|
Cyber Daily: Security Chiefs Want Consistent Information From Cloud Vendors; Clipped Wings at German Spy Agency
|
|
|
|
|
|
Hello. Cigna, FedEx and Raytheon are banding together to pressure Amazon, Google and other cloud providers for consistent information about how they handle client data and cybersecurity. Each cloud company offers its own processes for security and governance, creating added work for customers, according to the companies.
Other news: EasyJet discloses data breach of about nine million customers; Bluetooth vulnerabilities let hackers mimic trusted devices; and German spy agency loses certain intelligence-gathering authority.
|
|
|
|
|
Amazon Web Services and other cloud providers are under pressure to simplify the way they provide security and compliance data to customers. PHOTO: HENRIQUE CASINHAS/SOPA IMAGES/LIGHTROCKET/GETTY IMAGES
|
|
|
Tech chiefs press cloud suppliers for consistency on security data. Cloud providers are coming under pressure from some of their biggest customers to adhere to one across-the-board standard of information on how they handle client data and cybersecurity.
Among those customers are health insurer Cigna Corp., defense contractor Raytheon Technologies Corp. and delivery company FedEx Corp., which are concerned that toggling between the different methods used by providers increases their workload needlessly and might even be hampering their defenses.
Reconciliation is crucial to proper oversight of data as it moves externally, and to provide evidence of regulatory compliance to auditors, said Gene Sun, chief information security officer at FedEx. Mr. Sun has a team dedicated to translating information from the cloud providers. “This day-to-day pain is unsustainable.”
Read the full story at our website.
|
|
|
Tune in to the next WSJ Pro Cybersecurity virtual event. Stevan Bernard, CEO of Bernard Global and former head of global protection services at Sony Pictures Entertainment, will dissect the aftermath of a destructive cyberattack. Details are below. Register here.
|
|
|
|
|
|
|
|
25%
|
Percentage of breaches that companies didn’t discover for at least one month, according to Verizon’s analysis of 3,950 breaches last year.
|
|
|
|
|
Easyjet planes are parked at the London Luton Airport on March 30. The airline revealed this week that a cyberattack compromised the data of up to nine million customers. PHOTO: MATTHEW CHILDS/REUTERS
|
|
|
EasyJet cyberattack exposed data on nine million customers. Hackers hit British airline EasyJet PLC in an incident discovered in January and revealed this week, the BBC reports. Names, email addresses and travel details of nine million customers were accessed, EasyJet said in a statement. In addition, credit-card information for about 2,200 customers was also compromised and those individuals were notified in April, the airline said. The U.K.'s Information Commissioner's Office is investigating the breach.
EasyJet: “It took time to understand the scope of the attack and to identify who had been impacted. We could only inform people once the investigation had progressed enough that we were able to identify whether any individuals [had] been affected, then who had been impacted and what information had been accessed.”
Bluetooth vulnerability allows hackers to impersonate devices. Mobile phones and other devices that use Bluetooth Classic technology can be mimicked by attackers who want to invade trusted, paired systems, Threat Post reports. The attack works on Internet-of-Things devices, laptops, cell phones and other machines, according to researchers at the École Polytechnique Fédérale de Lausanne in France who tested technology from several vendors.
German court orders spy agency to curb foreign-intelligence gathering. Germany’s foreign-intelligence agency, which is banned from spying on Germans, now faces strict limits on overseas activities after the country’s constitutional court decided that the protections against arbitrary surveillance Germans enjoy applied to everyone world-wide. Tuesday’s ruling is likely to force the Federal Intelligence Service, or BND, to greatly reduce or even stop all but the most targeted interception of international electronic communications, The Wall Street Journal reports.
|
|
|
|
|