VIDEO: The Evolving Insider Threat- Dawn Cappelli, Randy Trzeciak of CMU’s Insider Threat Center
This video from RSA Conference 2013 discusses:
- Who typically commits insider crimes – and how;
- How employees are being victimized from outside;
- Why our critical infrastructure is at heightened risk.
Even if you are an employer using standard commercial verification measures, you should be cautious about misuse of any information by employees, managers and contractors. Accordingly, you should be careful with training and education and not on only newly-hired employees. Further, plan on how login credential and access to sensitive information will be handled and/or turned over when training or when terminating, suspending, withholding pay, lowering pay, or taking any other adverse action against an employee.
November 14, 2012
|Cybersecurity Act of 2012 Back, but Same Problems and Questions Remain
Senate majority leader Harry Reid (D–NV) has vowed to bring the Cybersecurity Act of 2012 (CSA) up for a vote in the lame-duck session, and it looks as though the vote could take place this week.
|US-Canada Integrated Cybersecurity Agenda
Bay Area Indymedia
Under the guise of cybersecurity, the U.S. and Canada have been individually pushing draconian legislation domestically which would grant government agencies sweeping new powers. The implications would be far reaching and pose a risk to privacy.
|DHS aims to hire 600 cybersecurity pros — if it can find them
November 13, 2012 — CSO — The Obama administration is hoping to make good on its promise to create new jobs — in this case, 600 of them in cybersecurity.
|The Alarming Trend of Cybersecurity Breaches and Failures in the US …
This summer, the Cybersecurity Act of 2012 (CSA) failed to pass the Senate, with Democrats and Republicans alike voting against the bill. The overriding concern was that the regulatory approach of the bill would be ineffective at best and harmful at worst.
|The Elections and Cybersecurity
When President Obama was reelected last week, political pundits quickly turned to speculation and prognostication. Was the president’s reelection tantamount to a mandate? Would the election motivate both parties away from partisanship ?
|NSA: Looking for a few good cybersecurity professionals
Network World – At a time when cyberattacks on America’s critical infrastructure have increased 17-fold (between 2009 and 2011), the need for highly trained cybersecurity professionals is acute. However, 83% of federal hiring managers in a recent …
|Senate readies for fight over cybersecurity surveillance
has inserted the cybersecurity bill into the Senate’s post-election calendar, and a vote could happen as early as this week after debate on a proposal to open more public land for hunting and fishing. That move has reignited a long-simmering dispute …
|Governor launches cyber security training program
The program offers students and Internet technology professionals a full curriculum of meetings and workshops as well as critical cybersecurity training and awareness tools. The new cyber range serves as a central resource hub and a partner in …
|Seven 2013 Cybersecurity Predictions from Websense Security Labs
SAN DIEGO, Nov. 13, 2012 — /PRNewswire/ — From mass compromises of WordPress to a spear-phishing attack on the White House, there is no doubt cybercriminals gained confidence and momentum in 2012. To help organizations prepare for next year, the …
|Researcher to tackle cyber security for North American power grid
In response, Waterfall Security Solutions has announced a $234,000 donation to Michigan Technological University, in support of Dr. Chee-Wooi Ten’s research into the cyber-security of the North American power grid. Dr. Ten’s research addresses these …
October 19, 2012
On September 25, 2012, the Federal Trade Commission announced a settlement with seven rent-to-own companies that secretly installed software on rented computers, clandestinely collected information, took pictures of consumers in their homes (WTF?!) and tracked these consumers’ locations.
If you haven’t vomited on your computer from the sickening outrage, you can read the FTC press release here.
Software design firm DesignerWare, LLC licensed software to rent-to-own stores ostensibly to help them track and recover rented computers. The software collected the data that enabled rent-to-own stores, including franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase, to track the location of rented computers without consumers’ knowledge
According to the FTC, the software enabled remote computer disabling if it was stolen, or if the renter failed to make payments. It included an add-on purportedly to help stores locate rented computers and collect late payments. Alarmingly, the software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.
When activated, the nefarious feature logged key strokes, captured screen shots and took photographs using a computer’s webcam, according to the FTC. It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.
“An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said Jon Leibowitz, Chairman of the FTC. “The FTC orders today will put an end to their cyber spying.”
“There is no justification for spying on customers. These tactics are offensive invasions of personal privacy,” said Illinois Attorney General Lisa Madigan.