Weekly Wrap Up | Sept, 12 2014
This week's wrap up will provide key details of The Home Depot data breach, information on the Cyber Protection Brigade, and key details of the report discussing the vetting of cyber contractors.
The Home Depot Confirms Data Breach
Key Details
- Data Breach Confirmed
- Investigating transactions from as early as April
- Home Depot reaffirms that no customers will be liable for fraudulent charges reported in a timely manner
- Home Depot stock is down 2.9% since first disclosing the possible breach
Lessons Learned
Following through on doing what's best for their customers Home Depot has confirmed that there was indeed a data breach on their network. It wasn't much of a surprise for them to confirm the breach after they already disclosed the possibility last week. Taking doing the right thing one step further with the confirmation is something many companies should take note of. Customer trust is not an easy thing to earn and rightly so. I feel that with their seemingly transparent way of handling this situation so far will go a long way in helping earn some of that trust back. Had they waited and tried to hide the breach Home Depot would be much worse off than they are now.
News Stories
Home Depot Confirms Data Breach, Investigating Transactions From April Onward
Cyber Protection Brigade
Key Details
New cyber branch could be established as early as October First brigade of its kind It takes 3 years of training to qualify for the brigade any of today's weapon systems are run by computers and can be popular targets for adversaries
Lessons Learned
In today's increasingly connected world it's only a matter of time before an attacker compromises a military network and gains access to weapons systems or other sensitive data. The fact that the military is possibly creating its own cyber branch further solidifies how real of an attack vector networks and computer systems can be. The wars of tomorrow are well on their way to being fought completely in cyberspace and it's important to remember that in every way there is always collateral damage and that collateral damage can easily be ill prepared business owners or private users.
News Stories
Army standing up cyber brigade, possible cyber branch
REPORT: AGENCIES AREN’T PROPERLY VETTING ALL CYBER CONTRACTORS
Key Details
-
More than 75% of the Transportation Department's information security workforce are contractors
-
Some of them haven't even had background checks
-
Similar situation occurred at the State Department
-
In one instance a courier who delivered IRS documents had served 21 years in prison for arson, retaliation, and even attempted escape
Lessons Learned
This story goes to show how easy it is for upper level management to get too far removed from everyday operations. Due to lack of oversight people didn't perform their jobs up to par and some tasks went undone. This is also a good example of how separation and rotation of duties proves to be a useful layer of security. Had they been rotating job duties the people coming in would have had to review policies and procedures for the new position and could have acted accordingly. While it's true the new person could have missed the background checks too, but rotation of duties still adds another layer required for failure before something like this happens.
News Stories
REPORT: AGENCIES AREN’T PROPERLY VETTING ALL CYBER CONTRACTORS