June News Round-Up: More Data Breach News, Crypto Wars 2.0, and Acer Hack

Published June 30, 2016 by 3 min read

Biggest Data Attacks of 2016 (So Far)

Data attacks, breaches and vulnerability disclosures continue to dominate headlines this year. Dark Reading has compiled an overview of the largest attacks to date in 2016. A key takeaway from the report is that anyone can become a target, and the consequences of an attack can be dire.

Everyone’s trying to do more with less, and as security budgets continue to get squeezed, you’ll need to make sure you’re getting the most value for your compliance dollars. Simplifying risk management and compliance activities can help you achieve a better return on investment and make the best use of limited compliance resources.

The full article from Dark Reading can be found at the following link:

Biggest Attacks Of 2016 (So Far)

Crypto Wars 2.0

In the wake of Apple’s battle with the FBI over the San Bernadino iPhone, a new Crypto Wars has begun and the US is once again the center of a new privacy vs. security debate. Lawmakers have released a new bill that would force companies to comply with a court order to assist or decrypt data for the government when necessary. Many tech and encryption specialist who oppose the bill say it blatantly ignores the lessons learned from the first Crypto Wars from the early 90’s.

The ramifications of changes to cryptography legislation reach far beyond the boundaries of compliance. New legal requirements will force changes not only to your compliance programs but also changes to technical architectures, audit requirements, and even entire business models. Regardless of which side you stand on the debate, legislation changes will have an impact on your business and you should be prepared to adapt accordingly.

The following article gives more insight into Crypto Wars 2.0 and lays out the various perspectives:

Crypto Wars 2.0 – A US Perspective

PSA from the FBI on Business Email Compromise Scams

The FBI recently released a new PSA warning businesses of an increase in Business Email Compromise (BEC) scams. The scams have cost businesses $3.1 billion in losses globally, $960 million of that being to US companies in the last three years alone. The FBI shared the 5 common scenarios that tend to drive the scams which include, data theft, working with a foreign supplier, and wire transfers. Recommendations around safeguarding your business against these types of scams include, deleting spam, avoiding free web-based email accounts, and limiting the types of info posted to social media sites.

As a company, preventing attacks like these are where you should be focusing your limited risk management resources. A unified compliance and risk management tool can help you achieve a better ROI for these resources, and also make sure that your staff is spending more time addressing high criticality issues like phishing scams and less time checking compliance boxes.

For more information, you can view the full article here:

Business Email Compromise Scams Have Cost Victims $3B, Reports FBI

Acer Hack

Taiwanese hardware giant Acer recently announced it suffered a data breach via its e-commerce site that had been going on for nearly a year. The data compromise included customer names, addresses, credit card numbers and security codes for potentially all online customers who shopped on the site from May 2015 through April 2016.

Data breaches like this latest one seem to be increasingly commonplace. The majority of data breaches happen due to human error, so one way to manage risk is to instill a culture of security throughout your workforce. Training your employees to create strong passwords and to securely share information is critical. Additionally, ensure each individual understands what he or she is responsible for, as employees with well-defined roles are able to implement technology to create an effective security program.

For more details on the Acer Hack, you can view the full article here:

Hackers Harvest Card Details from Acer for Almost a Year

Get A Demo of ZenGRC

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo