Right after Sony Pictures Entertainment’s data leak, President Obama is pushing for legislation that will protect consumer data. The legislative package, called the “Privacy Bill of Rights,” is still in its outline stages, but the focus is to protect consumers from the aftermath of a data leak. Under this legislation companies will have to follow a national standard on the reporting of data breaches. A company will have 30 days to notify customers of a data breach. This federal standard will allow consumers to check with their credits cards for any discrepancies.
2014 marked the year of more high-profile attacks. Victims include JP Morgan Chase, Home Depot, and most recently Sony Pictures Entertainment. Hackers want to steal as much data as possible, but they also want to make a statement. This was especially demonstrated with the hack on Sony Pictures. The hackers, who identified themselves as the Guardians of Peace, hacked into employee computers at the movie studio and posted a warning on the desktop. The warning threatened that all of Sony’s internal data would be released if Sony did not meet the hackers’ demands. The hackers released thousands of Social Security numbers and other personal employee data. Government agencies will demand to know what happened to cause this data breach, and top executives will have to answer.
HSBC, the largest bank in Europe, reported that their Turkish unit lost the data of 2.7 million customers due to a cyber breach. The breach is limited to Turkey, and the stolen data includes credit card and banking information. HSBC’s Turkish unit reported an $18 million loss in revenue during their second quarter, according to Bloomberg.
We here at EiQ are more than aware with how vulnerable companies can be for data breaches and attacks. The biggest concern we have now is the threats to our federal government and how vulnerable the important data they hold is. According to a report released by the Government Accountability Office, federal agencies are not doing enough to guard against data breaches and protect personal identifiable information (PII) from falling into the wrong hands.
This week, those of us in the security industry were busy attending the RSA conference, which was held February 24-28th in San Francisco, CA. Every year, the RSA conference brings together the industry’s best to discuss a wide variety of topics in the information security field. Attendees of the conference are there to learn more about IT securities most important current issues. As this industry continues to grow and grow, the RSA conference is a great way in which security experts across the globe can come together to connect and gain more insight into the issues facing the information security industry.
Congress finally reopened the government after almost two weeks and it was welcomed with much relief from the federal IT departments that had been affected. We addressed what the impact of a shutdown could have in a previous post, and now that it has happened, here is what the impact was.
During the shutdown, government IT departments and the security of crucial government data were left out of work, leaving the crucial data more easily accessible. It is a known fact that the US government agencies (DOD, Civilian and Intelligence) are a primary target of state sponsored cyber attacks and other external vulnerabilities. The government’s IT infrastructure is extremely complex and diverse. There are millions of IT assets that are connected to the Internet, thousands, if not millions, of vulnerabilities that need to be patched on a daily, weekly and monthly basis. Government IT pros typically manage these jobs with great skills but now with a shortage of workers to handle these crucial tasks, a great crisis looms.
While the media portrays the impact the shutdown is having on our government run parks and memorials, the bigger threat the shutdown could have is being largely ignored. The shutdown in itself could harm the IT security of several federal agencies if not fixed soon.