"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.
"It is the biggest breach we have ever seen; and to say no financial information has been stolen is, well, understating the massive breach and concern," says Neil Schwartzman, founder and chief security specialist at CASL Consulting.
NACHA has posted an alert about a targeted phishing scam that appears to be hitting recipients up for ACH transaction details. Reports of phishing e-mails appearing to be from the Internal Revenue Service have also cropped up this week.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
Although many hospitals and clinics are paying attention to HIPAA and HITECH Act compliance, they also need to train their staffs on how to crack down on identity theft and credit card fraud, security specialists say.
"The trend here is the level of fines that the regulators are putting out there," says Tony Wicks, AML and fraud-detection expert. "$7 million does not sound that great, but for the size of an institution like Pacific National, it is substantial."
Three recent breach incidents, each involving the loss or theft of back-up drives, illustrate that some organizations are doing a better job than others in informing consumers about the steps they're taking to prevent more breaches.