Does Your Insurance Cover a Data Breach? Don’t Be So Sure…

scream-crop-1By Roberta D. Anderson

Here a breach, there a breach, everywhere a data breach. Verizon’s most recent 2013 Data Breach Investigations Report remarks that “[p]erhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage” this year.[1] And no organization is immune from a breach. The last two years have seen some of the world’s most sophisticated corporate giants fall victim to some of the largest data breaches in history. It is clear that cyber attacks — including data breaches — are on the rise with unprecedented frequency, sophistication and scale. They are pervasive across industries and geographical boundaries. And they represent “an ever- increasing threat.”[2] The problem of cyber risks is exacerbated, not only by increasingly sophisticated cyber criminals and evolving malware, but also by the trend in outsourcing of data handling, processing and/or storage to third-party vendors, including “cloud” providers, and by the simple reality of the modern business world, which is full of portable devices such as cell phones, laptops, iPads, USB drives, jump drives, media cards, tablets and other devices that may facilitate the loss of sensitive information.

While data breaches and other types of cyber risks are increasing, laws and regulations governing data security and privacy are proliferating. In its most recent 2013 Cost of Data Breach Study, the Ponemon Institute reports that U.S. organizations spend on average $565,020 on post-breach notification alone.[3] Companies may also face lawsuits seeking damages for invasion of privacy, as well as governmental and regulatory investigations, fines and penalties, damage to brand and reputation, and other negative repercussions from a data breach, including those resulting from breaches of Payment Card Industry Data Security Standards. The Ponemon Institute’s recent study reports that the average organizational cost of a data breach in 2012 was $188 per record for U.S. organizations ($277 in the case of malicious attacks) and the average number of breached records was 28,765, for a total of $5,407,820.00.[4] The study does not “include organizations that had data breaches in excess of 100,000” records,[5] although large-scale breaches clearly are on the rise. In the face of these daunting facts and figures, it is abundantly clear that network security alone cannot entirely address the issue; no firewall is unbreachable, no security system impenetrable.

Insurance can play a vital role in a company’s efforts to mitigate cyber risk. This fact has the attention of the Securities and Exchange Commission. In the wake of “more frequent and severe cyber incidents,” the SEC’s Division of Corporation Finance has issued guidance on cybersecurity disclosures under the federal securities laws. The guidance advises that companies “should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and that “appropriate disclosures may include” a “[d]escription of relevant insurance coverage.”[6]
Read more ›

Tagged with: , , , , , ,
Posted in Guest Posts

What Is Open Source Software?

Computer Security Tip of the Week

Scott Aurnou – Open source software is free and its underlying source code is available to the public to analyze, use or modify. A number of popular programs are open source.

Websites referenced in this video include:

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: , , , , ,
Posted in Network Security, Security Tip of the Week

Data Breach? The Best First Responder is a Law Firm. Seriously.

Keep Calm and Call a Lawyer (white)By Scott Aurnou

News reports and articles concerning high profile data breaches have been hard to miss in recent months. The highly publicized cyber attacks against Target, Neiman Marcus and Las Vegas Sands are just a taste of what’s to come.

As you might expect, a data breach – high profile or not – can be a nasty surprise to deal with. In addition to potentially negative publicity (sometimes very negative), there are often significant costs associated with a breach. These include forensic analysis of the victimized organization’s electronic systems to figure out what happened, taking steps to fix the problem, notifying clients/customers that their data has been potentially compromised, possible statutory fines, and extra costs like credit monitoring services for the affected clients and/or customers and engaging public relations and crisis management firms to try and mitigate the damage done to the organization’s brand.

Upon discovery of a data breach, it may seem natural for an organization to contact forensics and security experts (and possibly other vendors) immediately in an effort to sort out the inevitable problems ahead. But that’s actually a mistake. A breached organization’s first call should be to an outside law firm with cybersecurity expertise. Doing so can greatly mitigate an organization’s ultimate exposure, not only by ensuring that the seemingly endless patchwork of state, federal and perhaps international laws are properly addressed, but also for two critical and frequently overlooked reasons: (1) attorney client privilege; and (2) the work product protection.
Read more ›

Tagged with: , , , , , , ,
Posted in Network Security

What Are Botnets & How Can You Protect Yourself From Them?

Computer Security Tip of the Week

Scott Aurnou – Botnets are made up of computers infected with malware and forced to follow the commands of cyber criminals controlling them via the Internet.  Here’s what you can do to avoid being forced into one (or more)

Helpful websites referenced in this video include:
AppFresh for Mac

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: , , , ,
Posted in Laptops & Desktops, Security Tip of the Week, Smartphones & Tablets

Cloud Computing Security Needs: 7 Steps to Migrate to the Cloud

Cloud StaircaseBy Gilad Parann-Nissany

In 2008, the size of the cloud computing industry was $46 Billion. That is more than the GDP of Costa Rica! Think it’s a lot? Ready to jump on the cloud security bandwagon? That was 2008!

In 2014, the size of the cloud computing industry has more than tripled to $150 Billion – almost the GDP of New Zealand. NOW are you ready?

Besides the fact that everyone else is doing it, migrating to the cloud just makes good business sense. Whether you select a private cloud, a public cloud, or some hybrid of the two, cloud computing is just more powerful than traditional datacenters. There are several reasons for this. First, the reduced capital costs of IT infrastructure – no need for hardware, software, and manpower (and training) to manage them. Also, there is the improved accessibility, effectiveness, flexibility and scalability of the cloud.

But with great power comes great responsibility.

When migrating your business data to the cloud, you must ensure the safety and privacy of your records.

Much like data security was your responsibility in the datacenter, it continues to be your responsibility in the cloud. But, if you don’t know where your data is physically located can you still ensure its confidentiality?
Read more ›

Tagged with: , , , , , , , ,
Posted in Cloud Security, Guest Posts
TheSecurityAdvocate Youtube Channel
Subscribe for updates to TheSecurityAdvocate