All aboard the cybersecurity train! CHOOO CHOOOO! Each week we bring you the greatest and most terrifying cybersecurity and hacking-related news on the web. This is….THIS WEEK IN GETTING HACKED!
A casino is suing a cybersecurity firm for a breach that occurred after the firm had assured the casino its systems were secure following a prior data breach. Affinity Gaming hired cybersecurity company Trustwave to tighten up their security following a 2014 data breach, only to discover that a second breach occurred while under the “protection” of Trustwave and are now suing for a “misrepresentation of their ability to secure data”.
The case is the first of its kind, and more than likely will not be the last, as more companies hire outside firms to take over their online and data security; normally, lawsuits had only been filed by victims of the data breaches, as is the case with Target, who paid out $10 million USD to victims in a class-action lawsuit following their 2013 breach.
Data breaches cost companies millions, and if they hire an outside firm to take care of their cybersecurity worries, those firms need to back up their promises, or face the consequences.
The Pentagon, for two years, has delayed a cybersecurity requirement for defense contractors that would require them to have fully operating systems in place to protect data before signing a new defense contract. How many contractors? About 10,000. You know the people who are supposed to have all the secrets and stuff that shouldn’t get out?
Yeah, they apparently don’t need to have all that tight of a cybersecurity system because they petitioned and said they couldn’t get it done by the time it needed to be done…back in 2013. The new deadline is December 31, 2017, but given the current state of cybersecurity inside the government and its contractors, we should probably expect another delay.
Isn’t it great to know that the people hired to protect our secrets can’t properly protect our secrets? I feel so safe. At some point, it stops becoming a cybersecurity threat and becomes a national threat.
The FDA is warning medical device manufacturers to be wary of cybersecurity threats, because, you know, it could cause DEATH. Yeah, instead of someone stealing your medical data (which is a very real threat), they could basically stop your pacemaker if they’d want to. As medical devices become more connected, the risk of a hack becomes higher, which raises the risk of a life-threatening scenario.
The FDA is suggesting that manufacturers start risk management programs, which would alert the agency of potential vulnerabilities and patch any holes that are found in the devices.
The Wall Street Journal wants to let you know that the biggest risk in cybersecurity is YOU. Yes, you–the fallible human–the one who thinks they know everything is the biggest threat to yourself and your data. Think about it: if all these companies have their cybersecurity systems shored up (except if you’re the government) and there are no vulnerabilities, how are there still breaches?
Phishing attacks. Computers can technically do no wrong, except for totally shutting off and ruining everything, and so the huge risk comes from the people running the machines, answering the emails, and clicking on links. Basically, you should blame yourself for a breach. Thanks a lot, you!
See you next week! Stay safe out there!