Posts Tagged: "cyber crime"

This week on Capitol Hill, both houses of Congress are abuzz with a full schedule of hearings related to science, technology and innovation topics. In the House of Representatives, various committees explore a proposed net neutrality bill, innovation in the aviation industry, and ways to improve competition in the pharmaceutical industry—a hot topic of debate in recent weeks. Both the House and the Senate will hold hearings on the future of America’s space program. The Senate will also consider consumer data privacy regulations, rural broadband investments, and military applications of artificial intelligence. On Tuesday, a pair of events at the Brookings Institution will look at the impact of technological advances on public policy, as well as the artificial intelligence race between the U.S. and China.

Ransomware attacks are on the rise, partly because of the ease and anonymity of crypto-currencies. In a typical ransomware attack, cyber criminals invade a computer system and encrypt key data, then threaten to destroy the data unless the victim pays the criminal a relatively minor sum (ranging from hundreds to thousands, or in rare cases, tens of thousands of dollars). Rather than trying to determine whether to agree to ransom terms, spend your time and energy preparing for an attack. Companies should consider a ransomware attack as you would any other cybersecurity breach. That is, it is going to happen, the only question is when. Sound preparation boils down to several key considerations.

To get the case off the ground, the court will decide whether Equifax can be sued in the first place – it’s tricky, because different federal circuits disagree about when this can happen. So, courts in Delaware, Illinois and Washington DC (for example) would allow the plaintiffs to proceed merely because their data is at risk after a hack. This is pretty easy to show. On the other hand though, New York, Conneticut and North Carolina would need to see not just a leak, but that the leaked data has actually been misused afterwards. Equifax HQ is in Atlanta, the 11th circuit. Although those courts have a history of recognising that difficulty (and so supporting data victim lawsuits), it hasn’t yet come down firmly on the question of risk vs misuse.

Cyber crimes and data breaches have become far too widespread in the recent times. Technological progress has taken the risk to new levels, with newer techniques to exploit vulnerable organizations, corporations and governments being discovered every day… A considerable number of organizational respondents to the survey, approximately 32%, reported being affected by cyber crime. Nearly 34% felt that they would be affected within the next 2 years. While 61% of the top executives feared cyber attacks, only 37% of organizations claimed to have a cyber incident response plan in place. Obviously, this represents a significant disconnect between the level of fear and the level of preparedness in the industry.

Cybercrime seemed to be in the news daily in 2016. From the hack of the Democratic National Committee email accounts to the massive data breaches suffered by large technology companies, a major restaurant chain, and numerous government agencies, the news seemed inundated by a steady stream of high profile cybercrime. What is in store for 2017? Given the proliferation of electronic devices and data in our society, we can reasonably expect cases of cybercrime to continue to increase in number and complexity in the new year.

In creating a privacy and security plan, IOT companies should be mindful of regulatory enforcement for failure to fully comply with their own advertised practices. For example, companies should honor representations made to consumers regarding privacy and security practices, or risk regulatory scrutiny. If not, the FTC may bring an enforcement action, which it did against IOT company, TRENDnet, Inc. According to the FTC, TRENDnet failed to implement reasonable security practices, monitor security vulnerability reports from third parties, test and review potential security vulnerabilities, and implement reasonable guidance for its employees, and thus was in violation of Section 5(a) of the FTC Act, 15 U.S.C. § 45(a). The case settled, and the terms of the settlement prohibited TRENDnet from misrepresenting its privacy and security practices and required it to establish a comprehensive security risk program.

Over the past few years we have seen a surge in cyber attacks against well-known organizations, each seemingly larger than the last. As cybercriminals look for innovative ways to penetrate corporate infrastructures, the challenges for brand owners to protect their IP has steadily grown… Most organizations have implemented stringent security protocols to safeguard their IT infrastructure, but conventional security measures don’t provide the critical intelligence needed to analyze cyberattacks that propagate in the Deep Web and Dark Web. It is fundamentally harder to navigate a medium where web pages are unindexed and anonymity can hide criminal activity.

High value information—identified as trade secrets, IP mappings, product designs, financial data, confidential business information and similar files and documents—require an extra level of protection because of their value to cybercriminals and malicious insiders. The last thing an organization wants to do is make the theft of high value information easier by leaving vulnerability gaps in security practices. A malicious actor will exploit those each and every time.

In July, Kilpatrick Townsend and Ponemon Institute released their findings from The Cybersecurity Risk to Knowledge Assets study, which confirmed most companies’ worst fears — their intellectual property is at risk every day, and theft is rampant. The 600 survey respondents also disclosed that most companies are unsophisticated when it comes to identifying their key intellectual property (particularly trade secrets) and protecting that adequately. And, most surprisingly, the expected costs associated with loss of these important assets was estimated by nearly seven out of ten respondents to total more than $100 million.

America is a leading exporter of not only weapons but also social media services and at least one major provider is finding itself caught in the crosshairs, so to speak. Menlo Park, CA-based Facebook Inc. (NASDAQ:FB) has been singled out in the past for its role in serving as a platform where individuals can conduct illicit sales of firearms. In January 2016, the company announced that private gun sales would be banned on both the flagship social network as well as Instagram, although the ban did not apply to licensed gun dealers conducting sales off of Facebook. It doesn’t appear that those private gun sale bans have had much in the way of any actual effect, unfortunately.

According to the Association of American Publishers, the publishing industry as a whole has lost $80 to $100 million dollars to online piracy annually. From 2009 to 2013, the number of e-book Internet piracy alerts that the Authors Guild of America has received from their membership had increased by 300%. During 2014, that number doubled. I’m certain that in 2016, the statistics will go even higher.

New Zealand Judge Nevin Dawson handed down a ruling that would allow the United States to move forward with the extradition of Kim Dotcom, the founder of the former Megaupload.com, one of the world’s most popular file sharing websites at the height of its power. Kim and others involved with Megaupload have been sought under counts of criminal copyright infringement, racketeering, conspiracy to commit money laundering as well as aiding and abetting criminal copyright infringement. The original indictment, filed by the Department of Justice in the Eastern District Court of Virginia back in January 2012, alleged that Kim and other defendants were responsible for $500 million in harm to copyright holders.

Chinese legislators have attempted to enact anti-terror legislation purportedly designed to protect Chinese citizens against terrorist threats. In late December, China passed a law requiring both telecommunications and Internet companies operating in the country to provide decryption, technical interfaces and other assistance to public and state security organizations to conduct investigations of potential terrorist activities. The tech sector has misgivings about Chinese regulations that would force the handing over of sensitive data. Imagine a leak of encryption keys leading Chinese hackers to degrade performance of a foreign tech provider, all in the name of promoting indigenous innovation. That’s a pretty extreme scenario, but one that’s not completely unimaginable considering recent cybersecurity headlines.

As card-present transactions become less susceptible to fraud because of the shift to EMV chip card technologies, it’s expected that more fraud will shift to online platforms where it’s still relatively easy to input fraudulent financial information without being noticed; some reports indicate that online retail fraud in the U.S. alone is expected to rise by 106 percent in three years after October’s EMV liability shift from banks to business owners. One way that businesses conducting sales online can get themselves ready to respond quickly to fraud is through effective planning prior to major sales events like Black Friday or, perhaps more important when thinking about e-commerce, Cyber Monday. If those workers handling fulfillment of online orders are more aware of expected sales projections, it will help them be more aware of clues that the business might be a target for fraud if actual sales figures differ wildly.