Average cost of a breach? $15 million, report says

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

U.S. firms pay an average of $15 million apiece on cyber crime each year, according to a new study. The Ponemon Institute’s annual “Cost of Cyber Crime” study polled 58 U.S.-based companies about their security-related spending. The U.S. average of $15 million per year is one-fifth higher than last year, and it represents an 82 percent jump since Ponemon started issuing the report in 2010. It shows American firms are taking cyber threats seriously, said Larry Ponemon, founder of the Institute. “Some countries assume everything is under control, or they’d rather have their heads in the sand,” he said. “In the U.S., executives are realizing they need more C-suite involvement in security.” Source: NBC News

That debt collector may be doing you a favor

sh_past due_280Debt collectors are among the groups notifying consumers about identity theft, according to a report by the Bureau of Justice Statistics. When a consumer is the victim of “other identity theft,” meaning anything outside of stealing from one of their existing accounts, 13.8 percent report that communication with a debt collector alerted them to the fraud. Less than 3 percent of all identity theft victims ended up communicating with debt collectors “about charges and bills that were made as a result of the ID theft,” Bureau of Justice Statistics statistician Erika Harrell said. If the identity theft occurred with an existing consumer account (a majority of identity thefts), the percentage of consumers communicating with debt collectors falls to 1.6 percent. Source: The Association of Credit and Collection Professionals

Snowden: Governments can get into your smartphone

sh_snowden_280Sending just one text, Edward Snowden claims, enables the United Kingdom and the United States to take over someone’s smartphone. The former intelligence worker and controversial whistleblower told the BBC that Britain’s security agency GCHQ has a sophisticated technology allowing it to gain near-total access to a smartphone by sending it an encrypted text message. He added the technology is provided by the U.S. National Security Agency, which gives “tasking and direction” to its British counterpart and uses a similar program itself in the United States that costs $1 billion. “(They send) a specially crafted message that’s texted to your number like any other text message, but when it arrives at your phone it’s hidden from you,” Snowden said. “It doesn’t display. You paid for it but whoever controls the software owns the phone.” Once in, agencies allegedly can access many functions of the phone—reading messages, looking at Web history, and even taking secret photos with the camera—without the owner’s knowledge. Source: Quartz

Cyber insurance purchase could be risky

The process of buying cyber insurance can heighten a company’s exposure to risks and may discourage some organizations from making a purchase, a risk manager said. That reluctance may partially explain why a minority of organizations in Europe buy the coverage, he said. But more companies are buying the as they get a better understanding of the risks and the market develops cyber insurance to offer broader coverage, insurance experts said. The disclosures that organizations must make to insurers as a requirement of purchasing coverage include some of their most sensitive security information, said Philippe Cotelle, head of insurance risk management at Airbus Defence & Space, a division of Airbus Group. “The underwriting information that insurers need is the key security information of a company. Are you willing to give that information to an external party?” Cotelle asked during a session of the Federation of European Risk Management Associations’ 2015 Risk Management Forum. Source: Business Insurance

Expert says bad guys are tops in tech …

sh_hack_280Computer viruses and malware are obsolete scams for the latest wave of increasingly aggressive computer criminals, says a top cyber forensics expert at Purdue University. Marcus Rogers, director of Purdue’s Cyber Forensics Lab, said past reports of cyber attacks—allegedly by foreign nations—have opened the floodgates for computer criminals to launch illegal efforts. “They figure it’s open season now,” said Rogers, a former police investigator working in the area of fraud and computer investigations, who still works with law enforcement. “There are going to be less resources law enforcement and the intelligence community can put to bear on these cases when they’re spread so thin.” Improved technology, in part, has led to more brazen criminal efforts. Phishing attacks—emails disguised as various entities to obtain sensitive information—are on the rise. It’s a race to use the most sophisticated technology, Rogers says, and right now the bad guys have the best tech. It puts more responsibility on the users to police the emails coming into their computers every day. “You have to take responsibility for paying attention to what’s going on yourself. The technology is not going to do it for you. The attacks are slicing right through our technology.” Source: Phys.org

… And we’re worried about that

More people are concerned about cyber threats, according to the latest Consumer Risk Index released by Travelers. The third annual index of 1,029 survey respondents found that cyber-related concerns grew by more than 20 percentage points from last year, moving from the fifth-ranked to the third-ranked concern overall. The survey found that one in four Americans say they have been the victim of a data breach or cyber attack. “Cyber threats are joining the ranks of the conventional issues that individuals have worried about for decades,” said Patrick Gee, senior vice president for claims at Travelers. “Many may be feeling more vulnerable to cyber risks as Americans are becoming increasingly reliant on technology in nearly every aspect of their daily lives. This may also be playing a role in consumers’ overall perception of risk with so many respondents believing the world is becoming a riskier place.” Source: Claims Journal

Denial of service attack might just be a way in

sh_ddos_200Hackers and cyber criminals always have used distributed denial-of-service attacks to target organizations, but new research indicates that the attack method is quickly evolving as it becomes cheaper to create and deploy. The software used in such an attack is now widely distributed via underground marketplaces on the Dark Web, accessible only with the Tor browser, which has led to a spike in attacks, as a report from Kaspersky Lab noted. The report, titled “Denial of Service: How Businesses Evaluate the Threat of DDoS Attacks,” surveyed more than 5,500 companies in 26 countries and found that 50 percent of DDoS attacks “lead to a noticeable disruption of services,” while 24 percent lead to services being completely unavailable. Source: V3

Let’s talk cybersecurity, Japan says

Japan is sponsoring the Cyber3 Conference Okinawa 2015, subtitled “Crafting Security in a Less Secure World,” in November. Among the speakers will be Toshiyuki Shiga, vice chairman of Nissan Motor, Adm. Dennis Blair, Former U.S. director of National Intelligence, and Noboru Nakatani, executive director of Interpol Global Complex for Innovation. Key issues on the agenda are cyber connections, cybersecurity and cyber crime. Source: PR Newswire

White House not pleased with EU court ruling on privacy

European Union long shadow flag with a lock padThe European Union’s highest court struck down a system European and U.S. companies use to transfer sensitive personal information based on a fundamental misunderstanding of American privacy laws, the White House charged. “[W]e have a variety of concerns about this specific ruling; one of them is that we believe that this decision was based on incorrect assumptions about data privacy protections in the United States,” White House spokesman Josh Earnest said. Since 2000, nations on both sides of the Atlantic have used a system established by the European Commission known as the “safe harbor” system to transfer sensitive data ranging from personnel records to online advertising information. The Court of Justice of the European Union ruled that safe harbor does not adequately protect EU citizens’ privacy. The court concluded that the system’s concessions to U.S. intelligence and law enforcement concerns put Europeans’ personal information at risk. Source: The Washington Examiner

Hey, hit the brakes on that, Google says

sh_android auto_200Android Auto does not phone key automotive data back home, Google says after Motor Trend stated that Porsche opted to not include Android Auto in the new 991/2 as Google’s system collects and transmits back to Google information such as vehicle speed, throttle position, coolant and oil temp, and engine revs. “We take privacy very seriously and do not collect the data the Motor Trend article claims such as throttle position, oil temp and coolant temp. Users opt in to share information with Android Auto that improves their experience, so the system can be hands-free when in drive, and provide more accurate navigation through the car’s GPS,” Google says. The in-car system can share information with the Android device, such as GPS location, as the car’s system is often more accurate than the connected phone, Google says. The system also recognizes when the vehicle is in park or drive to display either the on-screen keyboard or to activate voice controls. Source: Tech Crunch