Tag: Late | Page 2

If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate | Robinson+Cole Data Privacy + Security Insider

December 22, 2021/in Computer Security

A professional accounting firm in Illinois received an unwanted holiday “gift” in the form of a class action complaint stemming from its alleged failure to secure personally identifiable information (PII) and to timely notify affected parties of a data breach.

On December 17, 2021, a lawsuit was filed against Bansley & Kierner, LLP, which offers payroll and benefit services to businesses, by an employee of one of its clients, seeking damages on behalf of himself and others. According to the allegations of the complaint, Bansley failed to properly secure and safeguard a wide range of payroll and benefit plan participants’ PII, including names, dates of birth, Social Security numbers, drivers’ license and passport numbers, financial account numbers, and personal health information. Bansley apparently discovered in mid-December 2020 that its network had fallen victim to a ransomware attack by an “unauthorized person.” The complaint asserts that Bansley elected not to notify participants and clients of the incident at that time, instead choosing to address the incident on its own by making upgrades to some aspects of its computer security, restoring the impacted systems from backups, and then resuming normal business operations.

In May 2021, Bansley allegedly learned that PII had been exfiltrated from its network, and only then retained a cybersecurity company to investigate. Within three months, the investigators determined that individuals’ PII (including full names and SSNs) was present on the system and potentially stolen at the time of the 2020 incident. Over 274,000 individuals were affected. According to the complaint, however, Bansley did not notify state Attorneys General and participants about the data breach until late November or early December 2021, nearly a year after Bansley first became aware of the incident. The complaint further alleges that Bansley failed to explain the delay and did not properly disclose to plan participants the time period during which their PII had been exposed, though the firm did offer free credit monitoring services for a one-year period. Plaintiff claims that he and the potential class members were, and continue to be, at…

Source…

Hacker Recounts How He Once Broke Into Professor’s Computer to Submit Late Assignment

September 27, 2021/in Computer Security

© Provided by News18
Hacker Recounts How He Once Broke Into Professor’s Computer to Submit Late Assignment

When you miss your assignment deadline by just two or four hours, you wish you could go back in time and submit your assignment before the limit –something which seems impossible. Turns out, it was not that hard for college student Robert Graham, who is now a well-known cybersecurity researcher. Talking to Lorenzo Franceschi-Bicchierai in an episode of My First Hack series by Vice’s Cyber podcast, Graham shared an anecdote from his college when he hacked his professor’s computer to submit his late assignment in time.

Graham recollects that once when he was too late in submitting his assignment by a midnight deadline, he changed his computer’s date so that the timestamp on the assignment reads of an earlier time than it was actually submitted. But it was not long before the teachers became aware of this trickery students used. To make sure that assignments were actually assigned on time, teachers made it mandatory for students to send the assignment by email.

E-mails contain a piece of information called a header which cannot be modified. An email header contains information like sender, receiver, sent timestamp, received timestamp and other information. At this point, Graham’s trick to backdate his own computer and push the submission timestamp back in time would not work because as per his professor’s instructions, the received timestamp would be considered as the assignment submission time. When the deadline passed, and as usual Graham was late — this time by four hours –he had to have to get around this.

The university ran a Unix-based university environment, and the emails arrived on the professor’s computer rather than being on the cloud. Interestingly, Graham found a way. Around 4 am, “I grabbed a script for an exploit and ran it against their system,” says Graham on the podcast. Once the exploit gave him access to his professor’s computer, he changed the timestamp to match his assignment submission time, and once his email was received, he changed the timestamps back again.

Years later, Graham is now a noted cybersecurity researcher….

Source…

It’s already too late: Plan cyber security incident response now

August 17, 2021/in Computer Security

It’s not a matter of if, but when your business will come under attack from hackers.

There is a cyber security hacking attempt every 39 seconds. Approximately $6 trillion is expected to be spent globally on cyber security this year, and furthermore, since COVID-19, the US FBI has reported a 300% increase in reported cyber crimes.

The advent of the pandemic resulted in an increased global dependence on the cyber industry. With cyber attacks reaching unprecedented numbers this year alone, the importance of pre-emptive cyber incident response (IR) planning has been brought to the forefront.

The financial implications of these data breaches that are a result of victims who decided to pay ransomware ranges from loss of revenue and brand denigration due to customer mistrust, to an inability to recover from the attack.

What is IR planning, and how do you do it?

IR is defined as taking the steps necessary to prepare for, detect, contain and recover from a cyber security incident. An IR plan entails the following:

The activities required in each phase of IR.
The roles and responsibilities for completing IR activities.
Communication pathways between the IR team and the rest of the organisation.
Metrics to capture the effectiveness of IR capabilities.

It is important to note that the value of an IR plan does not depreciate or become obsolete when a cyber security incident is over.

It continues to provide support for successful litigation through the availability of documentation that auditors may need, as well as historical knowledge to feed into the risk assessment process and improve the IR process itself.

Why is an IR plan important?

The value of an IR plan is in its function in the greater scheme of business continuity. As IR is not limited solely to the technical sphere, the plan must be designed to align with any organisation’s priorities and levels of acceptable risk.

The information gained through the IR process can be used to feed back into both the risk assessment procedures and the IR activity itself, to ensure better handling of future incidents and an overall stronger security posture.

It is astonishing to note that a large majority of organisations either don’t have an IR plan, or…

Source…

Technology Adoption: Are we too late to the party?

July 18, 2021/in Internet Security

Technology Adoption: Are we too late to the party?

Jan Havránek and Daniel P. Bagge

Tech

Future technologies: Source: NATO, “Science & Technology Trends: 2020-2040.”

Introduction

NATO and the West are experiencing a reversed kind of revolution in military affairs (RMA) with new technologies bearing far-reaching implications beyond the conduct of war. Past revolutions in military spilled from the battlefield to the civilian sector. They had an effect either by directly impacting the result of a given conflict or through adoption of military technical advantages in non-military aspects of life. Today, we see an opposite trend brought by the private and non-military, non-governmental actors. In their everyday lives, general publics and governments alike face military-grade technologies developed and applied by the commercial sector. And it is the private sector that enjoys exclusivity over these technologies while the military lags behind.

How information is gathered, processed, analysed, communicated, distributed, and utilized has always underlined military planning and assumptions for success in conflict. For example, the reconnaissance strike complex introduced by the Soviets was based on real-time intelligence gathering and underpinned by automated systems and fast data processing. Similarly, NATO’s deep attack concept assumed that commanders “would be given the automated assessment means necessary to rapidly analyse the enemy’s force array.”[1] Such concepts, however innovative and tech-based, assumed a relatively limited amount of data and relied heavily on the human factor. Today, in the era of cloud computing and artificial intelligence, there is a clear shift towards sensor-centric, automated processing. Reconnaissance and analysis are becoming as important as firepower and kinetic effects. Humans are being pushed out from the decision-making due to the quantity of information gathered/coming from the battlefield. The hyper-speed warfare (or the “hyper war,” a term linking the intensity of conflict with cybernetics) risks making the human factor almost obsolete. To a certain extent, human presence in the loop will consequently become more a question of…

Source…

Tag Archive for: Late