By:
On:
In: *Connecting the Dots Blog*, Financial, Information Privacy, Information Security

  Strike 1: The first incident occurred on April 26th, when SONY announced personal information had been compromised on their PlayStation Network exposing the personal information of 77 million users. Strike 2: One week later, a second security breach occurred on a different SONY network compromising 24.6 million users. Strike 3:  A third incident took place with the leakage of 2500 users’ names and addresses.  SONY admitted that this breach was due to human error on the part of their system management team. In a recent study from Application Security and Unisphere Research, more than 50% of the respondents felt that human error (or maliciousRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Privacy, Information Security, Risk Management

  In a recent Dark Reading article, new research from Trusteer revealed that mobile users are the most likely to fall victim to fake e-mail messages and visit phishing sites. Once they arrive at the fraudulent site they are also three times more likely than users on PCs to provide sensitive login information. Why are mobile users more vulnerable? Availability – smartphones are with their users 24/7 so e-mails are checked more frequently. Phishing attacks generally get their victims during their initial launch, as after a certain time frame sites are taken down, blocked or shut down. Size – the smaller screens of mobile devicesRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

  Lessons learned from a recent hacking competition at Defcon revealed yet again that your employees are the biggest threat to your organization. With just two phone calls, a hacker posing as a Louisiana-based employee handling claims involving the Gulf oil spill was able to trick a computer support employee at BP into divulging sensitive information that could have proved crucial in launching a network attack.  The employee provided information to the caller including the model of laptops BP used, the specific operating system, browser anti-virus and VPN software.  The hacker also convinced the employee to visit an unknown web site, Social-Engineer.org. Other hackers inRead More →