CSS News Round-Up: Human Error Among the Leading Causes of Data Breaches
News Round-Up – Get a Quick Rundown of What You Need to Know
The Converged Security News Round-Up looks into recent reports and journalism covering converged security threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @ConvergedSecSol. Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.
Human Error Among the Leading Causes of Data Breaches
An Ipsos survey of C-suite executives and small business owners found that human error and external vendor mistakes were often cited as the cause of data breaches. The results of the survey are reported in detail on HelpNetSecurity. The survey found that 53 percent of C-Suite respondents attributed a data breach to either human error by an employee/insider or from an external vendor. Meanwhile, 28 percent of small business owners cited these same causes. Deliberate theft or sabotage was cited as a concern. In this regard, 21 percent of C-Suite executives and 28 percent of small business owners traced the cause of a data breach to an employee or company insider. However, external vendors carried more suspicion for deliberate sabotage, with 43 percent of C-Suites and 21 percent of SBOs citing this source.
The survey delved into the impact of data breaches on both employee retention and consumer confidence. Regarding employees, the survey found one-third of the U.S. workforce has said they would probably look for a new job if an employer suffered a major breach of either customer or employee data. Meanwhile, 47 percent of consumers said they would wait to see how a business reacted to a cyber breach before deciding how to respond.
FBI Warns Web Users Are Over-Reliant on HTTPS Protocol
The FBI issued a warning regarding the HTTPS protocol, stating that many web users make the assumption that the mere presence of a TLS certificate, which grants the HTTPS status, makes a server trustworthy. Threat actors have caught on that website visitors simply do a quick visual scan in their browser and then proceed to input sensitive data. Per the FBI, attackers “are more frequently incorporating website certificates when they send potential victims emails that imitate trustworthy companies or email contacts.” According to NakedSecurity‘s John E. Dunn, “One could argue that the confusion is a problem of the industry’s making, because it spent years pushing the idea of the security benefits of HTTPS without properly explaining its limits.”
LTE Vulnerabilities Can Target Users With Fake Presidential Alerts
University of Colorado Boulder researchers published a paper looking into how LTE vulnerabilities can be exploited to send users fake alerts and notifications. In this case, the vulnerabilities were leveraged to send fake alerts from the Wireless Emergency Alert System with messages reading “Presidential Alert.” HackRead writes, “To do this, they only need commercial, software-defined radio system and modified open source NextEPC and srsLTE libraries. Anyone using the right software and equipment can send out fake presidential alerts with a 90% success rate.” HackRead goes on to note that the WEA presidential alerts are unblockable and could be localized to a specific area, such as a stadium, where mass panic could ensue.
Survey: More Emphasis and Budget Priorities Going to Cybersecurity Over Physical
SecurityInfowatch reports on a survey by the Center for Cyber and Homeland Security at Auburn University which found that corporate CEOs are “overwhelmingly prioritizing cybersecurity” above previously traditional physical security considerations at rates of over 80 percent. The most important driver for placing more emphasis on cybersecurity was the findings of internal risk assessments. In the survey CSOs said that senior leadership had moved an emphasis to cybersecuirty after an increase in cyber incidents in recent history. Regarding CISOs, 77% of those surveyed said they expect an increase in cybersecurity budgets over the next few years. Only 33% predicted increases to physical security budgets.
Converged Security Solutions provides our clients with measurable value by better quantifying, reducing, and managing security risk through assessments, remediation, and monitoring of IT and critical infrastructure. Our services span cyber and physical security to address the growing complexities in a world with internet enabled devices. Contact us to request quotes, learn more about the full catalog of services, or for a free initial consultation.