Cyber Security News Update 8/22/2017

The online world is constantly changing, so let’s dive right in without further a do.

Data Breaches are catastrophic events for all the involve parties. No one, except the attacker, walks away from a data breach smiling. Consumers are placed at risk when their private data is stolen, from outright identity theft to blackmail. Companies get to watch their credibility, customers base and income dwindle away as people abandon ship. This can be extremely disastrous for online only companies or companies whose business model is data security. While CareFirst isn’t an online only company, as a health insurance company they have a lot of critical data on file. The U.S. Court of Appeals for the District of Columbia overturned a lower court’s ruling, and allowed for a class action lawsuit to move forward for the 1 Million people whose data was stolen. This ruling, if it isn’t successfully challenged and overturned, would open up companies to expensive lawsuits from their customers. Previously companies were fairly immune to the financial fallout associated with data breaches, which is why this case is important to follow.
Source: Consumers Gain More Power to Seek Data Breach Damages

“Everyone has a plan until they get punched in the mouth.” Is a well known Mike Tyson quote, and an incredibly apt one for any part of life. It applies in cyber security, where your response plan is your only lifeline. Without rigorous testing you have no way of knowing if your security plan can actually stand up real world threats. Even if it your plan, framework and standards can technically withstand an attack you have to account for the staff who maintain those plans. Maybe someone forgot to initialize a firewall, close an outgoing port or cycle the monthly passwords. The best way to simulate an attack is to launch one against yourself, and this can be done at any level. You can have a purely hypothetical attack where managers and employees are called upon to perform their task under a strict time limit. You could hire a White Hat hacker group to test your security, with or without notifying your employees. Offer a bounty to employees who successfully manage to break the companies defenses in their off time. These sort of drills are what will keep your data safe when someone tries to knock your servers over for real.
Source: The War Room: Experiential Security Planning

The United States unified its special forces under USSOCOM (United States Special Operations COMmand) as a way to cut down on the sort of interdepartmental infighting that costs lives. Cyber security has been under the purview of the USAF (United States Air Force) but now a unified cyber security command is going to be established. Known as USCCOM (United States Cyber COMmand) it will integrate several different branches of cyber security and cyber warfare, including merging notionally civilian agencies such as the CIA and the NSA with combat groups like the USAF and the Department of Defense. This unified command will replace the current system of the NSA coordinating with other groups on projects, with the goal of increasing the effectiveness and efficiency of US cyber warfare.
Source: U.S. Military to Create Separate Unified Cyber Warfare Command

Check in this week for our article on Cyber Warfare: So You Want to be a Cyber Commando?