Search

Brian Pennington

A blog about Cyber Security & Compliance

Month

January 2015

Office agrees it must do more to protect customer data

The UK Information Commissioner Office (ICO) has warned shoe retailer Office after the personal data of over one million customers was hacking.

The hacker accessed customers’ details and website passwords via an unencrypted database.

Sally-Anne Poole, Group Manager at the Information Commissioner’s Office said:

The breach has highlighted two hugely important areas of data protection: the unnecessary storage of older personal data and the lack of security to protect data.

“All data is vulnerable even when in the process of being deleted, and Office should have had stringent measures in place regardless of the server or system used. The need and purpose for retaining personal data should also be assessed regularly, to ensure the information is not being kept for longer than required.”

“Fortunately, in this case there is no evidence to suggest that the information has been used any further and the company did not store any bank details.”

The data breach also highlights the risks associated with customers using the same password for all their online accounts.

Sally-Anne Poole added:

“This one incident could potentially have given the hacker access to numerous accounts that the clients held with other organisations, as passwords were included on the database in question. It’s important to use a unique, strong password for each separate account; preferably a combination of numbers and letters – not a name or dictionary word.”

Office has agreed to an “undertaking under the Data Protection Act 1998”, the details are here.

Cyber insurance is a major growth area for commercial insurers

The Insurance Information Institute (I.I.I.) conducted it’s 19th annual Property/Casualty Insurance survey and found Cyber-Crime is exposing businesses, both in the U.S. and abroad to greater levels of liability than ever before, which is why the market is far from saturated.

The survey’s key findings are below:-

  • 80% of executives said they see Cyber insurance as a major growth area for commercial insurers
  • 78% expect industry capacity (as measured by policyholder surplus) to increase in 2015
  • 72% believe the federal government is interested in further expanding its regulatory oversight of insurers
  • 56% believe the economy will accelerate; 6% believe it will decelerate and 38% believe it will remain about the same
  • 92% believe that M&A activity among insurers/reinsurers increase in 2015? For example the XL Group’s acquisition of Catlin for $4.2billion

The U.S. economy appears to be picking up steam, which translates into more economic activity and the addition of capacity. This means more businesses and people will need more insurance, implying further increases in insurance premium volume,” said Dr. Steven Weisbart, senior vice president and chief economist with the I.I.I. “Moreover, business bankruptcies in 2014 dropped below their lowest level in the last two decades, so the erosion of commercial accounts will continue to ease. As the economy inches closer to full employment, we may begin to see wage increases that outpace inflation for the first time in nearly a decade, primarily affecting the workers compensation line. Further, the low-interest rate climate, which has lasted longer than virtually everyone thought likely, is expected to begin a return to normality sometime in the second half of 2015. Absent devastating natural catastrophes, 2015 could be another profitable year for insurers

The sponsoring organizations of the Forum represent a broad range of insurance interests and audiences and include: ACORD, American Insurance Association, the Association of Bermuda Insurers and Reinsurers, The Geneva Association, Insurance Institute for Business & Home Safety, Insurance Information Institute, Insurance Institute for Highway Safety, International Insurance Society, National Association of Mutual Insurance Companies, National Council on Compensation Insurance, National Insurance Crime Bureau, Property Casualty Insurers Association of America, Property & Liability Resource Bureau, Reinsurance Association of America, The Institutes and Verisk Analytics.

Find the original article here.

Reducing Cyber Risk; Marine transportation system Cybersecurity standards, liability protection and Cyber Insurance

An article in the Coast Guard Journal of Safety & Security at Sea written by David Dickman, Diz Locaria and Jason Wool Container shipcontains a very interesting article “Reducing Cyber Risk; Marine transportation system cybersecurity standards, liability protection, and cyber insurance”.

An excerpt:

Within our nation’s marine transportation system (MTS), computers, information networks, and telecommunications systems support fundamental port and maritime operations.

While this technology provides great benefits, it also introduces vulnerabilities.

In several recent incidents, bad actors exploited cyber weaknesses within MTS elements with significant repercussions.

Some examples include:

  • Somali pirates have exploited online navigational data to choose which vessel to target for hijack
  • hackers incapacitated a floating oil rig by tilting it and forcing it to shut down
  • malware caused another drilling rig to shut down for 19 days, after bringing systems to a standstill
  • hackers infiltrated computers connected to the Port of Antwerp, located specific containers, made off with
    smuggled drugs, and deleted the records.

The full article can be found in the journal by clicking here.

The 2014 WordPress review of my blog

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 18,000 times in 2014. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.

Blog at WordPress.com.

Up ↑

%d bloggers like this: