INFOSECURITY NEWSLETTER

March 29, 2017

Companies Must Be More Transparent About Security Moving Forward

Kayla Matthews, Cloudtweaks.com, March 21, 2017

You may remember, Home Depot was affected by a sizeable data breach in 2014. The incident is widely considered one of the largest point-of-sale heists of all time because over 56 million credit cards were involved, read and compromised. Needless to say, it led to an unprecedented amount of customers affected by such a breach.

Read More

The Impact of Bank Data Breaches on Customer Loyalty and Retention

Devesh Panchwagh, Delta-risk.net, March 24, 2017

There’s no doubt that bank data breaches cost businesses money, but there are costs associated with breaches that add up beyond a round dollar figure. Most studies that calculate the costs from breaches focus on short-term quantifiable costs such as discovering and mitigating the breach and recovering assets. But the long-term, indirect breach costs — costs such as hits to the stock price, brand reputation, and reduced customer loyalty — can be harder to quantify. Historically, a dip in stock price after a breach is temporary and stocks typically rebound in the months following a breach. Customer loyalty and brand reputation doesn’t follow the same pattern of predictability.

Read More

An Impossible Standard?

Chad Mandell, Corporatecomplianceinsights.com, March 27, 2017

Headline-grabbing data breaches at retailing, banking and media companies have underscored the importance of cybersecurity and data privacy for those involved in risk-management and corporate compliance. Back in January 2015, the health care sector in particular was alarmed to learn that hackers had broken into the IT system of Indianapolis-based health care giant Anthem and made off with the personal data of as many as 80 million Americans.

Read More

Theft of Confidential Information Results in Only Nominal Damages for Employer

James Lockwood, Jdsupra.com, March 23, 2017

An employer was awarded only nominal damages from former employees who copied the employer’s confidential information but made no use, or limited use, of that information and did not cause any damage to the employer. So called “Wrotham Park” damages reflect how much the innocent party would have asked for to release the defaulting party from an obligation, had it been asked, and can be a useful remedy where it is difficult to show financial loss. The judgment provides a useful review of the court’s approach to damages where liability and breach of duty are easily established but showing loss to a claimant is more difficult: Marathon Asset Management LLP & anr v Seddon & anr [2017] EWHC 300 (Comm).

Read More

Google Outlines Plan to Reject Symantec’s Digital Certificates

Jeremy Kirk, Databreachtoday.com, March 27, 2017

Google has run out of patience with Symantec’s digital certificate business. It has outlined a plan that over time will have its Chrome browser reject all of Symantec’s existing digital certificates.

Read More

Industrial Control Systems: The Holy Grail of Cyberwar

Joe Weiss, Csmonitor.com, March 24, 2017

Industrial control systems (ICSs) are critical to the operation of a modern society. ICSs were designed to be reliable and safe, rather than cybersecure, and to ensure safe operations within specific known engineered states.

Read More

Fortinet CISO on Securing Critical Infrastructure: ‘We Can No Longer Bring a Knife to a Gunfight’

Zeus Kerravala, Networkworld.com, March 27, 2017

Earlier this year Fortinet hired its first chief information security officer (CISO). The timing makes sense, as the company has grown into a leading security vendor with an integrated, security fabric vision that few competitors can match.

Read More


Breach Involving Encrypted Devices Raises Questions

Marianne Kolbasuk McGee, Databreachtoday.com, March 23, 2017

Under the HIPAA Breach Notification Rule, the theft or loss of encrypted computing or storage devices is not considered a reportable data breach. But a recent incident at a Kentucky-based healthcare organization demonstrates that making a determination on whether an incident is a reportable breach isn’t always clear-cut.

Read More

Blockchain Can Help Secure Medical Devices, Improve Patient Privacy

Tim Greene, Csoonline.com, March 24, 2017

Blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.

Read More