CISO Science

Cyber attack readiness is actually falling!

Just 32 percent of IT and security professionals say their organisation has a high level of Cyber Resilience – down from 35 percent in 2015.

A 2016 study from the respected Ponemon Institute and IBM security also found that 66 percent of respondents say their organisation is not prepared to recover from cyberattacks.
Seventy-five percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistently across the organisation.

Yahoo Faces California Data Breach Class Actions

Yahoo! Inc. is facing litigation fallout in federal and state courts after a high-profile hacking attack that exposed information of over 500 million accounts.

Howard M. Privette, a partner at Greenberg Gross LLP in Costa Mesa, Calif., told Bloomberg BNA that “it appears that the state plaintiffs want to try to pursue claims under California law on behalf of California residents, rather than have their claims mixed together with residents of other states in a single huge federal lawsuit.”

IBM Is Compensating Australia Over a 'Malicious' Cyberattack

But it set off a blame game for the lapse by calling out domestic Internet providers.

International Business Machines said on Tuesday it plans to compensate the Australian government for a “malicious” cyberattack that shut down a national census, but blamed two domestic Internet providers for the security lapse.

IBM was the lead contractor for the five-yearly Aug. 9 household survey by the Australian Bureau of Statistics (ABS) which went offline that day after four distributed denial of service (DDoS) attacks, caused by the website being flooded with clicks.

Should companies be fined for not doing cyber security basics?

The big headline-grabber about the General Data Protection Regulation (GDPR), set to come into force in 2018, is the huge fine that can be imposed on companies that have failed to comply with the legislation. The GDPR, which replaces the 1995 Data Protection Directive, sets the maximum fine for a single breach of GDPR at the greater of €20 million or 4 percent of annual global revenue.