- Uncle Sam says 'nyet' to Kaspersky amid fresh claims of Russian
ties - Kaspersky Lab is facing new restrictions from the US
government to go along with a fresh round of accusations that the
antivirus makers works closely with Russian intelligence.
Russia, China vow to kill off VPNs, Tor browser - New laws needed
because today's censorship not good enough, apparently - Russia and
China are banning the use of virtual private networks, as their
governments assert ever greater control over what citizens can see
Verizon Data Exposure - A Lesson in Cloud Security Hygiene -
According to reports, Verizon potentially exposed up to 14 million
customers' personal information in a public-facing Amazon S3
(storage) bucket which was managed by one of their third-party
ATM skimmers using infrared to steal data - Credit card skimming
thieves have upped their game and are using infrared communications
to minimize their chances of getting caught.
NotPetya cyberattack results still linger at FedEx, will result in
lower earnings - FedEx reported today in its 10-K financial filing
that last month's NotPetya malware attack on its TNT Express
subsidiary will negatively impact the corporation's financial
results for fiscal 2017.
Identity of Securitas chief executive stolen, bankruptcy filed - The
chief executive of Swedish security firm Securitas AB, Alf Göransson,
has been declared bankrupt after having his identity stolen.
Ashley Madison agrees to $11.2M settlement for 2015 data breach -
Ruby Corp. and Ruby Life, the parent organizations behind the adult
dating website Ashley Madison, have agreed to an $11.2 million
settlement with its customers who had their private information
released during a 2015 data breach.https://www.scmagazine.com/ashley-madison-agrees-to-112m-settlement-for-2015-data-breach/article/675360/
Cybersecurity spending outlook: $1 trillion from 2017 to 2021 -
Cybercrime growth is making it difficult for researchers and IT
analyst firms to accurately forecast cybersecurity spending.
Hospitals to receive £21m to increase cybersecurity at major trauma
centres - Hospitals responsible for treating patients from major
incidents including terrorist attacks will receive £21m to beef up
their cybersecurity in the wake of the WannaCry assault on NHS IT
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- 14M Verizon customer records exposed on Amazon server - A
third-party vendor working with Verizon left the data of as many as
14 million US customers exposed on a misconfigured server.
Trump Hotels joins Hard Rock, Loews and Four Seasons as victims of
Sabre hospitality breach - Trump International Hotels Management is
now the latest in a series of hotel and resort chain operators to
inform customers that their card payment data was compromised due to
a breach at third-party hospitality solutions provider Sabre
Staffing agency employee allegedly distributes patient information
illegally - The Detroit Medical Center (DMC) has alerted more than
1,500 of a data breach caused by an employee who shared personal
information with unauthorized individuals.
SC Media asks the industry: Is cyberattack insurance worth it? - UK
financial services body the Prudential Regulation Authority (PRA)
has issued a warning to insurers regarding the risk of claims for
damages arising from cyber-attacks on their customers.
Hacker steals $7 million in Ethereum cryptocurrency after
compromising start-up's token sale - A mysterious cyberthief made
off with $7 million in the cryptocurrency Ethereum on Monday after
hacking a virtual currency trading platform during its Initial Coin
Offering and inserting a malicious address where digital investors
were tricked into sending their funds.
Millions of Dow Jones customer records exposed due an internal error
- A misconfigured database on an Amazon S3 server may have exposed
the data of between two and four million Dow Jones & Co. customers,
a report on the incident stated.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue the series
regarding FDIC Supervisory Insights regarding
Programs. (9 of 12)
Organize a public relations program.
Whether a bank is a local, national, or global firm,
negative publicity about a security compromise is a distinct
possibility. To address potential reputation risks associated with a
given incident, some banks have organized public relations programs
and designated specific points of contact to oversee the program. A
well-defined public relations program can provide a specific avenue
for open communications with both the media and the institution's
Recovering from an incident essentially involves restoring systems
to a known good state or returning processes and procedures to a
functional state. Some banks have incorporated the following best
practices related to the recovery process in their IRPs.
Determine whether configurations or processes should be changed.
If an institution is the subject of a security compromise,
the goals in the recovery process are to eliminate the cause of the
incident and ensure that the possibility of a repeat event is
minimized. A key component of this process is determining whether
system configurations or other processes should be changed. In the
case of technical compromises, such as a successful network
intrusion, the IRP can prompt management to update or modify system
configurations to help prevent further incidents. Part of this
process may include implementing an effective, ongoing patch
management program, which can reduce exposure to identified
technical vulnerabilities. In terms of non-technical compromises,
the IRP can direct management to review operational procedures or
processes and implement changes designed to prevent a repeat
the top of the newsletter
FFIEC IT SECURITY
We continue our series on the FFIEC
interagency Information Security Booklet.
INTRUSION DETECTION AND RESPONSE
Automated Intrusion Detection Systems (IDS) (Part 4 of 4)
Some host-based IDS units address the difficulty of
performing intrusion detection on encrypted traffic. Those units
position their sensors between the decryption of the IP packet and
the execution of any commands by the host. This host-based intrusion
detection method is particularly appropriate for Internet banking
servers and other servers that communicate over an encrypted
channel. LKMs, however, can defeat these host-based IDS units.
Host-based intrusion detection systems are recommended by the NIST
for all mission-critical systems, even those that should not allow
The heuristic, or behavior, method creates a statistical profile
of normal activity on the host or network. Boundaries for activity
are established based on that profile. When current activity exceeds
the boundaries, an alert is generated. Weaknesses in this system
involve the ability of the system to accurately model activity, the
relationship between valid activity in the period being modeled and
valid activity in future periods, and the potential for malicious
activity to take place while the modeling is performed. This method
is best employed in environments with predictable, stable activity.
Both signature-based and heuristic detection methods result in
false positives (alerts where no attack exists), and false negatives
(no alert when an attack does take place). While false negatives are
obviously a concern, false positives can also hinder detection. When
security personnel are overwhelmed with the number of false
positives, they may look at the IDS reports with less vigor,
allowing real attacks to be reported by the IDS but not researched
or acted upon. Additionally, they may tune the IDS to reduce the
number of false positives, which may increase the number of false
negatives. Risk-based testing is necessary to ensure the detection
capability is adequate.
Return to the top of
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
the series on the National Institute of Standards and Technology
Chapter 11 - PREPARING FOR CONTINGENCIES AND DISASTERS
11.5 Step 5:
Implementing the Contingency Strategies
Once the contingency planning strategies have been selected, it is
necessary to make appropriate preparations, document the strategies,
and train employees. Many of these tasks are ongoing.
Much preparation is needed to implement the strategies for
protecting critical functions and their supporting resources. For
example, one common preparation is to establish procedures for
backing up files and applications. Another is to establish contracts
and agreements, if the contingency strategy calls for them. Existing
service contracts may need to be renegotiated to add contingency
services. Another preparation may be to purchase equipment,
especially to support a redundant capability.
It is important to keep preparations, including documentation,
up-to-date. Computer systems change rapidly and so should backup
services and redundant equipment. Contracts and agreements may also
need to reflect the changes. If additional equipment is needed, it
must be maintained and periodically replaced when it is no longer
dependable or no longer fits the organization's architecture.
Preparation should also include formally designating people who are
responsible for various tasks in the event of a contingency. These
people are often referred to as the contingency response team. This
team is often composed of people who were a part of the contingency
There are many important implementation issues for an organization.
Two of the most important are 1) how many plans should be developed?
and 2) who prepares each plan? Both of these questions revolve
around the organization's overall strategy for contingency planning.
The answers should be documented in organization policy and
Backing up data files and applications is a critical part of
virtually every contingency plan. Backups are used, for example, to
restore files after a personal computer virus corrupts the files or
after a hurricane destroys a data processing center.
How many plans?
Some organizations have just one plan for the entire organization,
and others have a plan for every distinct computer system,
application, or other resource. Other approaches recommend a plan
for each business or mission function, with separate plans, as
needed, for critical resources.
The answer to the question, therefore, depends upon the unique
circumstances for each organization. But it is critical to
coordinate between resource managers and functional managers who are
responsible for the mission or business.
Who Prepares the Plan?
If an organization decides on a centralized approach to contingency
planning, it may be best to name a contingency planning coordinator.
The coordinator prepares the plans in cooperation with various
functional and resource managers. Some organizations place
responsibility directly with the functional and resource managers.
Relationship Between Contingency Plans and Computer Security Plans
For small or less complex systems, the contingency plan may be a
part of the computer security plan. For larger or more complex
systems, the computer security plan could contain a brief synopsis
of the contingency plan, which would be a separate document.
The contingency plan needs to be written, kept up-to-date as the
system and other factors change, and stored in a safe place. A
written plan is critical during a contingency, especially if the
person who developed the plan is unavailable. It should clearly
state in simple language the sequence of tasks to be performed in
the event of a contingency so that someone with minimal knowledge
could immediately begin to execute the plan. It is generally helpful
to store up-to-date copies of the contingency plan in several
locations, including any off-site locations, such as alternate
processing sites or backup data storage facilities.