Kroll Fraud Solutions Blog – A Dialogue on Data Security

In my experience as a forensic and cyber-security practitioner, I am often engaged to advise clients on a wide range of issues when they are faced with a possible data breach: Validation of breach occurrence, confirmation of the breach population, whether records were accessed or acquired, and assistance  with remediating the vulnerability that may have led to the breach in the first place.

After conducting cyber investigations for the last eight years, approximately seven of which were in various locations around the United States with the FBI, it is amazing to me how frequently zombie attacks, or botnets, are used as the minions of hackers to accomplish their criminal intent. I have conducted investigations in which botnets were the conduit used in successful attempts to send mass quantities of pharmaceutical spam, run pornography trading sites, and drain corporate bank accounts.

As IT security professionals we often focus on network security, workstation hardening, and other preventative measures to keep unwanted intruders at bay. We sometimes forget that the computers we are trying to protect can be compromised by simple physical access. A couple of recent cases bring this to light:

1. A large educational organization that has many public computers recently discovered that many of its computers had been compromised. The intruder used these compromised computers to penetrate deeper into their network.
2. An executive at a large company discovered a keylogger plugged into the back of his computer.

When it comes to cyber security, what’s at the top of your list? Is it protecting against the threat of hackers? Ensuring that your mobile devices contain the most up-to-date security software or encryption technologies? Making sure you are prepared in the event of a data loss incident?

As the threat landscape continues to expand, it could be all of these, and more. Kroll’s work in all aspects of risk management – from physical and data security to forensics, data recovery and breach response – has provided our team with the experience and frontline knowledge that affords a great vantage point for conveying best practice information and insight.

Last week, the Senate Judiciary Committee approved three bills that would establish a federal breach notification standard:

• Data Breach Notification Act of 2011 (S 1408): Requires entities to notify individuals of a breach via mail, e-mail or telephone unless:
  • Entity immediately submits certification to US Secret Service that notice could damage national security or hinder a law enforcement investigation and Secret Service determines exemption is warranted; or
  • Without unreasonable delay and within 45 days of discovery, entity submits results of a risk assessment to Secret Service concluding there is no significant risk of harm to individuals and Secret Service determines the exemption is warranted.