Scammers were able to steal $1.2 billion from businesses worldwide over the past two years using a phishing scam, the FBI revealed. In America, around 7,000 businesses were the victims of the Business Email Compromise (BEC) scam.
The Russian government has been accused of conducting electronic espionage around the world according to multiple reports which state that “for months this summer, unidentified hackers used a previously unknown hole in Microsoft Corp.’s Windows operating system.”
Hackers are increasingly going after government data. Private government contractors tend to be targeted by cybercriminals “because the U.S. federal government – the largest producer, collector, consumer, and disseminator of data in the world – entrusts sensitive information to these private companies. This includes everything from national security secrets, to information on the nation’s military and critical infrastructure, to the personal information of all U.S. citizens and residents,” according to Forbes.
In the US, hackers stole data from a firm that performs background checks on U.S. government employees. The firm, US Investigation Services, stored “highly personal information of workers at the Department of Homeland Security's headquarters as well as its U.S. Immigration and Customs Enforcement and U.S. Customs and Border Protection units,” reported Reuters.
Government agencies and departments are also at risk of a cyber attack, but they could also suffer the negative consequences of employee negligence. In the UK, the Ministry of Justice was fined £180,000 after losing a confidential hard drive in 2013. The unencrypted hard drive contained the details of nearly 3,000 prisoners in the Erlestoke prison, and “included material on organized crime, prisoners' health and drug misuse, and information about inmates' victims and visitors.”
Hackers are stealing data and personal information from all across the U.S.
The Center for Internet Security (CIS) Security Benchmarks division provides well-defined, unbiased and consensus-based industry best practices to help organizations assess and improve their security. CIS certification is often considered to be the gold standard in configuration benchmarks. That’s why we are thrilled to announce that the CIS has certified that EiQ’s core set of Windows and Linux policies meet the technical standards contained in the CIS Benchmarks. Of note: EiQ’s SecureVue 3.6.6 has received certification from the Center for Internet Security (CIS) for its ComplianceVue® policies
The launch of the newly instated Healthcare.gov website has been a nightmare for IT professionals to watch unfold. The website is plagued with a number of glitches and issues related to the sign up, but a new major concern now being brought to light is the security risk of the information being shared on the website.
Congress finally reopened the government after almost two weeks and it was welcomed with much relief from the federal IT departments that had been affected. We addressed what the impact of a shutdown could have in a previous post, and now that it has happened, here is what the impact was.
During the shutdown, government IT departments and the security of crucial government data were left out of work, leaving the crucial data more easily accessible. It is a known fact that the US government agencies (DOD, Civilian and Intelligence) are a primary target of state sponsored cyber attacks and other external vulnerabilities. The government’s IT infrastructure is extremely complex and diverse. There are millions of IT assets that are connected to the Internet, thousands, if not millions, of vulnerabilities that need to be patched on a daily, weekly and monthly basis. Government IT pros typically manage these jobs with great skills but now with a shortage of workers to handle these crucial tasks, a great crisis looms.
While the media portrays the impact the shutdown is having on our government run parks and memorials, the bigger threat the shutdown could have is being largely ignored. The shutdown in itself could harm the IT security of several federal agencies if not fixed soon.
Another example of privileged access being abused recently made headlines – this time with the FBI’s National Crime Information Center (NCIC) database. According to the story, a New York Police Detective logged onto the NCIC database and looked up personal information on fellow colleagues that had nothing to do with his duties as a law enforcement officer.