March 29, 2017
Kayla Matthews, Cloudtweaks.com, March 21, 2017
You may remember, Home Depot was affected by a sizeable data breach in 2014. The incident is widely considered one of the largest point-of-sale heists of all time because over 56 million credit cards were involved, read and compromised. Needless to say, it led to an unprecedented amount of customers affected by such a breach.
Devesh Panchwagh, Delta-risk.net, March 24, 2017
There’s no doubt that bank data breaches cost businesses money, but there are costs associated with breaches that add up beyond a round dollar figure. Most studies that calculate the costs from breaches focus on short-term quantifiable costs such as discovering and mitigating the breach and recovering assets. But the long-term, indirect breach costs — costs such as hits to the stock price, brand reputation, and reduced customer loyalty — can be harder to quantify. Historically, a dip in stock price after a breach is temporary and stocks typically rebound in the months following a breach. Customer loyalty and brand reputation doesn’t follow the same pattern of predictability.
Chad Mandell, Corporatecomplianceinsights.com, March 27, 2017
Headline-grabbing data breaches at retailing, banking and media companies have underscored the importance of cybersecurity and data privacy for those involved in risk-management and corporate compliance. Back in January 2015, the health care sector in particular was alarmed to learn that hackers had broken into the IT system of Indianapolis-based health care giant Anthem and made off with the personal data of as many as 80 million Americans.
James Lockwood, Jdsupra.com, March 23, 2017
An employer was awarded only nominal damages from former employees who copied the employer’s confidential information but made no use, or limited use, of that information and did not cause any damage to the employer. So called “Wrotham Park” damages reflect how much the innocent party would have asked for to release the defaulting party from an obligation, had it been asked, and can be a useful remedy where it is difficult to show financial loss. The judgment provides a useful review of the court’s approach to damages where liability and breach of duty are easily established but showing loss to a claimant is more difficult: Marathon Asset Management LLP & anr v Seddon & anr  EWHC 300 (Comm).
Jeremy Kirk, Databreachtoday.com, March 27, 2017
Google has run out of patience with Symantec’s digital certificate business. It has outlined a plan that over time will have its Chrome browser reject all of Symantec’s existing digital certificates.
Joe Weiss, Csmonitor.com, March 24, 2017
Industrial control systems (ICSs) are critical to the operation of a modern society. ICSs were designed to be reliable and safe, rather than cybersecure, and to ensure safe operations within specific known engineered states.
Zeus Kerravala, Networkworld.com, March 27, 2017
Earlier this year Fortinet hired its first chief information security officer (CISO). The timing makes sense, as the company has grown into a leading security vendor with an integrated, security fabric vision that few competitors can match.
Marianne Kolbasuk McGee, Databreachtoday.com, March 23, 2017
Under the HIPAA Breach Notification Rule, the theft or loss of encrypted computing or storage devices is not considered a reportable data breach. But a recent incident at a Kentucky-based healthcare organization demonstrates that making a determination on whether an incident is a reportable breach isn’t always clear-cut.
Tim Greene, Csoonline.com, March 24, 2017
Blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.