What The Halting Of Data Security Rules Means For Broadband Companies

What The Halting Of Data Security Rules Means For Broadband Companies.
Broadband providers can now heave a sigh of relief that the FCC has heeded to their plea to halt data security rules adopted by the agency last year.
The FCC last Wednesday granted a stay petition in part to the 2016 Privacy Order adopted by the commission on Oct. 26, 2016.
Crippling Bottleneck Out Of The Way The privacy orders would have dealt a severe blow to high-speed ISPs such as AT&T and Verizon, which had pinned their hope on user data to serve targeted advertising.
Earlier, only phone and cable companies were subjected to some form of privacy protection rules.
What The Data Security Requirement Means The 2016 data security requirement currently temporarily repealed requires broadband internet access service, or BIAS, providers and other telecom carriers to take responsible measures to protect proprietary information of customers from unauthorized use, disclosure or access.
The petitioners also said they would have to bear substantial costs and burdens, complying with the new rules.
If the commission grants the pending petitions for reconsideration, the costs are non-recoverable, the petition said.
A Victory Of Sorts For Broadband Companies If the rule had taken effect, it would have seriously impaired the business model of ISPs and companies that have forged ties with them to source user data, according to a report on LAW360.com.
Benzinga does not provide investment advice.

Microsoft describes ransomware as ‘scary’

Microsoft describes ransomware as ‘scary’.
The manipulative type of malware, which takes people’s data hostage, saw a 752 per cent increase in 2016 Dubai: Japanese anti-virus developer Trend Micro’s annual cybersecurity report, released on Sunday, revealed a 752 per cent increase in ransomware, the software used by hackers to block data and then demand money to return it.
In a recent interview, Microsoft’s Cyril Voisin, Executive Security Advisor for the company’s Enterprise Cybersecurity Group in the Middle East and Africa, spoke about the growing threat from ransomware, and what could be done to combat it.
“We have seen victims among consumers — all operating systems, not just Microsoft’s.
But, more worryingly — we have also seen it in a hospital abroad,” he added.
They can evade protection measures like antiviruses, because they create new ransomwares all the time, and it takes at least 20 minutes for an antivirus solution to detect something it has never encountered before.” This delay means that, for those 20 minutes, if you are relying solely on an antivirus, you will not be protected.
So how do companies defend themselves against such attacks?
“It is important to not open attachments that are unsolicited, to not visit malicious websites and to make sure you have a backup,” Voisin said.
For Paula Januszkiewicz, a cybersecurity expert who has previously worked with Microsoft, Hewlett Packard and Orange, the biggest concern is how “ransomware is changing its tactics”.
“PowerShell can be used to encrypt data, which is the goal of ransomware — to scramble your data so it is useless to you, until you pay the attacker to release it.” Ultimately, according to Januszkiewicz, this is something that companies need to get better at defending themselves against.

For True Cyber Security, Using a USB Firewall Is Essential

Using a USB firewall could be your best defense.
More than likely, your computer automatically trusts any USB device that’s plugged into it.
Hackers can use malicious code that’s injected to the USB’s drivers that will compromise a system.
Not everyone is running a classified server or a nuclear program, so a USB firewall might be a bit of overkill for some.
But who hasn’t bought a cheap thumb drive in a hurry.
Malicious USB commands reach directly into your USB driver stack, exploiting your computer before file-based scanners realise anything happened.
But the USG is the only plug-and-play BadUSB protection that does not require you to switch operating systems.
It can even protect your legacy and embedded systems running out-of-date software…
This internal link forms a firewall barrier that effectively blocks malicious USB commands from reaching your computer.
Whether it’s this project that catches on or an improved version of the same concept, USB firewalls are a thing that needs to happen.

Financial Firms Unprepared For Cyber Security Risks Leaves Room For Fintech Expansion

Most Financial Firms Are Underprepared For Cyber Security Risks Cyberattacks increased by 50% in the second quarter of 2016 compared to the second quarter of 2015, and the number of cyber attacks against financial institutions is estimated to be four times greater than against companies in other industries.
According to Deloitte’s 10th annual global risk management survey, while cyber security is at the top of most risk managers’ agendas, roughly half of the survey’s respondents were either extremely or very concerned about several issues related to IT systems, including legacy systems and antiquated architecture or end-of-life systems.
Along with creaking IT infrastructure, respondents also indicate that while institutions are extremely or very effective in managing traditional risks like liquidity, investment risk and underwriting, 42% of respondents believe that firms are less effective in areas like cyber security and data integrity.
58% of the respondents to Deloitte’s effort said hiring and acquiring skilled cyber security talent is a challenge for their business.
Despite the size of the cyber security issue facing businesses, only 61% of the respondents noted their organizations have a single individual responsible for cyber security.
And When it comes to the business environment, the more widespread emergence of fintech firms has substantially raised the level of strategic risk.
Most important, they will require agile processes and nimble risk information technology systems that will allow them to respond flexibly to potential changes in the direction of regulatory expectations or from disruption caused by fintech players.
Already there have been some inroads, the report states: Strategic risk is increasing as entrepreneurial fintech players are competing with traditional firms in many sectors.
And: Another source of strategic risk is the more widespread emergence of fintech start-ups, which leverage technology capabilities to compete withtraditional banks, investment management firms, and insurers in such areas as loans, payment products, wealth management, and property and casualty insurance.
“Ultimately, I think fintech will merge with the banking industry.

Seven things you need to know about the Dark Web

Here’s all you need to know about the Dark Web.
What is the dark web?
Authorities say that while there is child-abuse material to be found on the dark web, much of the worst serial activity is restricted to even more private peer-to-peer networks.
Typically, you need special software or tools to access it.
Is that the same as the dark web?
That case is part of the deep web because it’s not indexed other than in its own siloed website.
By comparison, the dark web is a part of the deep web that is deliberately restricted and shut off unless you have specific tools (such as Tor) to get in.
Irish police won’t say much about their activity around the dark web, but US and UK authorities are known to infiltrate marketplaces in an attempt to keep track of what is being traded.
How big is the dark web?
While there are well over a billion websites on the regular (surface) web, there are estimated to be less than 100,000 sites on the dark web.

My view: Cybersecurity is a shared responsibility for all of us

The most urgent hazard of cyber insecurity may be the resulting economic loss of crimes perpetrated against the private sector and consumers.
Utah is a state for innovation.
However, with innovation comes risk.
Despite its relevance, and because there is no silver-bullet solution, government, businesses and citizens have all struggled with how to respond to cyberattacks.
Our dependence on technology makes cyber threats difficult to tackle.
The most urgent hazard of cyber insecurity may be the resulting economic loss of crimes perpetrated against the private sector and consumers.
So far, the state has made efforts through the Department of Public Safety to curb cyber crime, and the state’s Department of Technology has enhanced security protocols.
In our increasingly digital society, we must all be vigilant of the threats created by innovation.
The cybersecurity of organizations, governments and individuals alike is a shared risk and ultimately a shared responsibility.
Ann Beauchesne is senior vice president, National Security & Emergency Preparedness Department, of the U.S. Chamber of Commerce.

Credit card thieves move online as chips cut in-store fraud

Credit card thieves move online as chips cut in-store fraud.
The use of stolen card data to pay for merchandise on websites, in mobile apps and by dialing call centers surged 40 percent last year, according to a report from Javelin Strategy & Research released last month.
That’s forcing merchants to spend billions on online fraud protection in an effort to detect when a crook is using someone else’s card number.
By the end of last year, almost 1.81 million U.S. merchants had switched to accepting European-style chip cards, more than double the number the year before, according to Visa Inc.
Radial’s more than 100 clients include Walgreens Boots Alliance, StubHub and Ralph Lauren Corp. Fueling the surge in interest are an increasing number of data breaches at companies ranging from Target to Wendy’s, which potentially exposed private financial information from millions of customers to identity thieves.
That’s down from $22 billion in 2012, the researcher said.
Meanwhile, payment processor Cayan, which serves mid- to small-sized businesses, plans to integrate security software from Kount.
Easy Solutions Inc. says sales of its product that helps banks and retailers monitor transactions grew 128 percent last year, up from a 75 percent gain in 2015.
Radial, which promises to shoulder its clients’ fraud costs, saw its sales rise 15 percent last year.
Radial’s software can use about 800 rules to determine if a transaction is fraudulent.

Agony for Kate Moss as hackers steal naked photos which show her getting changed on her wedding day

Private naked photos of Kate Moss on her wedding day have reportedly been stolen by hackers.
Snaps of the British supermodel getting changed before tying the knot with rocker Jamie Hince in 2011 are apparently being shared online by fans.
It is thought the intimate photos, among many she commissioned with her estranged husband, were taken from her computer files.
A source told the Daily Star Sunday: ‘Kate will be fuming about this.
They added: ‘Kate is obviously no stranger to getting her clothes off for photo-shoots, but these images were different.
Some were only meant for Jamie.’
Moss is not the first celebrity to have naked photos stolen by hackers.
Last month a crook was sentenced to nine months in prison for hacking the electronic accounts of 30 celebrities including Jennifer Lawrence and stealing nude photos and information.
The 43-year-old model – who married The Kills guitarist in 2011 but split last year after four years of marriage – allegedly describes herself as ‘divorced’ and apparently came to a pleasant agreement with the musician ‘some time ago’ without any ‘high profile legal battle’.
It has been reported Kate – who has 14-year-old daughter Lila with her former partner Jefferson Hack – has been granted the majority of their wealth, whilst Hince is believed to have acquired possessions the former couple acquired during their four-year marriage, including paintings and other artworks.

UGA offers daylong conference on cybersecurity for small businesses

UGA offers daylong conference on cybersecurity for small businesses.
Experts from the FBI, the state of Georgia, Fort Benning and the private sector will come together for a daylong cybersecurity conference presented by the University of Georgia Small Business Development Center on April 6.
“We’re encouraging people to anticipate (being hacked),” said SBDC State Director Allan Adams.
The federal government will require vendors that deal with controlled unclassified information to have cybersecurity plans in place starting in December.
Major corporations are expected to begin requiring the plans as well.
“If a company is going to do business with the Department of Defense or larger corporations, they’re going to have to develop a plan and implement certain processes,” said Mark Lupo, SBDC area director in Columbus.
“That’s going to be significant.
The cost to attend the conference is $99, and it will feature presentations by an FBI cybersecurity expert; Stanton Gatewood, the chief information security officer for the state of Georgia; and Brian Jackson, president and CEO of Abacus IT Solutions in Birmingham, Ala.
“Our focus is more tailored to helping businesses take a more proactive approach,” Lupo said.
“Businesses may see this as a way to increase their market by virtue of having a good plan.” To learn more about the conference or to register go to www.georgiasbdc.org/cyberstrength.

Under the right to information law, Aadhaar data breaches will remain a state secret

A day earlier, security researcher Srinivas Kodali brought to the notice of the authorities that a website had leaked the Aadhaar demographic data of over five lakh minors.
Yesterday I was informed about a website which was publishing #Aadhaar numbers of minors.
In all of the above cases, it is not clear if the individuals whose personal data was compromised were even informed of it.
This leads to the question: what right to information does an individual have in the case of such a security breach?
In the case of Axis Bank and the other two firms, the Authority has temporarily stopped them from conducting Aadhaar-based transactions while the investigation is on, but it is not clear if any notice has also been sent to the individuals whose stored biometrics were used illegally by the firms.
“They should have notified parents of all minors whose data was on the website, issued them new Aadhaar numbers, but this has not happened, as far as I know,” he said.
While denying the information, the Authority cited Section 8 (1) (a) of the Right to Information Act, which mentions national security and states: 8 (1) Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen, (a) information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence.
Similarly, the Authority refused to share information on security practices, citing Section 8 (1) (1) of the Right to Information Act, and Section 7 of the Aadhaar (Data Security) Regulations.
“Other countries like the US that are used to sell the idea of government databases to Indian citizens do not run their databases with such wilful carelessness, they are required by law to publish it and inform citizens,” she said.
He said, “In Aadhaar, there is no proactive duty to publish the data breach as an individual notification to the affected Aadhaar user, no legal obligation to even publish aggregate data at the end when the breach is rectified, no reporting requirement to any other government department.” Gupta pointed out that Aadhaar lacks an oversight mechanism, and a bounty reporting system that rewards those who find and report security flaws in its system – all measures that would encourage vulnerability testing to prevent hacks and exploitive acts.