now browsing by tag
Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on AmIHackerProof.com
Companies in the UK are being fined by the government for not properly securing their data. Is this a model the U.S. and other countries should adopt?
News broke recently that there would be fines of up to £17m in the UK for companies that have poor or inadequate cyber security measures in place. Specifically, if a company fails to effectively protect themselves from a cyber security attack, they could be subject to a large fine from the government as a “last resort” according to Digital Minister Matt Hancock. The U.K. also placed industry-specific regulations on essential services. Essential services industries such as water, health, energy and transportation are expected to have stronger safeguards against cyber attacks.
Cyber Security Inspections to Take Place
In order to keep companies compliant with cyber security regulations, the UK government will now have regulators inspect cyber security efforts in place. Essential services (think water, healthcare, electricity, transportation, financial) will face more scrutiny than other companies. If a regulator finds a company does not have security safeguards in place, the company will have to come up with a plan for beefing up cyber security. Fines will be brought down on companies that continue to fail at implementing the proper securities.
Cyber Attacks Becoming More Dangerous
The essential services people use every day are being targeted by cyber attacks at an increasingly high rate. This can make for extremely dangerous situations, such as the WannaCry attack that hit several National Health Service (NHS) facilities and impacted several hospitals’ abilities to admit patients. It was later found that this attack could have been prevented with proper cyber security efforts in place. It also means that services people depend on every day — from electricity, to water, to industrial safety systems — could all be at risk.
This makes it clear why the UK government has chosen to regulate cyber security, particularly among companies who provide services they deem essential to the public. It also begs the question as to if the United States should follow suit. U.S. companies have fallen victim to their fair share of cyber attacks. These attacks have disrupted the lives of Americans who depend on the services affected or who are having sensitive information accessed by the attackers.
What Safeguards are Currently in Place?
While it is obviously in a company’s best interest to have cyber security precautions in place rather than cleaning up the mess of an attack afterwards, that doesn’t mean everyone invests as much as they should in cyber security. In the U.S. there are a few federal regulations in place to establish a bare minimum for cyber security in certain essential industries.
HIPAA (1996): HIPPA introduced provisions for data privacy and data security of medical information. All companies and establishments dealing with medical information must have specific cyber security measures in place.
Gramm-Leach-Bliley Act (1999): The Gramm-Leach-Bliley Act states that financial institutions in the U.S. must share what they do with customer data and information and what protections they have in place to protect customer data. Noncompliance means hefty fines for financial institutions and could lead to customers taking their business elsewhere.
FISMA (2002): FISMA was introduced under the Homeland Security Act as an introduction to improving electronic government services and processes. This act ultimately established guidelines for federal agencies on security standards.
Critics state that these three regulations are good for establishing minimum security, but do not go far enough. Compliance with all of these regulations have not been robust enough to safeguard against advanced cyber attacks in recent years. There have been clear breaches of cyber security measures that have occured in the medical, financial and government sectors over the past years. While some state governments have put additional regulations in place, the general consensus is that individual companies should be responsible for beefing up cyber security as they see fit.
Cyber Security Investments Should be Increased
At the end of the day, U.S. companies will need to make the decisions that are best for their businesses and customers about what level of cyber security protection is necessary. Marcus Turner, Chief Architect at Enola Labs Software, often discusses cyber security measures with his clients, stating:
“Ultimately, high levels of cyber security are a necessary and worthwhile investment for businesses that care about protecting their customers and safeguarding their businesses. I often tell businesses that they can pay an upfront cost now to protect their data, or wait until a cyber security attack and pay an even bigger price later to clean up the mess. Waiting may very well cost you your business”.
This year we are expecting a much higher investment in cyber security, so it will be interesting to see if this is enough to hinder government intervention or if additional U.S. government regulation of cyber security becomes necessary.
The post Should #Companies be #Fined for Poor #Cyber Security? appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
When the Trump Hotels chain suffered its second data breach last year, the group was rather slow to issue a public warning. The State of New York is not all too happy about this lackluster approach and fined Trump Hotels
The post Trump Hotels Fined Over Credit Card Data Breach, Victims Left In The Cold appeared first on National Cyber Security.
View full post on National Cyber Security
The Bangko Sentral ng Pilipinas (BSP), Philippines’ central bank, has issued a PHP 1 billion ($21 million) fine to Rizal Commercial Banking Corp (RCBC) for cybersecurity failings. RCBC was used by cyber criminals to channel $81 million stolen from Bangladesh’s central bank earlier this year. According to BSP, the fine was “the largest amount it […]
The post Rizal Commercial Banking Corp fined $21m over cybersecurity failings appeared first on National Cyber Security.
View full post on National Cyber Security
The driver in a video depicting a donut and burnout on Coastal Highway that went viral and became symbolic of some of the complaints associated with the spring Cruisin’ event pleaded guilty last week to negligent driving and a handful of other violations and was fined a total of $640.
Last May 16, a blue Chevrolet Corvette was caught on video pulling out onto Coastal Highway and doing a donut in the middle of the street before screeching down Coastal Highway at a high rate of speed with a plume of white smoke trailing behind in the midst of heavy traffic and numerous pedestrians and spectators lining the roadway.
View full post on Parent Security Online