As White House issues statement on cybersecurity, a major international hotel chain may be 2017's first cybersecurity victim.
New Year. Same Cybersecurity Threats. A hotel organization with more than 5,000 hotels worldwide reports it is actively investigating claims of a potential credit card breach at some of its U.S. locations. The company operates more than 5,000 hotels across nearly 100 countries.
Credit card information is rich in Personally Identifiable Information (PII) which, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Some categories of PII are sensitive as stand-alone data elements, for example: Social Security Number (SSN), driver’s license or state identification number, passport number, Alien Registration Number, or financial account number. Other data elements such as citizenship or immigration status, medical information, ethnic, religious, sexual orientation, or lifestyle information, and account passwords, in conjunction with the identity of an individual (directly or indirectly inferred), are also sensitive PII.
Addressing distributed denial-of-service (DDoS) attacks and security concerns introduced by the Internet of Things (IoT) should be top cybersecurity priorities for the 45th President of the United States, according to a newly released report commissioned by President Obama.
The report makes clear that cybersecurity is one of the greatest challenges facing the United States today.
In a Statement by the President on the Report of the Commission on Enhancing National Cybersecurity, issued on December 2, 2016, President Obama termed cybersecurity a top national security and economic security priority.
Highlights of President Obama's statement include the following points:
- The United States has pushed to reduce the Federal government’s reliance on legacy technologies, proposing an innovative $3.1 billion fund to modernize costly and vulnerable information technology (IT) systems – a fund that the Commission proposes to expand.
- The United States has updated its guidance for Federal agency IT management, cybersecurity, and privacy, introducing the kind of coordination that the Commission calls for at this time.
- Agencies are increasingly centralizing their cybersecurity efforts and relying on the Department of Homeland Security (DHS) for shared services like vulnerability detection, network discovery and monitoring, intrusion detection and prevention, and cybersecurity assessments of high priority IT systems.
- The Obama Administration has issued a comprehensive workforce strategy and has hired more than 6,000 new cybersecurity professionals in the Federal government in 2016 alone.
- During the Obama administration, emphasis areas in terms of addressing cybersecurity included raising the level of cybersecurity defenses in the public and private sectors, deterring and disrupting malicious cyber activity aimed at the United States or its allies; and effectively responding to and recovering from cybersecurity incidents when they occur.
- Additionally, according to the statement, President Obama reports the United States created the first-ever federal Chief Information Security Officer and driven dramatic improvements in Federal agencies’ use of strong authentication and in critical vulnerability patching.
According to CIO Today, while 2016 may have been one of the worst years in history for network security, there is at least one silver lining for enterprise IT departments. Insurance companies are growing skilled at underwriting cybersecurity risks. According to the Insurance Information Institute, more than 60 different insurance companies are now offering standalone cyber insurance policies, with an estimated U.S. market of more than $3.25 billion in gross written premiums this year.