Wednesday: Breaches du Jour
If you're a middle-tier person with responsibility for cyber-security in your $30-$300-million annual revenue-class company, it's sometimes refreshing to note that the private sector isn't the only place where breach problems arise.
Take the story "Minnesota state agency breachmay have put thousands at risk," for example. In this case, what was involved was a pool of 11,000 data records. But, unlike in the private sector, government agencies tend not to fine other agencies. States have recourse to the taxpayers.
We have seen some cannibalistic bureaucracy behaviors in the environmental arena: where, for example, a state pollution agency may fine a city, for example. What we haven't seen yet, is how dueling bureaucracies with dealing other branches of government in breach cases. (Got popcorn and checkbook at the ready?)
Speaking of agencies...
CIODive has a worthy read about how 'Typographical' errors add to FBI's weak breach notifications." Oh, great, huh?
CIODive has a good summary, but if you're an active (if not unwilling) player in breach prevention roulette, the full report from the OIG at Justice might be worth adding to the weekend background reading pile.
The report begins with this summary of Cyber Guardian:
"...we found that the data In Cyber Guardian was Incomplete and unreliable, making the FBI unable to determine whether all victims are being notified. "
There's also mention that Homeland Security had not been entering data into the system as required. So - given this week's chair-shuffling at DHS - how long before all the problems get ironed out. Be looking for OGI: the SeQueL down in political theaters down the road.
If you need a hand understanding your firm's cyber risks and insurance needs, click here to start the free needs assessment process. The Cyber-Armada doesn't want you to sink!