ALLIED UNIVERSAL UNDER RANSOMWARE SIEGE
According to “Data Breach Today”, a cyber management firm; Allied Universal, a $7 Billion dollar security services firm has suffered a data breach, and is being held ransom for approximately $4 Million dollars. The original ransom amount was approximately $1 Million dollars, but Allied Universal did not pay the Bitcoin ransom when first requested and 10% of the data was subsequently released to Wikileaks. Evidence currently available indicates that the bad actor responsible for this attack is likely a nation state. The attack utilized the Maze Ransomware to penetrate the Allied database of some 200,000 employees. This is a complex situation as it appears to still be underway, since Allied purportedly only offered $50,000 to reacquire the data. Allied is spending a large amount of money to correct the system issues, but their handling of the situation to date suggests that their problems have just begun.
It takes professional guidance to fully understand the risks you face with a breach at your company. When a breach does occur, and it likely will at some point, how you have prepared your company and employees to meet the challenge can save your company millions of dollars and a lost reputation.
EQUIFAX FINALLY SETTLES FOR $1.38 BILLION DOLLARS
News reports, yesterday (January 16, 2020), confirm that a federal Judge has approved a settlement in a class action lawsuit against credit bureau Equifax for the massive breach they suffered in 2017. One Billion dollars of this amount will be just for required security upgrades. The settlement fund for victims has now reached $380 Million dollars and may go higher. The cause of the breach was determined to be by an attack on unpatched “Apache Struts” software, where a security certificate had not been renewed in May-July, 2017. A patch had been issued back in March, but Equifax did not detect it until they renewed the security certificate. The breach was discovered at the end of July, but the damage was done. The attackers had access to 148 million individuals in the U.S., 15 million in the U.K., and 20,000 in Canada. In separate legal actions, Equifax settled with the FTC, the Consumer Protection Bureau, and 50 states and territories for $275 million in civil penalties.
While Equifax is a big company with substantial resources, this breach hurt them badly. A similar, but probably smaller, breach by an alarm central station or alarm dealer could be a crushing blow to their financial condition, and most importantly, their customer base. An IT professional will tell you how important software certificates are to the safe operation and credibility of a company, but an InfoSafe certificate of compliance will tell the FTC, the Consumer Protection Bureau and 50 states that your company has taken the proper steps to protect the data and privacy of your clients.
NATIONAL SECURITY AGENCY DETECTS VULNERABILITY IN WINDOWS 10
The U.S. National Security Agency has issued an advisory disclosing a serious vulnerability in Windows 10 and Windows Server 2016 and 2019. At this point, it is not clear if attackers have exploited the vulnerability. The bug is referred to as a spoofing flaw which affects Windows CryptoAPI, a component handling cryptographic operations within the operating system. This is serious enough that the U.S. Department of Homeland Security has issued an alert (Jan.14, 2020) asking businesses and federal agencies to apply the Microsoft patch within 10 days.
Does this notice apply to you? Perhaps. A major responsibility of InfoSafe is to keep you informed of the governmental notices and regulations that affect your business. That is why their first step in the certification process is to evaluate your system(s). InfoSafe then works with your IT person to educate, and create awareness in your employees on how to operate your system(s).
TECHNOLOGY IS THE PROBLEM…AND THE SOLUTION
Our industry has changed radically in the past few years and the prognosis is for even more change in the future. Some of this change is disruptive (the advent of DIY), but most of it is the adoption of technology in all its myriad forms. Keeping up with the changes in industry related technology is an all-consuming task in itself. When we add new privacy regulations, data management requirements, and intrusive government, we need professional help. InfoSafe is an affordable partner who has the knowledge and technology to help ease the pain of confronting these growing challenges.
Tony Smith is President of Security Funding Associates, past President of the CAA and member of the ESA Board. He is a licensed California alarm dealer, member of TMA, and may be reached at (626) 795-9199 or tsmith@securityfundingsolutions.com
