CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Calling all U.S. spies in China: Come home!

Calling all U.S. spies in China: Come home!
October 1, 2015

sh_exit china_750

The United States is pulling spies from China as a result of a cyber attack that compromised the personal data of 21.5 million government workers, a U.S. official said. The U.S. suspects that Chinese hackers were behind the breach at the U.S. Office of Personnel Management, which exposed the fingerprints of 5.6 million government employees. Because the stolen data includes records on State Department employees, the hackers could, by process of elimination, identify embassy personnel who actually are intelligence agents. Employees of the Central Intelligence Agency, National Security Agency, and Defense Intelligence Agency assigned to China are at risk of being exposed, U.S. intelligence officials determined in recent months. The CIA has pulled a number of officers from the U.S. Embassy in Beijing. Source: CNN

That’s not us calling, Microsoft says

sh_senior scam_280Microsoft is reaching out to seniors to reveal how online fraudsters work. In the United States, it is estimated that more than 3 million people will pay more than $1 billion to online scammers. Using official company names such as Microsoft, Google, Facebook and Twitter, scammers persuade victims to needlessly spend money on online support services. Since May 2014, Microsoft has received more than 175,000 complaints about technical support scams. Microsoft offers monthly tours of Microsoft’s Cybercrime Center for AARP members and partners with AARP’s Fraud Watch Network to help people know the warning signs of a possible online scam. Microsoft does not call anyone to offer computer software or security upgrades over the phone. Source: WinBeta

If the boss says send money, you do it; but …

sh_send money_280Cyber criminals are posing as CEOs of companies and conning lower-ranking staff into transferring large sums of money to them, Europol says. European Union’s law enforcement agency said fraudsters were emailing, even phoning, employees with access to company funds and instructing them to carry out their urgent demands. Subsidiaries of multinationals are being targeted in this new area of cyber crime, as staff in regional offices often do not know senior management in holding companies “and may be fearful of losing their job if they do not obey,” the report warns. The Internet Organised Crime Threat Crime Assessment 2015, a review of developing online criminal threats on issues from child abuse to e‑fraud, also said the rise in noncard transactions had encouraged an “arms race” between cyber criminal entrepreneurs devising new attack methods, and the card industry as it develops countermeasures to protect customers and businesses. Source: The (U.K.) Independent

Make sure your coverage actually covers you

Do your due diligence first before seeking cyber insurance coverage, advises the corporate insurance manager for Southwest Airlines. “Before you go out and purchase a policy, do internal risk assessments” and put in place an incident response plan, said Kristy Harris, manager of corporate insurance for Southwest, who placed her company’s first cyber insurance policy in 2014. It is important to find a trustworthy partner, Harris said, noting Southwest’s then-current broker was not experienced in cyber. “You want to look for somebody who has a history of working on the claims side,” as well as somebody with good underwriting relationships with cyber insurers, she said. Source: Business Insurance

And speaking of insurance, sometimes that claim’s a whopper

sh_insurance_280Cyber risk assessment and data breach services company NetDiligence 2015 Cyber Claims Study found the average total insurance claim for a breach was $673,767, with an average payout for Crisis Services of $499,710. However, the average claim for a large company was $4.8 million, while the average claim in the health care sector was $1.3 million. The study looked at actual losses for data breach events covered by various leading cyber liability insurance carriers. The report summarizes findings for a sampling of 160 cyber liability insurance claims, 155 of which involved the exposure of sensitive data. The primary focus was on the costs incurred by underwriters due to cyber claim events, including Crisis Services (forensics, notification, credit/ID monitoring and legal counsel/breach expert), legal (class action lawsuit defense and settlement), regulatory (defense and settlement) and PCI (fines). Source: PR Newswire

Defense takes cyber seriously

Deputy Defense Secretary Robert Work has indicated that the Defense Department considers deterrence among its priority cybersecurity capabilities as cyber attacks become more prominent in the nation’s national security agenda. Work told the Senate Armed Services Committee that the cyber strategy released earlier this year enables U.S. Cyber Command to provide cyber support for military operations and helps bolster the cyber deterrence posture of the United States, which is built on the aspects of denial, resilience and cost imposition. “The administration has made clear that we respond to cyber attacks in the time, manner and place of our choosing, and the department has developed cyber options to hold an aggressor at risk in cyber space if required,” he said. Source:

London stocks up on digital safety

sh_london stock exchange_280The London Stock Exchange has floated a cybersecurity Exchange Traded Fund this week, marking the first time a fund of this kind has found its way on to the LSE. This investment fund is the product of a partnership between ETF securities, an English issuer of exchange traded funds and ISE ETF Ventures, an index provider based in the United States, where cybersecurity ETF’s are far more popular. Nithin Thomas, CEO of SQR systems, said: “The strategic importance of cyber-security for the country is enormous, and a dedicated fund listed on LSE is a step in the right direction.” Source: SC magazine

Cyber risk is here; do something about it, eh?

More companies in Canada are expected to buy cyber insurance coverage in the next few years. “You have to consider cyber liability exposure, even if you choose not to risk transfer and purchase insurance for that,” Lynn Oldfield, president and CEO of AIG Canada, said at RIMS Canada Conference 2015 in Quebec City. “You absolutely have to go through the due diligence process for your firm.” Regardless of business size or sector, whether for profit or nonprofit, Oldfield noted it must be acknowledged that cyber risk is now part of the landscape. Source: Canadian Underwriter

Risk is there, but agreement isn’t

sh_NATO_280Cybersecurity will be a major topic at NATO’s next summit in Warsaw in July 2016, but NATO, national and industry officials have admitted that their collective differences in the definition of a serious cyber attack is preventing the alignment of their individual doctrines. There is no common view about attacks that might warrant a collective response, whether defensive or offensive. “How might the concept of cyber-doctrine and offensive response evolve in NATO? It depends on how ready the allies are to engage in this,” Sorin Ducaru, NATO’s assistant secretary general for Emerging Security Challenges, said. Source: IHS Jane’s 360

Financial connections mean it’s time for a change

The Commodity Futures Trading Commission plans to propose regulations to improve cybersecurity as well as technological and operational risk management of CFTC-regulated entities. “The need to strengthen the security and resilience of our financial markets against cyber attacks and technological failures is clear,” said CFTC Chair Timothy Massad. “Examples of cyber attacks or significant technological disruptions from inside and outside the financial sector are all too frequent and familiar. And the interconnectedness of our financial institutions and markets means that the failure of one institution can have significant repercussions throughout the system.” The regulator aims to publish the proposed regulations later this year. Source: Markets Media

Get cracking on those privacy actions

sh_health information_280British Columbia’s privacy commissioner is calling for immediate action by provincial health authorities to boost protection of citizen’s health information in the absence of disclosure laws. Privacy Commissioner Elizabeth Denham says authorities are not legally obligated to report privacy breaches, which could involve sensitive personal information from HIV tests, to mammograms or routine blood results. Denham has released 13 recommendations in a report that examined eight provincial health authorities from April to June. The review found the most common breaches include lost or stolen records, unencrypted data, health workers “snooping” in electronic records, and deliberate social media disclosures. More people are affected by privacy breaches due to the growing reliance on electronic records, said Denham in a release. Source: CBC

Chip-and-pin cards have their day

sh_chip and pin card_280For the black magnetic stripes on the backs of your credit and debit cards, Thursday marks the beginning of the end—a shift that could be costly for retailers. Merchants haven’t been liable if a thief used a stolen or counterfeit credit card to shop; the bank issuing the card usually made both the customer and the store whole. But starting today, a subtle shift happens. If retailers don’t follow new procedures for credit card security, including the use of new cards that include embedded computer chips, then they will have to pay for what thieves steal. The new cards, each of which has a unique microchip inside that makes it difficult to forge, are in widespread use in Europe. But in the United States, the industry is way behind. To read chip-embedded cards, retailers need new equipment. Many haven’t bought it or don’t know they should. Most small businesses remain unaware of that risk, says Holly Wade, director of research and policy analysis at the National Federation of Independent Business. Source: NPR



The post Calling all U.S. spies in China: Come home! appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started