You are viewing 'data breach'
The Office of Personnel Management (OPM) has finished notifying affected individuals
In June of 2015, the Office of Personnel Management (OPM) announced a massive data breach due to attackers breaching their networks and stealing sensitive data. By the time the OPM completed the investigation, they revealed that the attackers had made away with a significant amount of personal and private data, including data for many people who applied for government clearances as far back as 2000, and in some cases, even earlier. The official count is about 21.5 million affected individuals, but that number may be misleading since the forms can include details on people listed on an applicant’s form, such as a spouse, ex-spouse and others. In the end, if you consider the total number of people affected and the quality of the stolen data, the OPM breach was one of the worst breaches ever witnessed. In fact, the OPM breach may actually have been THE worst. Solutionary discussed the OPM breach in detail in the... read more >
Do you know what you don't know?
Data theft is on the rise, and it's getting more expensive. A recent study conducted by the Ponemon Institute now puts the average cost of a data breach at $3.8 million per incident. In the case of data theft, it's safe to say that an ounce of prevention is worth far more than a pound of cure. How much do you know about cybersecurity? Take our quiz and find out — or better yet, attend our Security Summit (at no cost to you!) next week where these topics will be covered in detail by cybersecurity experts.
True or False:
- Your business has a 30% chance of being hit with a DDoS (Distributed Denial of Service) attack.
- Social engineering is one of the biggest security threats facing...
Typically, when it comes to gauging how a year is shaping up regarding cybersecurity, it is a straight count of breached enterprises or records exposed that contain sensitive personally identifiable information. Some years, there are more breaches than others, just as some years there are breaches involving bigger household names and other years are relatively ho-hum. Rarely do we see pivotal years in cybersecurity, but I’m convinced we are witnessing one now.
One of the biggest years, for me, was 1999. It became crystal clear that year that all of the Web applications that were sprouting up were exposing backend systems and databases to new attack vectors, and highly vulnerable endpoints never designed to be connected to the Internet were connecting in great numbers.
This year is looking like another pivotal year. It’s not that the number of breached records isn’t high – it is – and it certainly matters, especially if your record is... read more >
Users not following security policies, putting themselves and their employers at risk
This week, hackers calling themselves Impact Team released two data dumps that are allegedly from the recent breach of cheating website Ashley Madison and its parent company Avid Life Media (ALM). The first data dump contained approximately 10 Gb of data, mostly user information dating back to 2008. This data includes names, street addresses, e-mail addresses and transaction amounts for the 32 million Ashley Madison users. The data also includes financial details, physical descriptions as well as users’ sexual preferences and fantasies.
Many government and corporate domains are included in the data. This means that many users used their work e-mail address to access this site. Most organizations have clear security policies in place that prohibit the use of work e-mails and equipment to access any websites that are not work related. A... read more >
Go Blue Team, Go Blue Team, Go!
Reading through the latest cybersecurity industry threads, I find a lot of the written information focuses on “How to Hack with (insert cool name here)”. This is great information when wanting to understand how to perform different hacking techniques or to assist someone who wants to sharpen their hacking skills. For those who want to learn more about how a breach got started, what the common lateral movements are and what the ultimate goal of the event was, you need to dig a little deeper.
Many of these articles are missing a very useful segment of the information security family — the Blue Team. If you are not familiar with the term “Blue Team” let me elaborate. The Blue Team is the incident response team. During a cybersecurity incident, the Blue Team is the group that finds the “evil” in your network environment. By evil, I am referring to the attacker and the tools the attacker used to compromise the... read more >