve Intelligence Analysis

Raytheon has created a scenario-based gaming exercise to study in depth the intelligence analyst's tradecraft; the company says the goal is ultimately to help analysts produce the best intelligence products and streamline workflows.
Homeland Security News Wire

Why Your Next 'Passw0rd' Might Not Be a Password

Despite years of warnings, the truth is incontrovertible -- mortal users do a very poor job of defending their data with passwords.
NBC

How to Regain Employee Trust

The economic downturn in recent years has taken a heavy toll on employee trust in leadership, with only 10 percent of employees believing that their managers will make the right decisions in uncertain times, according to a recent Maritz Research poll.
Chief Learning Officer

Iran Preparing Internal Version of Internet

The Iranian government reportedly has established a technical platform for a national online network that would exist independent of the Internet and allow for tighter information regulation.
Washington Post

NIST Issues Risk Assessments Guidance

The National Institute of Standards and Technology has issued what could be characterized as the bible of risk assessment called the Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments.
Gov Info Security

Android Warning: 50 Percent of Devices Need Patching

More than 50 percent of Android devices are running outdated and unpatched versions of Google's mobile operating system, according to a new study by Duo Security.
InformationWeek

Caught Red-Handed: Motorola Thief 'Betrayed Country'

On Wednesday, former Motorola, Inc. employee Hanjuan Jin was sentenced to four years in federal prison for stealing more than 1,000 documents from Motorola's Schaumberg, Ill. headquarters.
WLS ABC7

Second Java Zero-Day Found: Time to Disable It, Say Experts

Researchers have discovered another zero-day Java vulnerability that attackers are using to hijack computers on the Web, following the initial discovery of a Java flaw that has been tied to attackers in China.
CSO Online

Canadian Energy Firms Warned of Hacking Threat

Newly released government documents show that Canadian security and intelligence agencies have warned Canada's major energy companies that they may become targets of cyber attacks by online activist groups such as the hacker collective Anonymous.
Herald-Tribune

Huawei Expands Lobbying Amid National Security Probe by Congress

The Washington Post is reporting that Chinese telecom giant Huawei Technologies has almost quadrupled its spending on Washington D.C. lobbyists as it continues to be scrutinized by a House Intelligence Committee inquiry into both Huawei and fellow Chinese telecommunications equipment manufacturer ZTE.
Washington Post

Agencies Don't Often Share Tips on Potential Terrorist Activity

Forty-six percent of federal agencies are not sharing documented incidents of potential terrorist activity with U.S. intelligence centers, reported Office of the Director of National Intelligence (ODNI) officials.
Nextgov

U.S., China Talks Address Cyber-Weapons, Not Cyber-Spying

Although informal bilateral talks between U.S. and Chinese think tanks and government officials about restricting cyber attacks, improving crisis communication, and limiting the threat of third-party attacks have yielded insights about cyber espionage, they have not resulted in a clear agreement to proscribe the practice.
eWeek

The Hacker Wars

The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace.
Government Executive

Executives Advocate a Military Approach to Cybersecurity

A recent survey of IT executives conducted by the security firm CounterTack is the latest effort in a push by government and private companies to promote the adoption of a more militaristic mindset in cyber security.
CNN.com

Major Companies Still Vulnerable to Online Data Theft, Report Warns

A new report from the computer security firm CounterTack shows that many major companies remain vulnerable to data theft, especially at the hands of advanced persistent threats, such as the one that lead the breach of RSA Security's SecureID data protection technology last year.

Terror and Toy Planes - Not So Remote

Among the items confiscated by Spanish authorities when they arrested a trio of suspected al-Qaida operatives last week was a video of one of the three, Cengiz Yalcin, operating a remote controlled airplane that had been modified to carry and drop a crude explosive payload.
CNN.com

Prototype System Goes After DNS-Based Botnets

Researchers at the University of Georgia and the Georgia Institute of Technology have developed Pleiades, a prototype system that can better detect Domain Name Generation (DGA)-based botnets without the normal time-intensive reverse engineering required to find and defeat such malware.
Network World

Outdated Card Technology Leads to Fraud

While U.S. lags, Canada has followed Europe in going to high-tech credit and debit cards.
Star Tribune

BYOD Security: Are Agencies Doomed to a Permanent Game of Catch-Up

With the bring-your-own-device paradigm continuing to take hold, enterprises increasingly are exposed to and scrambling to develop countermeasures against the rapidly evolving mobile device threat landscape.
Government Computer News

Boards Are Still Clueless About Cybersecurity

The Governance of Enterprise Security: CyLab 2012 Report, released today by Carnegie Mellon CyLab and its sponsor, RSA, The Security Division of EMC, examines how boards of directors and senior management are managing privacy and cyber risks.
Forbes

City of Buffalo Lags on Compliance With Workplace Violence Rules

Buffalo, N.Y. is scrambling after being informed by the state Department of Labor that the city was not in compliance with new regulations designed to prevent workplace violence.
Buffalo News (NY)

Cyber Chief Warns of Rising Danger from Cyber Attacks

In a rare speech on Monday, Gen. Keith B. Alexander, the commander of U.S. Cyber Command, warned of the danger of cyber attacks.
CNN.com

Cybercriminals Sniff Out Vulnerable Firms

Cybercriminals are becoming a growing problem for small companies, primarily because these companies do not have the resources to properly protect themselves.
Wall Street Journal

Bomb threat? There’s an app for that.

In the first chaotic moments after suspicion of a bomb threat, first responders have a myriad of questions, assessments and decisions to make.
Homeland Security NewsWire

FBI: High-Tech Economic Espionage a Vast, Expanding Threat

The mounting threat of economic espionage has cost U.S. companies approximately $13 billion in the current fiscal year, with insiders an expanding element of this problem, according to the FBI's testimony recently at a Counterterrorism and Intelligence hearing.
Network World

Microsoft's Security Information Report Shows Lax Practices Allow Malware to Thrive.

Security is a two-way street that requires an effort on the part of end users.
Network World

France Telecom Boss Faces Inquiry Into Workplace Bullying

Former France Telecom (FT) chief executive Didier Lombard has been placed under judicial investigation for workplace bullying following a series of worker suicides at FT and its subsidiary Orange.
Mail & Guardian

Homeland Security Cites Sharp Rise in Cyber Attacks

The new report from the Department of Homeland Security documenting a dramatic upswing in the number of reported cybersecurity incidents at American companies responsible for power grids, power generation, and water filtration is highlighting the changing nature of public-private collaboration on the IT security of America's critical infrastructure.
CNN.com - Security Clearance

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically

U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011.
Dark Reading

Hundreds of Thousands at Risk as DNSChanger Deadline Looms

Users have until July 9 to ensure their computers are not infected with DNSChanger, and the DNSChanger Working Group cautions that machines infected with the malware, which directs Internet requests to DNS servers, will be taken offline unless they are purged.
Government Computer News

Sandia Opens Cybersecurity Technologies Research Laboratory

Sandia National Laboratories has opened a cybersecurity research facility on the grounds of the Livermore Valley Open Campus.
eWeek

How to Protect Your Hotel From the Threat of Terrorism

Hotels have long been considered soft targets for militant groups, and a recent U.S. intelligence study found that the number of attacks on hotels has more than doubled since 9/11.
Big Hospitality

Microsoft Becoming a Digital Sherlock

With their Digital Crimes Unit (DCU), Microsoft is blazing a trail for private businesses and organizations to use the legal system to stop cyber attacks at the source, seizing and shutting down the computers and servers launching the attacks.
Puget Sound Business Journal (Seattle)

Search Results May Deliver Tainted Links

Researchers found criminals are poisoning the search results consumers receive when searching. The end game in each case is to get you to fall for scams or to infect and take control of your PC.
USA Today

Dept. of Homeland Security to Focus on Cyber Workforce Development

The DHS will form a cybersecurity workforce task group that will consider expanding DHS involvement in cyber competitions and university programs as well as develop strong cybersecurity career paths.
NetworkWorld

The True Cost of Cybercrime

The first systematic study of the cost of cybercrime recommends that society should spend less on antivirus software and more on policing the Internet.
Homeland Security NewsWire

Unique Program to Educate Next Generation of U.S. Cybersecurity Leaders

The University of Maryland and the Northrop Grumman Corporation will launch a landmark honors program designed to educate a new generation of advanced cybersecurity professionals
The Wall Street Journal

Focus on Cyber Security Degrees Rising for Colleges, Employers

Webs of wires, servers and screens are the mechanics of modernity. Hackers know their way around them well.
Khou

Experts Warn of Shortage of U.S. Cyber Pros

Cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks from attacks.
CNBC

Looking for Cybersecurity Experts? Check the Jails and Art Schools

Are cybersecurity experts born or made? It’s a question that recruiters are asking more frequently as the nation faces a shortage of technically savvy network security operators.
NDIA

Government, Military Face Severe Shortage Of Cybersecurity Experts

Cyberspies, hackers, and others using the Internet for nefarious purposes also operate in networks.
NDIA

Pharma Sector's War Versus Counterfeit Drugs Intensifies

Counterfeit drugs are increasingly showing up around the globe as more complex drug supply chains have opportunities in several phases of drug development.
PRWeek

Va. Case Highlights Dangers for Jewelry Salesmen

Criminal gangs have become more sophisticated and violent in their attempts to rob traveling jewelry salesmen, says FBI special agent Eric Ives, the head of the bureau's major theft program.
Associated Press - ABC

NSA Security Expert Worries About Mobility, Cloud

NSA's two most pressing concerns right now are mobility and cloud computing. The government wants such functionality in the same way that business wants it, but it looks to NSA for guidance on security practices.
Network World

Over-55s Pick Passwords Twice as Secure as Teenagers

People over the age of 55 pick passwords that are twice as strong of those chosen by people under 25 years old according to University of Cambridge researchers.
New Scientist

What Fearmongers Get Wrong About Cyberwarfare

A recent article in the Journal of Strategic Studies shows that is it shortsighted to assume that cyber warfare has an innate logic that will always lead to an escalation of conflict.
Slate

Using Live Video from Phones, U-Md. Plans to Offer Virtual Safety Escorts to Students

A newly created smartphone application called Escort-M links public safety personnel to real-time video and audio from users'phones.
Washington Post

Oklahoma's New Workplace Drug Testing Laws Relax Employer Requirements

New laws in Oklahoma aimed at curbing an epidemic of drug use in the state have loosened restrictions on employers carrying out drug screening.
NewsOK

Major Data Firm in Security Pinch

Florida-based Fidelity National Information Services (FIS) is fortifying its security after regulators released a report critical of its risk practices. The firm is one of the largest among the more than 1,000 third-party service providers.
Wall Street Journal

Malware Intelligence System Enables Organizations to Share Threat Information

Georgia Tech researchers have developed Titan, a malware intelligence system designed to help corporate and government security officials share information about cybersecurity attacks.
Georgia Tech

Event Focuses on Crisis Readiness, Response

The Pittsburgh Regional Business Coalition will hold a free safety demonstration and training session for all local businesses on May 31.
Pittsburgh Post-Gazette

Securing the Workplace Part 1: Education, Awareness and Planning

With an increasing number of robberies at banks and pharmacies, police are urging businesses to make a plan for employees in the event of a robbery.
WABI TV-5

BYOD is Driving IT 'Crazy,' Says Gartner Analyst

IT managers can expect rapid growth in the number of personal devices, such as smartphones and tablets, used by employees in the next couple of years, which means that IT shops will not be able to provide the security necessary to protect company data.
Computerworld

IBM Faces the Perils of 'Bring Your Own Device

After finding that many of its employees are unaware about what kinds of smartphone apps could be potential security risks, IBM adopted guidelines about which apps are acceptable for employee use.
Technology Review

OPM Polls Agencies on Domestic Violence Policies

In response to a memo issued by President Obama, the Office of Personnel Management (OPM) has begun formulating new government-wide policies relating to domestic violence in federal workplaces
Washington Post

The Global Water Security Assessment and U.S. National Security Implications

A panel of experts recently gathered at the Wilson Center to discuss the Intelligence Community's assessment of global water security and its implications for national security
New Security Beat

Obama Order Sped Up Wave of Cyberattacks Against Iran

Interviews with current and former U.S., European, and Israeli officials, as well as a number of outside experts, have shed new light on the use of the Stuxnet worm that was used to attack computers used in the Iranian nuclear program.
New York Times

Alert: Major Cyber Attack Aimed at Natural Gas Pipeline Companies

The Department of Homeland Security has issued at least three confidential amber alerts about multiple U.S. natural gas pipeline operators being targeted by a major cyber attack campaign since March 29, which is still ongoing...
Christian Science Monitor

New Study Examines Role of Intimate Partner Violence in Workplace Homicides Among U.S. Women

A new paper by the National Institute for Occupational Safety and Health (NIOSH) and the Injury Control Research Center at West Virginia University (WVU-ICRC) has found that 142 workplace murders of women in the U.S. between 2003 and 2008 were committed by the intimate partners of those women.
Medical Express

Spot a Bot to Stop a Botnet

Computer scientists at the Veermata Jijabai Institute have developed a way to detect botnet infections on computers.
Science Daily

Bill protects employees from workplace bullying

The legislation in New York establishes a civil cause of action for employees who are subjected to an abusive work environment.
Legislative Gazette

The Path to Outsmarting Advanced Cyberattacks

are prompting organizations to look into using actionable intelligence to protect themselves from cybersecurity threats.
Government Computer News

Deadly Attacks Hit Nigeria Christians

An attack on church services at a Nigerian university killed at least 16 people on Sunday.
Wall Street Journal

5 Tips on How to Handle Employee Theft

Statistics show that employee theft is a significant problem for companies in North America.
Reuters

US Seizes 36 Websites Dealing in Stolen Credit Cards

The Justice Dept. said the U.S. government has seized 36 domain names of websites that illegally sold and distributed stolen credit card numbers...
Wall Street Journal

CISPA Passes in the House After Surprise Vote

The U.S. House of Representatives on April 26 passed the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial piece of legislation that allows both federal govt. and private sector more latitude to share information about current hacking efforts and cybersecurity threats that may be on the horizon.
Security Week

Hide Patents to Foil Invention Thieves, Urges Congress

U.S. lawmakers have proposed maintaining the secrecy of U.S. patents to prevent the theft and exploitation of inventions before they are legally protected by a granted patent.
New Scientist

U.S. Study Cites Worries on Readiness for Cyberattacks

U.S. state and local officials are most concerned about the government's cyberattack response readiness, according to a study by FEMA regarding the U.S.'s ability to respond to terrorist attacks and man-made and natural catastrophes
New York Times

Cybersecurity Ranks as Top Concern in Federal CIO Survey

The biggest concern of CIOs at federal agencies is the need to protect government information from cyberattacks...
NextGov

Arrests Made in Lilly Heist

Authorities said Thursday that they have broken up a group that was allegedly involved in the theft of more than $70 million in prescription drugs from an Eli Lilly warehouse in Connecticut in March 2010.
Wall Street Journal

Religious Sites are Worst for Malware, Report Finds

According to Symantec's most recent Internet Security Threat Report, religious web sites have a higher incidence of malware infection than pornography sites.
Wall Street Journal

Bullet Time' Signals to Stop Cyber Attacks on Grid

University of Tulsa researchers have developed a method to handle cyberattacks on crucial infrastructure, such as electricity grids, water utilities, and banking networks.
New Scientist

How CIOs Can Learn to Catch Insider Crime

Research shows that CIOs rarely discover the internal security threats that can ruin companies, even though it frequently involves IT systems. Here's what needs to change.
CIO Magazine

Flea Market Raid: Homeland Security Cracks Down On Counterfeit Goods

The Department of Homeland Security (DHS) has reportedly begun raiding flea markets in search of counterfeit merchandise.
CNBC News

Plan for Dealing With Insider Threats Getting Close

The U.S. government is closing on a national policy for combating insider threats with standards for enforcement, and officials expect the policy to be issued by the end of 2012.
Government Computer News

BYOD Continues to Challenge Agencies Struggling to Develop Policy

Many federal agencies' security policies and procedures are not keeping up with the growing bring your own device trend, which leaves these government networks increasingly vulnerable to attacks, according to a recent Network World/SolarWinds survey.
Federal Computer Week

How Do You Change Your Company's Culture? Spark a Movement

Revitalizing a company culture can best be served by providing employees with a fresh concept or driving precept they can adopt, rally behind, and act on, according to StrawberryFrog founder Scott Goodson
Forbes

Breaches Epidemic Despite Efforts at Compliance, Says Kroll

A new study from HIMSS Analytics and Kroll Advisory Solutions shows that increasingly stringent regulatory activity with regard to reporting and auditing procedures has not prevented an increase in the number of breaches seen in the past six years.
HealthCare IT News

House Homeland Security Guts Own Cybersecurity Bill in Bid to Remain Relevant

The House Homeland Security Committee on Wednesday modified the cybersecurity legislation that was approved by a House subcommittee in early February.
FierceGovernmentIT

Don't Panic

Presenting an idea to senior management does not have to be terrifying, management experts say, as long as employees work ahead of time to find out what executives are looking for and follow these tips for making a compelling presentation.
The Conference Board Review

Embezzlers these days more likely to be women

With motive and opportunity, women are behind most of the state's high-profile cases since '08.
Star Tribune

Is Security the Real Problem for an Intelligence Community Cloud?

To be more cost-effective, the U.S. Intelligence Community is scrutinizing the cloud environment as a possible money-saving option, and successful migration will rely on collaborative alliances, common solutions, and effective policies...
Federal Computer Week

Mobile malware: Beware drive-by downloads on your smartphone

The number of security threats that target mobile devices has risen by more than 600 percent between 2010 and 2011.
Infoworld

A Report on ICANN 43: New gTLDs and DNSSEC"

ICANN's recent meeting in Costa Rica focused on a number of issues, but the two biggest were clearly the new gTLD program and Domain Name System Security Extensions (DNSSEC).
Network World

Apple Mac Computers Hit in Hacker Attack, Researcher Says

Antivirus software provider Doctor Web says a recent hacking attack hit more than 600,000 Apple Mac computers, a sign that the computer behemoth is becoming a more lucrative target for malicious users.
Bloomberg

BT Deploys Alarm System to Catch Copper Cable Thieves

The British telecommunications company BT has implemented a new alarm that will span its entire copper network in an effort to cut down on the growing rate of cable theft.

Is DHS Ready to Oversee Private Cybersecurity?"

Lawmakers want the security of some privately owned information networks to be supervised by the Department of Homeland Security, in much the same manner that the Nuclear Regulatory Commission oversees nuclear plants.
Federal Times

Tips for Dealing With Workplace Substance Abuse

In instances of substance abuse in the workplace, employers and co-workers should be on the look-out for specific signs and should always report the problem.
Great Falls Tribune

The Flashback Attack: It's Time Mac Users Got Security Aware

Apple is taking steps to protect Mac users from the threat posed by the Flashback Trojan. Flashback exploits weaknesses in Oracle's Java software to install malware.
Computer World

Warning Over Medical Implant Attacks

Security researchers recently developed attacks that locate and compromise medical implants that are used to manage conditions such as diabetes and heart disease.
BBC News

Cybersecurity Purchasing Alliance Established

The nonprofit Center for Internet Security (CIS), which works to improve online security, is planning to launch the first-ever collaboration for purchasing cybersecurity solutions.
Government Technology

Global Risks 2012: Seventh Edition An Initiative of the Risk Response Network

This report features refined risk descriptions and rigorous data analysis covering 50 global risks. It aims to improve public and private sector efforts to map, monitor, manage and mitigate global risks. It is also a “call to action” for the international community to improve current efforts at coordination and collaboration, as none of the global risks highlighted respects national boundaries.
World Economic Forum

New Security Opportunities in Higher Education

Colleges and universities around the United States are creating new full-time security and risk assessment positions in their study-abroad offices, spurred on at least in part by international events like the Arab Spring and Japanese tsunami. Northwestern University is one of the schools that recently created a full-time safety and security position in its study-abroad office. The university in January hired Julie Friend as associate director for international safety and security. Friend most recently served in a similar role at Michigan State University.
Security Director News

Traveling Light in a Time of Digital Thievery

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
New York Times

Eight-Year Nortel Hacking Operation Again Shows Enterprise Vulnerabilities

An eight -year hacking operation has been uncovered at telecoms firm Nortel, prompting experts to again question whether enterprises are prepared to handle targeted security breaches. While the origins of the attack and its organisers are not known, investigators traced the attacks to systems located in China.
v3.co.uk /Nichols,Shaun

Canadians Oppose Government's Proposal for Sweeping Internet Surveillance

Public outrage over the government's proposed Internet surveillance laws boiled over Thursday, as thousands of Canadians made their objections loud and clear on the Twitterverse. At the same time, a Liberal MP turned the tables, requesting that Parliament divulge the web-surfing histories of their computers and BlackBerrys.
Edmonton Journal/ By Jeff Davis and Sarah Schmidt And Vito Pilieci, Post Media News; With Files From Postmedia News

U.S. to Share Cautionary Tale of Trade Secret Theft With Chinese Official

China’s next leader, Xi Jinping, may never have heard of American Superconductor Corporation before he arrived here Monday, but by the end of his visit United States officials hope to make the small Massachusetts wind-energy company an object lesson in the impact of Chinese trade secret theft on American business.
New York Times/Weisman, Johnthan

National Strategy for Global Supply Chain Security

International trade has been and continues to be a powerful engine of United States and global economic growth. In recent years, communications technology advances and trade barrier and production cost reductions have contributed to global capital market expansion and new economic opportunity. The global supply chain system that supports this trade is essential to the United States’ economy and security and is a critical global asset.
The White House.gov

Cameras May Open Up the Board Room to Hackers

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall.
New York Times/ Perloth, Nicole

DHS guidance to state and local fusion centers going unused

More than 83 percent of 64 intelligence fusion centers run by state and local agencies to whom the Department of Homeland Security issued the Comprehensive Preparedness Guide-502 are either not using the guidance or never received it, according to a new report from the DHS Inspector General's Office. The purpose of the guidance is to assist the fusion centers' coordination of anti-crime activities with state and local emergency operations centers. The report casts blame for the guidance's under-utilization on both DHS and state and local officials.
Federal Computer Week / Lipowicz, Alice

Feds Seek Stronger Security for Power Grid

In an attempt to gain insight into how to best protect the U.S. electricity grid, the Department of Energy and the Department of Defense have joined forces to create a cybersecurity model that can be tested and applied across the utility industry. The Electric Sector Cybersecurity Risk Management Maturity Model pilot project seeks to work with experts in the public and private sector to use current cybersecurity strategies to create a "maturity model" that can identify how secure the electric grid is from cyber threats.
InformationWeek / Montalbano, Elizabeth

FedRAMP Security Controls Unveiled

The federal government has released roughly 170 controls for the Federal Risk and Authorization Management Program (FedRAMP). The program consists of a unified risk management process that will evaluate vendors' IT services for federal agencies, thereby eliminating the need for agencies to conduct their own risk management programs. This in turn will allow agencies to evaluate a vendor's IT services in light of their specific needs and their privacy and security requirements.
GovInfoSecurity.com / Chabrow, Eric

Protests Put Cities on Alert

A number of cities hosting high-profile events this year are changing their laws regarding demonstrations in order to prevent the kind of violent protests that took place across the country in 2011. In Chicago, for example, the mayor has called for placing limits on the times when demonstrations can be held, increasing fines for resisting police, and requiring parade permit applicants to provide descriptions of "attention-getting devices" such as amplifiers, banners, or signs. The proposals, which will be voted on next week, come ahead of the NATO and Group of Eight summits in Chicago this May.
Wall Street Journal / Nicas, Jack

Defense Bill Approves Offensive Cyber Warfare

The recently approved U.S. defense budget sanctions the Department of Defense to engage in offensive cyberwarfare to protect U.S. interests and those of its allies, while also directing the military to improve cyberdefensive measures. However, the National Defense Authorization Act does not empower the military to take any offensive cyberaction without presidential authorization.
InformationWeek; Hoover, J. Nicholas

SpyEye Malware Borrows Zeus Trick to Mask Fraud

The SpyEye bank fraud computer program has been identified with a feature designed to keep victims clueless long after fraud has occurred, according to security vendor Trusteer. SpyEye is notable for its ability to inject new fields into a Web page, a technique called HTML injection, which can ask banking customers for personal information they normally would not be asked.
IDG News Service; Kirk, Jeremy

Pessimism Over FISMA Deadline Starts at the Top, Survey Finds

Most federal agencies do not believe that they will be in compliance with the Office of Management and Budget's requirement to perform all Federal Information Security Management Act reporting through automated monitoring tools by Sept. 30. According to a survey of 234 IT security professionals, just 45 percent of respondents said that they would be able to meet the deadline.
Government Computer News; Jackson, William

NY Senator Proposes Measures to Protect Pharmacies

A New York senator is calling for steps to be taken to prevent deadly pharmacy robberies like one that took place in Long Island over the weekend, which claimed the life of an off-duty federal agent who tried to intervene.
Associated Press

Social Media's Passive Risk

Security and communication consultants have been using an online spoofing case involving a fake Bank of America account on Google+ to teach banks about the use of social media. A phony Bank of America page stayed up for more than a week in November, using the bank's official logo, address, and links while posting fake, satirical items.
Bank Technology News; Button, Keith

Obama Launches Bureau of Counterterrorism

The State Department recently announced the launch of the new Bureau of Counterterrorism. According to the department, the bureau will coordinate with U.S. agencies, including the Department of Homeland Security (DHS), and foreign governments to create civilian counterterrorism strategies and operations.
NewsOK; Gehrke, Joel

Court Upholds Law That Protects Companies Aiding U.S. Surveillance

The Court of Appeals for the Ninth Circuit has upheld a federal law that grants immunity to telecommunications companies that help the federal government conduct surveillance on American citizens.
Reuters

Stuxnet and Duqu Part of Larger Cybermalware Campaign

The Stuxnet worm was developed on the same platform used from 2007 onwards to set up a family of cyberweapon-like malware including the recently uncovered Duqu worm, according to a forensic study by Kaspersky Lab researchers
Techworld ; Dunn, John E.

Carmakers, U.S. Worry About Hacking of Cars

Recent studies indicate that cars' increasing reliance on computer systems that control everything from airbags to crash-avoidance systems has left them vulnerable to cyberattacks. "I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc," says Intel's Ryan Permeh.
San Jose Mercury News; Johnson, Steve

Packaging Technologies Advance in Fighting Fake Pharmaceuticals

es Shepherd, CEO of Channel IQ, a firm that monitors branded products and prices for manufacturers, distributors and retailers, said the healthcare packaging industry is constantly combating counterfeiting. "Packaging has a very important role,” he added. “It has to signify the authenticity of a product, and not just hold the product or explain its benefits.
Healthcare Packaging

Logging in With a Touch or a Phrase (Anything but a Password)

Polytechnic Institute of New York University (NYU-Poly) researchers are training devices to recognize their owners by touch, one of several research projects designed to make passwords obsolete. The research arm of the U.S. Defense Department is looking for ways to use cues such as a person’s typing quirks to continuously verify their identity.
New York Times; Sengupta, Somini

Employees' Facebook Pages Are Private, Until They're Not

A New York appeals court determined there are limits to how much proof of employee shenanigans a business can legally gather from sites like Facebook.In late October, an appeals court in New York determined that there are limits to how much proof of employee shenanigans a business can legally gather from social media utilities such as Facebook. The Appellate Division of the New York Supreme Court ruled that commercial builder Turner Construction Co. should not have a free hand in searching the Facebook activity of an employee who was seeking compensation in a personal injury suit against the company. The company was attempting to use information from the employee's Facebook account to show that he was not being truthful about the extent of his injuries.
Business on Main/ Mikal E. Belicove

Workplaces Victims of Domestic Violence Herald Sun (Australia)

A recent study has found that domestic violence is having an effect on Australian workplaces. The study, which consisted of surveys of more than 3,600 people between February and July, found that 33 percent of employees were victims of domestic violence. All told, domestic violence results in roughly $480 million worth of lost productivity in Australia, a separate study found. Experts say that employers should take steps to help workers suffering from domestic violence, including giving them time off to deal with their problems, blocking e-mails, or giving them new phone extensions so that abusers cannot call them at work.
Herald Sun (Australia)

Should Homeland Security control the electrical grid? Maybe.

Researchers at MIT have released a report on the security of the nation's electric power grid. The report noted that the federal government should designate a single agency as being responsible for protecting the electric power grid from cyber attacks. The current security regime is untenable, the report said, because those that are in charge of maintaining the electric power grid are not working together.
CNET/Don Reisinger

'Son of Stuxnet' virus could be used to attack critical computers worldwide

Researchers at Symantec have discovered a new virus that they say is very similar to the Stuxnet virus that was used to attack Iran's nuclear program. Like Stuxnet, the new virus--which is known as Duqu and may have been in use since last December--targets industrial command and control systems. In addition, much of the code used in Duqu is similar to the code used in Stuxnet. Both Stuxnet and Duqu also use fraudulent digital certificates that are purportedly issued by Taiwanese companies. As a result, Duqu must have either been created by the same group that developed Stuxnet or was created by a group that was able to obtain Stuxnet's source code. However, there are some differences between Stuxnet and Duqu, which creates a backdoor in the systems it infects and connects them to a command computer in India. For instance, Stuxnet was designed to attack the computers used in Iran's nuclear research program. Duqu is not as targeted, and may be designed to collect intelligence such as design documents before an attack on infrastructure computers is launched, Symantec said.
MSNBC (10/18/11) Sullivan, Bob

Cyber Security Must Focus on Users, Not Just Attackers Tech Journal South

Cybersecurity measures must aim at users, not just attackers, according to researchers at the University of Maryland, College Park's Maryland Cybersecurity Center. The researchers are applying criminological concepts and research methods to cybercrime research, producing recommendations for information technology managers to use in preventing cyberattacks. The researchers, led by professors Michel Cukier and David Maimon, are studying cyberattacks from the viewpoint of both the user and the attacker. "We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component," Maimon says.
Tech Journal South

New Jersey teams with Target for disaster response

During the next major disaster, New Jersey emergency responders will receive assistance from the big box retailer Target; last week the company announced that it had officially teamed up with New Jersey’s Office of Homeland Security and Preparedness to assist state and local officials in the event of a major disaster or terrorist attack.
Homeland Security NewsWire

MSU lands USDA grants totaling nearly $3 million to improve food safety

Three Michigan State University researchers landed grants totaling nearly $3 million from the U.S. Department of Agriculture to improve food safety. The grants were part of USDA Deputy Secretary Kathleen Merrigan’s visit to MSU’s campus today, in which she announced 17 grants totaling $10.4 million from the USDA’s National Institute of Food and Agriculture to universities around the country.
Michigan State University News

Homeland-Security Bill Seeks to Clarify Who's in Charge of Cybersecurity

House Cybersecurity, Infrastructure, Protection and Security Technologies Subcommittee Chairman Dan Lungren (R-Calif.) has announced that he is planning to introduce a bill that would identify the Department of Homeland Security (DHS) as the primary federal agency in charge of national cybersecurity. The bill would provide an alternative to legislation approved by the House Intelligence Committee that would require the director of national intelligence to create guidance for the intelligence community to share with the private sector classified intelligence about cyber threats. Lungren's bill, on the other hand, proposes the creation of a nonprofit National Information Sharing Organization for exchanging details on cyber threats between the public and private sector.
National Journal / Gruenwald, Juliana

Cybercrime Hits Small Towns

The cyberattack on the computer systems of 70 small law enforcement departments by the hacker group Anonymous earlier this year underscores the risks that small towns and counties face from cybersecurity threats. Small municipalities are increasingly running crucial services on computers that could be shut down by hackers, cybercriminals, or disgruntled workers, yet they do not have the funds to hire CIOs or information security chiefs to help them protect these systems.
Governing / Newcombe, Tod

Advanced Threats Touch Two-Thirds of Enterprises

Nearly two-thirds of information security managers report that their businesses have been targeted by advanced persistent threats (APTs), and 72% expect to see such attacks persist in the future...Those findings come from a new report on APTs released Tuesday by market researcher Enterprise Strategy Group (ESG). The study is based on a survey of about 250 U.S. information security professionals, conducted in August.
InformationWeek / Schwartz, Mathew J.

U.S. Report Cites 'Persistent' Chinese, Russian Spying for Economic Gain

According to a U.S. intelligence report, the Chinese are the world's "most active and persistent" perpetrators of economic espionage. Additionally, the report made claims that Russian intelligence officials are participating in extensive spying efforts to collect information on the U.S. economy and technology. The report also found that the majority of the spying activity is present in cyber space. "Cyber has become the great game-changer ... our research and development is under attack," said a senior intelligence official. Economic cyber spying is affecting several portions of the U.S. economy including information technology, military technology, clean energy and medical technology.
Wall Street Journal / Gorman, Siobhan

Private Citizens Getting Help in Fight Against Terrorism

The face of antiterrorism in Colorado includes a former Washington lobbyist, an ex-Marine from Lakewood whose wife gives him the evil eye when he's sizing up potential threats at Denver International Airport, and a native New Yorker who refuses to ride on the subway and spends as little time as possible in high-rise buildings. The alliance is eclectic, but then, the people they're after aren't very stereotypical.
Denver Post / Cotton, Anthony

Cyber Attack Targets Chemical, Defense Firms

A new report from Symantec Corp. reveals that at least 48 chemical and defense companies were affected by a cyber attack traced to a man in China. The companies' computers were infected by malicious software known as "PoisonIvy" that was used to capture such information as design documents, formulas, and details on manufacturing processes, according to Symantec. The report said the victims included several Fortune 100 companies that develop compounds and advanced materials as well as those that manufacture infrastructure for these industries. "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.
Insurance Journal / Finkle, Jim

A Reason to Revisit Your Cybersecurity Risk

Last month the Securities and Exchange Commission (SEC) issued guidance on its expectations for how publicly traded companies should address cyberattacks in their regulatory filings. The guidance does not change any existing rules, but clarifies that companies must include cybersecurity risks in their assessment of “the most significant factors that make an investment in the company speculative or risky.” In May EMC said it experienced “an extremely sophisticated cyberattack” that put its RSA SecurID tokens at risk as well as its corporate customers’ data security, and the SEC sent a comment letter asking the company how the cost of protecting itself against future breaches would affect its financial results.
CFO /Johnson, Sarah

Lab's Behavioral System Can Catch Insider Threats"

Oak Ridge National Laboratory researchers have developed a tool to identify malicious insiders and stop them from sending sensitive information outside the organization. The system uses a host-based agent to learn a user's behavior and to look for anomalous behavior or other signatures, according to Oak Ridge researcher Justin Beaver. The system responds to these signature events by switching malicious users to a honeypot environment, which isolates them from data and enables their actions to be studied. “It turns out there is a lot of data on each host you can leverage if you know what to look for,” Beaver says.
Government Computer News / Jackson, William

GAO reports problems in cybersecurity hiring strategy

An audit by the Government Accountability Office (GAO) has found that some government agencies have failed to effectively develop or implement cybersecurity workforce planning strategies. Agencies also reported problems in filling some cybersecurity positions, particularly those requiring specialized skills. In 2010 the Senate Judiciary Committee asked GAO to study whether or not the federal government was adequately meeting its cybersecurity staffing goals and report on the status of government-wide cybersecurity initiatives.
Homeland Security NewsWire

Hacker group threatens industrial computer systems

A bulletin leaked from the Department of Homeland Security's National Cybersecurity and Communications Integration Center shows that officials are concerned about possible attacks on computer systems used to operate the nation's critical infrastructure. According to the bulletin, which was issued in September and posted on Monday by the Web site Public Intelligence, the hacker group Anonymous has posted computer code and other material that shows that it is interested in attacking industrial control software (ICS) systems, which are used to run equipment at power stations, chemical plants, and water and sewage facilities, among other facilities.
Washington Times / Waterman, Shaun

Security 'Chaos' Leaves Utility Grids Vulnerable, Report Says Government

A recent paper from Pike Research reveals that the lack of standards, inadequate spending and an aging infrastructure are making vital utility grids increasing vulnerable to cyber attack. Though the report says that this vulnerability is a global problem, it also notes that there are multitudes of differing region infrastructures and security technologies, requiring region-specific definitions of threats as well as region-specific decisions regarding investments in security.
Computer News / Jackson, William

How to Have Real Risk Management

Andy Ellis, chief security officer at Akamai Technologies, says the important thing for organizations in regard to risk management is to actually understand the risks that apply to them, and make informed decisions based on that profile. "These are the organizations that are actually out front, leading the way, defining new risk models for themselves and selecting technologies and solutions that are appropriate for their business," Ellis said in a recent discussion with this publication.
Computerworld / Hulme, George V.

Metrics for Success: Tracking Preventable Risk

When you track the results of your incident post-mortems to identify root causes of incidents, and when you conduct risk assessments to prospectively document vulnerabilities, you have the data to impress management on the consequences of failure to follow policy, procedures or other elements of your internal controls that contribute to risk exposure. Objective: A significant percentage of security events are preventable. Use your metrics to influence behavior and fundamental corrective action.
SecurityInfoWatch.com / Campbell, George

Employee Theft:The Largest Source of Shrink in North America

Shrinkage cost retailers around the world more than $119 billion over the past year, or 1.45 percent of their sales, according to the Centre for Retail Research's Global Retail Theft Barometer for 2011. The causes that are most commonly responsible for retail shrinkage are different in various regions of the world. Customer theft was the primary cause for shrinkage in most countries around the world, resulting in $51.5 billion in losses so far this year. However, dishonest employees were the biggest cause of retail shrinkage in North America. Employee theft resulted in $47 billion in losses for North American retailers so far this year, up from $37.8 billion last year.
Security Management / Purvis, Carlton

One Million UK Workers Have Experienced Violence in the Workplace

Researchers at Britain's Cardiff and Plymouth universities have found that workplace violence is more prevalent in the U.K. than previously thought. Researchers conducted interviews of almost 4,000 employees working in a variety of different roles and in a number of different industries, and found that nearly one in 20 had been the victims of workplace violence. This translates to more than 1 million workers throughout the U.K., the researchers noted. Of those that said that they had been the victims of workplace violence, nearly 4 percent said that they had suffered injuries as a result of those incidents.
Guardian Unlimited (UK) / Snowdon, Graham

Most Americans Unprepared for Disaster, Survey Finds

A new survey finds that most Americans are unprepared for major disasters and that they maintain a false sense of security with regard to what will happen if a major disaster or a terrorist attack took place; contrary to reality, almost one-third of respondents believed that during a major disaster, calling 911 would bring help within an hour, while 30 percent said they believed help would come within several hours.
Homeland Security NewsWire

New Report Highlights Economic Threat of Weak U.S. Cyber Security

A new report on cyber intelligence and cyber attacks outlines overlapping vulnerabilities in computer networks across private industry and the U.S. government, and calls for a systematic response that would prevent the harm these weaknesses could inflict on national security and the economy.
law.com/ Catherine Dunn

What's a Company's Biggest Security Risk? You.

Security experts say that, despite the precautions taken by many major corporations to prevent cyber attacks, they still have one major vulnerability that cannot be fixed by technological advances: their employees. "The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp.
Wall Street Journal/Geoffrey A. Fowler

NIST releases final piece of IT security foundation

The U.S. National Institute of Standards and Technology (NIST) has released Special Publication 800-30, "Guide for Conducting Risk Assessments," which provides guidance on how to assess IT risk.
Government Computer News/William Jackson

Corporate Boards Weak Link in Information Security

According to the governance, risk, and compliance unit of Thomson Reuters, most major corporations have "significant security gaps that leave sensitive board-level information open to information theft and hacking, On Wall Street (Sept. 21, Steinert-Threlkeld) notes. Thomson Reuters said its survey of board members, corporate secretaries, and company attorneys found that information provided to members of corporate boards of directors is often in unencrypted e-mail accounts and computers.
On Wall Street/Tom Steinert-Threlkeld

In China, Business Travelers Take Extreme Precautions To Avoid Cyber-Espionage

Security experts are warning that travelers should avoid bringing electronic devices carrying important company contacts and confidential information with them to China if at all possible. This warning stems from the pervasive electronic surveillance and cyber-espionage undertaken by the Chinese government and other regional sources
The Washington Post/Ellen Nakashima and William Wan

Email Main Source of Data Leaks in Organizations: Survey

Email may be integral to an organization's day-to-day operations, but it is also becoming one of the primary sources of data leakage, according to a recent Ponemon Institute report. In a survey of 830 information technology, security, and compliance experts, more than 50 percent said improper email use among employees is the main source of data leaks within the organization.
eweek/Fahmida Y. Rashid

Organizations Over-Confident About Security Strategy: Survey

Senior executives are overconfident about their organization's information security strategy, according to a PricewaterhouseCoopers survey. Of the 9,600 senior executives who took part in the 2012 Global State of Information Security Survey, 43 percent said that their organization had an effective, proactive security strategy
eweek/Rashid, Fahmida Y.

Data Security Not High on Hospitals' Priority List

A new report from the consulting firm CSC says hospitals must increase security to achieve Meaningful Use and comply with new HIPAA requirements. CSC consultant Jared Rhoads says an annual risk analysis is required under stage 1 and putative rules for stage 2 Meaningful Use.
Information Week/Ken Terry

Organized retail theft: A $30 billion-a-year industry and growing

“Organized retail crime,” as police call it, has become big business. Last year, theft rings stole an estimated $30 billion worth of retail merchandise that wound up getting sold out of car trunks, online and even to distributors who relay the merchandise back to store shelves.
ABC newsnet5.com

Ten Years After 9/11 -- Risk Management in the Era of the Unthinkable

For the entire country, the September 11, 2001, the attacks redefined the meaning of risk management in both the public and private sector, Wharton experts say, forcing companies and the government to rethink the ways that they prepare for, respond to and recover from large-scale disasters. The new agenda for security that was set on that sunny fall Tuesday has been tested, questioned and reshaped again and again in the decade since -- by events including Hurricane Katrina, the BP oil spill in the Gulf, the 2008 financial crisis, the Arab Spring, the earthquake and tsunami in Japan, and most recently, Hurricane Irene.
Knowlede@Wharton

Top 5 Hazards for Business Travelers (Hint: Terrorism Isn't One Of Them)

So, you think nothing short of a revolution in Libya, an earthquake, a hurricane or a terrorist attack can keep you from your business meetings?
Forbes

Montgomery County Proposes Flash-Mob Law

Lawmakers in Montgomery County, Md., are in talks with the state delegation about the possibility of introducing legislation in next year's session of the Maryland General Assembly that would address the problem of flash mobs.
Washington Times; Noble, Andrea

Workplace Homicides and Suicides Fell in 2010

According to the Labor Department's preliminary Census of Fatal Occupational Injuries report, the number of workplace homicides dropped last year. The reported noted that the number of homicides that took place at U.S. workplaces dropped by 7 percent in 2010. Workplace suicides, meanwhile, decreased slightly from 263 in 2009 to 258 in 2010.
Wall Street Journal; Reddy, Sudeep

Scared Mexicans Try Under-the-Skin Tracking Devices

A recent Mexican congressional report indicated that kidnappings have increased 317 percent in the past five years. Some Mexicans, afraid of being next on the cartel's list of targets, have had radio frequency identification chips (RFIDs) or other tracking devices surgically implanted to allow them to be tracked. Many of the implants are selling for thousands of dollars based on promises that they improve the kidnapping victim's chances of being returned.
Washington Post ; Miroff, Nick

Campus Security: There's an App for That

The University of Maryland's College Park campus is planning to introduce a smartphone application next month that aims to improve security. The app, known as M-Urgency, will allow students, faculty, and staff to instantly alert police and share with them their exact location.
Baltimore Sun; Sentementes, Gus G.

Malware Able to Record Phone Conversations Looming: BitDefender

It is only a matter of time before malware evolves to record smartphone conversations. "We are going to see malware that records phone conversations and we've already seen malware that extracts contact message documents and email documents," he says. There is a lot of malware created for social media, Android devices, and computers that is highly focused on amassing information about the users, Cosoi warns. According to BitDefender's own research, 80 percent of malware found for smartphones operating on Android is designed to steal information from the phone. Cosoi predicts that the data will be used in creating various profiles which can then target the user with anything from phishing attacks to scams persuading the user to spend money. (go to web site)
Computerworld Australia; Barwick, Hamish

VIPER,VENOM Snake Critical Info Across Intergovernmental Boundaries

Security experts involved in pilot projects for the Department of Homeland Security's (DHS) Virtual USA initiative say that the technologies being tested have potential to transform the way the government coordinates geospatial information and other data-sharing capabilities. Virtual USA has launched dozens of integrative projects at the federal, state and local levels. Two of these projects, the Virtual Emergency Network of Multnomah County (VENOM) in Oregon and the Virginia Interoperability Picture for Emergency Response (VIPER), have already shown success integrating county systems with state and regional partners' systems for emergency management operations.
Government Computer News Marshall, Patrick

Bill Calls for Background Checks at Utilities

Sen. Charles Schumer (D-N.Y.) has introduced legislation that would require all employees at the nation's major power plants to undergo FBI background checks. Schumer's legislation comes after the Department of Homeland Security released a report that found that terrorists could obtain sensitive information from disgruntled former power plant employees.
Boston Globe

Creating Ag Extension Agent for Cyber

Eugene Spafford, the executive director of Purdue University's Center for Education and Research in Information Assurance and Security, is calling for the creation of a national cybersecurity extension service. Such a service would enable anyone dealing with cybersecurity threats to turn to a government agent for help. Spafford says a cybersecurity extension service could work in tandem with the U.S. National Institute of Standards and Technology's efforts to provide detailed guidance on cybersecurity issues.
GovInfoSecurity.com, Eric Chabrow

Schumer Wants End of Fake IDs From China

New York Sen. Charles Schumer wants to crack down on China for selling sophisticated fake driver's licenses to college students and under-age drinkers. Schumer is trying to get the Department of Homeland Security to ban major wire transfer companies from forwarding funds to the foreign companies who are making the licenses, most of which are in China. The fake IDs could have major national security implications as they could be used by terrorists trying to pass through airport security checkpoints.
Business First / James Fink

The Changing Face of Identity and Location Security

Organizations are increasingly shifting the security model from one that reflects a hard perimeter and a soft inside to an identity-centric model in which users are explicitly authenticated and their ID is followed through the various security strata. This makes the policies easier to manage and safer, as companies no longer use the IP address as a proxy identifier in place of users but rather identify the users regardless of their location or IP address.
Network World/Andreas M. Antonopoulos

The New Psychology of Strategic Leadership

Business strategists only have a partial understanding of their job. Michael Porter essentially argued three decades ago that the strategist must search for opportunities where competition is weak, but the best opportunities are those that are the hardest to spot and execute, and these distant opportunities require strategic leaders to be good economists and good psychologists. Strategic leaders must expertly analyze and manage market forces, as well as expertly analyze and manage their own and others' thought processes.
Harvard Business Review ; Gavetti, Giovanni

The Weakest Link in Computer Hacking? Human Error

The findings of a recent Department of Homeland Security study underscored how human error can open networks up to attacks. During the study, DHS staff members secretly left computer discs and thumb drives in plain sight in the parking lots of government buildings and private contractors. Sixty percent of the individuals who picked up the discs and thumb drives later plugged them into their work computers to see what kinds of files were on them.
Bloomberg / Edwards, Cliff; Kharif, Olga; Riley, Michael

Foreign Anti-Bribery Law Slammed; House GOP Wants FCPA Changes

Members of a House Judiciary panel are working on legislation to amend the Foreign Corrupt Practices Act,looking at changes they say would "provide greater clarity" to US businesses as they attempt to comply with the foreign anti-bribery law.
Main Justice / Christopher M. Matthews

Chamber of Commerce, Businesses Want Anti-Piracy Bill

The U.S. Chamber of Commerce and more than 750 businesses and organizations, including NBC Universal, the Motion Picture Association of America (MPAA), and the Recording Industry Association of America (RIAA), are teaming up to push Congress to pass a bill that would protect intellectual property online. Under the legislation, known as the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT IP) Act, search engines, advertisers, and payment service providers would be prevented from doing business with Web sites that the Justice Department believes are used only to engage in copyright infringement.
Reuters / Chew, Cassie M.

Workplace Violence Stats 'Seem Low'

The number of people suffering violence in the workplace could be even higher than a recent survey discovered, according to the director of an anti-occupational violence organisation. Haydn Olsen told TV ONE's Breakfast the findings of a recent Massey University study, which found a third of employees have suffered violence at work, seemed a little low.
TVNZ Interactive (New Zealand)

Enterprises Hit With More Advanced Malware-Based Attacks in 2011: Report"

Malware is increasingly being used as advanced persistent threats against enterprises, according to the latest quarterly report from Cisco.In the report, Cisco researchers did not restrict a malware encounter to just malware infecting a single system. It can also include incidents when a system was initially infected by a basic downloader, which analyzed the system and downloaded even more sophisticated data-collecting malware.
eWeek / Rashid, Fahmida Y.

Web Application Attacks Peak at 25,000 Per Hour

Corporate and government online applications are targeted by cyberattacks an average of 27 times an hour, or once every two minutes, according to an Imperva study. However, the use of automation can enable cybercriminals to carry out even larger numbers of attacks. According to Cloud Pro, the use of automation allows for 25,000 attacks an hour, or seven attacks every second.
ITPro / Jennifer Scott

Violence Afflicts ER Workers

Statistics show that violence against nurses and other caregivers at hospitals is commonplace across the country. A 2007 survey by UC San Francisco and other researchers found that nearly 40 percent of emergency room employees in California had been assaulted at work during the previous year. In addition, the Emergency Nurses Association--which represents 40,000 emergency room nurses across the country--found last year that more than 10 percent of the emergency room nurses it surveyed had been attacked in the previous week.
Los Angeles Times / Garrison, Jessica; Hennessy-Fiske, Molly

McAfee: Hackers Compromised 72 Organizations Since 2006

McAfee published a report on Aug. 2 that revealed that 72 companies and organizations in 14 countries have been targeted by an unidentified hacking group since 2006. During the attacks, the hacking group sent targeted e-mails to individuals within the companies or organizations, which included the International Olympic Committee, the World Anti-Doping Agency, and the United Nations.
IDG News Service / Ribeiro, John

DHS Should Extend Cybersecurity Collaboration With Private Sector, GAO says

The Department of Homeland Security needs to reevaluate its approach to protecting critical infrastructure and bolster public-private collaboration, especially in regard to information sharing, according to a new Government Accounting Office study. "The threats to systems supporting critical infrastructures are evolving and growing," says GAO's Gregory Wilshusen.
Homeland Security Today / McCarter, Mickey

Hackers leave CIOs on edge

Hackers on the prowl for sensitive data. Staff shortages that make it tough to implement the latest technology. A tight market for programmers that makes it easy for the best ones to jump to new jobs.
DEE DePASS and WENDY LEE , Star Tribune

The CIO Insomnia Project

The CIO Insomnia Project highlights concerns that keep technology leaders up at night.

Targeted Phishing Helped Hackers Earn $150 Million Last Month

Mass email attacks designed to target a wide-ranging audience are falling out of favor with attackers, according to research conducted by Cisco Systems Inc.
Cicso:Robert Westervelt

Disasters hit businesses hard, keeping many permanently closed

Business owners across the United States are being urged to create emergency plans, so that they can continue operating in the wake of a natural disaster; according to the Insurance Institute for Business and Home Safety, 25 percent of businesses hit by a natural disaster are unable to continue functioning
Homeland Security Newswire

Organized Retail Crime Grows, Criminals Becoming More Violent

Organized Retail Crime Grows, Criminals Becoming More Violent This year’s survey found that organized retail crime affects almost every single retailer, with 95 percent reporting they have been a victim of organized retail crime in the past 12 months, up six percent from last year. Although retailers continue to build their defenses against this growing problem, criminals are finding myriad ways to work around the system. Retailers are also reporting that the criminals they apprehend are increasingly resorting to violence, putting the safety of both associates and customers at risk.
National Retail Federation

Cargo Theft Poses Major Problem for Retailers

The scope of most criminal enterprises extends far beyond store limits. For the first time in the survey’s history, NRF polled retailers about this threat and found that nearly half of all respondents said they have been a victim of cargo theft within the past year. The survey found most cargo theft occurs en route from the distribution center to the store, but other points within the supply chain are just as vulnerable. This not only affects a retailer’s bottom line, it also affects what consumers end up seeing on the shelves at the store and the amount of inventory available.
National Retail Federation

Top Cities Impacted by Organized Retail Crime

Top Cities Impacted by Organized Retail Crime Crime rings throughout the country often take advantage of big cities and large highways to move their stolen merchandise and hit multiple targets. When asked where in the United States retailers have the most problems with criminal gangs and organized retail crime, cities including Los Angeles, Miami, New York and Dallas were listed. Making the list for the first time, Las Vegas and Phoenix are now among the top 10 metropolitan areas retailers say are affected, indicating criminal enterprises continue to travel the country. Many times, retailers and law enforcement officials find it difficult to track these crime gangs because they cross state lines in a matter of hours. New technologies, however, are beginning to play a vital role in tracking thefts and criminal behavior even through various states and at different retail companies.
National Retail Federation

FBI Set to Kill Secret-Stealing Russian 'Botnet.' Is Your Computer Infected

The U.S. Federal Bureau of Investigation (FBI) has seized control of a Russian botnet that commandeered millions of personal computers that may have penetrated U.S. diplomatic, military, and law enforcement computer systems The FBI says it may have to remove the malware from the computers in the network to permanently neutralize the botnet. More than 1 million of the 2.3 million PCs recruited in the Coreflood botnet are U.S.-based....
Christian Science Monitor; Clayton, Mark

Report Reveals That Smaller Merchants Face the Biggest Security Threats

Criminals who want to steal debit and credit card information are targeting smaller merchants and retailers, according to a recent Trustwave report. Ninety percent of the card security breaches that took place in e-commerce last year involved Level 4 merchants, or those that process less than 1 million total payment card transactions and fewer than 20,000 e-commerce transactions each year.
EcommerceJunkie

Pentagon: Online Cyber Attacks Can Count as War

The Pentagon has concluded for the first time that computer sabotage coming from another country can constitute an act of war, a finding that would allow the United States to retaliate with conventional forces. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," says a military official.
Wall Street Journal; Gorman, Siobhan

"Workplace Suicides at Record High in '08, '09"

Workplace suicides reached a record high in 2008 and 2009, according to U.S. Department of Labor data. Since data on workplace suicides began being recorded in 1992, there have been a total of 34,598 incidents. In 2007, there were 196 incidents, but in 2008 and 2009, that number jumped to 263. The majority of the people that committed suicides in those years were men.
MarketWatch; Mantell, Ruth

Cyber-Attack Against Government of Canada an Urgent Warning to Businesses

Canada's government revealed in mid-February that the networks of the Department of Finance and Treasury Board were significantly compromised. At least one major news organization reported that the cyberattacks originated in China, and may have gone undetected for a month or more. The breach caused Internet access to be temporarily shut down in some parts of the government to prevent further exposure.
Mondaq; Gaertner, Jerrard

Phishing Emerges as Major Corporate Security Threat

Phishing emails are now cybercriminals' preferred method for breaking into corporate networks, according to Invincea founder Anup Ghosh. Ghosh notes that cybercriminals tend to prefer to use phishing emails to break into corporate networks because they are usually very effective
Network World; Vijayan, Jaikumar

Cyber Attacks Rise at Critical Infrastructure Firms

security executives from electric, gas, water, sewage, and oil companies, said that their companies were targeted by at least one large denial-of-service (DoS) attack last year.
CNet; Mills, Elinor

Hacker Spies Hit Security Firm RSA

Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds.
Wired

Notorious Spamming Botnet Takes a Fall

A large network of hacked computers called Rustock, which was responsible for a great volume of spam, has shut down, perhaps as a result of another coordinated take down by security researchers.

Pirate attack prediction model developed

A mathematician has developed a piracy prediction model based on wind, waves, currents, as well as on the ground intelligence that could help predict the probability of a pirate attack on a given day; the system would function like a tornado warning system using weather data to project high risk areas on a map; the map could be further refined by adding in real time shipping traffic to indicate which ships are most likely to be attacked; piracy has grown worse in the last year, despite stepped up naval patrols; 80 percent of the world's cargo still travels by sea
HSNW

Worksite enforcement compliance

In October, U.S. Homeland Security Secretary Janet Napolitano announced that under the Obama administration, one of its key agencies, Immigration and Customs Enforcement (ICE), had audited more than 3,200 employers and imposed an estimated $50 million in fines for worksite violations. That exceeded the number of audits and fines collected during the full eight years of the Bush administration, she said.
Groban, Robert S., Jr.,Strasser, Frederick Warren

New Tactics in War on Terror -- Litigation

In a developing trend, Islamic extremists and civilians could increasingly battle one another in the court room. Islamic extremists are increasingly using lawsuits to threaten and intimidate civilians across the world; the Danish newspaper Politiken, which published the controversial Danish Mohammed cartoons in 2005, has been hit by a civil lawsuit; a Danish MP was recently forced to plead guilty to hate speech for speaking his mind about Islam; civilians can also use the courts to go after extremists using similar tactics.
Homeland Security Newswire

FBI Releases Preliminary Semiannual Crime Statistics for 2010

According to the FBI's Preliminary Semiannual Uniform Crime Report, the nation experienced a 6.2 percent decrease in the number of violent crimes and a 2.8 percent decline in the number of property crimes from January to June 2010 compared with data from the same time period in the prior year. The report is based on information from more than 12,000 law enforcement agencies that submitted three to six comparable months of data to the FBI during the first six months of 2009 and 2010.
The Federal Bureau of Investigation

Odds someone else has your SSN? One in 7

That’s the stunning conclusion of a San Diego company's analysis of 290 million Social Security numbers, which found that 40 million of them have been attached to more than one name. The study, conducted by the fraud-fighting firm ID Analytics, is the first of its kind that’s been made available to the public.
The Red Tape Chonicles; Bob Sullivan

Counterfeiting and Piracy: At What Cost?

A new European study attempts to assess the impact of counterfeiting and piracy on the EU’s creative industries. Another report, however, says that it is difficult, if not impossible, to quantify the economic effects of counterfeiting and piracy.
Security Management/Stephanie Berrong

Web 2.0 Helps in Disaster

When the catastrophic earthquake struck Haiti on January 12, Patrick Meier, a doctoral candidate at Tufts University’s Fletcher School of Law and International Diplomacy in Medford, Massachusetts, and cofounder of the International Network of Crisis Mappers wanted to help. He contacted friend and programmer David Kobia in Atlanta about adopting a simple Web-based crisis-mapping program they developed two years earlier in response to post election violence in Kenya.
Security Management/Joseph Straw

Microsoft Finds U.S. Leads in Botnets

Microsoft said at the RSA Conference 2010 in London that it had repaired 6.5 million botnet-infected machines between April-June 2010, twice the number identified and removed during the second quarter of 2009. The United States has the dubious distinction of being the nation with the most botnet infestations.
InformationWeek; Claburn, Thomas

U.S. Companies Are at Risk of Spying by Their Own Workers"

Huang Kexue has been charged with economic espionage after he allegedly began sharing secrets gleaned from his work at a Dow Chemical lab in Indiana with Chinese researchers. Huang has a grant from the Natural Science Foundation of China. He grew up in China but has lived legally in the U.S. or Canada since 1995. However,.....
New York Times; Drew, Christopher

Intrusions at Large Companies Up Sharply in 2010, Study Says

More than 66 percent of enterprises say they have encountered system intrusions in the past 12 months, a significant increase from the 41 percent that reported such intrusions in 2009. VanDyke Software's Sixth Annual Enterprise IT Security Survey finds a noticeable increase in the proportion of large companies reporting a breach of their user machines, office networks, and/or servers.
DarkReading; Wilson, Tim

Georgia Tech Information Security Center Releases Cyber Threats Forecast for 2011

The Georgia Tech Information Security Center (GTISC) has identified the top security risks and concerns for consumer and business Internet and computer users in 2011. According to the GTISC Emerging Cyber Threats Report for 2011, cybercriminals are focusing more on mobile and networked devices to steal data and disable systems from a variety of venues.
Georgia Institute of Technology; Terraso, David

Al-Qaeda Affiliate Calls for D.C. Strikes

The latest edition of Al-Qaida in the Arabian Peninsula's (AQAP) online publication "Inspire," which is read by the group's English-speaking followers, includes a number of threats of terrorist attacks against the U.S. For instance, the publication calls for the group's followers to launch shootings at restaurants in Washington, D.C., during lunch hour.
Washington Post, P. A16 ; Miller, Greg

DHS Drafts Certification Program for Small Business Preparedness

As part of an effort to make it easier for small businesses to certify that they meet national voluntary preparedness standards, the Department of Homeland Security has published a small business classification in the Voluntary Private Sector Accreditation and Certification Preparedness program.
Washington Technology; Lipowicz, Alice

Georgia Tech Researchers Design System to Trace Call Paths Across Multiple Networks

Georgia Tech researchers have developed PinDr0p, a method for tagging fraudulent calls with a digital fingerprint that will help separate legitimate calls from phone scams. PinDr0p can analyze and assemble voice phishing call artifacts to create a digital fingerprint.
Georgia Tech News; Terrazas, Michael

Was Stuxnet built to attack Iran's nuclear program?

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor. That's the emerging consensus of security experts who have examined the Stuxnet worm.
IDG News Service/By Robert McMillan

SEC Pushes Companies for More Risk Information

The Securities and Exchange Commission has been prodding companies in recent reviews of regulatory filings to provide more information about the risks they face.
rah Johnson - CFO.com

Top 10 Threats for IT Security in 2011

In the future, online security threats will be much the same as they are now – but with a few new twists.
ITPro; Kobie, Nicole

FBI says violent crime reported to police declined in 2009 for the third straight year

WASHINGTON - Violent crime is down for the third straight year. Property crime for the seventh. But why?

Experts are hard-pressed to come up with an explanation.
Associated Press/Pete Yost

Real World Software Security

Building secure software isn't as simple as adding cryptography and authentication. Nor is it a matter of plunking down a firewall in front of your Web apps. It's about adjusting the software development life cycle, teaching developers about security, choosing the right tools and techniques for writing code, and adapting the development culture to care about security.
By Gary McGraw/Information Week

MBA Oath--Setting a Higher Standard for Business

Two members of the 2009 Harvard MBA class enlisted classmates and others in creating an oath for MBAs which they hope will provide a standard for business leaders similar to that which the Hippocratic Oath provides for physicians. Their intent is to return to the orignal purpose of business school, namely to professionalize management. Somewhere along the way, that intent got narrowed to the pursuit of profit.
http://mbaoath.org/

Criminals, spies dominate cyber world, with little to deter them

White House cyber security coordinator Howard Schmidt says the U.S. economy essentially rests on safe Internet facilities; last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted; yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose; almost half of small businesses don't use antivirus software and even fewer use it properly.
HSNW Cybersecurity

41 Banking Breaches So far in 2010

There have been 41 data breaches involving financial institutions so far in 2010 - well on the way to surpassing the 62 such incidents in all of 2009. But it isn't the number of incidents that concerns Linda Foley, head of the Identity Theft Resource Center, which tracks these breaches. Rather, it's the trend of corporate account takeover resulting from ACH and wire fraud.
Bank Info Security / Linda McGlasson

Working to stay wired is now business as usual

While the article is focused primarily on the internet and its impact on travel and travel contingency planning, it brings to light the risk associated with basing all of one’s contingency planning on a single communication source.
JOE SHARKEY, New York Times

Feds charge couple in $40M theft of GM hybrid car tech for Chinese company

An FBI investigation has lead a Michigan couple to be charged with stealing hybrid car information from GM to use in a Chinese auto outfit.
Network World - Michael Cooney

Critical infrastructureMalicious virus targets SCADA systems

Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment; SCADA is used to control U.S. critical infrastructure -- power plants, oil and gas refining, telecommunications, transportation, dams, water, waste control, and more; Siemens is warning customers of a new and highly sophisticated virus that targets SCADA systems; these systems are typically not connected to the Internet for security reasons, but this virus spreads when an infected USB stick is inserted into a computer
Robert McMillan/Computerworld

Cutting Back on Security

Companies are cutting back on security for CEOs and other executives in the wake of economic strains and increased scrutiny of such expenses by boards and shareholders, according to early reports based on 2009 proxy statements.
Kristen B. Frasch / Human Resource Executive Online

Secureworks World Cup of cyber security finds India the safest nation, U.S. the least safe

Digitally speaking, the United States is the least cyber-secure country in the world: with 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers; India is the safest digital country in the world, with a mere 52 attacks per 1,000 PCs.
Tech Digest-SecureWorks

Workplace Snooping and Data Theft on the Rise

A recent Cyber-Ark Software survey of 400 senior IT administrators in the U.S. and the U.K. has found that 35 percent of respondents believe sensitive information has been given to competitors
Network World; Nguyen, Anh

U.S. Plans Cyber Shield for Utilities, Companies

The U.S. government is launching a program nicknamed "Perfect Citizen" to detect cyber assaults on private U.S. companies and government agencies running critical infrastructure.
Wall Street Journal; Gorman, Siobhan

20 Critical Security Controls Your Organization Should Focus On

The 20 pivotal security controls listed in the Consensus Audit Guidelines represent the top priority defenses that organizations should focus on, based on the probability of real-world events.
Federal Computer Week ; Moore, John

DHS Puts Teeth Behind CFATS

The Department of Homeland Security (DHS) has taken its first step towards the enforcement of the Chemical Facility Anti-Terrorism Standards (CFATS) by sending 18 chemical companies orders to complete site-security plans for their facilities within 10 days. CFATS, which were established in 2007, require a risk-based approach for regulating chemical companies.
MATT KORADE, CQ STAFF/Congressional Quarterly Homeland Security

Security Managers Report Weak Threat Defenses

A new survey conducted by Ponemon Institute and sponsored by NetWitness reveals that 83 percent of information security professionals say their organizations have been attacked recently by advanced threats, and 71 percent report that such attacks have increased in the last year.
InformationWeek; Schwartz, Mathew J.

SMB Security: Fight the Right Fight

Security remains a critical part of everyday operations for any business, but many SMBs have inadequate IT protections in place. Some SMB managers have neglected IT security on the grounds that enterprises are more likely targets; yet SMB hackers are just as common and usually these attacks are aimed at infiltrating a firm's bottom line.
InformationWeek; Davis, Michael A.

China Pushing the Envelope on Science, and Sometimes Ethics

China has rocketed back into the top ranks of scientific research by being free from the social and legal hindrances common in the West and due to its investment of billions of dollars. Nearly every Chinese ministry boasts a program to gain a technological lead of some sort, and in May a Chinese supercomputer was named the second fastest machine in the world at an international conference in Germany.
Washington Post- P. A1 ; Pomfret, John

Napolitano to Launch Rail Security Campaign

Homeland Security Today (06/30/10) ; McCarter, Mickey Homeland Security Secretary Janet Napolitano will spend Thursday traveling from New York City to Washington, D.C., in order to promote rail security.
Homeland Security Today; McCarter, Mickey

Network Security Threats Increasing

A study carried out by netForensics, a security information and management provider, finds that 80 percent of information technology (IT) managers anticipate an increase in network-borne security threats throughout 2010 and 2011, and 85 percent see their security landscapes becoming more opaque.
InformationWeek; Schwartz, Mathew J.

Cruise Ship Security Bill Clears Congress

The U.S. Senate has passed the Cruise Vessel Security and Safety Act, after it received broad bipartisan support in the House with a vote of 416-4 last year. The measure requires cruise ships to tighten security measures and report alleged crimes.
CNN ; Grinberg, Emanuella

FTC Says Scammers Stole Millions, Using Virtual Companies

The U.S. Federal Trade Commission has broken a long-running online scam orchestrated by offshore fraudsters that enabled them to steal millions of dollars from U.S. consumers. FTC attorney Steve Wernikoff says the fraudsters exploited loopholes in the credit card processing system so that they could establish bogus U.S. companies that then ran more than 1 million fake credit card transactions through authentic payment processors.
IDG News Service; McMillan, Robert

White House Cybersecurity Czar Unveils National Strategy for Trusted Online Identity

The White House has released a draft plan designed to make online transactions safer. The plan outlines a national strategy for trusted digital identities that could ultimately phase out the username-and-password model and establish a platform for a national federated identity infrastructure.
DarkReading; Higgins, Kelly Jackson

Come Together Over Cybercrime

Cybercrime was the topic of a panel at the CFO Core Concerns conference, where Greg Schaffer of the Department of Homeland Security warned that it is not a future problem but a current and existing one.
CFO; Leone, Marie

"Corporate Boards Weak On Security, But Improving"

InformationWeek cites a new study by Carnegie Mellon University's CyLab in reporting that "more than half of Fortune 1000 companies lack a full-time chief information security officer, only 38 percent have a chief security officer, and just 20 percent have a chief privacy officer."
InformationWeek; Schwartz, Matthew

"In Debate, Audience Finds that the Cyberwar Threat Is Not Exaggerated"

A panel of four leading security experts recently held a debate about the threat of cyber warfare. The discussion emphasized that the threat is indeed very serious.
DarkReading; Wilson, Tim

"Corporations Must Protect Data, Says CMY CyLab Report"

A new study by Carnegie Mellon University's CyLab concludes that corporate boards of directors and senior management aren't adequately involved in the privacy and security of their computer systems and data.
Pittsburgh Tribune-Review

"10 R&D Cybersecurity Initiatives Congress Seeks"

The Protecting Cyberspace as a National Asset Act of 2010, which was recently introduced in the U.S. Senate, lists 10 research and development (R&D) initiatives the government would support to secure information systems and networks.
GovInfoSecurity.com; Chabrow, Eric

"Boeing Among Defense Firms Fighting Cyberterrorism"

Boeing and other defense contractors are making an aggressive push for government contracts to develop defensive and offensive cyber warfare solutions. Contractors have to secure their own systems beforehand, and in 2009 Boeing transitioned to a smart card system to gain access.
St. Louis Post-Dispatch; Lambrecht, Bill

"Money Trumps Security in Smart Meter Rollouts, Experts Say"

Utilities are rushing to implement smart meter programs as the U.S. government distributes stimulus money, but these electric companies are putting security on the back burner, a decision that could hurt the grid and consumers. The security weaknesses could allow criminals to steal data from customers, cut off power to buildings, and cause outages
CNet; Mills, Elinor

Botnets Target Websites With 'Posers'

Botnets are increasingly setting up sham online accounts on legitimate Web sites and online communities in to steal data from companies. This
Dark Reading; Higgins, Kelly Jackson

Business Continuity, Not Data Breaches, a Top Concern for Tech Firms

Data breaches are not the top concern of large technical companies, according to a BDO study. The study examined the risk factors the companies listed in their fiscal year 2009 10-K SEC filings and found that security breaches, privacy, and theft were mentioned by 44 percent of firms, making those concerns the 23rd most important risks among the companies studied.
CSO Online; Goodchild, Joan

Workplace Suicides on the Rise

Workplace suicides have been a growing problem in the U.S. over the last several years. According to statistics released by the Department of Labor, there were 251 workplace suicides in 2008, the most recent year for which data was available. That represents a 28 percent increase over the 196 workplace suicides that were recorded in 2007.
MSNBC; Tahmincioglu, Eve

Defense Bill Beefs Up Cybersecurity

On May 28, the U.S. House of Representatives passed an amendment to the FY11 Defense authorization bill that seeks to overhaul federal cybersecurity.
CongressDaily; Aitoro, Jill

Keeping Control: Cutting Security Costs May Increase Risk

The main challenge for controllers during an economic downturn is to identify the most successful cost-cutting strategies without making the organization more susceptible to burglaries, insider thefts, and other risks. In a recent survey, Security Budgets & Cost-Containment Strategies 2010, this publication asked security leaders about their organizations' total projected budget for physical and asset security in 2009, including planned capital expenditures and security operating budget.

Cyberattacks Seen as Top Threat to Zap U.S. Power Grid

A recent report from the North American Electric Reliability Corp. (NERC) has found that power-generation grids in the United States and Canada face three major risks.
Network World; Messmer, Ellen

The Cybersecurity Changes We Need

The Obama administration's progress toward the goal of making the U.S. digital infrastructure "secure, trustworthy, and resilient" has been sluggish on account of the general perception of cyber security as a drag on short-term economic prosperity, write Harvard Law School Professor Jack Goldsmith and Melissa Hathaway, a member of INSA's Cyber Security Council.
Washington Post; P. A19 ; Goldsmith, Jack; Hathaway, Melissa

DHS Announces New Standards for Private Sector Preparedness

"These new standards will provide our private sector partners with the tools they need to enhance the readiness and resiliency of our nation."

Data Breach Reports Now Posted Online

The Department of Health and Human Services (HHS) is now listing healthcare-related breaches on its Web site. Since the organization started this practice in February, there have been 64 incidents reported, affecting more than 1 million people.
American Medical News; Dolan, Pamela Lewis

U.S. Struggles to Ward Off Evolving Cyber Threat

More than 100 foreign spy agencies, as well as criminal organizations and terrorist groups, are probing U.S. computer systems thousands of times per day and scanning them millions of times daily, says U.S. Department of Defense official James Miller
Reuters; Stewart, Phil; Wolf, Jim

U.S. Air Force shifts 30,000 troops to "cyberwar front lines"

The USAF has assigned 30,000 to cyberwarfare specialties; 3,000 will become cyberspace officers; Brigadier David Cotton, director of cyberspace transformation, says about the new specialty: "It’s not just spray paint, it’s a new mindset"
Homeland Security Newswire

Major US Oil Companies' Networks Infiltrated by Spies

Three major US oil companies were targeted by sophisticated espionage attacks in 2008; they were unaware of the scope of the problem until the FBI notified them in late 2008 and in 2009.
Christian Science Monitor

Security Breaches Hit Highest Ever Level

Internal security breaches are affecting organizations now more than ever, according to PricewaterhouseCoopers' annual security survey. The survey revealed the most breaches in the decade-long history of the survey, even eclipsing the high volume of worm infections in 2004.
ITPro; Scott, Jennifer

The Time has come for GRC Convergence

The Economics Intelligence Unit, in a survey entitled "The Convergence Challenge" carried out on behalf of KPMG International, finds that 64 percent of businesses identify goverance risk and compliance (GRC) convergence as a key priority.
KPMG

Chemical Plant Security Re-Engaged

The Senate is reportedly preparing to introduce a new bill that would give the Department of Homeland Security (DHS) greater oversight to require major manufacturers and users of deadly chemicals such as chlorine to either switch to a safer alternative or step up security measures.
Politico; Morris, Jim

OTJ Is A-OK

A new survey from McKinsey & Co. paints a decidedly mixed picture of corporate training initiatives. On the one hand, executives rank "capability building" as a top priority — 15% of senior leaders, in fact, rate it as the top priority, while 55% place it in the top three. See Chart.
Scott Leibs - CFO Magazine

Personal texting on a work phone? Beware your boss

We've all probably done it -- whether it was texting about dinner plans on a company cell phone or updating friends about a vacation via company e-mail.
CNN; Stephanie Chen

Report: Most Targeted Attacks Originate From China

A study of targeted email attacks by Symantec MessageLabs has found that more than one-third of the IP addresses involved in those attacks are based in the United States.
Dark Reading; Higgins, Kelly Jackson

Researchers Trace Data Theft to Intruders in China

Over the past eight months a team of U.S. and Canadian researchers have spied on a gang of intruders that stole sensitive information from the Indian Defense Ministry and traced them to China
New York Times P. A1 ; Markoff, John; Barboza, David; Bajaj, Vikas

Why Chemical Plants Are Vulnerable to Terrorism

Recent reports show that the Department of Homeland Security (DHS) has inspected 12 of the 6,000 chemical plants and other facilities that were tagged for special security measures after Sept. 11.
Houston Chronicle; Hatcher, Monica

Security driven by compliance, rather than protection

Although corporate intellectual property makes up 62 percent of companies' data assets, most companies' security programs are focused on complying with regulations rather than protecting data, a new report by Forrester Research has found.
CNet; Rosenberg, Dave

Measure Would Force White House, Private Sector to Collaborate in Cyber-Crisis

are gearing up to reintroduce a piece of legislation first unveiled last year that aims to improve the security of the nation's computer networks. Under the legislation, known as the Cybersecurity Act, the White House would be required to work with the private sector to formulate a response to a crisis that affects vital computer networks. Such a response would involve determining which industry networks are considered "critical" and determining how those networks should be protected.
Washington Post; P. A04 ; Nakashima, Ellen

Internet Fraud's U.S. Price Tag Put at $550 million

A recent report from the Internet Crime Center shows that U.S. citizens lost more than $550 million as the result of online fraud in 2009, an amount that is more than double what it was in 2008.
Los Angeles Times; Pfeifer, Stuart

First Data's Composite Security System-A Game Changer?" Green Sheet

"As big [merchants] harden up their systems, [cyber criminals] are going down low, and our market research shows that although there's quite a bit of education to be done with the merchant community, awareness is growing rapidly," says First Data's Craig Tieken.

HR and Facebook: It's complicated

This article offers some good advice for those who use social networking sites as an employment background screening tool.

Wanted: Defense Against Online Bank Fraud

A growing number of small businesses are losing large sums of money through attacks on their online banking accounts.
Wall Street Journal; Richmond, Riva

Corporations' Cyber Security Under Widespread Attack, Survey Finds

A recent survey of IT professionals in more than a dozen countries finds that more than 50 percent have witnessed 'high-level' attacks on their companies' computer systems.
Christian Science Monitor; Clayton, Mark

In Secret, Nations Work Toward Crackdown on Piracy

The U.S. is working with a number of other countries, including the European Union, Japan, and Australia, to complete a Anti-Counterfeiting Trade Agreement by the end of this year.
New York Times; Pfanner, Eric

Tough times leave employers on edge about workplace violence

Instances of workplace violence may rise as tough times keep workers feeling low

Survey: Data Breaches From Malicious Attacks Doubled Last Year

Data breaches at U.S. companies resulting from malicious hacks and botnets increased more than 100 percent between 2008 and 2009 and cost significantly more than breaches attributed to human error or technical glitches, says a new Ponemon survey to be released Jan. 25.
CNet; Mills, Elinor

More Researchers Going on the Offensive to Kill Botnets

Researchers are increasingly being proactive in their efforts to go after botnets, as evidenced by the recent shutdown of the Lethic spamming botnet
DarkReading; Higgins, Kelly Jackson

Cyber Crime Called Out as 'Clear and Present Danger' by Deloitte's New Center for Security & Privacy Solutions

Survey numbers do not lie, nor do they always tell the whole story, which is precisely the focal point of a new report about the prevalence and seriousness of the threat of cyber crime, issued today by Deloitte's new Center for Security & Privacy Solutions (the Center).
NEW YORK/PRNewswire/

Data Breaches: The Insanity Continues

The attached link routes to the web site of the Identity Theft Resource Center (ITRC) and specifically to an article (more along the line of an editorial) about 2009 publicly acknowledged data breaches. The page also contains links to data breach reports published by ITRC.
ITRC

iJET Outlines Risk Landscape for 2010

Risk Systems, a leading provider of global intelligence and business resiliency services, today outlined the major risks and trends that it anticipates will most significantly affect risk management and business resiliency planning in 2010. iJET also outlined key steps organizations can take to mitigate these increased disruptions.

Energy Set to Form New Group to Protect Electric Grid From Cyberattacks

The U.S. Energy Department is starting a public-private group to better protect the country's electric grid from cyberattacks.
NextGov.com; Aitoro, Jill R.

Top Internet Security trends from Symantec

BANGALORE, INDIA: The year 2009 has been a milestone when it comes to cyber security. From spam mails based on swine flu and MJ's death to phishing attacks carried out on popular social networking sites to the explosion on new variants of malware, 2009 has seen it all. 2010 is slated to be a lot worse.
CIOL.com

Wanted: Cyber Ninjas

In recent years, the need for cybersecurity experts has increased significantly as military contractors, federal agencies, software companies, and other industries look for ways to keep their networks safe from hackers

As Internal Audit Staffs Shrink, Will Fraud Rise?

Compliance and internal audit experts were heavily recruited a few years ago when the Sarbanes-Oxley Act was passed, but today those departments are suffering layoffs along with the rest of America
CFO; O'Sullivan, Kate

Where in the World Is Contactless Payment

Many hospitality operators are installing contactless payment options at thousands of their venues, including convenience stores and fast-service restaurants.
Hospitality Technology Magazine; Powers, Vicki

MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline

MasterCard has decided not to mandate that Level 2 merchants have an on-site qualified security assessor (QSA) evaluation completed by the end of next year.
Storefront Backtalk; Schuman, Evan

Is HITECH Destined to Be a Cybercrime Stimulus Act?"

The Health Information Technology for Economic and Clinical Health Act encourages hospitals and other providers to adopt electronic medical record (EMR) platforms with the help of $19 billion in health information technology funding.
Information Security; Granneman, Joseph

ID Theft Threats to Watch in 2010

Identity Theft Resource Center executive director Jay Foley identifies a number of ID theft trends and threats to watch for in 2010. He notes that the most prominent ID theft story in 2009 was the Heartland security breach orchestrated by Albert Gonzales, which involved the compromise of more than 130 million credit and debit card accounts.
BankInfoSecurity.com; Field, Tom

Top 5 Regulatory Priorities for 2010

Financial institutions will be under additional pressure next year due to increased regulatory scrutiny, with issues such as the federal data breach notification bill taking center stage. Experts say it is only a matter of time before the U.S. Congress passes the final version of the breach legislation, which contains several measures that would override existing state regulations.
BankInfoSecurity.com; McGlasson, Linda

The Supreme Court will decide what protections the Fourth Amendment provides employees.

Here’s a story about a court decision that certainly could impact the lives of many security professionals
ROBERT BARNES, Washington Post

Report: China's After U.S. Secrets, Technology

U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Thomas Claburn, InformationWeek; Special to Dark Reading

"Cyberattacks Against Critical U.S. Networks Rising at a Faster Rate"

Cybersecurity attacks against network systems that run U.S. infrastructure, such as transportation systems and water and sewage treatment plants, are on the rise, primarily because these industries are supported by antiquated technologies that do not have the capacity to deflect sophisticated attacks.
NextGov.com; Aitoro, Jill R.

"Cisco Security Survey: Cybercrime Taking a Page From Business Schools"

A recent security report from Cisco has found that cybercriminals are increasingly using classic business structures in their efforts to develop and deploy malware that is designed to help them make a profit.
Network World; Greene, Tim

"Hacked Email Climate Scientists Receive Death Threats"

Two scientists involved in "Climategate," the term that was coined to refer to the hacking of e-mail messages at the Climate Research Unit (CRU) of the University of East Anglia, U.K., have received death threats via e-mail since their messages were leaked last month.
Guardian Unlimited; Ravilious, Kate

Cost of Security, IT Management Add Up at Healthcare Facilities, Study Finds

The drive to digitize healthcare records may ultimately prove to have no cost benefits, according to researchers at Harvard University.
SearchSecurity.com; Westervelt, Robert

Program to Help Truckers Attracts Drug Smugglers

Some security experts are criticizing the Customs-Trade Partnership Against Terrorism (C-TPAT) program, which allows trusted trucking companies to pass through the U.S.-Mexican border more quickly.
Associated Press; Sherman, Christopher

SMALL BUSINESS ALERT: Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

A scan of the Internet by Columbia University researchers searching for vulnerable embedded devices has found that nearly 21,000 routers, Webcams, and VoIP products are vulnerable to remote attack.
Wiried News; Kim Zetter

Galleon Case Prompts Firms to Plug Leaks

Companies are currently undertaking extensive damage control measures following criminal allegations brought against Galleon Group found Raj Rajaratnam that allege he was involved in an insider-trading scheme that also involved a number of corporate executives and empoloyees.
WSJ; Amol Sharma & Susan Pulliam

FTC Delays Launch of ID-theft Program

The US Federal Trade Commission (FTC) has pushed back the deadline for business to comply with the Red Flags Rule identify theft prevention program from Aug. 1 to Nov. 1.
WSJ; Joseph Pereira

Feds Oil up Their Anti-Bribery Machine

The US government is increasing enforcement of the Foreign Corrupt Practices Act (FCPA), raising the likelihood for personal liabilities faced by CFOs.
CFO; David McCann

CEOs Underestimate Security Risks, Survey Finds

CEOs tend to minimize the IT security vulnerabilities faced by their own businesses, according to a recent Ponomon Institute survey of corporate executives.
Computer World; Jalkumar Vijayan

China Expands Cybersprying in US, Report Says"

The US-China Economic and Security Review Commission issued a report on Thursday that said that the Chinese government is increasingly launching cyberspying operations against the US ,and that those operations are "straining the US capacity to respond."
Wall Street Journal; Siobhan Gorman

Report: China's After U.S. Secrets, Technology

U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system.
Thomas Claburn, InformationWeek

FBI warns of $100M cyber-threat to small business

Cyberthieves are hacking into small- and medium-sized organizations every week and stealing millions of dollars in an ongoing scam that has moved about US$100 million out of U.S. bank accounts, the U.S. Federal Bureau of Investigation warned Tuesday.
Robert McMillan (IDG News Service)

Threat Level Privacy, Crime and Security Online Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack.
Kim Zetter

More Job Seekers Scramble To Erase Their Criminal Past

Due to increased corporate background checks and the continually tight job market, many job hunters are looking to legally clear their criminal records.
Wall Street Journal; Belkin, Douglas

The DHS Private Sector Preparedness (PS-Prep) Program and Standards

ASIS Commissioner Dr. Marc H Siegel describes the intent of the DHS PS-Prep Program as promoting "voluntary private sector preparedness."
Continuity Central; Siegel, Marc H.

ID Theft Red Flags Rule: What Have Exams Uncovered?

Twelve months have passed since federal regulators began auditing banks and credit unions for adherence to the Identity Theft Red Flags Rule, and institutions have fared pretty well so far, regulators say.
BankInfoSecurity.com; McGlasson, Linda

Survey: Few Companies Addressing Cyberterrorism

Few companies and government agencies are addressing the threat of cyberterrorism in their disaster recovery plans, according to a new AFCOM survey
CNet; Whitney, Lance

Most Small Merchants Still Not PCI-Compliant

SecurityMetrics' Wenlock Free says that 75 percent of Level 4 merchants—which Visa defines as those that process less than 1 million Visa transactions a year—probably do not even know what PCI stands for. Trustwave's Doug Klotnia attributes the lack of awareness about PCI compliance to the fact that many small businesses do not know what kind of data they store. He says that many businesses do not understand the payment process or the fact that the systems of other small merchants are being breached.
CardLine

Federal CIO Kundra Plans Cybersecurity Dashboard

The Obama administration will release new measurements and metrics to aid the U.S. government's cybersecurity initiatives, federal CIO Vivek Kundra told Congress in late October.
InformationWeek; Hoover, J. Nicholas

Homeland Security Backs Cell Phone Sensors to “Crowdsource” Detection of Deadly Chemicals

The Department of Homeland Security (DHS) has announced that it spent approximately $3 million over the past year to fund three different research programs designed to develop miniaturized sensor technologies for detecting deadly chemicals.
Xconomy; Bigelow, Bruce V.

"The DHS Private Sector Preparedness (PS-Prep) Program and Standards"

ASIS Commissioner Dr. Marc H Siegel describes the intent of the DHS PS-Prep Program as promoting "voluntary private sector preparedness.
Continuity Central; Siegel, Marc H

Galleon Case Portrays a World of Corporate Leaks

Reg FD, which was implemented in 2000, prevents corporate executives from selectively disclosing information to analysts and investors.
Reuters; Chasan, Emily; Das, Anupreeta

EU Balks at Employee Monitoring

In a number of EU countries, companies must obtain written, individual consent before they can launch any type of monitoring, according to Lothar Determann, a partner in the Palo Alto, Calif., office of the law firm Baker & McKenzie. In addition, countries such as the Netherlands and France require companies to make filings with labor authorities before they can begin monitoring their employees, while Germany and Italy require companies to at least notify--and sometimes consult--trade unions or other representative organizations before beginning a surveillance program. Even when companies meet these regulations, employee monitoring programs can be successfully challenged. As a result, companies that do business in Europe should avoid monitoring their employees as much as possible, said Gartner Research Vice President Arabella Hallawell. If companies that do business in Europe feel that they must monitor their employees, there are a number of steps that they can take to reduce the likelihood of a legal challenge to the surveillance program. For example, companies that use data loss prevention (DLP) tools may want to consider using those tools in conjunction with masking software, which can exclude information about specific employees from reports on DLP-related activity. In addition, companies should be sure to disclose as much information about their surveillance programs as possible, Determann said.
Security Management (10/09) Vol. 53, No. 10, P. 48

Saving Green Sometimes Means Going Green

Many companies are facing tough economic times and must do more business on less revenue. But at the same time, the environmentally friendly aspect of business is still a highly desirable trait that clients and end-users demand. How can the security executive balance losses in revenue coupled with budget cuts, but still boast being an environmentally-conscious company?
Security Magazine

Metrics For Success: Empower Customers Through Awareness

Security has a unique perspective on risk that comes from gathering, analyzing and understanding threat and risk data. This insight obligates us to make our customers aware of the risks that could affect them...
Security Technology Executive

A Scheme For Protecting Content

Putting content online is a risky game. You could win an audience measured in the millions and lose control of your work to pirates. Slapping a digital padlock on content could protect you. But it could also turn off consumers altogether.
Forbes.com

Information Security Professionals Struggle with Rise of Facebook and Other Web 2.0 Tools

The predictable tension between information security officers and early adopters in state and local IT is brewing again. This time it pits proponents of social networking sites against security officials who see fast-growing tools, like Facebook and Twitter, as conduits for malware and data breaches.
Government Technology

How Strategy Shapes Structure

Instead of letting the environment define your strategy, craft a strategy that defines your environment, say the authors of Blue Ocean Strategy.
Harvard Business Review

Three indicted in largest US identity theft scheme

Three men were indicted on Monday for allegedly stealing more than 130 million credit and debit card numbers in what U.S. authorities said they believe is the largest hacking and identity theft case ever prosecuted.
Reuters

A Seamless Alliance

There are elements crucial to the success of the relationship between the CEO and CSO. Focus on the business is one, according to Russ Cancilla, Baker Hughes vice president of security and health, safety and environment, and CEO Chad Deaton of Baker Hughes.
Security Magazine

The Real Impact of the Downturn

Business leaders around the world are struggling to determine exactly how the global economic downturn will impact their operations and profitability. Among security leadership specifically, one oft-asked question is whether budgets are being decreased, and if so, how to tighten protection while tightening the belt.
Security Magazine

Security More Important Than Ever in Tough Times

John Martinicky, the long-standing director of global security with Navistar International, has seen recessions come and go. But the security director says the need for risk management always remains.
CSO magazine

Report: SMBs Lack Sufficient Security Standards

A recent survey by the security firm Symantec has found that many small to medium-sized businesses (SMBs) fail to take even the most basic cybersecurity measures
eweek.com

Panels Describe Risk of Noncompliance with Mass. Data Protection Law

Several panels recently convened to clarify the implications of noncompliance with Massachusetts' data protection law, which mandates that any person or business that obtains or stores personal information about a Massachusetts resident must "develop, implement, maintain and monitor a comprehensive" security program "applicable to any records containing such personal information
TechTarget

Insider Fraud Swells as Banks Suffer

Fraud is occurring more frequently as both crooks and employees seek ways to capitalize on vulnerabilities amidst economic uncertainty.
Bank Technology News

Training Needed to Quell Breaches

The greatest corporate security threats often happen at the hands of employees who lose machines or unintentionally compromise corporate data, concludes CompTIA's annual survey of IT security trends.
Network World

Electricity Grid in U.S. Penetrated By Spies

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
Wall Street Journal

Companies beef up security for annual meetings

Slumping stocks, layoffs, bonus controversy may fuel angry protests
MarketWatch

Counter-terror training 'flawed'

The U.K. government's new plan to train 60,000 workers, including shop and hotel employees, to identify potential terror threats has received a variety of criticism in Parliament
BBC News

Nuclear Terror Threat 'Increased'

There is an increased risk terrorists could get hold of chemical, biological and nuclear weapons to attack the UK, the Home Office has said.
BBC News

Number of Infected Web Sites Sharply Increases in 2008

The number of malware-infected Web sites that allow a hacker to access personal information and even hijack a user's computer is growing exponentially, according to the Anti-Phishing Working Group
NextGov

A Bill to Shift Cybersecurity to White House"

U.S. lawmakers are developing legislation that would take cybersecurity responsibilities from the Department of Homeland Security and give them to the White House. The legislation would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President.
cnet news

New BlackBerry Application Could Enhance Campus Security

A new free smart phone application could give college students added protection when walking across campus late at night. The application, known as BScope Mobile, was developed by engineering students at Yale University.
Daily Pennsylvanian

Economic Uncertainty Boils Over in Workplace

Workplace violence experts are trying to determine whether the global recession has sparked an increase in the number of violent incidents in the workplace
Globe and Mail (CAN)

In Europe, Rage Over Crisis Hits Executives

Incensed over the state of the global economy, European employees have begun to channel their frustration onto executives.
Wall Street Journal

"Data Breaches, More than Bad Publicity"

The toll of data breaches is rising.....
The Green Sheet

Political Risk Map Finds Instability Increasing

Aon's Annual Political Risk Map indicates supply chains in 42 percent more countries are vulnerable to disruption this year.....
PRNewswire-FirstCall/

Global State of Information Security Survey

Today, in the middle of the worst economic downturn in thirty years, information security has an enormously important role to play.
Pricewaterhouse Coopers 2010 Global State of Information Security Study (GSIS)

EPA vs. DHS Question Just One Obstacle to Facility Security Bill

The resolution of key jurisdictional issues impending chemical facility security legistation does not appear to be likely any time soon, with two bills in the House held back by debate over which federal agency and which congressional panel-The EPA or DHS should have oversight.
Environment and Energey Daily

Every Piece of Data Lengthens a Digital Show

As individuals use the internet and post personal information on blogs or website such as facebook, they create what is being referred to as a digital shadow.
Financial Times Digital Business

Web 2.0 Entails "Sleeping Giant" Security Risk"

Security Experts warn that IT developers should be wary of cross-site scripting (CSS) and corss -site forgery (CSRF) as companies transition to Web 2.0 technologies.
Campus Technology

With Web 2.0, a New Breed of Malware Evolves

At the Open Web Application Security Project, researchers expressed their concern for new vulnerabilities in the Web 2.0 platform.
Netword World

Chinese Spying is a Threat, Panel Says

THE Us-China Economic and Security Review Commission released a report which warns taht Chinese spying is the biggest threat to sensitive technology data.
Washington Post

Bucking Privacy Concerns, Cornell Acts as Watchdog

Cornell University as invoked exceptions in the Family Educational Rights and Privacty Acts (Ferpa) law to protect its students. Ferpa allows private information to be released......
Wall Street Journal

Small Businesses Feel Security's Burn

In a study of some 455 small companies, eMeidaUSA found that 32% of small and medium-sized businesses (SMBs) have experienced some type of security breach in the past year.
Dark Reading

Blood Money Paid by Chiquita Shows Company's Hard Choices

The US District Court in D.C., accepted a plea deal by Chiquita Brands International making Chiquita the first major US corporation convicted for financial dealings with a terrorist organization.
Corporate Counsel

Drill Found Holes in L.A. Quake Preparedness

A monumental earthquake drill held in November 2008 called The Great Southern Califonira Shakeout exposed critical vulnerabilities in the state's earthquake response strategy, prompting utilities and state and local leaders to make changes ito their contingency plans.
FireRescue1

Crime against businesses a by-product of weak economy

As the economy weakens businesses want to protect their assets. They want to make sure their people are safe.
Phoenix Business Journal

Business: Security rule would cost $20B

A new Customs and Border Protection rule would require US importers and manufacturers to provide information on shipments to the US 24 hours before loading in foreign ports.
The Hill.com

Domestic Violence Can Reach Workplace

Domestic violence is responsible for $727 million in lost productivity and over 7.9 million paid workdays lost each year.
Oklahoman

Researchers raise uncomfortable questions by showing how GPS navigation devices can be duped

At a meeting of the Institute of Navigation in Savannah, GA, Cornell University researchers presented a paper that described how a phony GPS receiver was placed near a navigation device, and tracked, modified, and retransmitted the signals from the system of satellites circling the Earth. The navigation device eventaully mistook the false signals as real signals.
Cornell News

Richardson: Workplace policies on domestic violence required

New Mexico Gov Bill Richardson signed an executive order mandating state agencies to introduce workplace policies pertaining to domestic violence, sexual assault, and stalking so that victims can feel secure at work.
New Mexico Business Weekly

Process Control Security: "Strengthening Cyber Security"

The threat of cyber attacks on utility computers has utilities employing special risk assessment programs to evaluate the readiness of their security.
Energybiz

DEPARTMENT OF BIG SCARY NUMBERS

Breaches on the rise Since 2006, the number of documented data breaches ** has risen by over 40% annually. ** In 2006 there were 315 documented breaches that exposed 20 million records. ** In 2007 there were 446 documented breaches that exposed 128 million records and *** in 2008 there were 656 documented breaches that exposed 36 million records. Source: Identity Theft Resource Center, San Diego
Computerworld

DEPARTMENT OF BIG SCARY NUMBERS

**46% — Percentage of frauds detected by a tip *** 20% — Percentage found by accident ** 9% — Percentage discovered by external auditors *** **$278,000 — Median loss associated with frauds at private companies ** $142,000 — Median loss at public companies ** 29% — Percentage of frauds committed by accounting staff *** 2% — Percentage committed by IT staff *** $250,000 — Median loss associated with male fraudsters ** $110,000 — Median loss associated with female fraudsters *** 41% — Percentage of frauds committed by employees earning less than $50,000 ** 10% — Percentage by employees earning more than $200,000 ****according to an analysis by the Association of Certified Fraud Examiners
CFO Magazine

DEPARTMENT OF BIG SCARY NUMBERS

Percentage of full-time positions moving offshore: * Finance 2008 10.5%; 2010 21.6% ** HR 2008 10.2%; 2010 15.1% ** IT 2008 15.1%; 1020 25.1% ** Procurement+ 2008 10.2%; 2010 17.6% ** +Transactional jobs. Source: The Hackett Group, 2008
CFO Magazine

Traveling Overseas with Mobile Phones, Laptops, PDAs, and other Electronic Devices

Did you Know? All information you send electronically – by fax machine, personal digital assistant (PDA), computer, or telephone – can be intercepted. Wireless devices are especially vulnerable. Security services and criminals can also insert malicious software into your device through any connection they control.
Office of the National Counterintelligence Executive

Top 25 Most Influential People in the Security Industry

Many of this year’s Top 25 emphasize communication as the key to a successful security outfit, while others insist on partnering within the industry. But all of those listed here have brought something to the table that has spurred his or her team on as a necessary portion of the entire picture.
Security Magazine

IT security outlook: Ominous

This year the IT industry reached an inflection point: More new malicious programs were created than useful ones, according to security solution provider Symantec in its latest report highlighting some of the top security trends in 2008, as well as what to expect in 2009.
Government Computer News

Mobile Security

As wireless devices proliferate, so do the risks.
As mobile phones, smart phones, PDAs, laptops, BlackBerrys and other mobile gadgets spread across the business landscape, CFOs are finding themselves working with CIOs and IT managers to fight an ongoing security war.
CFO.com

The Risk Fallacy

Wall Street thought it had risk all figured out. But the very system the banks created to protect themselves are at the heart of the financial meltdown.
FORTUNE

The Crisis over How to Audit in a Crisis

The PCAOB's standing advisory committee examines the task of recession-time auditing, including the likelihood that fraud will be a growing problem.
CFO.com

Information security spending will climb despite economic woes: Ernst & Young

Despite tightening economies worldwide, 50% of companies surveyed are set to increase their information security budgets, Ernst & Young reports.
“A single security incident can destroy years of brand and reputation building,” said Kent Kaufield, Ernst & Young’s National Technology Security Risk Services Leader in Canada. “Organizations now recognize security setbacks can adversely affect stakeholder perceptions. Regulatory compliance once drove information security improvements. Today, however, organizations are strongly motivated by a need to protect their brand and their reputation against potentially devastating media coverage of security breaches.”
Ernst & Young

The Global State of Information Security 2008

The annual survey finds respondents throwing technology at the problem. Which is a beginning, but only a beginning.
CSOonline.com

M&A strategies in a down market

It’s gut-check time for CEOs. As the credit crunch threatens to become a global downturn, corporate leaders have a choice: pull in their horns and ride out the storm or look for opportunities to pick up bargain-basement assets that will help them grow and create future value for shareholders. If past is prologue, more will follow the first course—which is a mistake.
The McKinsey Quarterly

Managing global supply chains: McKinsey Global Survey Results

Supply chains are increasingly global and complex, as companies aspire to support a variety of strategies, such as entering new markets, increasing speed to customers, and lowering costs. In this survey,1 we asked operations and other senior executives from around the world about their companies’ supply chain strategies, the factors that influence those strategies, and the ways their companies act on these factors. We also explored how well executives think their companies are meeting their goals, how they manage their supply chains, and the challenges involved in running a global supply chain.
The results show that supply chain risk is rising sharply. Executives point to the greater complexity of products and services, higher energy prices, and increasing financial volatility as top factors influencing their supply chain strategies. Relatively few respondents, however, say that their companies are translating the importance they place on these factors into corporate action. Nor do executives express confidence that their companies are meeting the top strategic goals: reducing costs, improving customer service, and getting products to market faster. In addition, for all the public attention paid to environmental concerns, including global warming, executives report that such issues have little influence on supply chain strategies. What’s more, our results suggest that most companies tend toward centralization, not local management, in running their supply chains and that this tendency has increased in recent years. Notes 1The McKinsey Quarterly conducted the survey in June 2008 and received responses from 273 executives from around the world. All data are weighted by the GDPs of the constituent countries to adjust for differences in response rates.
The McKinsey Quarterly

Economy freezing IT budgets, survey shows

Despite earlier plans to boost budgets in 2009, the recent economic crisis has many IT leaders tightening their belts and preparing for sparse spending in the coming months.
NETWORKWORLD

Security primer: Outsourcing employee background checks
What companies need to know when hiring a screening solution firm

For security directors and company executives, protecting a company’s people and assets encompasses the implementation of a wide variety of different solutions. For some this might be the addition of video surveillance or an employee card-based ID system. Still for others it might involve the use of information security policies to protect company data.
securityinfowatch.com

Has Lean Management Gone Too Far by Defining Its Own Accounting?

Performance Management - From Managing to Improving
The management accounting community is currently wrestling with controversy - conflicts and ambiguities caused by competing forms of managerial accounting for organizations embracing lean management techniques and principles. The controversy does not involve financial accounting for external reporting. Its purpose is historical reporting for external and regulatory entities...
DM Review

Leading With Wisdom

Risk Management: Executives are expected to deliver a road map to the future from the top office, but at the same time, grassroots innovation from the rank and file can be just as important. How can an enterprise cultivate both in concert with each other?
RMmag

Connecting The Dots

Do companies really understand their risks holistically or are they simply checking boxes for compliance? Are their boards ever actually thinking about the risk management efforts happening elsewhere in the organization?
RMmag

What Does the Financial Meltdown Mean for Security?

This week in FUD Watch: Senior Editor Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of security
CSOonline

Three Big Trends in Information Security: Past, Present and Future

A 20+ year industry veteran, Joanne Moretti of CA Inc., gives us her take on the biggest drivers in IT security and looks not only to the past, but predicts what CSOs and CIOs are heading for in the future
CSOonline

The Secret Recipe for Unbeatable Competitive Advantage
Business Playbook

Quantitative measurements and weekly performance meetings dictate the operational processes at many successful organizations, but to what end? In the recent past, the data we have collected has been scrutinized more closely, and the question has become, What can this information do to make my business more successful?
DM Review

Survey Shows Yearly Security Spending Up But Data No Safer

The 2008 Strategic Security Study from InformationWeek found that getting the money for security isnt the biggest problem since fully 95 percent will see their budgets either hold steady or increase this year. The problem is that the money isnt making data safer. Sixty-six percent of respondents say their vulnerability to breaches and malicious code attacks is either the same as last year or worse.
SecuritySolutions.com

From Lemons to Lemonade

According to the SEC since 2002 the bill for SOX compliance ranged from 0.06% of revenues for a company with greater than $5 billion of revenue to 2.55% of revenue for a company with revenues less than $100 million-basically somewhere between $2.5 million and $80 million. These costs are on the downturn with the recent releases of the SECs principles-based guidelines for SOX compliance...
RMmag

Man in Kentucky Kills 5 CoWorkers

An employee shot and killed five of his fellow workers at a plastics plant in Henderson, Ky., on Wednesday, before shooting himself, the police said. The chief executive of Atlantis Plastics, Bud Philbrook, told the Associated Press that the rampage was a total shock.
NY Times

Calling During Disasters

Recent disasters have offered a unique testing ground for burgeoning wireless technology. Events from Hurricane Katrina to California wildfires have illustrated the need for a diverse communications infrastructure with various technologies playing key roles.
Forbes.com

Security and Business: Financial Basics

You need to find and use the right financial metrics to communicate securitys value to your company. Here are pros and cons of four: TCO, ROI, EVA and ALE.
CSOonline

Business partners pose the greatest security threat: report

External threats from partner organizations pose the greatest risk to corporate data security, according to a report detailing 500 forensic data investigations by Verizon Business.
Information Age

Salmonellosis Outbreak in Certain Types of Tomatoes

FDA has issued a warning to consumers nationwide that an outbreak of Salmonella serotype Saintpaul, an uncommon type of Salmonella, has been linked to consumption of some raw red plum, red Roma, round red tomatoes, and products containing these raw tomatoes.
FDA.gov

Managing a Data Loss Crisis

Any organization that believes it is immune to a serious data breach should review the statistics. More than 75% of companies in a recent survey reported they had been exposed to security breaches engineered by high-tech fraudsters, up from almost 25% of companies a year earlier.
RMmag

GAO Finds Problems in Supply Chain Security Practices

A Government Accountability Office (GAO) report released today criticizes security processes in a public-private antiterrorism partnership that seeks to make cargo inspections easier and more secure for both the government and international trade companies.
securitymanagement.com

High Tech, High Risk

Professional services firm BDO Seidman, LLP, released a report last week on risks associated with tech companies in the U.S. Strong competition. Changes to federal, state and local regulations were seen as the most common risk factors.
RMmag

Steal This Article Part I: Battening Down the Digital Hatches

As long as software has been shipped, people have found ways to copy it illegally. Worldwide, for every $2 worth of software purchased legitimately, $1 worth was obtained illegally.
RMmag

Credit card thieves target small merchants flawed POS systems study finds

More often than not attackers who aim to steal credit card data are targeting small brick and mortar merchants and exploiting vulnerable point of sale systems according to a study recently released by Trustwave.
SearchSecurity.com

The Complete Guide to Security Breach Disclosure

Six part set of articles takes 360 degree look at the implications of new laws that require organizations to notify people whose personal information has been compromised.
CSOonline

Banks Prove Top Performers in Call Center Study

Financial services companies are stronger adopters of technology in call centers says Genesys Labs.
Bank Systems & Technology

The Forces of Change

Security is changing. The various shifts underway right now involve more than just convergence, biometrics and Sarbanes Oxley. Security is changing in ways that will transform what security encompasses, how its accomplished, and its role and significance in the organization.
Security Magazine

What Really is Suspicious Activity?

Most security programs have some level of explanation of what they define as suspicious activity yet it rarely goes beyond providing some bullet lines for security personnel and employees to evaluate.
Security Magazine

Japan firms to start information security rating body

A group of 18 Japanese companies including Matsushita and Fujitsu Ltd said they would set up the worlds first ratings agency that evaluates levels of corporate information security.
Reuters.com

Gauging Green

In this day and age, every organization needs an effective environmental management strategy. For some, this is already a mature, developed set of principles that play a role in all aspects of the enterprise. For others, the strategy will be a more loosely defined or ad-hoc set of procedures based upon due diligence.
RMmag

When Activists Attack

In December 2006, the New York Stock Exchange announced that it would begin listing medical research company Life Sciences Research on its electronic trading platform, Arca. This was great news for the New Jersey research facility, as investors and traders would now be able buy and sell shares more easily. The bad news, however, came in the following days headlines.
RMmag

Agility and Differentiation in the Oil and Gas Sector

Across the oil and gas industry, initial investments have been made to formalize work processes and capture information and data within parts of the enterprise. However, there is business opportunity as well as competitive necessity to further standardize work processes throughout enterprises and integrate information with the work process.
DM Review

Making Better Decisions in Health Care

Health care is top of mind for many people in the U.S., often from the perspective of what needs to change in the industry. Technology, especially decision-making technology, can play a huge role.
DM Review

Texas City Refinery Explosion May Mean Billions in Liability Claims

Workers’ compensation claims, litigation, regulatory problems and costly reconstruction bills could run insurance costs into the billions.
Insurance Journal

Keeping Control: Cutting Security Costs May Increase Risk

The main challenge for controllers during an economic downturn is to identify the most successful cost-cutting strategies without making the organization more susceptible to burglaries, insider thefts, and other risks.
Controller

Do You Ignore the Real Root Cause of Most Incidents and Vulnerabilities?

In reality, intentional devious acts account for some but not all security incidents and violations. Some security analysts believe most unwanted security infractions -- potentially as many as eight in 10 -- result from human factors, and most of these can be traced back to organizational quirks rather than individual intent. Consequently, although security executives may be focused on identifying nefarious users, enhancing security by considering organizational changes that encourage positive security behaviors may be more effective. A recent study published in the International Review of Industrial and Organizational Psychology debunked the assumption that individuals are completely in control of their behavior at all times, particularly in the workplace. "Therefore, it is prudent to consider those factors beyond one's control that might positively or negatively affect the determinants, and, in turn, security behaviors," the study says. Some of these factors are: a combination of excessive workload, frustration, and poor job performance; a perceived lack of consistency in a company's "organizational justice" as it pertains to promotions, firing, rewards, and discipline; and employees' shared perceptions of a company's security climate -- its practices, rewards, standards, etc
Security Director