When the Department of Homeland Security purposefully dropped data disks and USB flash drives in the parking lots of federal agencies and government contractors, 60 percent of the found objects were inserted into an agency or contractor network.
Removing the power from a computer not only results in lost volatile memory, much of which can be critical to a forensic investigation (and should be imaged), but also may lead the intruder to establish other points of entry.
The Federal Communications Commission developed “Small Biz Cyber Planner 2.0” by teaming with members of the public and private sector, including the Department of Homeland Security, the National Cyber Security Alliance and the Chamber of Commerce.
In early May, the FTC’s Chief Administrative Law Judge held that in an enforcement action the FTC must disclose “what data security standards, if any” it has published and intends to rely upon to demonstrate that a company’s data security practices are not reasonable and appropriate.
Cybersecurity is the unsung linchpin of every company that has grown increasingly dependent upon vulnerable technologies, whether to communicate, to store sensitive data, or to manufacture and deliver its products and services.
Let’s start with the good news. Malicious insider activity is relatively rare. Unfortunately, even though outsiders account for 85 percent of cybersecurity incidents, the damage often is substantially greater when an insider strikes.
In last month’s column, we explored the Top Five Reasons to Report Computer Intrusions to Law Enforcement. This month’s column will provide you with a sense of what your company, as a victim of a computer intrusion, should expect when working with the Feds.
Judging by today’s headlines, it is only a matter of time until every company – yours included – is going to experience a computer intrusion, or perhaps another computer intrusion. When that happens, you may find yourself working with law enforcement. Sometimes, they will be the ones calling you.