sensitive data

Hard times attract cybercrime boom

Judi Hasson — Sat, 29 Nov 2008 16:51:58 -0500

As the economy struggles, some online crime watchers see signs that a portion of newly unemployed skilled tech workers are turning to the theft of sensitive data. This is taking place even as the existing cyber criminal economy is seeking new ways to exploit consumer confusion stemming from the banking meltdown, according to Forbes.com. Gartner security analyst Avivah Litan said that in recent months, banking clients have been warning her of a spike in the use of stolen financial data.

"There's been a marked increase in the number of attacks and the number of successful fraud attempts," said Litan. She blamed the attacks on the thousands of IT workers who have been laid off and who have the technical abilities needed to steal data.

Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit, a nonprofit organization, said that as the financial crisis spreads from the U.S. to other parts of the world, it will likely drive more laid-off employees into the Eastern European and Russian cybercriminal economy.

"These are talented computer scientists, people who expected to be in positions of prestige but are now unemployed without prospects, basically let down by their system," said Borg.

While the trend is difficult to quantify, security researchers at McAfee report an explosion in the number of different strains of malicious software plaguing the Internet in recent months.

For more on this likely crime development
- see this Forbes.com article

Google comes to DC

Judi Hasson — Wed, 01 Oct 2008 13:59:41 -0400

Google has had lobbying operations in the nation's capital for a while, but it recently located an 18 person sales force in a Washington suburb to sell its technology to the government. The Washington Post reports that Google wants agencies and the firms working with them to give cloud-computing a try.

That means using Google Maps and Google Earth to visualize massive amounts of information, using Google's search tool to organize internal data, and storing that information on Google's servers "in the cloud." The enterprise versions of the tools, which come with extra storage and security features, cost around $50 per user, per year.

"Most people are used to this technology--just not at work," said Mike Bradshaw, Google's head of federal sales and a man who has sold technology to the government for IBM and Microsoft. He said security risks could be eliminated by storing an agency's sensitive data on Google's giant servers rather than on employee laptops, which are more easily lost or stolen. The article also notes that Google's move into government business is a sign of the company's expansion into other industries and a sign of the changes underway in Washington's technology landscape.

For more on Google's expansion:
- check out this Washington Post article

Firing IT workers can cost you

Judi Hasson — Sun, 31 Aug 2008 12:23:29 -0400

CIO's need to be on the alert when dismissing employees, never a pleasant task. But the unpleasantness can be extended well beyond the firing if an employee seeks to compromise company computer security and walk off with sensitive information. A survey by Cyber-Ark Software, a provider of identity management products, found that theft of information by disgruntled former insiders is quite common.

"Survey results revealed that 88 percent of exiting employees will use their IT-know-how to take your company data with them, including privileged password lists that give them access to hundreds, even thousands of sensitive data files," said Adam Bosnian, vice president of products, strategy and sales at Cyber-Ark. The target information includes the CEO's passwords, the customer database, R&D plans, financial reports, and privileged passwords.

For more on the difficulties of dismissing workers:
- check out this NetworkWorld.com article

Encrypt all of your laptops, or else...

Judi Hasson — Tue, 22 Jul 2008 22:01:32 -0400

How easy is it to lose a laptop computer? Very easy. More than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities every year, and many more disappear at airports and in other situations.

And that means IT executives must make the security investment to encrypt their company laptops and secure sensitive data. "As a CSO, one of your top priorities is probably to keep your company off the front page of the news. Is it inexcusable to have laptops in the field with unencrypted hard drives,'' writes NetworkWorld. While it could become costly and at times complicated, the experts say it worth the money and effort to get the right encryption solution to insure total security.

For more on protecting laptops:
- see this NetworkWorld article

Gartner: Seven cloud-commuting security risks

Judi Hasson — Sat, 05 Jul 2008 23:20:34 -0400

Cloud computing may be the wave of the future, but one cannot ignore dangers involving data integrity, recovery, privacy and regulatory compliance. Gartner, in a new report entitled, "Assessing the Security Risks of Cloud Computing," cautions that users of cloud computing must ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor.

Gartner says customers should avoid vendors that do not provide detailed information on security programs or make available the qualifications of policy makers, architects, coders and operators. The Gartner report also outlined seven specific security issues that should always be be raised with the cloud vendor. They include: knowing whether there is privileged user access to sensitive data and what kinds of controls are in place; whether the cloud computing provider undertakes external audits and security certifications; knowing where your data is hosted; and confirming that they will make a contractual commitment to obey local privacy requirements on behalf of their customers.

For more advice:
- See this networkworld.com article

More tech stories from the FierceCIO network:

> Hackers hijack Internet organizations. Article
> Microsoft stops offering boxed Window XP. Article
> New hands-free cell phone law takes effect in California. Article

Phoenix Technologies enables remote drive security

Mehan Jayasuriya — Fri, 09 May 2008 13:21:52 -0400

Phoenix Technologies has announced that it will bring its "FailSafe" tech to Fujitsu's new Full Disk Encryption (FDE) 2.5" 7200RPM SATA hard drive. FailSafe allows IT admins to remotely track, disable and even erase drives in the event that a machine containing sensitive data is lost or stolen. No word yet on pricing or launch date, though we're sure that there are plenty of admins out there that can't wait to get their hands on this tech.

For more on FailSafe:
- see this Gizmodo article

Data theft headaches grow

Mon, 31 Mar 2008 07:59:59 -0400

Another week, yet another data theft. This time a laptop PC was stolen containing unencrypted, confidential data on March 4 and the event was disclosed after the company began notifying employees that their data had been snatched. Agilent Technologies, a Santa Clara, Calif.-based maker of test and measurement equipment, sent letters to 51,000 current and former employees telling then that some of their personal and financial data had been stolen. The breach occurred when a laptop was stolen from the car of a Stock & Option Solutions employee, a stock-plan management services firm that works for Agilent as a third-party contractor. What a headache! The data included names, addresses and Social Security numbers. It also included financial information relating to their Agilent stock options.

The theft of unprotected data seems to be occurring all the time. Last week, the National Heart, Lung and Blood Institute (NHLBI), part of the National Institutes of Health, said that a laptop containing personal and medical data on about 2,500 participants in a cardiac study had been stolen from an employee's locked trunk. The lesson from these tales: encrypt sensitive data and don't ever leave your laptop in your car even when it is locked.

For more on data thefts:
- Check out this ComputerWorld article

Tech tool may identify disgruntled workers

Thu, 28 Feb 2008 06:59:58 -0500

The Air Force is developing a data-mining tool to root out disaffected insiders based on their email activity, according to an article in this month's International Journal of Security and Networks. This could be a big step for corporations that routinely focus on electronic threats from the outside and it may be the dream of many tech executives to find the divisive employees with access to sensitive data. No one has yet talked about the potential privacy issue here, but we are sure you already have a corporate policy that the office computer is only to be used for work. Or do you?

For more on development of this technology:
- See this CNET blog

More tech stories from the FierceCIO network:
> Manage your reputation online. Article
> WGA changes coming to Vista SP1. Article
> 10 great apps for Symbian phones. Article

Identity theft dropped in 2007

Thu, 14 Feb 2008 06:59:59 -0500

Identity theft actually dropped in 2007, by at least 300,000 cases, according to a new report by Javelin Strategy and Research. That's quite a surprise for all of us who have been reading the stories of doom and gloom in IT. Javelin's 2008 Identity Fraud Survey Report said the drop in identity theft represents a reduction of $6 billion in the amount of money stolen through such scams.

The survey actually reinforces similar findings from previous years, as the number of people affected by identity fraud has dropped significantly since Javelin began conducting the research in 2004. Just take a look at Javelin's research numbers. Roughly 4.25 percent of the adult population in the U.S. was hit by identity theft during 2004. In 2007, only 3.58 percent of adults were targeted by attacks. Javelin cited more public awareness of the problem and extra precautions taken by businesses with sensitive data as reasons for the declining numbers. Nevertheless, the criminal mind is hard at work figuring out new ways to steal data, the report said.

Another bit of bad news from the report is that those individuals who are being victimized by the schemes are getting fleeced out of more of their funds. The cost per consumer in 2007 averaged $691, an increase of 25 percent, over $554 reported in the 2006 report. "The 2008 Report confirmed what we believe to be true: that while fraud is declining, it is still a concern for the American public," James Van Dyke, president and founder of Javelin, said in a report summary. "The good news is the leadership role many businesses are taking in educating consumers about ID fraud risk factors is paying off. Still, fraudsters are getting creative and leveraging new techniques to commit fraud, so Americans need to be as diligent as ever in protecting their personal information." The moral of this story is simple: stay alert and keep working to protect your data.

For more ID theft:
- See this InfoWorld article

Protect used data tapes

Mon, 28 Jan 2008 06:59:59 -0500

The federal government is on the hot seat once again. Rep. Betty McCollum is calling for an investigation into whether federal agencies resold magnetic data tapes. InformationWeek reports that the feds wiped the tapes clean before reselling them, but a private company was able to recover sensitive information that was originally stored on the tapes. The tapes contained bank account numbers, tax and benefit information and expense reports. Investigators with the Government Accountability Office inspected the tapes and said they were clean. But Imation, the company that produced the tapes, was able to retrieve the highly sensitive data.

"Using a tape drive, a standard PC, programming knowledge, and understanding how data is written to media (which is publicly available), and a little more time than the GAO investigation, Imation personnel found the following recoverable sensitive data on these used tapes certified as clean: the origin of the tape, bank account numbers, employee information, travel expense reports, audit procedures and results, employee savings plan balances, international tax benefits documents," McCollum said in a letter calling for an investigation. McCollum said it is important to halt this kind of practice because it could expose individuals or national security data.

For more on securing data tapes:
- See this InformationWeek article