CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Security experts put their finger on the problem

Security experts put their finger on the problem
July 15, 2015

By Byron Acohido, ThirdCertainty

The personal data for 21.5 million people was stolen in the Office of Personnel Management hack, but for national security professionals and cybersecurity experts, the more troubling issue is the theft of 1.1 million fingerprints. Unlike a Social Security number, address or password, fingerprints cannot be changed—once they are hacked, they’re hacked for good. And government officials have less understanding about what adversaries could do or want to do with fingerprints. “It’s probably the biggest counterintelligence threat in my lifetime,” said Jim Penrose, former chief of the Operational Discovery Center at the National Security Agency and now an executive vice president at cybersecurity company Darktrace. “There’s no situation we’ve had like this before, the compromise of our fingerprints. And it doesn’t have any easy remedy or fix in the world of intelligence.” Source: The National Journal

sh_airplane over clouds_400

Sky-high worries about cyber safety

A government watchdog raised worries about the Federal Aviation Administration, saying it has failed to implement a crucial security system. The FAA is in charge of civilian flights and air traffic control systems for more than 19,000 airports. The agency also did not regularly protect its network from possible cyber intrusions, ensure that sensitive data were encrypted, or identify and authenticate users, according to a report by the Government Accountability Office. If the problems are not fixed, the FAA is putting the safety of the air traffic control system “at increased and unnecessary risk,” the GAO said. The FAA agreed with the GAO’s recommendations, but it is not clear how much progress has been made. Source: Financial Times

If at first you don’t succeed …

Senate Majority Whip John Cornyn (R-Texas) said Republican leaders are eyeing the first week of August to try to move a stalled cybersecurity bill. It would be the last chance for the chamber to try to pass the anti-hacking measure before a four-week recess. The bill, known as the Cybersecurity Information Sharing Act, is intended to boost the exchange of cyber-threat data between the public and private sectors. The House already has passed its two companion pieces of legislation. But the prospect might seem a long shot. The Senate’s calendar is packed in its final weeks before the August break. Source: The Hill


It’s not our play

Baseball Commissioner Rob Manfred’s office has regular contact with the FBI and the U.S. Attorney’s office regarding the ongoing investigation of the St. Louis Cardinals’ alleged hacking of the Astros’ proprietary computer database. “This is not our investigation,” Manfred said. “It’s an investigation that is being conducted by the FBI and the U.S. Attorney. … But they are not sharing with us all of the information that they have in the investigation. It simply would not be appropriate for them to do that.” He doesn’t expect the issue to be resolved anytime soon. Source: The Houston Chronicle

sh_Telegram app_200

Chatter goes silent in Asia

This past weekend Telegram, a security-enhanced chat app, was crippled in Asia by a cyber attack, though by who is a mystery. The DDoS (distributed denial of service) attack targeted users in the Asia-Pacific region, reported Telegram Messenger, the nonprofit behind the well-encrypted app. Telegram said that users in Southeast Asia, Australia and parts of India were affected by the attack, which originated in East Asia. Telegram’s website was inaccessible from China Friday through Sunday, according to watchdog group GreatFire. Source:

sh_senior on computer_400

Bad guys zero in on seniors

Seniors who have been slow to adapt to technology are more likely to fall prey to cyberbullying and be emotionally abused, harassed or threatened online. Embarrassed by their lack of knowledge, they’re often reluctant to discuss cyber incidents with family members, which allows situations to escalate. Cyber criminals target people with offers for free prizes and vacations, discounts on prescription medications, letters that appear to be from government agencies, and urgent emails warning that an account will be closed. These fraudulent emails contain links that install malware on the user’s computer. Source: Crain’s Detroit Business

A healthier outlook

Specialist underwriting agency CFC extended its cyber product offerings with the launch of a policy developed specifically for U.S. health care providers. “Health care companies have arguably become the largest target of hackers due to the vast amounts of highly sensitive data that they work with and store,” said CFC’s Vicky Paxton. “To make matters more complicated, there is rigorous legislation surrounding the protection of this patient data, opening companies up to regulatory fines and investigations if they suffer a breach.” The policy includes cover for HIPAA corrective action plans, for bodily injury resulting from a cyber attack, for the costs associated with improving risk management controls in the period following a breach, and unlimited retroactive coverage. Source: Insurance Journal

sh_car computer_400

Making a dash for cover

The automotive industry is fighting cybersecurity threats with an information-sharing and analysis center, expected to be operational late this year. “The launch of the auto ISAC will serve as a central hub for intelligence and analysis that will provide timely sharing of cyber threat information and potential vulnerabilities in motor vehicle electronics and their associated in-vehicle networks,” said Rob Strassburger of the Alliance of Automobile Manufacturers. As the industry adds more sophisticated in-dash technology and a software-driven functionality, the threat of hacking has intensified. Recently, Tata Motor’s Jaguar Land Rover requested a recall of more than 65,000 Range Rovers due to a bug in its keyless entry software. Source: The Wall Street Journal

A little more transparent than Google wanted

Data related to Google’s “Right to be forgotten” removal requests was pulled from the source code of its own transparency report. Less than 5 percent of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures. Most requests (95 percent) are coming from regular members of the public looking to remove pieces of personal data from the Web. In several countries (France and Germany among them), the amount of requests related to private personal information requests hovered above 98 percent. Though the “granted” rate of private personal requests stands at 48 percent, the rate of approval is much lower (18 percent) for requests regarding serious crimes. In general, Google grants about half of all of the requests that it processes. Source: Tech Crunch

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started