The week in security: You’ve just been breached. Do you know what to do?
- 18 December, 2017 13:55
Are you prepared for a security breach? Not if you’re among the nearly half of security practitioners and business executives that admit they have no idea what they would do once a breach was discovered.
And this, amidst a climate of increasingly severe attacks that one FBI investigator warns means we all need stronger response plans.
Some companies are taking the threat of breaches so seriously that they are planning to bring out the big guns – amending employment contracts to allow for rescinding bonuses or even firing people if they breach upcoming private-data protections.
Those kinds of penalties highlight just what a significant driver of security efforts the new Notifiable Data Breaches (NDB) scheme and European Union general data protection regulation (GDPR) are going to be for every company in 2018.
but with fraud patterns changing regularly, financial-services companies are having to proceed carefully.
But even with this sort of defence in place, stuff-ups can be out of the CSO’s control: witness the revelation that hundreds of HP computers were accidentally shipped with a keylogger installed.
Experience suggests there are flaws in every technology – not only known problematic platforms like Microsoft’s Internet Explorer and Edge, but even in emergent technologies like bitcoin and its underlying blockchain – which experts warn are vulnerable to hacking.
Speaking of things that are vulnerable to hacking, three of the progenitors of the massive Mirai attack – which stoked fears about Internet of Things (IoT) vulnerabilities after it turned hundreds of thousands of connected devices into a global botnet – pled guilty to the attack. There are expectations that ongoing IoT exploitation will boost the local insurance market.
Adjusters are likely to be busy for some time to come as the full extent of cyber risk becomes apparent – and grows, with increasingly business-like cybercriminals intensifying attacks even as their technological outsourcing provides new hope for would-be targets.
Back at home, the Google-spawned Security Planner was providing security advice to help avert cybersecurity disaster – promising to save some hides, even where snake-oil products like RFID-blocking wallets prove useless.