[ISN] UK finance industry launches cyber security framework

http://www.computerweekly.com/news/2240222263/UK-finance-industry-launches-cyber-security-framework By Warwick Ashford ComputerWeekly.com 10 June 2014 The UK finance industry has launched a cyber security framework for sharing detailed threat intelligence, testing cyber security and benchmarking financial service providers. The CBEST framework was developed by the Council of Registered Ethical Security Testers (Crest) in collaboration with the Bank of England, Her Majesty’s Treasury and the Financial Conduct Authority (FCA). The framework is the first of its kind to be led by any of the world’s central banks and comes less than a week after the government officially launched its Cyber Essentials Scheme, also supported by Crest. Crest provides internationally recognised certifications for organisations and individuals providing penetration testing, cyber incident response and security architecture services. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Annual cost of cybercrime hits near $400 billion

http://www.networkworld.com/article/2360983/security0/annual-cost-of-cybercrime-hits-near-400-billion.html By Ellen Messmer NetworkWorld June 9, 2014 An estimate of the global cost of cybercrime — losses from cyber-espionage theft of intellectual property, plus all types of personal and financial data stolen and dealing with the fallout — is being tabbed at least $400 billion annually, according to the report published today by the Center for Strategic and International Studies. In its report “Net Losses: Estimating the Global Cost of Cybercrime,” Washington, D.C.-based think tank CSIS claims the countries hit most are the United States, China and Germany based on their overall national wealth in Gross Domestic Product (GDP). Those three countries together are estimated to have suffered $200 billion in cybercrime losses on an annual basis. CSIS acknowledges there’s going to be debate over how to calculate the cost of cybercrime the way it broadly defines it. But CSIS, whose research draws largely from the work of economists, argues it could not be lower than $375 billion and the maximum could actually be $575 billion. “Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow,” the report says. By coincidence, the CSIS report on the cost of cybercrime comes in the wake of the U.S. Department of Justice crime charges related to alleged cybercrime operations in China and Eastern Europe that are accused of stealing millions of dollars from U.S. businesses through either theft of trade secrets or outright financial fraud. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Banks: Credit Card Breach at P.F. Chang’s

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/ By Brian Krebs Krebs on Security June 10, 2014 Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide. On June 9, thousands of newly-stolen credit and debit cards went up for sale on rescator[dot]so, an underground store best known for selling tens of millions of cards stolen in the Target breach. Several banks contacted by KrebsOnSecurity said they acquired from this new batch multiple cards that were previously issued to customers, and found that all had been used at P.F. Chang’s locations between the beginning of March 2014 and May 19, 2014. Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source.” “P.F. Chang’s takes these matters very seriously and is currently investigating the situation, working with the authorities to learn more,” the company said in an emailed statement. “We will provide an update as soon as we have additional information.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail