U.S. Government Requests to Spend $6 Billion on Security

A few days ago, the Bush administration announced a plan to spend $6 billion in a year on cyber security. With the amount of debt the U.S. government has racked up over the years, some would say this is unreasonable. On the other hand, with cyber threats continually evolving and becoming more threatening (as we have seen in France), some say $6 billion may not be enough. What are your thoughts on this? Is the Bush administration making the right move? Where should encryption, 2FA, firewalls, etc. fall into this proposed spending? Please post your thoughts…

Manchester airport first to implement iris recognition

Manchester has implemented what it claims is the UK's first biometric access control system based on iris recognition. The system officially went live just before Christmas, and is used to control access to secure parts of the airport for airport workers. Click here to find out more.

Bank Fraud Attempts Driven by “Vishing”

Customers of three banks in the Eastern U.S. have been subjected to a new telephone phishing scam. In an attempt to retrieve personal account information customers receive an automated phone call, supposedly from their bank, asking them to call a toll-free number to renew their services need to be updated. For the customers that called the number, they were asked for account information.

Dubbed as “vishing”, a mix between “voice” and “phishing”, fraudsters use Voice over IP in their attempts to steal personal information. With email phishing become highly recognizable, vishing could be the next wave of fraud. As fraudsters become more creative in finding ways to obtain confidential information, companies must be equally creative and proactive to halt them in their tracks.

Another UK Data Breach

In yet another data loss scandal in the UK, three million drivers’ records have been lost. Transport secretary Ruth Kelly has known since May that a hard disk drive had gone missing from a secure facility in Iowa City, Iowa.

As a preventative measure, Kelly said the department is now looking at utilizing electronic data transfer. However, many would argue that data breaches are more imminent with electronic data. If the UK government and transport department decide to use electronic means to deliver sensitive data, they both should seriously evaluate methods of securing those processes.

TJX Compensates for Data Breach

To deter from a steeper bill in lawsuits, TJX has offered compensate Visa card users $40.9 million for a data breach occurring back in January. This move is supposed to “save” the company money from the waves of lawsuits that would come in if they opted not to compensate the Visa card users. What would have really saved them money is having a state of the art security standard implemented at the time of the data breach. You see, TJX was using an older security standard, the Wired Equivalent Privacy (WEP) encryption protocol, back in January.

Now TJX must compensate over $40 million as well as update their security measures, when all they needed to do was take care of the latter at the right time. For whatever reason, a $40 million mistake will hurt an organization – even TJX.

Passport Canada’s Lax Security

Passport Canada is scrambling to reassure Canadian citizens that a recent data breach has been rectified. The breach occurred on the Passport Canada website where an applicant could simply change a few letters in their name in the URL field and access another individual’s application. This is yet another example on how relaxed security measures could result in catastrophic results. When will businesses and governments learn that security should be a priority? You would hope that the recent events in the UK will change attitudes towards strong security implementation.