The Federal Energy Regulatory Commission has issued a final rule creating information security standards for the US electric grid. The US Congress is also considering legislation designed to combat perceived cybersecurity and privacy threats related to the grid. Among other things, the legislation would establish a regulated security testing regime for products used in the grid.
Norton recently released its annual Cyber-security Insight Report for New Zealand. The report found that:
- the amount consumers lost to cyber-crime in the past year was NZD$256.8 million,
- 83% of the respondents are worried that they will become a victim of cyber-crime,
- only 45% of consumers “always” use a secure password,
- only 15% of consumers feel completely in control over their online security, and
- only 38% of the respondents are confident they know what to do if they become a victim of cyber-crime.
Link (Norton): Norton Cyber-security Insight Report (New Zealand)
A feature by Monte Reel and Jordan Robertson for Bloomberg Business looks at the world of security vulnerabilities in medical devices. The authors look at the findings of a research carried out for the Mayo Clinic on the security of devices used on its premises. The results are sobering:
“For a full week, the group spent their days looking for backdoors into magnetic resonance imaging scanners, ultrasound equipment, ventilators, electroconvulsive therapy machines, and dozens of other contraptions. The teams gathered each evening inside the hospital to trade casualty reports.
‘Every day, it was like every device on the menu got crushed,’ Rios says. ‘It was all bad. Really, really bad.’ The teams didn’t have time to dive deeply into the vulnerabilities they found, partly because they found so many—defenseless operating systems, generic passwords that couldn’t be changed, and so on.
The Mayo Clinic emerged from those sessions with a fresh set of security requirements for its medical device suppliers, requiring that each device be tested to meet standards before purchasing contracts were signed. Rios applauded the clinic, but he knew that only a few hospitals in the world had the resources and influence to pull that off, and he walked away from the job with an unshakable conviction: Sooner or later, hospitals would be hacked, and patients would be hurt. He’d gotten privileged glimpses into all sorts of sensitive industries, but hospitals seemed at least a decade behind the standard security curve.’
PwC has released its annual Global State of Information Security Survey.
Key findings for New Zealand include:
- New Zealand organisations are much less confident this year that their information security activities are effective. In 2014, 83.3% of New Zealand organisations were confident or somewhat confident, compared to just 64.7% this year.
- Many organisations are emphasising the people side of the information security equation. However, the survey data suggests that New Zealand is slightly behind the curve at board level. Globally, 34.8% of organisations say their board receives information security risk updates at least four times a year. In New Zealand, only 20.6% receive regular updates.
- New Zealand is falling behind global trends in information security spending.
- 43.3% of organisations have indicated that they have a security strategy in place for the cloud, 40% have mobile malware detection and 50.5% use common identity protection. But more than 40% do not currently have an overall strategy that takes into account the holistic needs of the organisation.
- 28% of organisations with a security incident in the past year suffered a loss or damage to internal records; 25.6% saw their brand or reputation compromised; and 18.3% suffered financial loss.
New Zealand respondents ‘ top information security priorities for the coming year are:
- identifying sensitive assets;
- security strategy for mobile devices;
- classifying the business value of data; and
- establishing security and baseline standards for third-party vendors, suppliers, and external partners.