Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

AIG

Cybersecurity: The Looming And Growing Threat

Corporate legal spending on cybersecurity issues hit $1 billion last year, according to the BTI Legal Spending Outlook. It’s easy to see where this money is going: By 2018, more than 50% of organizations will use outsourced providers for security, Gartner predicts.

Here are seven trends expected to impact CIOs, law firms, and their clients in the year ahead:

1. Banking on IT and law firms vulnerability

In the wake of last year’s cyberattack that affected 80 million J.P. Morgan Chase customers, several banks asked their law firms to implement stronger security measures. Today, several banks and major U.S. law firms are collaborating to create a formal group by year end where they can share best practices with each other and government agencies.

“Law firms increasingly are seen as potential weak links,” the Wall Street Journal reported. “Clients often entrust them with everything from valuable trade secrets to market-moving details on mergers and acquisitions.”

2. Data breaches growing more common

More than one-quarter (27%) of chief legal officers reported a data breach within the past 24 months, according to the Association of Corporate Counsel‘s recently released 2015 CLO Survey. Healthcare CLOs were most vulnerable: almost half reported a breach in the last two years, compared with approximately one-fourth among CLOs in other lines of business, the report found.

4. Changing Regulatory Landscape

This year, the European Union is expected to unroll more stringent disclosure and liability requirements that it will start enforcing in 2016. This could lead to a business boom for law firms, will likely also necessitate educational outreach: 77% of European companies surveyed by security developer Sophos did not know whether or not they were compliant with current standards.

Across the pond, President Barack Obama also has called for changes to the Computer Fraud and Abuse Act, the federal anti-hacking statute.

5. Crashing Mobile

Today, 96% of lawyers at firms with 100 or more attorneys use a smartphone, according to the American Bar Association’s annual Legal Technology Survey. And 49% of all lawyers surveyed use a tablet, the report found.

This makes attorneys vulnerable to a growing number of viruses, spam, and attacks specifically targeting mobile devices. If unprotected by even a basic password or biometric safeguard, lost devices leave a firm vulnerable to stolen data. Across industries, only 54% of respondents implemented a mobile security strategy in 2014 compared with 42% the prior year, a PricewaterhouseCoopers study reported. In addition, 47% now use mobile device management (MDM) or mobile application management (MAM), versus 39% in 2014, PwC said.

Across all industries, 46% of IT decision makers plan to increase security spending for mobile this year, Ernst & Young determined.

Advances in wearables and future decisions in how and whether healthcare can incorporate data from devices such as fitness monitors will further complicate mobile security for firms involved in these areas and the CIOs who support them.

5. Insurance at a Premium

Organizations increasingly invest in cybersecurity insurance, to lessen the potential impact of a breach, network damage, or business interruption. Once offered by only a handful of specialized firms, these plans now are available from a wide array of insurers.

To attain cybersecurity insurance, organizations typically must undergo audits and other processes to assure the insurer of the firm’s viability. CIOs, in partnership with governance, risk-mitigation, or the COO, are then assured both of the caliber of the firm’s existing security set-up and of financial coverage should the unwanted occur. Cybersecurity insurers include: AIG; Chubb Group of Insurance Companies; Marsh USA; Philadelphia Insurance Companies, and Travelers Indemnity Co., among many.

6. Ignore Social Niceties

Many law firms hire outside experts to conduct vulnerability assessments and craft strategies to combat Many experts advise staff to frequently reset passwords that contain symbols, capital letters, and numbers. And best practices must address common phishing scams, especially those targeting corporate or client contact information or employee data. Fake apps, fraudulent social media contacts, and hackers masquerading as maintenance staff are all favorite guises for social engineers.

7. All for One, One for All

Security is not exclusively the CIO or CSO’s responsibility. Rather, security must be weaved throughout a law firm so every employee, partner, and attorney cares and acts with security in mind. Communication between departments to ensure security procedures are effective but not onerous help develop a security conscious environment.

Frequent reminders, via screensavers, automated systems, brief self-paced videos, or occasional webinars – remind everyone about security measures. Quickly responding to users’ needs to avoid rogue setups further eliminates vulnerable areas.

Author:

Advertisements

Airline Information Group (AIG) accuses hotels and Facebook of being culpable in credit card fraud

The AIG has issued a press released on the threat of credit card fraud and how other parties can help reduce what they call the fast-growing epidemic of credit card fraud”. 

In the release, AIG identifies two main culprits for the theft of the credit cards:-

  1. Hackers who break into customer databases and steal credit card numbers and customer data
  2. Employees with access to credit card numbers and the details of card owners from retailers such as gas stations, restaurants and particularly hotels 

Airline Information’s Managing Partner, Michael Smith, says about hotels: “Front line hotel employees can easily access and steal credit card numbers and your personal details. Couple this with outdated IT and business processes related to franchising and it’s a toxic mix. Hotel chains and their franchises often use different reservations systems, requiring that paper copies of credit cards be used in many hotel properties. This is much less secure than the masked electronic credit card information standard in almost any other industry. The result is that hotels can be traced as the source of nearly one third of all credit card fraud globally, which hits our company’s airline clients particularly hard, since airline tickets are a common item purchased with stolen cards.” 

When credit card numbers are hacked or stolen, they are then sold online to be used for online purchases or for making cloned credit cards. Personal data about the cardholders, widely available on the web and Facebook, may also then be used by fraudsters, as credit card criminals are referred to, to assume the identities of the stolen cardholders. 

AIG also claims Facebook is used for the selling of credit card data, as well as for sharing information between fraudsters on how to successfully steal card numbers and commit identity theft. Jan-Jaap Kramer, CEO of the Dutch fraud prevention consultancy, FraudGuard, says: “There are numerous pages on Facebook set up by criminal rings to facilitate and share information about credit card fraud. Many of these pages show all credit card details like CVC code, expiry code, the PIN code for online payments and personal data of the cardholder including home address, date of birth, social security numbers and more. We have asked Facebook to block these pages, but it takes no action. The result is greater fraud losses for consumers and merchants, ruined credit records and misery trying to sort out fraudulent transactions.” 

The Airline Information “calls on Facebook to stop the practice of facilitating the sharing of fraudulent credit card information via Facebook pages. We encourage consumers and merchants to contact Facebook and their government authorities to have Facebook end this consumer-unfriendly practice

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: