IT Security Stories to Watch: 27K Feds Compromised in USIS Data Breach
At least 27,000 federal employees may have been affected by last year’s USIS data breach, according to Congressman Elijah Cummings.
And as a result, the USIS data breach tops this week’s list of IT security newsmakers, followed by Symantec (SYMC), Seton Family of Hospitals and Druva.
What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week’s list of IT security stories to watch to find out:
1. New details released about USIS data breach
Federal officials noted that the initial estimate of 27,000 federal employees compromised in the breach of government contractor USIS is now believed to be a “floor, not a ceiling,” The Hill reported. In addition, several IT security experts said they believed Chinese hackers were responsible for the incident.
The Washington Post pointed out that the FBI began investigating the USIS data breach in August. However, Cummings said he believes USIS may be withholding information.
“Unfortunately, investigating the USIS data breach has been particularly challenging because neither USIS nor its parent company, Altegrity, have fully complied with … requests for answers,” he said.
2. Symantec: Ransomware attacks increased 113 percent in 2014
Symantec’s “2015 Internet Security Threat Report, Volume 20” showed that ransomware attacks rose 113 percent last year. Also, the report revealed 60 percent of all targeted attacks struck small and medium-sized businesses (SMBs) in 2014.
Other report results included:
- 17 percent of all Android apps (nearly 1 million total) were actually malware in disguise.
- Risks to many Internet of Things (IoT) devices are exacerbated by the use of smartphones as a point of control, as Symantec discovered that 52 percent of health apps – many of which connect to wearable devices – did not have so much as a privacy policy in place, and 20 percent sent personal information, logins and passwords over the wire in clear text.
- 70 percent of social media scams were manually shared.
Twenty-four zero-day vulnerabilities were discovered in 2014 as well, Symantec said, yet it took software companies an average of 59 days to create and roll out patches – up from only four days in 2013.
3. Seton Family of Hospitals discloses data breach
Seton Family of Hospitals said the personal information of approximately 39,000 patients may have been compromised due to an email phishing attack. The hospital network added that it found out about the incident on Feb. 26.
KXAN reported that the usernames and passwords for affected email accounts were immediately shut down. Seton also has launched an investigation into the data breach and is providing free identity monitoring and protection services for patients who may have been impacted.
“We value the privacy and security of protected information, and we are committed to protecting the confidentiality and privacy of our patients and employees,” Seton Family of Hospitals CEO Jesús Garza said. “It is our priority to support those who have been affected.”
4. Do most enterprises face data privacy challenges?
Data privacy in the cloud remains a major challenge for enterprises, according to a new survey from Druva and Dimensional Research.
The survey, titled “The State of Data Privacy in 2015,” revealed 87 percent of companies said they are “concerned” or “very concerned” about data privacy in the cloud, while 82 percent noted that their employees do not follow data privacy policies.
So how can enterprises protect sensitive data that is stored in the cloud? Druva CEO Jaspreet Singh pointed out that “a multi-faceted approach” that emphasizes meeting compliance requirements for regional data regulations, understanding security challenges and establishing privacy controls is key.
“Organizations are facing a real data protection crisis,” he said in a prepared statement. “Today’s enterprise is a borderless one. The globalization of data creates a challenge that exposes each region to their specific and local privacy regulations. Protecting and managing corporate data – especially in the cloud – calls for a multi-faceted approach.”
What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.
