In the July 19, 2012 edition of The Wall Street Journal, President Obama wrote about cybersecurity. The President wrote: ... foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted. He observed: Nuclear power plants must have fences and [...]

In research reported last year in Kaspersky's threatpost, Aaron Higbee, the Chief Technology Officer at Intrepidus Group, stated that 70% to 80% of employees are fooled into taking compromising actions when they receive test spearphishing emails. Spearphishing is a scheme in which targeted emails are sent to individuals to deceive the recipient into taking compromising actions, such as visiting a malicious website, disclosing sensitive information or installing malware.  You can see a demonstration of spearphishing at Spearphishing - The Movie. The Kaspersky posting contains two specific suggestions.  First, train your employees to spot and avoid spearphishing emails.  Second, use email authentication.  At Iconix, [...]

The International Business Times recently reported on the ways cybercriminals are defeating corporate IT security. First, the new malware being used by attackers is harder to detect. Citing IDC research, the article states, "traditional forms of computer security, including antivirus software and firewalls, are only effective against 30 to 50 percent of the malware found today." Second, attackers are becoming far more effective in delivering malware into the enterprise through the use of spearphishing. Instead of using crudely crafted messages that are sent to large numbers of people in hopes that a few people will be deceived, in spearphishing the attacker gathers [...]

Yesterday (July 5, 2102), the United States Court of Appeals for the First Circuit issued its much anticipated ruling in Patco Construction Company vs. People's United Bank d.b.a. Ocean Bank.  The court summarized the facts as follows: Over seven days in May 2009, Ocean Bank, a southern Maine community bank, authorized six apparently fraudulent withdrawals, totaling $588,851.26, from an account held by Patco Construction Company, after the perpetrators correctly supplied Patco's customized answers to security questions. Although the bank's security system flagged each of these transactions as unusually "high-risk" because they were inconsistent with the timing, value, and geographic location [...]