NTSC Technology Security Roundup

Weekly News Roundup: May 8, 2017

Department of Homeland Security Performing Self-Assessment Before Its New Cybersecurity Agency Created

The Department of Homeland Security (DHS) will perform a self-assessment before Rep. Mike McCaul (R-Texas) introduces legislation that will create a new DHS cybersecurity agency. According to Federal News Radio, the assessment “is looking at whether the current cyber capabilities are meeting their current needs, what more is possible based on policy changes and industry improvements and what have they learned from programs such as CDM and EINSTEIN.” McCaul has a lot of support from the cybersecurity industry for a bill to create this new organization, which will be able to help with important areas of national cybersecurity such as critical infrastructure.

More Than 33% of Companies Do Not Act Upon Cybersecurity Intelligence from the FBI

According to Donald Freese of the Information Technology Branch (ITB) at the FBI, more than 33% of companies do not act upon cybersecurity intelligence given to them by the FBI. Reported in SC Media as part of its RiskSec NY 2017 conference coverage, the publication states that “Freese attributed companies' lack of decisive action to a combination of disbelief, hubris, interference by in-house counsel, fear of reporting threats to the C-suite and, in a few cases, incompetence.” Freese worked with the FBI's National Cyber Investigative Joint Task Force from 2014 to 2016.

Neustar Report Reveals Organizations May Lose an Average of $2.5 Million from a DDoS Attack

Neustar’s recent Worldwide DDoS Attacks and Cyber Insights Research Report reveals that organizations may lose up to an average of $2.5 million from a DDoS attack. According to a press release, “43 percent of organizations report average revenue loss of at least $250,000 per hour, with 51 percent taking at least three hours to detect an attack and 40 percent taking at least three hours to respond.” Neustar surveyed “1,010 directors, managers, CISOs, CSOs, CTOs, and other c-suite executives” for the report—and these respondents are already seeing an increase in cyberattack volume and sophistication in Q1-17.

IBM's X-Force Research Reports That Financial Services Data Breaches Are on the Rise

In a recent report, IBM’s X-Force Research notes that financial services data breaches are on the rise, that the financial services industry is the most attacked industry, and that human error is most to blame for data breaches. According to a summary of the report in Business Insider, “IBM found that more than 200 million financial services records were breached throughout 2016, accounting for a 937% year-over-year (YoY) rise.” We’ve written about the risk that human error poses to information security teams, and it’s part of our mission to help CISOs build security-centric corporate cultures.

Record Number of Healthcare Data Breaches in 2016 While Number of Compromised Records Declines

Good news and bad news for healthcare data breaches in 2016. According to a recent report from Bitglass, a record number of healthcare data breaches occurred last year (328) that exposed the records of 16.6 million Americans. However, the number of compromised health records went down for the second year in a row and continues to decline in 2017. In a press release, Bitglass said, “The cost per leaked record for healthcare firms topped $402 in 2016 – which is a massive cost given the number of records lost because [of] hacking-related breaches.”