Category Archives: IT Industry

Subscribe to IT Industry RSS Feed

Are ATMs safe? Probably not since Black Box ATM attacks are mounting which is costing banks millions!

Bankinfosecurity.com report that “Fraudsters are now gingerly testing the waters in central and Western Europe with attacks that drain cash machines of their funds, according to a trade group that studies criminal activity around ATMs.”  The April 18, 2018 report entitled “No Card Required: ‘Black Box’ ATM Attacks Move Into Europe” included these statistics: The … Continue reading this entry

71% of US federal agencies have reported Cybersecurity breaches!

Darkreading.com reported that “Federal agencies must protect sensitive data and both thwart bad guys hunting for citizens’ private data and nation-state hackers with their own agendas — in addition to grappling with perennial underfunding, understaffing, and antiquated systems that commercial enterprises tossed into the dumpster years ago. At the same time, they need to make … Continue reading this entry

Cyber, Privacy & IT Law at the new Foley Gardere

I’m happy to announce that I will continue my Cyber, Privacy & IT trial and transactional law practice as a member of Foley Gardere’s Privacy, Security & Information Management Practice Group after the April 1st merger announcement “Foley & Lardner LLP and Gardere Wynne Sewell LLP Announce Combination” and Foley Gardere as a combined firm: … Continue reading this entry

You don’t want to hear this - Chip makers confess that every computer in the world is at cyber risk!

Every single computer (including cells, tablets, PCs, & servers) has a Central Processing Unit (CPU) made by Intel, AMD, & ARM and security experts found “two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in so-called cloud computer networks.”  … Continue reading this entry

GUEST BLOG: Will cyber disasters finally be the reason that IT folks learn to speak English rather than Geek Talk (think Technology)?

My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.  Eddie blogs at JurisHacker. For many years … Continue reading this entry

GUEST BLOG: Are you surprised to hear that Equifax’s security chief doesn’t have a degree in technology, rather majored in music?

My Guest Blogger Eddie Block (CISSP, CIPM, CIPP/G, CISA, CEH) is a senior attorney in Gardere’s Litigation Group and member of the Cybersecurity and Privacy Legal Services Team who focuses on all aspects of information cyber security, including credentialing functions, firewall and IDS deployment and monitoring, and penetration testing, and related complex litigation.  Eddie blogs at JurisHacker. What qualifies a … Continue reading this entry

Do you trust China to be the world leader in AI (Artificial Intelligence)?

The New York Times reported that China “laid out a development plan on Thursday to become the world leader in A.I. by 2030, aiming to surpass its rivals technologically and build a domestic industry worth almost $150 billion.”  The July 20, 2017 report entitled “Beijing Wants A.I. to Be Made in China by 2030” included … Continue reading this entry

Will IBM’s recommendation to encrypt the universe provide better cyber protection, or just profits for IBM?

The Washington Post reported that “IBM argues that universal encryption could be the answer to what has become an epidemic of hacking.”  The July 17, 2017 article entitled “To battle hackers, IBM wants to encrypt the world” included these comment about IBM’s recommendations to encrypt the universe: …it has achieved a breakthrough in security technology … Continue reading this entry

Blockchain is what makes Bitcoin work, and is the real deal to change the world!

McKinsey’s interviewed Don Tapscott who defined Blockchain as an “immutable, unhackable distributed database of digital assets” which is a “giant, global spreadsheet that runs on millions and millions of computers.”  The May 2016 article entitled “How blockchains could change the world” included these comments about Bitcoin: Most blockchains—and Bitcoin is the biggest—are what you call permission-less … Continue reading this entry

I CHALLENGE YOU to find life on 7 planets using Big Data and Artificial Intelligence that are 40 light years away!

I think it would be really great if you could figure out how to use Big Data and Artificial Intelligence to find life on the newly discovered “seven Earth-size planets that could potentially harbor life have been identified orbiting a tiny star not too far away, offering the first realistic opportunity to search for signs … Continue reading this entry

Do you want China to control cyber and IT news? Think about this - China Oceanwide is acquiring news media giant IDG

Computerworld announced that “tech journalism pioneer International Data Group [IDG], publisher of Computerworld, PCWorld and hundreds of other tech publications worldwide” is being acquired by China Oceanwide for a price of “less than $1 billion.” The January 19, 2017 report entitled “China Oceanwide, IDG Capital to acquire Computerworld-parent IDG” included this background about “IDG, a … Continue reading this entry

Cybersecurity Report Card for 2016: Overall “C-“ but bad news since the Cloud gets a “D-“ and Mobile gets an “F”!

Tenable Network Security surveyed “700 security practitioners across seven key industry verticals and nine countries” that produced “a single report card score that represents overall confidence levels of security practitioners that the world’s cyber defenses are meeting expectations.”  The “2017 Global Cybersecurity Assurance Report Card” from Tenable with research partner CyberEdge Group included these comments … Continue reading this entry

BUSINESS ALERT: Cyberattacks are directed at ERP systems since they are difficult to secure

Ponemon Institute issued a report after it “surveyed 607 IT and IT security practitioners who are involved in the security of SAP” and that 58% “of respondents rate the difficulty of securing SAP applications as high and 65 percent of respondents rate their level of concern about malware infections in the SAP infrastructure as very … Continue reading this entry

BLACK HAT SURVEY: Employee Training is in the top 5 ways to avoid hacking!

Thycotic took a survey of 250+ hackers at the August 2016 Black Hat conference and reported that “77% say no password is safe from hackers—or the government” which is hardly surprising. The “Black Hat 2016: Hacker Survey Report” included these comments about training: Extend IT Security Awareness Training The weakest link in most organization’s security … Continue reading this entry

Shadow IT (aka Stealth IT) - massive cyber (& legal) risk for 50% of all companies!

Unfortunately most Shadow IT operations are based on “Click Agreements” and as a result the IT department has no idea of where the company data is located or what legal risks exist…, so if there is a cyber intrusion the company will have no clue about what data is stored where, and if the company … Continue reading this entry

Cyber Pain Points: Failure to get buy-in for Incident Response Plan (IRP) in the top 10!

A recent report indicated that IRPs “are frequently developed from within departmental silos, for example, within the organization’s IT security function, and do not address the considerations of business units or cross functional areas needed to coordinate and operate together during a response. This not only leads to an uncoordinated response effort, but discourages buy-in … Continue reading this entry

HIPAA penalty of $5.5 million seems like a lot, but it’s only $1.375 per patient!

With 4 million patient records exposed, this was the largest fine to date for breach of ePHI (electronic Protected Health Information) which included “demographic information, clinical information, health insurance information, patient names, addresses, credit card numbers and their expiration dates, and dates of birth.”  On August 4, 2016 the U.S. Department of Health and Human … Continue reading this entry

The 10 Commandment of Internet Ethics

When reading Wikipedia’s 1992 Ten Commandments of Computer Ethics you can easily substitute “Internet” for “computer” and it’s amazing what you see…., for example the 1st Commandment “You shall not use the Internet to harm other people.”  Here are all Ten Commandments of Internet Ethics (with my minor edits): You shall not use the Internet … Continue reading this entry

Cybercriminal data breaches in Healthcare may exceed a whopping $6.2 billion!

Ponemon reported that “over the past two years the average cost of a data breach for healthcare organizations is estimated to be more than $2.2 million. No healthcare organization, regardless of size, is immune from data breach.”  The “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data” study included this alarming information about … Continue reading this entry

Unencrypted PHI (Protected Health Information) on iPhone leads to $650,000 HIPAA penalty!

The HIPAA violation in violation of a Business Associate Agreement (BAA)  resulted from extensive PHI on an iPhone which “included social security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians, and medication information” according to a recent report from the Office for Civil Rights (OCR) of U.S. Department … Continue reading this entry

Southwest Airlines – Cyberattack or failed disaster recovery?

One might conclude that there had been a cyberattack after Southwest Airlines cancelled more than 700 flights on July 21, 2016, but Southwest claimed that the IT system failed and then “…the backup failed and then the restoration process also failed. It took about 12 hours to finally get all the systems restored” according to … Continue reading this entry

Do you trust the government to set morals for AI (Artificial Intelligence) to drive cars?

The New York Times’ article about the morality of AI auto driving decisions may be based on  “government requirements for autonomous car morality might be one way to go, though the people surveyed in the Science article say they are not keen on that. Manufacturers could also tailor morality to a buyer’s choice.” The June … Continue reading this entry

Experienced outside counsel should be part of your Incident Response Plan (IRP) for cyber intrusions!

Darkreading recommended that an IR team should include “outside legal counsel that possess specialized experience in cybersecurity and data breach responses” and key stakeholders from all applicable areas of the organization, such as Legal, HR, Executive Management, PR/Communications, Information Technology”…as well as third party vendors.  The June 7, 2016 report entitled “How To Prepare For … Continue reading this entry

Report of 50 cyber breaches since 2011 leads congress to investigate cybersecurity at the Federal Reserve!

Following a report about cybersecurity breaches by Reuters the House Committee on Science, Space and Technology sent a letter to Fed Chair Janet Yellen that  these “reports raise serious concerns about the Federal Reserve’s cyber security posture, including its ability to prevent threats from compromising highly sensitive financial information housed on the agency’s systems.”  The … Continue reading this entry