Privacy Attorney Lisa Sotto says the Epsilon e-mail breach is a warning about the state of data security employed by some third-party service providers. Strong contracts related to security practices must be the norm, not the exception.
"We really need to speak the language of business and focus less on the language of IT, and that involves risk management" Iowa CISO Jeff Franklin says. "You really need to target those resources to your most critical systems."
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Three recent breach incidents, each involving the loss or theft of back-up drives, illustrate that some organizations are doing a better job than others in informing consumers about the steps they're taking to prevent more breaches.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Phishing represented more than half of the 107,439 cyber incidents compiled by the U.S.-CERT for fiscal year 2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams.
RSA executives haven't been commenting publicly since the security solutions vendor revealed last week it had been victimized by a sophisticated cyberattack aimed at its SecurID two-factor authentication product. But weeks before the hack, I spoke with RSA Chief Technology Officer Bret Hartman about advanced...