Don’t Ring the (False) Alarm: When a Data Loss Event Isn’t a Breach

A Q&A with Darin Bielby and Jeremy Batterman of Navigant Consulting’s Information Security & Investigations Practice
During a recent Risk and Insurance Management Society (RIMS) panel discussion, Navigant Managing Director Darin Bielby asserted that 50 percent of the organization’s information security forensic investigations yield evidence that enables legal counsel to counsel companies that a data breach did not occur. These findings typically demand no further action or notification about the event, though some organizations proceed with additional precautionary measures. I talked with Bielby and his colleague Jeremy Batterman about the reality of data privacy events and what forensic investigators are seeing.

Continue Reading

Data Breach Costs: Another Look

A Q&A with Sasha Romanosky, PhD, of the RAND Corporation

In a recent study, RAND Corporation policy researcher Sasha Romanosky examined 12,000 data breaches from 2004 to 2015, trying to get a more holistic view of their causes, costs, and associated risks and trends. I spoke with Dr. Romanosky about his findings.

Continue Reading

Protecting Against Data Loss with Backup Services

A Q&A with Zeb Ahmed of iland
While most companies seem to understand that preparation is necessary for worst case scenarios, there’s often confusion about what backup services can and can’t do, says Zeb Ahmed of iland. I asked Zeb about the differences between backup and disaster recovery and how organizations can determine which service they might need.

Continue Reading

Data Breach Events: A Plaintiff Perspective

Email Computer Key For Emailing Or ContactingA Q&A with John Yanchunis of Morgan & Morgan
The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of Morgan & Morgan about some of the most recent developments he’s observed.

Continue Reading

A View From Europe

 

Group Of Business People Standing In A White Background With BluA Q&A with Nick Beecroft of Lloyd’s of London
New regulation and awareness around growing threats such as operational attacks is changing the face of the European insurance market. I talked to Nick Beecroft, emerging risks and research manager at Lloyd’s of London, about his work assessing cyber vulnerabilities and helping develop products to address them.

Continue Reading

Sizing Up Security Threats

A Q&A with Tom Kellermann of Trend Micro
With a constantly evolving cache of weaponry, cyber criminals always seem to have the edge over their victims. I asked Tom Kellermann, Chief Cybersecurity Officer at Trend Micro for a forecast of the most pressing threats facing organizations in the coming months, and what they can do about them.

Continue Reading

SQL Injection Issues: Same Achilles Heel 15 Years Later

A Q&A with Michael Sabo of DB Networks
Every month there seems to be some major company that suffers a catastrophic breach of their network, and the investigation very often confirms that the bad guys exploited a SQL issue. Yet SQL injections have been the method of choice for hackers for more than a decade. To find out why networks are still vulnerable and what companies can be doing to better protect themselves from this risk exposure, I spoke to Michael Sabo, VP of marketing for DB Networks, which creates behavioral analysis technology solutions.

Continue Reading

Fighting Advanced Malware

A Q&A with Ramon Peypoch of McAfee, Inc.
One of the most insidious enemies of data security is advanced malware. But what are these advanced persistent threats, and how can companies protect themselves from them? I asked Ramon Peypoch, VP of Web Protection at McAfee to share his expertise.

Can you please define ‘advanced malware’ and describe the harm it can bring to an organization?
There’s a confluence of different situations that can fall under the term advanced malware, but basically these are stealth attacks that tend to get past existing security solutions. The threats might come from state-sponsored entities such as the Chinese or Russian governments trying to penetrate United States government networks or steal IP from commercial enterprises. What we know is that advanced malware is responsible for a great deal of loss in terms of IP and financial assets. In terms of the actual techniques involved, advanced malware typically combines sophisticated hacking, social engineering and spear fishing that allow an intruder to go undetected in your network for a long period of time. One example might be something that looks like an email from a friend telling you to click on a link to view vacation photos—you click on the link and nothing seems to happen but important code is downloaded to the machine that would “wake up” the next time you enter in PII. The bottom line is that these are very real threats being perpetrated by very sophisticated people. This is not some 13 year-old antisocial kid trying to make a name for himself.

How common is this threat for organizations?
Research shows us that the true cost of cyber crime is staggering—multiple billions of dollars of losses on an annual basis. If you are a business with any type of sensitive financial information or intellectual property, you are a target. And unfortunately hackers don’t just go after the largest organizations. They actually get the most bang for their buck with small and medium enterprises, because these are often more susceptible than the big guys.

How does advanced malware get through the system? Are organizations failing to implement controls that could stop it?
Basically, advanced malware can defeat signature-based defenses—the conventional security solutions that most people are using today. These are great at stopping already-identified threats but they won’t catch anything new. Since traditional solutions are not effective, the gap is widening, allowing the threats to grow exponentially.

What can a company do to mitigate this exposure proactively?
The easy answer from my perspective is to look into McAfee’s solutions. We are taking a different approach to solving this problem. We use the traditional signature-based solution and complement it with a specific advanced malware solution that uses cloud-based lookups and analysis including a hash of malware sent to different parts of the McAfee protection network. Once it’s identified, it’s stopped right there at all the endpoints and we can do a lookup to make sure nothing has been compromised—if it has, we initiate a remediation process. Unlike a lot of our competitors’ solutions, it’s not just a malware sandbox, it’s actually multiple products working to combat the problem in an integrated way.

In summary…
Ramon underscores the problem that many of our clients are seeing and combating on a daily basis. The bad guys are very smart and often one step ahead of both human and electronic security measures, giving them unauthorized access to information-based assets. Even clients with sophisticated IT operations and large security budgets can fall victim simply because there are so many variables and third-party dependencies to control. (A few examples include a large server farm with an unknown system missing a patch, mishaps with vendors, or staff that get duped.) Organizations need to keep this in mind when selecting solutions for combating malware.

No more posts.