Monthly Archives: February 2017

Cyber Security and Social Engineering: A Big Low Tech Problem

Headline-grabbing cyber hacks of email accounts belonging to celebrities, corporations, government officials and political campaigns are becoming the norm.  Cybersecurity intended to guard against these acts brings to mind high tech computer hardware and software fixes delivered by knowledgeable IT professionals, who are expected to prevent network intrusions, stolen passwords, viruses, ransomware attacks and other hacks. But the most recent notable cyber hacks were not caused by high tech espionage.  Rather, they were the product of low tech social engineering – the use of deception to manipulate users into divulging confidential passwords and other personal information.  This kind of hack …

[ CONTINUE READING ]

The Anthem Breach – A Retrospective (Part II)

We published Part I of our “Anthem Breach Retrospective” in January 2017.  Coincidentally, at around the same time several plaintiffs in one of the earliest filed cases arising out of the Anthem data breach voluntarily asked a judge in the Northern District of California to dismiss their lawsuits. The requests for dismissal came after Judge Cousins ordered select plaintiffs to comply with a discovery request by Anthem, requiring them to submit their computers to an independent forensic examiner to determine whether malware caused data or credentials to be stolen from the plaintiffs’ computers even before the breach of Anthem’s systems. …

[ CONTINUE READING ]

ISO’s Privacy Standard for Cloud Service Providers

In July 2014, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) issued a new security standard – ISO 27018 – which attempts to outline best practices for public cloud service providers on how to better protect personally identifiable information.  Although the standard expressly only applies to public cloud providers, it’s instructive to any cloud provider –public or private. Like all ISO standards, compliance with ISO 27018 is voluntary, and certification under the standard is not required by any law. However, over time, more and more cloud service contracts are requiring compliance with or certification to this standard. Adhering to the ISO …

[ CONTINUE READING ]