Cybercriminals breached SEC's corporate filing system | Risk of cyberattacks leads to growth in cyberinsurance policies | Commentary: Companies need to reduce risk from vendor data breaches
September 21, 2017
Data Security & Privacy SmartBrief
SIGN UP ⋅   FORWARD ⋅   ARCHIVE
Top Story
Cybercriminals breached SEC's corporate filing system
The Securities and Exchange Commission said that in 2016, hackers gained access to its computer database containing potentially market-moving corporate information and might have used the information for illegal trading gains. The SEC said it concluded only last month that the cybercriminals might have used the data for trading.
Bloomberg (9/21),  Financial Times (tiered subscription model) (9/20),  The Wall Street Journal (tiered subscription model) (9/20) 
LinkedIn Twitter Facebook Google+ Email
Data Security & Privacy
Risk of cyberattacks leads to growth in cyberinsurance policies
The growing risk of cyberattacks will help the cyberinsurance market grow to as much as $14 billion by 2022, Allied Market Research predicts. Stand-alone cyberinsurance policies have expanded to cover new threats, such as ransomware, while experts believe that general policies that weren't designed to cover cyberrisks will leave many threats uncovered.
The Wall Street Journal (tiered subscription model) (9/17) 
LinkedIn Twitter Facebook Google+ Email
Commentary: Companies need to reduce risk from vendor data breaches
Companies can face liability if a vendor suffers a data breach, and lawyers urge them to take steps to curtail such risk. Companies should thoroughly vet vendors and ensure that contracts spell out certain obligations and rights in such a situation, the lawyers write.
JD Supra/Littler Mendelson (9/18) 
LinkedIn Twitter Facebook Google+ Email
Cyber Risk
Report: Companies boost security budgets as data breach costs rise
Report: Companies boost security budgets as data breach costs rise
(Pixabay)
Data breach costs in North America have climbed to $1.3 million for large companies and $117,000 for small- and midsize businesses, a Kaspersky Lab and B2B International report states. The primary costs for enterprise recovery come from paying additional staff wages and a decrease in business, but the report notes that most firms are boosting their IT security budgets to handle increasing infrastructure complexity.
TechRepublic (9/19) 
LinkedIn Twitter Facebook Google+ Email
 
By the Numbers
Study: Employees are the greatest threat to company security
Study: Employees are the greatest threat to company security
(Getty Images)
Carelessness exhibited by employees was cited by 54% of IT professionals as the primary cause of cybersecurity incidents in the workplace, a study by Keeper Security and the Ponemon Institute has found. Issues with passwords also were cited as problematic, with many respondents saying that password policies did not exist or were not enforced at their companies.
TechRepublic (9/19) 
LinkedIn Twitter Facebook Google+ Email
 
Survey: 59% of hackers ID phishing as best method to steal data
Survey: 59% of hackers ID phishing as best method to steal data
(Joe Raedle/Getty Images)
Fifty-nine percent of 129 White Hat and Black Hat hackers surveyed said phishing is the best way to steal data from organizations, including health care groups, followed by ransomware and malware, a Bitglass report states. Respondents also cited access controls, facial recognition and password protection as the three least effective enterprise security measures, while data at rest in the cloud, mobile devices, outdated applications/programs/systems, traditional on-premises security and unmanaged devices were listed as the top five blind spots in data security.
Healthcare IT News (9/19) 
LinkedIn Twitter Facebook Google+ Email
 
Practice & Policy
Why businesses need to understand new GDPR law
The EU's plans to give consumers more control over their data through the General Data Protection Regulation means big changes and challenges for businesses. It is up to businesses to know, understand and follow the law to avoid fines and other penalties, and to overcome obstacles such as locating and monitoring data.
ReadWrite (9/16) 
LinkedIn Twitter Facebook Google+ Email
IT employees can be trained to use threat intelligence
Organizations should consider training more of their IT personnel on using threat intelligence data to help handle the ongoing rise in cybersecurity threats, writes Sue Poremba. "IT staff are the ones already working with the infrastructure and have a better understanding of the organization's mission than other employees, and many already do frontline cybersecurity defense or mitigation as part of their regular duties," she writes.
IT Business Edge (9/18) 
LinkedIn Twitter Facebook Google+ Email
AllClear ID News
Consult Hyperion report predicts $4,662M in fines for EU FinServ Institutions in first 3 years of the GDPR requirements
New report from Consult Hyperion predicts $4,662 million, or 4.7 billion euros in fines for EU FinServ Institutions in the first three years of the General Data Protection Regulation (GDPR) requirements. Under GDPR, these fines could apply to any organization doing business in the EU, or those that process personal information for EU residents or visitors. While most organizations focus only on breach prevention, the breach notification provision poses the highest risk to businesses. Download the report to learn how GDPR applies to your business, and how AllClear ID can help you prepare.
LinkedIn Twitter Facebook Google+ Email
Learn more about AllClear ID:
About AllClear ID | AllClear ID Breach Response
AllClear ID Resources
  
  
In life, there is always a hurdle.
Gail Devers,
track and field athlete
LinkedIn Twitter Facebook Google+ Email
  
  
Sign Up
SmartBrief offers 200+ newsletters
Subscriber Tools:
Contact Us:
Editor  -  Amanda Gutshall
Mailing Address:
SmartBrief, Inc.®, 555 11th ST NW, Suite 600, Washington, DC 20004
© 1999-2017 SmartBrief, Inc.®
Privacy policy |  Legal Information