Skip to main content

Lack of funding exposes US federal agencies to high data breach risks

Lack of funding exposes US federal agencies to high data breach risks

Budget cuts and other restraints are hampering the government from effectively protecting itself against cyberattacks.

US federal agencies suffer the highest volume of data breaches out of government agencies worldwide and budgets are part of the
problem, new research suggests.

On Thursday, cybersecurity firm Thales, in conjunction with analyst firm 451 Research, revealed the results of a new study into
the security practices and effectiveness of government entities.

The 2018 Thales Data Threat Report, Federal Edition, suggests that US federal agencies are experiencing a rise in data breaches
not only from past years but are also reporting higher rates in comparison to non-US government counterparts.

According to the survey, based on the responses of IT professionals working in the federal sector, 57 percent of federal agencies
experienced a data breach in the past year, in comparison to only 26 percent of non-US government agencies worldwide.

This is a vast jump from an estimated 34 percent in 2016 – 2017, and 18 percent in 2015 – 2016.

In addition, 68 percent of respondents say their agencies are “very” or “extremely” vulnerable to the cybersecurity challenges of
today, while only 48 percent of global counterparts admit to the same.

The US government is pushing for IT modernization as part of the Trump Administration’s Executive Order 13800. The order has been
met with mixed reviews due to a demand for a full-scale review in a very short timeframe and a lack of concrete requirements to
modernize cybersecurity.

The problem is one faced not only by government agencies but the enterprise at large today. There is a critical need to revamp
systems and reduce the risk of data breaches and successful cyberattacks, but legacy systems, antiquated software and a lack of
funding can make adequate security an impossible task.

Thales suggests that funding is an issue for federal agencies, too.

The overall federal IT budget dropped by roughly $6.2 billion in 2017, and while the White House has set aside investment for over
4,000 IT projects in mission delivery, administrative services, and support systems, IT infrastructure, security, and IT
management, according to Thales, cuts are anticipated over the coming year which may impact basic IT budgetary needs.

According to the federal 2018 budget (.PDF), from 2015 through 2018, government-wide legacy spending as a percentage of total IT
spending rose from 68 percent to 70.3 percent.

With such a large percentage being taken over just to maintain old, insecure, legacy systems, it is no wonder that many employees
in the federal sector have concerns over adequate security.

“Aging legacy systems may pose efficiency and mission risk issues, such as ever-rising costs to maintain and an inability to meet
current or expected mission requirements,” the budget reads. “Legacy systems may also operate with known security vulnerabilities
that are either technically difficult or prohibitively expensive to address and thus may hinder agencies’ ability to comply with
critical statutory and policy cybersecurity requirements.”

Perhaps in order to maintain the balance sheet, federal agencies are turning towards cloud services, with 45 percent of
respondents saying that their agency uses more than five Infrastructure-as-a-Service (IaaS) vendors.

In addition, 48 percent of those surveyed said over 100 Software-as-a-Service (SaaS) applications are in use.

With the weight of legacy systems pushing on their shoulders and the need to work with new, more innovative technologies and
services at the same time, over two-thirds — 72 percent — of respondents said that they are becoming increasingly concerned over
vulnerabilities spawned from shared infrastructures.

A further 62 percent were concerned about who has access to encryption keys, and where.

In total, 68 percent of those surveyed added that they are concerned about potential data breaches stemming from the cloud.

“The massive adoption of cloud computing does not correlate with implementations of data security tools suited to protect these
new environments,” said Garrett Bekker, Principal Analyst for Information Security at 451 Research. “Although 78 percent view
data-in-motion and 77 percent view data-at-rest encryption as the most effective tools for protecting data, only 23 percent of US
respondents have implemented encryption in the cloud. Additionally, only 31 percent claimed cloud computing security was a top
spending priority.”

Despite these worries, 93 percent of respondents said that security spending will be increased over the coming year within their
IT budgets. In total, 56 percent plan to spend their budgets by focusing on endpoint security, 48 percent will hone in on network
security, and 19 percent view data-centric security as a focal point.

Related coverage: Government agrees to up Medicare card privacy and security controls | Homeland Security orders federal agencies
to start encrypting sites, emails | Kaspersky hauling Homeland Security to court to overturn federal ban | Microsoft to expand
Azure Government Secret cloud option for handling classified data | US government subcontractor leaks confidential military
personnel data

According to the survey respondents, complexity, business impact, and a lack of funding are all adoption barriers to modern
cybersecurity protection.

However, federal IT employees and agencies as a whole remain motivated to do more. In total, 53 percent of survey respondents said
the implementation of best practices and the avoidance of penalties are key motivators for change.

In addition, compliance scored highly at 43 percent.

In January, the United States Department of Homeland Security (DHS) confirmed that a data breach took place at the DHS Office of
Inspector General (OIG), leading to sensitive data belonging to 247,167 employees being exposed.

From:http://www.zdnet.com/article/us-suffers-highest-data-breaches-of-government-agencies-worldwide/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Equifax says more private data was stolen in 2017 breach than first revealed

Equifax says more private data was stolen in 2017 breach than first revealed

The credit rating agency said it didn’t originally announce “potential” data points, like tax identification numbers, that “may
have been accessed” by hackers.

Hackers stole more data from Equifax in a breach last year than initially thought.

In September, the Atlanta, GA-based credit giant revealed a huge data breach, including names, social security numbers, birth
dates, home addresses, and in some cases driver’s license numbers. It was later confirmed over 145 million were affected,
primarily Americans, but also some Canadians and British citizens.

The hack became the largest single data breach reported in 2017.

But documents seen by members of the Senate Banking Committee suggest the types of data stolen were wider than the company first
reported.

A letter published Friday by committee member Sen. Elizabeth Warren (D-MA) to acting Equifax chief executive Paulino do Rego
Barros summarized the senator’s five-month investigation into the Equifax breach, which said exposure of tax identification
numbers (TINs), email addresses, and additional license information — such as issue dates and by which state — was not
originally disclosed.

The news of the documents was first reported by The Wall Street Journal.

Tax identification numbers are usually issued by the Internal Revenue Service to workers who aren’t eligible for a Social Security
number, like foreign nationals, in order to report income and file tax returns.

Tax identification numbers were likely exposed because they were found in the same portion of the database where other tax
numbers, like Social Security numbers, were stored.

Commenting in several tweets, Warren said: “In October, when I asked the CEO about the precise extent of the breach, he couldn’t
give me a straight answer. So for five months, I investigated it myself.”

“My investigation revealed the depth of the breach and cover-up at Equifax,” she added. “And since I published the report, Equifax
has confirmed it is even worse than they told us.”

When reached, an Equifax spokesperson called the Journal’s headline “extremely misleading,” but confirmed that some additional
data points were impacted by the breach.

“We are fully aware — and have been — of the data that was stolen,” said spokesperson Meredith Griffanti in an email to ZDNet.

The company said it has always been up front about the data “primarily included” in the breach, but recently gave the Senate
Banking Committee data points “that may have been accessed that we categorized and analyzed in the forensic investigation.”

“Some of these were impacted — and some, like passports or [card verification numbers] for example, were not,” said Griffanti.

“We sent direct mail notices to those consumers whose credit card numbers or dispute documents with [personal data] were
impacted,” the spokesperson confirmed.

From:http://www.zdnet.com/article/hackers-stole-more-equifax-data-than-first-thought/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

OsMonitor has been listed on Global Employee Monitoring Software Market 2018 Report

OsMonitor has been listed on Global Employee Monitoring Software Market 2018 Report

Recently, the Global Employee Monitoring Software Market 2018 report has listed OsMonitor as a world-famous employee monitoring software with Symantec, SentryPC, BetterWorks.

Competitive Study of Global Employee Monitoring Software Market 2017 Based on Key Vendors: Symantec, SentryPC, BetterWorks , OsMonitor, WorkTime, Work Examiner, NetVizor, iMonitor EAM, InterGuard, Pearl Echo.Suite, Teramind, StaffCop, Veriato 360 and Trend Micro Worry

The report URL: https://askthereporter24.com/employee-monitoring-software-market-2018/

And the Whatech list OsMonitor on  Employee monitoring software market report too. The  report URL https://www.whatech.com/market-research/it/434886-employee-monitoring-software-market-growing-8-78-cagr-by-2023-according-to-new-research-report

About  Ask The Reporter 24

Ask The Reporter 24 is recognized as a pioneer and leader in social news, online professional content with high-quality user-generated contributions to inform our audience about what’s happening around the world.

Ask The Reporter 24 formed its roots in media as a daily hunt in Canada and the United States. But with the rise of the Internet, mobile technologies and social media, we recognized the media industry was changing and so Ask The Reporter 24 evolved into a modern media organization that is a technology company at its core. We set out to build a media business from the ground-up to be Digital First and social in nature, with proprietary technology as the backbone.

 

About Whatech

Passionate about presenting comprehensive coverage of global technology industry news
Dedicated to making every member’s message reach its audience
Whatech is your global information technology and market research resource. News: up to date and informative.Every day we present fresh information about what’s happening in the Markets and Technology. Whatech’s news is fast-paced and comprehensive. Whatech supplier directory connects you with new products and services from the best technology companies.

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

PSA: Stop uploading your bitcoin wallet keys and credit cards to file-sharing sites

PSA: Stop uploading your bitcoin wallet keys and credit cards to file-sharing sites

You’d be surprised at how many people do it daily.

What’s the first thing you do with a new credit card?

Peel off the sticky label on the front and activate it? Rush to the store to try it out for the first time? Or, do you post a
photo of it (both sides!) to social media for the world to see?

One of those answers was a big “no-no.”

That said, you’d be surprised at how many people do it daily.

In the past week, we were alerted to a high-profile file sharing site, which lets anyone search other users’ uploaded files. You
name it — it’s there — and credit cards are just the tip of the iceberg of sensitive files.

We spent a few hours searching the site with common search terms, and we found a ton of sensitive information — beyond credit
cards — including completed tax returns (with names, addresses, financial information, and Social Security numbers), scanned
passport photos, and password lists, which, if used, could allow an attacker access to online accounts. We even found bitcoin
wallet private keys, making it easy to hijack entire wallets full of bitcoin and other cryptocurrency. The results would regularly
include explicit images, regardless of search terms.

That kind of exposed data puts anyone whose information is out there at risk of theft, credit card and tax return fraud, identity
theft or impersonation, and extortion.

We’re not naming the site, because the sensitive data remains online. The site did not respond to a request for comment prior to
publication.

File-sharing sites have long been a semi-lawless corner of the internet where almost anything goes. Many previously popular sites
no longer exist — often shutdown for violating piracy laws for taking an unmoderated and lax approach to removing copyrighted
movies and music. Others preemptively pulled the plug on their own accord, for fear of also facing criminal charges.

Of the few that still exist, nearly all have been at the center of privacy breaches. More often than not, it’s been as a result of
careless uploading by the user themselves.

I know — hell, even you know — this shouldn’t need to be said, but please stop putting your personals on the internet.

With enough exposed data out there already, don’t make it any easier for the criminals.

From:http://www.zdnet.com/article/stop-uploading-your-bitcoin-wallet-keys-and-credit-cards-to-file-sharing-sites/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial

Japan punishes Coincheck after $530m cryptocurrency theft

Japan punishes Coincheck after $530m cryptocurrency theft

Coincheck has been ordered by Japan’s financial regulator to get its act together after hackers stole $530 million worth of
digital money from its exchange.

Japan’s financial regulator has ordered Coincheck to get its act together after hackers stole $530 million worth of digital money
from its exchange, jolting the nation’s cryptocurrency market in one of the biggest cyber heists.

The theft highlights the vulnerabilities in trading an asset that global policymakers are struggling to regulate and the broader
risks for Japan as it aims to leverage the fintech industry to stimulate economic growth.

The Financial Services Agency (FSA) said on Monday it has ordered improvements to operations at Tokyo-based Coincheck, which on
Friday suspended trading in all cryptocurrencies except bitcoin after hackers stole 58 billion yen of NEM coins.

Coincheck said on Sunday it would return about 90 percent with internal funds, though it has yet to figure out how or when.

Japan started to require cryptocurrency exchange operators to register with the government in April 2017, allowing pre-existing
operators such as Coincheck to continue offering services ahead of formal registration.

The FSA has registered 16 cryptocurrency exchanges so far, and another 16 or so are still awaiting approval while continuing to
operate.

Coincheck has said its NEM coins were stored in a “hot wallet” instead of the more secure “cold wallet”, outside the internet.

NEM fell to $0.78 from $1.01 on Friday, before recovering to around $0.97 on Monday, according to CoinMarketCap.

Singapore-based NEM Foundation said it had a tracing system on the NEM blockchain and that it had “a full account” of all of
Coincheck’s lost NEM coins.

It added that the hacker had not moved any of the funds to any exchange or personal accounts but that it had no way to
independently return the stolen funds to its owners.

World leaders meeting in Davos last week issued fresh warnings about the dangers of cryptocurrencies, with US Treasury Secretary
Steven Mnuchin relating Washington’s concern about the money being used for illicit activity.

Within the world of cryptocurrencies, theft is as regular as investors declaring “this time it is different” and “this is good for
bitcoin”.

Last week, a report from Ernst & Young said over 10 percent of all funds exchanged during initial coin offerings were finding
their way into the hands of criminals. This works out to roughly $400 million in cryptocurrency from $3.7 billion in funding
between 2015 and 2017.

In December, bitcoin mining platform and exchange NiceHash was hit, with 4,736.42 in bitcoin disappearing in the attack. At the
time, the bitcoin was worth around $68 million, but the price of the cryptocurrency has dropped since.

Security firm SecureWorks said in December it had uncovered a spearphishing campaign targeting employees at cryptocurrency firms
in a bid to steal bitcoin. The attacks are thought to be the work of The Lazarus Group, a hacking operation believed to be
associated with North Korea.

“Our inference based on previous activity is that this is the goal of the attack, particularly in light of recent reporting from
other sources that North Korea has an increased focus on bitcoin and obtaining bitcoin,” Rafe Pilling, senior security researcher
at SecureWorks, told ZDNet at the time.

Due to the pseudonymous nature of bitcoin, criminals have been looking at other more anonymous digital currencies such as Monero
and Zcash.

A new technique for cryptocurrency mining has appeared in the form of JavaScript served up to website visitors, typically through
ad units that spike CPU usage. One of the most popular scripts is from Coinhive, which in October asked that site owners make
users aware of what is going on.

“We’re a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users
what’s going on, let alone asking for their permission,” the company said. “We believe there’s so much more potential for our
solution, but we have to be respectful to our end users.”

From:http://www.zdnet.com/article/japan-punishes-coincheck-after-530m-cryptocurrency-theft/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial