Key Takeaways in Newly Released Homeland Security Insurance Industry Report

Guest Author: Vince Vitkowsky, Partner, Seiger Gfeller Laurie LLP
The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) has convened a series of sessions focusing on developing the first-party cyber insurance market.  The most recent session was held on April 7, 2014, and it included representatives from 10 insurance brokers, 10 insurance underwriters, and 10 reinsurers.  On July 22, DHS released its Readout Report of that Session.  The entire 44-page Report, together with the Reports of three earlier sessions, can be found here on the Homeland Security website. The April 7 Session focused on three subjects, and the distilled essence is described below.

Read more »

Cyber Risk , , , , , ,

The Return of HIPAA Audits: What Covered Entities and Business Associates Need to Know

A Q&A with Michael Whitcomb of Loricca
The Department of Health and Human Services’ Office for Civil Rights will resume its HIPAA compliance audit program this fall, focusing on both covered entities and business associates with a limited number of narrowly focused “desk audits” as well as comprehensive onsite audits. I asked Michael Whitcomb, founder and president of the IT security and compliance firm Loricca, Inc., what healthcare organizations need to do in anticipation of this increased scrutiny.

Read more »

Cyber Risk , , , , , , , , ,

Protecting the Point of Sale

A Q&A with Chris Novak of Verizon RISK Team
According to the 2014 Verizon Data Breach Investigations Report, point of sale (POS) intrusions accounted for fourteen percent of the 63,437 sampled data breach incidents. To get a better sense of this threat and how organizations can arm against it, I spoke with Chris Novak, global managing principal of Investigative Response at Verizon RISK Team.

Read more »

Cyber Risk , , , ,

Sizing Up Security Threats

A Q&A with Tom Kellermann of Trend Micro
With a constantly evolving cache of weaponry, cyber criminals always seem to have the edge over their victims. I asked Tom Kellermann, Chief Cybersecurity Officer at Trend Micro for a forecast of the most pressing threats facing organizations in the coming months, and what they can do about them.

Read more »

Cyber Risk , , , ,

Heartbleed: Why Some Experts Are Ringing the Alarm

A Q&A with Chris Novak of Verizon RISK Team
The Heartbleed bug recently hit the headlines with the Canada Revenue Service breach, in which hundreds of social insurance numbers were stolen. Yet despite the media buzz, the long-term ramifications of this vulnerability are not fully understood yet, says Chris Novak, global managing principal of Investigative Response at Verizon RISK Team. I asked him to explain how Heartbleed works and why everyone should be aware of this insidious vulnerability.

Read more »

Cyber Risk , , , ,

SQL Injection Issues: Same Achilles Heel 15 Years Later

A Q&A with Michael Sabo of DB Networks
Every month there seems to be some major company that suffers a catastrophic breach of their network, and the investigation very often confirms that the bad guys exploited a SQL issue. Yet SQL injections have been the method of choice for hackers for more than a decade. To find out why networks are still vulnerable and what companies can be doing to better protect themselves from this risk exposure, I spoke to Michael Sabo, VP of marketing for DB Networks, which creates behavioral analysis technology solutions.
Read more »

Cyber Risk , , , ,

Zero-Day Malware Worries

A Q&A with Greg Wasson of ICSA Labs
The term zero-day malware refers to threats that take advantage of existing but unknown (to the owner or developer) loopholes in the system. I spoke to Greg Wasson, program manager at ICSA Labs, about zero-day vulnerabilities and the risks they pose for companies.

Read more »

Cyber Risk , , , ,

Cloud Risk: The Blind Spot in Cyber Risk Management

A Q&A with Taiye Lambo of CloudeAssurance – an eFortresses Company
With the cloud becoming a daily reality for most businesses, security risks are greater than ever before. Yet many companies are not even aware of their vulnerability, says Taiye Lambo of CloudeAssurance. I asked him what they could be doing to bolster data safety and securely within the cloud.

Read more »

Cyber Risk , , ,

Placing a Value on an R&D Loss

A Q&A with Rob Chiang of Navigant Consulting
When a company loses valuable R&D data during a breach incident, that loss or value must be calculated for financial and legal purposes. I asked Rob Chiang, leader of the Intellectual Property valuation practice at Navigant Consulting, about the valuation process, and how he determines the value of lost data.

Read more »

Cyber Risk , , , , ,

Protecting Children’s Data Online

A Q&A with Marshall Harrison of Imperium
With the passage of the Children’s Online Privacy Act (COPPA) businesses are scrambling to find effective ways of staying compliant with the regulation. I talked to Marshall Harrison, founder and CEO of Imperium, about the law’s implications and his new product ChildGuardOnline, an FTC-approved parental consent verification solution.

Read more »

Cyber Risk , , , , , , , ,