South Florida man first to be arrested and sentenced for ransomware-related crimes
Lessons from the Biggest Breaches
Yahoo: 3 billion user accounts were breached in 2013, making this the largest data breach to this day. That number was not disclosed until three years later. Usernames and email addresses were stolen, but passwords were not.
- Lesson: Don’t wait three years or even three months to notify your stakeholders of a data breach.
Myspace: Names and passwords from more than 360 million Myspace accounts prior to June 2013 were compromised. This didn’t become public information until May 2016. While many people had long since gotten rid of their Myspace accounts, studies show that at least half of online users use the same password for all of their accounts.
- Lesson: Change passwords frequently and don’t use a single password for all of your accounts.
Under Armour: In February 2018, 150 million usernames, email addresses, and/or passwords were stolen from the users of MyFitnessPal — Under Armour’s food and nutrition app and website. Most of the passwords stolen were encrypted, making passwords an unintelligible assortment of characters. A news release was put out by the company regarding the issue just four days after learning of the breach.
- Lesson: Encrypt company and customer passwords whenever possible.
eBay: 145 million eBay users’ data were breached in 2014. While eBay owned up to the breach and notified users in a satisfactory amount of time, some users had difficulty renewing their passwords after the breach.
- Lesson: Make sure the system you have in place (like password renewal) to negate data breach fall-out is glitch-free.
Equifax: The personal information of 143 million consumers and the credit card information of 209,000 consumers was exposed in 2017. Equifax notified the public two months after they found out about the breach.
- Lesson: Find ways to make the situation right, like providing resources for consumers. — R. Marshall Stevens, co-owner of Stevens and Stevens Business Records Management, a storage and information management center that serves the Southeastern U.S. and has locations in St. Petersburg and Tampa
A new handbook helps combat cyber-attacks.
While data breaches against big companies get most of the attention, 58% of malware attacks actually target small businesses, according to the 2018 Verizon Data Breach Investigation Report. Also, according to the Ponemon Institute’s 2018 State of Cybersecurity in Small and Medium-Sized Businesses, 67% of small businesses experienced a cyber-attack last year.
“Small businesses are targeted by cyber-criminals precisely because they are small,” says Sri Sridharan, executive director of University of South Florida-based Cyber Florida: The Florida Center for Cybersecurity. “Criminals know these businesses don’t have the financial resources to employ state-of-the-art cyber-defenses but still trade in the same consumer data and intellectual property as larger businesses that can afford to invest more in cyber-security.”
In response, the Florida Center for Cybersecurity released a comprehensive cyber-security handbook last month written for small-business owners. Titled, Cyber Defense for SMBs, the 52-page report includes tips on protecting data, thwarting attacks and managing any attacks that get through. The report, the first of its kind from Cyber Florida, can be downloaded at cyberflorida.org/SMB. — Art Levy
Cyber-Security: A Career Path
Some 23 public universities and colleges and 12 private schools in Florida offer a total of 100 certificate, associate’s, bachelor’s and master’s programs in cyber-security and related fields such as information security and digital forensics, according to the 2017 State of Cybersecurity in Florida report from the Florida Center for Cybersecurity at the University of South Florida and from the Gartner Group. Eight public universities and five other private and public higher education institutions hold National Centers of Academic Excellence designations in cyberdefense education or research from the National Security Agency and Department of Homeland Security. Florida is well positioned to fill the demand for cyber-talent, according to the report.
13,465 — Florida cyber-security job openings, including operations and systems maintenance, systems development, threat mitigation, analysts, leadership, forensics and investigation
35,987 — Floridians employed in cyber-security
“Very Low” — CyberSeek’s rating of the supply of cyber-security workers in Florida. Florida’s healthiest ratio of openings to supply is in the career starter certification level. For the highest-level workers — managers of enterprises and designers and managers of systems — there are more openings than actual workers employed in the field in Florida.
4,273 — Number of openings in Tampa Bay, the largest number of openings in any metro in Florida
8,959 — Number of cyber-security workers in Southeast Florida, the top metro in the state for cybersecurity employment
Note: The cyber-security employee base is for 2017 and includes both specialists in cyber-security and workers that require cyber-security-related skills and certifications. CyberSeek is supported by the National Initiative for Cybersecurity Education, a program of the U.S. Department of Commerce.
Read more in our February issue.
Select from the following options:
* offer valid for new subscribers only