More than nine in ten Australians surveyed for Gemalto’s Data Security Confidence Index say organisations should be encrypting the data they hold, although fewer than one in 10 say they have a complete understanding of what encryption does.
Equifax said on Thursday that it identified an additional 2.4 million U.S. consumers affected by last year's massive data breach, bringing the total number of people whose data was compromised to more than 147 million.
The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by "privileged users" who have been given broad access to the company's computer assets has captured the attention of CIOs across the country.
How do you know your employees retain what you teach them in company-required security awareness training? You don't -- unless you regularly test their security savvy and effectively address their mistakes during post-test follow-up sessions.
It seems like almost every week there is a new security breach in either the government or in private business. The latest had nothing to do with China, instead it appeared to be more of a revenge attack by one baseball team on another.
Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and <a href="http://www.computerworld.com/article/2487265/security0/security-manager-s-journal--cyberattacks-just-got-personal.html">I wrote in response to the growing number of breach disclosures</a> that "in fact, I have to wonder which retailers have <em>not</em> suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.
Beyond the compromise of valuable information, loss of revenues and damage to brand reputation, data breaches can pose a threat to the careers of security professionals involved: witness the sudden <a href="http://www.networkworld.com/article/2174919/network-security/target-cio-resigns-following-breach.html">departures of both the CEO and the CIO</a> of Target after last year's compromise of 40 million customers' credit cards.
It's so far been another sorry, sorry year in the technology industry, with big name companies, hot startups and individuals making public mea culpas for their assorted dumb, embarrassing and other regrettable actions.
Australian businesses face an eye-opening transition to the new notifiable data breaches (NDB) scheme as the new legislation requires companies to notify the Privacy Commissioner, and any affected individuals, of any data breach that meets the legislative parameters within 30 days.
This white paper summarises what you need to know about the legislation, how it will affect Australian businesses, as well as some tips for how to be prepared and how best to respond publicly to any potential data breach.
Download the report to find out more.