AI
Friday, March 01, 2019 8:58:18 AM
What Is A Data Breach?
"We hear about them all the time, another company getting its data breached, another credit card scanner hacked, but do you really know what a data breach is exactly and what it means if it happens to you? Here’s a quick rundown of data breaches and what you should know.
A data breach occurs when there is an unauthorized entry point into a corporation’s databased that allows cyber hackers to access customer data such as passwords, credit card numbers, Social Security numbers, banking information, driver’s license numbers, medical records, and other sensitive information.
The purpose of hacking these systems is to use this information for identity theft and fraud purposes. This can be done physically by accessing a computer or network to seal local files or by bypassing network security remotely.
According to Trend Micro, this is the usual steps involved in a breach operation:
Research: The cybercriminal looks for weaknesses in the company’s security (people, systems, or network).
Attack: The cybercriminal makes initial contact using either a network or social attack.
Network/Social attack: A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his/her login credentials or may be fooled into opening a malicious attachment.
Exfiltration: Once the cybercriminal gets into one computer, he/she can then attack the network and tunnel his/her way to confidential company data. Once the hacker extracts the data, the attack is considered successful.
There are two types of data breaches. The first is through retail companies, like Target or Best Buy, that contain customer information in their own systems. The other is second-party data sources, like credit bureaus, that hold sensitive information for credit checks.
Here are some of the biggest hacks:
Most hacks don’t happen because cybercriminals are leveraging the most advanced hacking mechanisms to breach a site. They occur from site vulnerabilities such as:
Out of Date Security Systems
Outdated software can create holes in a website that allow attackers to sneak in and steal data.
Weak Passwords
Simple and easy to hack passwords are a common place for cyber hackers to start.
Malware and Viruses
Downloading unsafe links from emails and websites can unintentionally download a virus into a system causing the breach. These can come from phishing email tactics that may look like a legitimate email from the company or another trusted source.
So, what are companies doing about the data breaches? Many places have begun to tighten their security and put in place procedures to prevent phishing emails and making employees aware of what to look for. There are also laws and regulations now in place that require companies to protect themselves against data breaches to protect the information of consumers.
However, these are still new, and companies can still be at risk, so it is important that you take steps to protect your information. Here are a few ways to protect your identity in the case of a breach:
Use strong passwords
Use complex and unique passwords for your accounts. Many cybersecurity experts suggest using pass-phrases instead of words like song lyrics. This also includes adding a password to your devices, like your cellphone, in case it is stolen.
Monitor your information
Check your accounts regularly for unfamiliar activity and monitor your credit reports for new inquiries or account opens that you don’t recognize. There are free credit monitoring sites like Credit Karma that will alert you any time there is a change to your reports.
Take Action
When you see suspicious or unrecognize activity on your accounts, contact the financial institution involved immediately. They will help you resolve the issue.
Use Secure URLs
Only use sites that begin with https://. The “s” is key in knowing that you have a reputable site. Never give your credit card information or other personal information to sites without the “S.”
Use PayPal
Using PayPal can prevent from giving your credit card information to the wrong source. Paypal will pay it out of your account for you without having to enter sensitive information
Avoid Oversharing Online
Do not post sensitive information that could be used to hack your accounts. Don’t use security questions or passwords that could easily be found on social media like your dog’s name or your mother’s maiden name.
Use Precautions
Implement high-quality security software that protects from attacks. You should also back up your files and encrypt any files that you are storing in the cloud.
Data breaches are not going away anytime soon so the best defense against them is an offense so make sure to monitor your information and be diligent about your identification information.
Surviving the Coming Data Governance Wave
February 28, 2019
"A data governance wave is building in the United States. If you put your ear to the ground, you can hear it rumbling. It’s inevitable that new regulations eventually will emerge that dictate how companies must ensure the integrity, security, and privacy of the personal data they gather, store, and process. Those who get ahead of the wave have the best odds of success, while those who delay investment run a risk of getting swamped.
There are many reasons why data governance has climbed so high on the list of priorities for business executives and lawmakers alike. Data breaches seem to occur almost every day, damaging reputations and claiming millions in lost market capitalization.
The latest victim is Dow Jones, the storied financial service firm whose “watch list” database of 2.4 million high-risk individuals and business entities was left unprotected on an Amazon Web Services server, according to a story today in TechCrunch. A Dow Jones customer with access to the Elasticsearch database that housed the data apparently did not implement password protection, leaving the data unprotected on the Internet, according to reports.
Data breaches are perhaps the most glaring examples of the sub-par implementation of data governance. But incidents of data abuse echo in the public domain almost as loudly as the breaches.
Facebook is still coming to grips with the implications of the Cambridge Analytica scandal, where the private data of 87 million people was misappropriated for highly targeted campaign outreach. Facebook has taken steps to quell the outrage, but the fire still smolders, and the social media giant this month came under fire again after the Wall Street Journal (a subsidiary Dow Jones, which in turn is owned by News Corp.) reported that smart phone applications are sharing sensitive user data, including weight, blood pressure and ovulation status, with Facebook and without the users’ knowledge.
Barbara Lawler, who was recently appointed Looker‘s chief data privacy and ethics officer, has been watching the data breaches and abuse pile up over the years, and is convinced that the Federal Government will step in at some point to establish governance rules of the road.
The big question is when.
“I thought several times we were at the big breaking point with some of the big data breaches over the last several years,” Lawler tells Datanami in an interview earlier this month. “It’s like the news cycle. It rises and then it seems to modulate, then the next thing takes over, and it sort of becomes the new normal.”
Lawler isn’t quite ready to go on the record and say 2019 will definitely be the year that the United States gets its version of the GDPR, the far-reaching data governance law that went into effect in the European Union last May. There have been a number of bills and frameworks proposed over the past few months, but there’s still much work to be done.
“I think what we’re going to see this year is a lot of hearings, a lot of discussion, a lot of debate,” she says. “And if you ask many of my peers who have been in this space for a long time, they’d say, ‘Okay, this is the year. It’s finally going to happen.’
“But I’ve been in the space long enough to see, ‘We thought for sure it was going to happen after the latest issue,'” Lawler continues. “I don’t think there’s going to be something passed that goes to the President’s desk this year. That’s my opinion.”
Privacy By Design
Nobody knows whether the United States Government will overhaul the federal rules around data security and privacy in the year 2019 or 2029. But that shouldn’t stop forward-looking organizations from starting to prepare their data collection and analytics activities to comply with sort of governance standard.
A consensus is starting to coalesce around the sorts of data-oriented activities and processes that will be acceptable, and what will not be acceptable. In addition to the GDPR in the European Union, the governments of Canada, New Zealand, and Australia have made some headway. And the English will have their own version of the GDPR once Brexit is complete.
Read more...
https://www.datanami.com/2019/02/28/surviving-the-coming-data-governance-wave/
"We hear about them all the time, another company getting its data breached, another credit card scanner hacked, but do you really know what a data breach is exactly and what it means if it happens to you? Here’s a quick rundown of data breaches and what you should know.
A data breach occurs when there is an unauthorized entry point into a corporation’s databased that allows cyber hackers to access customer data such as passwords, credit card numbers, Social Security numbers, banking information, driver’s license numbers, medical records, and other sensitive information.
The purpose of hacking these systems is to use this information for identity theft and fraud purposes. This can be done physically by accessing a computer or network to seal local files or by bypassing network security remotely.
According to Trend Micro, this is the usual steps involved in a breach operation:
Research: The cybercriminal looks for weaknesses in the company’s security (people, systems, or network).
Attack: The cybercriminal makes initial contact using either a network or social attack.
Network/Social attack: A network attack occurs when a cybercriminal uses infrastructure, system, and application weaknesses to infiltrate an organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his/her login credentials or may be fooled into opening a malicious attachment.
Exfiltration: Once the cybercriminal gets into one computer, he/she can then attack the network and tunnel his/her way to confidential company data. Once the hacker extracts the data, the attack is considered successful.
There are two types of data breaches. The first is through retail companies, like Target or Best Buy, that contain customer information in their own systems. The other is second-party data sources, like credit bureaus, that hold sensitive information for credit checks.
Here are some of the biggest hacks:
Most hacks don’t happen because cybercriminals are leveraging the most advanced hacking mechanisms to breach a site. They occur from site vulnerabilities such as:
Out of Date Security Systems
Outdated software can create holes in a website that allow attackers to sneak in and steal data.
Weak Passwords
Simple and easy to hack passwords are a common place for cyber hackers to start.
Malware and Viruses
Downloading unsafe links from emails and websites can unintentionally download a virus into a system causing the breach. These can come from phishing email tactics that may look like a legitimate email from the company or another trusted source.
So, what are companies doing about the data breaches? Many places have begun to tighten their security and put in place procedures to prevent phishing emails and making employees aware of what to look for. There are also laws and regulations now in place that require companies to protect themselves against data breaches to protect the information of consumers.
However, these are still new, and companies can still be at risk, so it is important that you take steps to protect your information. Here are a few ways to protect your identity in the case of a breach:
Use strong passwords
Use complex and unique passwords for your accounts. Many cybersecurity experts suggest using pass-phrases instead of words like song lyrics. This also includes adding a password to your devices, like your cellphone, in case it is stolen.
Monitor your information
Check your accounts regularly for unfamiliar activity and monitor your credit reports for new inquiries or account opens that you don’t recognize. There are free credit monitoring sites like Credit Karma that will alert you any time there is a change to your reports.
Take Action
When you see suspicious or unrecognize activity on your accounts, contact the financial institution involved immediately. They will help you resolve the issue.
Use Secure URLs
Only use sites that begin with https://. The “s” is key in knowing that you have a reputable site. Never give your credit card information or other personal information to sites without the “S.”
Use PayPal
Using PayPal can prevent from giving your credit card information to the wrong source. Paypal will pay it out of your account for you without having to enter sensitive information
Avoid Oversharing Online
Do not post sensitive information that could be used to hack your accounts. Don’t use security questions or passwords that could easily be found on social media like your dog’s name or your mother’s maiden name.
Use Precautions
Implement high-quality security software that protects from attacks. You should also back up your files and encrypt any files that you are storing in the cloud.
Data breaches are not going away anytime soon so the best defense against them is an offense so make sure to monitor your information and be diligent about your identification information.
Surviving the Coming Data Governance Wave
February 28, 2019
"A data governance wave is building in the United States. If you put your ear to the ground, you can hear it rumbling. It’s inevitable that new regulations eventually will emerge that dictate how companies must ensure the integrity, security, and privacy of the personal data they gather, store, and process. Those who get ahead of the wave have the best odds of success, while those who delay investment run a risk of getting swamped.
There are many reasons why data governance has climbed so high on the list of priorities for business executives and lawmakers alike. Data breaches seem to occur almost every day, damaging reputations and claiming millions in lost market capitalization.
The latest victim is Dow Jones, the storied financial service firm whose “watch list” database of 2.4 million high-risk individuals and business entities was left unprotected on an Amazon Web Services server, according to a story today in TechCrunch. A Dow Jones customer with access to the Elasticsearch database that housed the data apparently did not implement password protection, leaving the data unprotected on the Internet, according to reports.
Data breaches are perhaps the most glaring examples of the sub-par implementation of data governance. But incidents of data abuse echo in the public domain almost as loudly as the breaches.
Facebook is still coming to grips with the implications of the Cambridge Analytica scandal, where the private data of 87 million people was misappropriated for highly targeted campaign outreach. Facebook has taken steps to quell the outrage, but the fire still smolders, and the social media giant this month came under fire again after the Wall Street Journal (a subsidiary Dow Jones, which in turn is owned by News Corp.) reported that smart phone applications are sharing sensitive user data, including weight, blood pressure and ovulation status, with Facebook and without the users’ knowledge.
Barbara Lawler, who was recently appointed Looker‘s chief data privacy and ethics officer, has been watching the data breaches and abuse pile up over the years, and is convinced that the Federal Government will step in at some point to establish governance rules of the road.
The big question is when.
“I thought several times we were at the big breaking point with some of the big data breaches over the last several years,” Lawler tells Datanami in an interview earlier this month. “It’s like the news cycle. It rises and then it seems to modulate, then the next thing takes over, and it sort of becomes the new normal.”
Lawler isn’t quite ready to go on the record and say 2019 will definitely be the year that the United States gets its version of the GDPR, the far-reaching data governance law that went into effect in the European Union last May. There have been a number of bills and frameworks proposed over the past few months, but there’s still much work to be done.
“I think what we’re going to see this year is a lot of hearings, a lot of discussion, a lot of debate,” she says. “And if you ask many of my peers who have been in this space for a long time, they’d say, ‘Okay, this is the year. It’s finally going to happen.’
“But I’ve been in the space long enough to see, ‘We thought for sure it was going to happen after the latest issue,'” Lawler continues. “I don’t think there’s going to be something passed that goes to the President’s desk this year. That’s my opinion.”
Privacy By Design
Nobody knows whether the United States Government will overhaul the federal rules around data security and privacy in the year 2019 or 2029. But that shouldn’t stop forward-looking organizations from starting to prepare their data collection and analytics activities to comply with sort of governance standard.
A consensus is starting to coalesce around the sorts of data-oriented activities and processes that will be acceptable, and what will not be acceptable. In addition to the GDPR in the European Union, the governments of Canada, New Zealand, and Australia have made some headway. And the English will have their own version of the GDPR once Brexit is complete.
Read more...
https://www.datanami.com/2019/02/28/surviving-the-coming-data-governance-wave/
