Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security incidents. Show all posts

China’s MIIT Proposes Color-coded Contingency Plan for Security Incidents


On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. 

This emergency plan comes when the country is facing increased geopolitical tensions with the United States and its allies and follows an incident last year where a threat actor claimed to have gained access to a massive amount of personal data belonging to over a billion Chinese individuals from the Shanghai police.  

China’s Ministry of Industry and Information Technology (MIIT) released a detailed document outlining the procedures that local governments and businesses should follow in evaluating and handling issues of data leaks.  

The plan, which is currently seeking public input, suggests a four-tiered, colour-coded system based on the extent of harm done to the economy, a company’s online and information network, or the running of the economy. 

As per the plan, data breach incidents that involve losses worth a billion yuan ($141 million) or more, and affect the "sensitive" information of over 10 million people will be classified as "especially grave". These will be incidents that must issue a red warning, according to the plan.

MIIT released a 25-page document, where it classified all instances of data being unlawfully accessed, leaked, destroyed, or altered into four hierarchical tiers, based on the extent and severity of the harm inflicted. The classification is as follows: 

  • Red (“especially significant”): This level signifies that the disturbance and shutdown of operations lasted for more than 24 hours, with economic loss of more than 1 billion yuan, or the personal data of more than 100 million people being compromised, or sensitive data of more than 10 million people.
  • Orange (“significant”): This suggests that the interruption lasted for more than 12 hours, with a financial loss between 100 million and 1 billion, or the compromise of personal data of over 10 million people, or sensitive data of more than 1 million people.
  • Yellow (“Yellow”): It implies that the interference lasted for more than 8 hours, with an economic loss ranging between 50 million yuan and 100 million yuan, or affected the personal information of over 1 million people, or sensitive data of more than 100,000 people.
  • Blue (“General”): Incidents involved in this category are comparatively minor, with interruption lasting less than eight hours, with financial compromise of less than 50 million yuan, or affected personal data of less than 1 million people, or sensitive data of less than 100,000 people.

The plan stipulates, among other things, that in the event of red or orange warnings, the concerned companies and the local regulatory authorities shall set up a 24-hour work schedule to handle the situation and notify MIIT of the data breach within 10 minutes of the incident occurring.

A statement by MIIT reads, "If the incident is judged to be grave... it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed.”  

The FTC’s new Amendment Requires Financial Institutions to Report Security Breaches Within 30 Days


The Federal Trade Commission has recently enacted an amendment that mandates non-banking entities to notify the Federal Trade Commission of specific data breaches along with other security incidents.

This mandate requires the creation, execution, and upkeep of an extensive security policy to protect consumer data, and it applies to businesses including payday lenders, auto dealers, and mortgage brokers.

The Safeguards Rule, which required financial institutions to report security breaches found in their systems as soon as they occur, was recently amended by the federal government. Organizations must notify the Federal Trade Commission (FTC) "as soon as possible," but no later than 30 days, of any security issue involving the information of 500 or more customers. 

It has been made mandatory for organizations to report the FTC in case any malicious or unauthorized entity gains illicit access to unencrypted customer data. However, this requirement is only applicable if the data is encrypted and hackers have obtained access to the encryption keys.

From April 2024, the new regulation will go into effect 180 days after it is published in the Federal Register.

FTC further informs that following the discovery of a security incident, non-banking financial institutions will have to use the FTC's online site to report pertinent information to the commission. The identity and contact details of the reporting institution, the number of customers affected, a description of the data disclosed, the date of exposure, and the length of the incident should all be included in a thorough breach report.

Moreover, the amendment will also enable firms to notify the FTC in case the public disclosure of the breach jeopardizes their investigation or national security. An official from law enforcement may as well ask for an additional 60-day delay before making the information public. 

The FTC's Bureau of Consumer Protection head, Samuel Levine, stressed that businesses that are entrusted with private financial data must be open and honest "if that information has been compromised." These businesses should be given "additional incentive" by the new disclosure obligation to actually protect the data of their customers.

In October 2021, the FTC released revised guidelines to improve data security while also inviting public feedback on a proposed supplemental amendment to the data breach reporting standards. The new amendment was ultimately accepted by a unanimous vote of three to one.  

Netwrix Reports: Enterprises Experience More Cyber Security Incidents Than Smaller Organizations


Cybersecurity company Netwrix, that makes data security simple, has revealed further findings for the enterprise sector (organizations with more than 1,000 workers) in its recent annual global 2023 Hybrid Security Trends Report.

As per the reports, around 65% of the companies surveyed in the enterprise sector experienced a cyberattack in the previous 12 months, which is very identical to the figure of 68% of businesses of all sizes. Some of the most frequently occurring cyber security incidents includes phishing, ransomware and user account invasions.

However, larger firms are more frequently the target of ransomware or other malware attacks: 48% of enterprises reported such a security incident on site, compared to 37% of all organizations. In the cloud, malware attacks are less frequent with only 21% of respondents in the enterprise sector reported having encountered one in the previous year.

In regards to this, Dmitry Sotnikov, Vice-President of Product Management at Netwrix says “It is no surprise that the enterprise sector suffers malware attacks at a higher rate than smaller organizations. After all, ransomware operators want to maximize their profits, so they consider which organizations are most able to pay a ransom to reduce business downtime — and the larger an organization is, the costlier an operational disruption will be[…]On the other hand, larger organizations have more tools to spot the attack that might stay unnoticed for SMBs. In addition, enterprises have bigger infrastructure with more endpoints that statistically increases the chance of the security incident.”

Moreover, it has also been reported by the enterprise sector that, in comparison to their small peers, they claims higher costs as a result of cyberattacks. In fact, 28% of businesses reported that cyberthreats had cost them $50,000 or more in lost revenue, compared to just 16% of all organizations.

Dirk Schrader, Vice-President of Security Research at Netwrix says, "Smaller companies often underestimate their risk of attack, reasoning that cybercriminals tend to target enterprises because they store more intellectual property (IP) and other sensitive data. But our survey shows that organizations suffer cyberattacks with a similar frequency regardless of their size[…]Every organization has valuable data, such as customer and employee information, and is therefore a target for attackers. What's more, SMBs are not only a target on their own but as a way into the larger enterprises that consume their services."