Once More Unto The Data Breach, Dear Friends, Once More

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

Fasoo would have stopped the leak of CIA documentsWikiLeaks recently obtained and released thousands of sensitive documents showing the Central Intelligence Agency’s (CIA) arsenal of hacking tools, malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation.

Unfortunately this is not a Shakespearean play, but a real life data breach that will have huge consequences for the security of the US government.  This information supposedly came from a secure location inside the CIA and raises a lot of questions about cybersecurity.  If an agency that should be focused on security can have this problem, what other problems may lurk in other parts of the government?

Read More

Data Breaches Cost Executives Money

Ron Arden Cybersecurity, Data breach Leave a Comment

Data Breaches Cost Executives MoneyThe problem of data breaches has just reached a new high, or maybe low, as executives are losing money because of them.  A case in point is that Yahoo CEO Marissa Mayer will not receive a bonus nor stock award because of the mishandling of security breaches in 2013 and 2014.

The decision came after an internal investigation found that senior executives at Yahoo mishandled the company’s security breaches.  In September of last year, Yahoo disclosed that a massive security breach occurred in 2014. About 500 million Yahoo accounts were compromised. Hackers obtained personal information, but not credit card details. Then in December of last year, Yahoo disclosed that another breach occurred in 2013, but this one was even bigger: Nearly one billion user accounts were hacked, making it the biggest breach in history.

Read More

New York Issues Final Version of Cybersecurity Regulations

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

New York Issues Final Version of Cybersecurity RegulationsThe New York State Department of Financial Services (NYS DFS) just released the final version of its new cybersecurity regulations that affect organizations doing business under New York banking, insurance and financial services regulations.  The new regulation is designated 23 N.Y.C.R.R. Part 500, and goes into affect on March 1, 2017.

Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned that the main changes in the regulation from earlier drafts is the move to a more risk-adjusted approach to cybersecurity, rather than a purely prescriptive approach.  Rather than applying a one-size-fits-all approach, the NYS DFS is allowing Covered Entities to define the risk associated with their nonpublic information before deciding on the best way to protect it.  Questions remain, however, concerning the scope and reach of these regulations.

Read More

Fasoo Hits Nerve with Message of Security, Governance and Productivity at RSA 2017

Ron Arden Cybersecurity, Data breach, Data security, News Leave a Comment

Fasoo Hits Nerve with Message of Security, Governance and Productivity at RSA 2017After two days at the 2017 RSA Conference in San Francisco, it looks like Fasoo’s message of Security, Governance and Productivity is hitting a nerve with security professionals, analysts, executives and other attendees.  As the regulatory and business climate change to overcome constant threats to businesses and the data they use to drive profitability, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.

An interesting theme at this year’s show is Business Driven Security.  I think the convergence of business and security is finally coming to a head as boards and executives realize they must think of security solutions as a business driver that helps mitigate business risk so they can propel their businesses forward.

One main focus this year is helping financial organizations comply with the New York State Department of Financial Services (NYS DFS) cybersecurity regulations.  Fasoo employees spoke to numerous banks and mortgage companies at the booth that are affected by this new regulation to encrypt nonpublic data and provide clear access control and audit trails.  The Fasoo Data Security Framework can help protect sensitive data from getting into the wrong hands and help meet this comprehensive regulation.

Read More

Fasoo Data Security and Intelligent Document Platform on Display at RSA Conference 2017

Ron Arden Application Security Testing, Cybersecurity, News Leave a Comment

Fasoo Data Security and Intelligence Document Platform on Display at RSA Conference 2017Fasoo has a big presence at the RSA Conference 2017 in San Francisco where we will showcase our newly expanded data security and management framework which helps companies track, manage and secure their data.

Focusing on the business themes of Security, Governance and Productivity, Fasoo is helping executives and boards of directors comply with enhanced cybersecurity regulations while ensuring they can meet the needs of constantly changing business models that demand secure collaboration to get things done.

Today’s business world demands a new look at how we define and protect the borders of our organizations because our data is created, stored and consumed in systems that may be outside the traditional information security and document management models.  Visitors to Fasoo’s booth #S1239 will see demonstrations of the Fasoo Data Security Framework and Wrapsody that together helps organizations consistently control, secure, track and manage documents no matter where they travel.  This new, integrated data-centric approach overcomes legacy solution limitations that comprehensively satisfies organizational demands placed on data security, governance and productivity.

Read More

Say NO to Stealing Sensitive Information by Phishing

Ron Arden Cybersecurity, Data breach, Insider threat Leave a Comment

Say NO to Stealing Sensitive Information by PhishingJust a few days after the IRS released it’s warning about W-2 phishing, it appears the College of Southern Idaho (CSI) reported that 3,000 employees’ personal information may have been compromised by a phishing scam.

The attackers are now expanding their sights into higher education according to a recent article by Paul Greene, an attorney at Harter Secrest & Emery.  Given the large number of employees, including seasonal employees, community education instructors and people who work for auxiliary agencies, these institutions are great sources of sensitive information and money.  In this case, someone impersonating a CSI administrator sent an email to an employee requesting W-2 information for all school employees over the past two years.

Read More

How to Fight the Latest Phishing Scams

Ron Arden Cybersecurity, Data breach, Insider threat 1 Comment

How to Fight the Latest Phishing ScamsThe more things change, the more they stay the same, unfortunately.  Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned a new IRS warning about the reappearance of phishing scams targeting W-2 information.  Companies have lost thousands of dollars in email compromise attacks that first steal W-2s and then attempt wire transfer frauds.

This is nothing new, of course, with the IRS having issued the same form of warning around this time last year.  But it is tax season and the scammers, fraudsters and hackers decided to get a jump on things this year.

In recent years, the criminals targeted corporations, but this year they are casting a wider net, potentially affecting schools, non-profits, restaurants, healthcare providers, and tribal organizations.  This is a classic case of targeting organizations that may not have the best security, since they have not been victims in the past.  Those organizations affected in recent years have hardened their defenses, but now the scammers are going after the next tier.  They also may be going after the supply chain of some of the companies targeted in the past.  After all it’s easier to attack a small service provider than to attack a large bank or manufacturing company.

Read More

Choose Security Over Convenience

Ron Arden Cybersecurity, Data security Leave a Comment

Choose Security Over ConvenienceOne of the problems of implementing security is that people perceive it as an inconvenience.  People always take the path of convenience because it’s easy.  Many years ago no one locked their doors because we weren’t worried that someone would come into our house and steal anything.  Over time that thinking changed and we all lock our homes and businesses before going out.

Many organizations think about data security and cybersecurity the same way.  While no one questions locking the doors to the office or manufacturing plant, some don’t think about locking all the doors to their sensitive information.  A common approach is to merely check the boxes to be compliant with a regulation or standard, but don’t think about the unique situation of your company.

Read More

Is Your Board Prepared For A Cyber Attack?

Ron Arden Cybersecurity, Data breach Leave a Comment

Is your board of directors prepared for a cyber attack?Another day, another cyber attack.  Just in the last few weeks we have seen headlines about a major data breach at Yahoo announced, accusations that the Russian government interfered with the US presidential election and the E-Sports Entertainment Association suffered a breach of over a million records.

Despite the potential harm from such attacks, there is a general consensus that boards of directors are not taking the necessary actions to defend and protect their companies from these attacks.  The problem is that many people in leadership positions do not understand the real problems and consequences of a cyber attack and do not have enough understanding of cybersecurity risks and how to mitigate them.

Read More

Fasoo Launches SPARROW on Cloud

Ron Arden Application Security Testing Leave a Comment

Fasoo Launches Sparrow on Cloud, SaaS version of SASTSPARROW, a static code analysis application, is now available as a Software as a Service (SaaS) offering to help organizations quickly detect critical software vulnerabilities at the early stages of software development.  “SPARROW on Cloud“, SPARROW’s cloud solution is an agile, flexible, reliable and cost effective solution that allows organizations to easily manage application security challenges.

“IoT has brought an upsurge in new software that connects and operates everything from cars to medical devices and with that, enormous risk at the development level,” said Fasoo’s CEO Dr. Kyugon Cho. “Providing software developers with a cloud based application security testing solution was the logical next step for Fasoo as it is so essential for software to be secure at the code level.”

Read More