These clearances, deemed as "extraordinary" by Reuters, show that the government is getting more serious about the need to collaborate between public and private bodies. These attacks are seen as becoming more serious against U.S. entities over the past few years and McFeely did not discuss any details of the investigation. The news organization said thus far, banks have had to spend millions of dollars to get operations securely back online. Banks which have been affected include JP Morgan Chase & Co, Bank of America, Wells Fargo and Citigroup, among others.

McFeely said the FBI has changed its stance 180 degrees from where it used to be on letting these companies behind the curtain, as executives are starting to work harder to secure international help against this kind of cybercrime, according to Reuters. The FBI has also warned 129 countries about 130,000 internet protocol addresses that have been used by these attacks, many of which were infected by viruses before being ordered to attack the bank websites.

One big issue with international talks has been a lack of willingness to share information and make arrests, but McFeely said that may be coming soon. Hackers who have been identified by name may travel outside of their country and be detained, something he said will be a "big deal" the first time it happens.

Recent ATM heist shows cause for alarm
To illustrate just how big of a target financial institutions have become, Bank Info Security said a recent cyberheist that took place was announced by federal authorities earlier this month which saw $45 million be chased out of ATMs from around the world in extremely well timed and short streaks. Avivah Litan, an analyst with Gartner, told the news source that this closely resembled the 2008 RBS WorldPay heist and ATM cashout which saw $9 million disappear in theft.

"These attacks keep repeating themselves," Litan says. "There are tens of thousands or more financial institutions to attack in this manner across the globe, and there is plenty of fodder for the criminals."

Litan said one of the most trouble aspects of this breach is that it is very difficult to discern the points of the network that were breached by these criminals. There are many parties in the payment chain and it is hard to assign blame for any of these types of threats. Simply pointing fingers, she said, is a lose-lose proposition for all parties involved.

There must be work done on all ends to share information about these attacks to gain information in an effort to eventually slow down these data security issues.

"Until then, we will continue to try to keep a leaky insecure payment system secure," Litan said. "It reminds me of the little Dutch boy who stuck his finger in the dyke and successfully stopped the seawater from flooding his home town. He was successful because he stopped the leak when it was very small. I think we are too late when it comes to our global card payment systems. We probably need at the least, a major cyber-army, in this instance."

Security News from SimplySecurity.com by Trend Micro.

The news arm of the company monitored when subscribers had logged onto the service, which allows companies to access Bloomberg's services to analyze and monitor the financial market and trades, to find out which types of functions they had looked at. These services, which are found in almost every banking and trading company, according to the New York Times, cost an average of more than $20,000 per year. The company said it was a mistake to allow reporters to look at this information and disabled it after Goldman Sachs complained that a reporter had pointed out that a partner had not logged into the program lately when inquiring about that particular person's employment status.

Following this incident, many prominent financial service professionals have become very concerned about the link between this terminal business and the Bloomberg news room. The Times said it is threatening the credibility of both services, as Wall Street relies on the secure and timely transmission of data between qualified traders. If Bloomberg's services are seen as a conflict of data security interests, it could be viewed as a huge problem for these businesses.

"On Wall Street, anonymity is critically important. Secrecy and the ability to cover one's tracks is paramount," said Michael J. Driscoll, a former senior trader at Bear Stearns who now teaches at Adelphi University, according to the news source. "If Bloomberg reporters crossed that line, that's an issue."

The New York Post first reported on this abuse of the Bloomberg terminal service by reporters, with analysis showing that there may have been several hundred reporters that have used the controversial technique. Bloomberg has more than 2,400 journalists employed worldwide, so the use of the service in this way has potential to have been spread even more than this.

Insiders told the Post that Bloomberg employees could not only tell which employees logged onto the service, but how many times they used certain functions. This has left many wondering just how secure their information is on this service and if other private aspects of their business have been leaked without their knowledge.

"You can basically see how many times someone has looked up news stories or if they used their messaging functions," said one Goldman insider, according to the news source. "It made us think, 'Well, what else does [Bloomberg] have access to?'"

Making matters worse is new information that has been released by the Financial Times. This news organization found that more than ten thousand private messages were sent between users of the Bloomberg financial terminals were leaked online. This will likely make it ever harder for the company to gain back its credibility as it struggles to restore faith in the privacy of its services among Wall Street thought leaders. There are now two long lists that show messages between traders are some of the world's largest banks and their clients, the Times said. This will clearly make the road to redemption that much harder for Bloomberg as officials try to save face with both private sector clients and increasingly concerned government regulators.  

Fallout from this issue
Thus far, the Post reports that no reports have lost their job over this issue. Bloomberg spokesman Ty Trippet said in light of concerns, journalists no longer have any access to customer relationship information. According to Forbes, Matt Winkler, Bloomberg's editor-in-chief, said reporters should not have access to any of this kind of information, adding that he is apologetic that he did and saying that it is an inexcusable incident.

However, Forbes said calling it an error makes this incident sound like something that happened due to carelessness or bad judgment, when in fact there was a decision to let these reporters look at privileged information, Winkler said.

"There was good reason for this, as our reporters used to go to clients in the early days of the company and ask them what topics they wanted to see covered," he writes. "Understanding how clients used the terminal was more important then."

Forbes said whether this information was used innocently or not, it likely will not have much effect, as the invasion doesn't really mean much compared to the value of this subscription to customers of the company. Even so, news organizations will need to start thinking about the implications of sharing sides of their other revenue and advertising with reporters, as companies will want to have more trust in the security of the company they are working with.

Data Security News from SimplySecurity.com by Trend Micro

"Policies need to be set quite close to the ground," said CEB's Jeremy Bergsman. "That means empowering people for day to day work. A lot of the best companies are re-writing security policies in a way that gets out of the mindset of 'things you can't do' and instead are made with a mindset of providing guidance for good decision making."

Bergsman said policies are written in a way that isn't reflective of the way work gets done, thus employees work around the policies instead of with them. This is made worse by the fact that working at home and working at the office is becoming a blurred line among younger workers. Forbes said a recent survey by Cisco found 40 percent of workers were aware that their company's policy did not allow personal use of the internet and 70 percent violated that policy.

While none of this may seem like a big deal to many, Forbes said most types of cyber infections and malware are likely to come from what many may think is harmless use of web services. Especially with online ads on legitimate websites now more likely to contain malware, people must be extremely careful with how they navigate the Internet. Cisco's John Stewart said that most people don't know where work starts and home begins in many instances, so companies need to educate and train users for best practices of using the web at work. Standards and policies must be made clear to employees to help understand what is acceptable on their end.

Business News Daily said the best cloud computing standards will let employees interact with data in many diverse and unique ways while also being secure. Eric Knudson, a representative of technology services company Touchbase, told the website that security and access are usually at odds with one another, so it will be up to the provider and business to figure out a way that these can work together in a way that makes sense for all parties involved.

"Encryption, versioning and audit or e-discovery capabilities tend to be afterthoughts," Knudson said, "But if you're considering cloud storage for your business, these should be important considerations. They may be the primary considerations, in fact."

Cloud Security News from SimplySecurity.com by Trend Micro.

"Both nations firmly agree we need improved multilateral cyber coordination and we're working to do just that," the official said, according to the news source. "Cyber will also be on the agenda for discussions at the upcoming NATO conference in June."

British Defence Secretary Phil Hammond was recently in Washington, D.C., to meet with U.S. Defense Secretary Chuck Hagel to discuss cyber issues and other military concerns, according to Killer Apps. Hagel said much of the conversation focused on the physical aspect of defense but said there will be more cooperation than ever in the digital realm, calling it a "priority area." Hammond added that the U.K. and U.S. remain in lockstep on these projects as they look to take them even further into the future.

The impetus for improved cyber and data protection makes more sense when recent attacks from foreign countries are put into focus. It has been reported that defense contractor QinetiQ was compromised by an advanced persistent threat by an attack group operating in another country. Dark Reading said this group accessed information about U.S. drone and robot weaponry and was able to bring competing products to the market.

A wide area of concert
A larger report compiled by Bloomberg, which cited investigators who were hired by QinetiQ, as well as stolen and leaked emails by Anonymous, found that ongoing attacks against the contractor were launched by a group called Comment Crew. Earlier reports from this year found that the group had attacked and compromised 141  businesses across 20 different industries. The company that found these attacks, Mandiant, said the attackers were actually from the People's Liberation Army Unit 61398, an elite military hacking unit, and may spread out further than China.

"In four days of furious activity, the hackers rifled at least 14 servers, taking particular interest in the company's Pittsburgh location, which specialized in advanced robotics design," according to the Bloomberg report. "The Comment Group also used [a network administrator's stolen] password to raid the computer of QinetiQ's Huntsville, Alabama-based technology control officer, which contained an inventory of highly sensitive weapons-systems technology and source code throughout the company. The spies had got their hands on a map to all of QinetiQ's digital secrets."

Investigators who were hired by QinetiQ said despite multiple warnings from many organizations, the contractor's network had been compromised and officials failed to realize that the attacks were persistent. They did not react accordingly and IT professional Christopher Day told Bloomberg that they found intruders in many divisions and across product lines. There was almost no place within the company's servers without a persistent threat going at it. As a result of this, terabytes of sensitive data were stolen.

Defending against APTs 
Warwick Ashford wrote on Computer Weekly that what usually makes these threats advanced is the combination of infiltration techniques that most businesses and government agencies cannot stop in concert. However, he said taken individually, these techniques are easy to defend against and are not unstoppable. The effectiveness of guarding against advanced persistent threats has to mean businesses have a depth of security, detection capabilities, a response and recovery plan, as well as security and awareness training across the entire organization.

"By bringing together in-house capabilities with third-party expertise in the form of a network forensics capture and analysis service, an organization can reach an acceptable level of risk with regards to APTs and blended threats," Mike Westmacott, security consultant at Information Risk Management, told the news source. "Such an approach will also prove invaluable if an attack takes place, as it will help the company to continuously improve its security posture."

If a company has been affected by an APT incident or attack, they need to have a stated approach for how the IT department can shut down the attack and preserve evidence of the attack to make sure what happened is known exactly. This means there must be a plan for event analysis to learn lessons from the event and develop even strong technological and procedural controls.

The last line of defense must be the people in the organization being able to recognize when something isn't quite right on a network. John Walker, member of the security advisory group of the London chapter of ISACA, told Ashford that there should be security awareness training and educational programs to help improve employee understanding of these attacks.

"Whatever an individual's role is within the business, from chief executives to secretaries, businesses must ensure that everyone is provided with an adequate level of security awareness training so they will be able to identify anything suspicious," Walker said.

Data Security News from SimplySecurity.com by Trend Micro.

"In the wake of active attacks against zero-day vulnerabilities in Java that were being exploited to install McRAT malware, Oracle this week released Java 7 update 17 (it skipped issuing an update 16) and Java 6 update 43 (skipping update 42)," he wrote on the website. "Both updates patch two critical bugs, one of which attackers were exploiting to fully compromise vulnerable PCs. Needless to say, Oracle and security experts at large have recommended that Java users upgrade as soon as possible."

Security experts now count the time in between new attacks on Java in days rather than weeks and months, as it has become far more common of an exploit for hackers to go after this program.

Other facts about Java that Schwartz believes are important to keep in mind include:
- Oracle has improved the speed of patching security holes in Java, so companies that regularly update can keep updating the program and experience less problems than they would
- Businesses may want to disable their Java plug-ins, as security experts say the program on browsers cause some problems for organizations who use it too much, especially on websites they do not trust

To illustrate how dangerous Java can be if left to its current state, Jon Brodkin wrote on Ars Technica that a flaw identified in February allowed for a complete bypass of the Java security sandbox. Security Explorations, an online security firm, said the company looked to investigate the flaw and get back to them soon, but as it stood, the flaw could have been leverage to completely bypass security in the program.

"We've advised before that users who don't need Java should consider uninstalling it, or at least the Java plug-ins used to run Java content in web browsers," the website said. "Even savvy computer users aren't necessarily safe."

Security News from SimplySecurity.com by Trend Micro

Another big security problem for users is the amount of phishing that has been taking place, as 9.2 million Americans said they were victims of a such an attack within the past year. The key to this has likely been the use of big names to trick people into opening emails and visiting websites, as cybercriminals used PayPal, Visa, Facebook and banks to try to trick people so they could infect their PCs. Consumer Reports said hundreds of thousands of people lost money from a bank accounts as a result of this scheme.

Facebook was issue in and of itself, as 9.8 million people had their accounts used by an unauthorized party. This has caused a lot of fake information to be placed on the social media website, as 28.5 million Facebook users changed personal information to protect their identity.

Consumer Reports also found that smartphones can be a worry for data security as well, as about 40 percent of people surveyed said they didn't even take minimal security measures, such as screen lock, data backup or a device location app to help keep their device safe.

"Last year, 5.6 million smartphone users experienced undesired behavior on their phones such as the sending of unauthorized text messages or the accessing of accounts without their permission, our survey projects," the organization said on its website. "According to experts, those are symptoms indicating the presence of malicious software."

While the rate of malware infecting these devices, 5 percent, was much lower than the 31 percent that infects home computers, Consumer Reports said it is troubling due to the fact that security infractions are becoming more common on iPhones, Androids and other devices where users seem to feel too safe for their own good. About 1.2 smartphone users were charged for calls or texts they never made and experienced harassment, data loss or identity theft after this incident. The natures of these devices may make them much harder to secure than many had anticipated, but securing smartphone devices is now a must for business.

Consumerization News from SimplySecurity.com by Trend Micro.

Knowing that these external threats are coming is key for businesses, as the report showed 92 percent of cyber attacks were by external parties while a mere 14 percent were from an insider. Companies could experience both, so it was noted that this number does not have to add up to 100 percent. Fifty-five percent of attacks were carried out by organized crime syndicates, where spam, identity theft, payment fraud and other strategies were employed. 

"The two big reasons for the dominance of external actors are their numerical advantage and greater attack scalability," the report stated. "An organization will always have more outsiders than insiders, and the Internet connects criminals to a virtually limitless host of potential victims."

While most would think organized crime would factor in primarily with large companies, the Verizon report showed that 57 percent of attacks on small businesses fell into this category, distantly followed by 20 percent coming from state-sponsored hackers. For large companies, 49 percent of attacks came from organized crime with 24 percent government-affiliated. The primary incentive for these crime syndicates to attack is money, the report said, as there are now more economic and social activities online and a richer amount of data that can be stolen and converted into cash for these criminals.

Organized cybercrime targeting industries such as food, retail and finance tends to come from Eastern Europe and North America, according to Verizon analysts. Attacks can include malware used for spying, brute-force hacking and even physically tampering with databases, desktops and ATMs to get what they want. State-affiliated attacks are expanding as well, with the report saying these attackers are using espionage campaigns to target data to help military interests, find insider secrets and acquire source code. Only 2 percent of attacks come from hacktivists, even though many may think of this as a bigger issue now due to how much mainstream attention it receives.

Securing data for a better future 
​Verizon executive vice president Randal S. Milch wrote in a guest post on The Hill that Congress must play a key role in helping to improve the nation's cybersecurity posture. One suggestion he had was to start sharing threat information between federal agencies and communications companies which can help find threats earlier and prevent them before they really hurt companies or government bodies, which is essentially the basis of the CISPA bill. 

"As we continue to work to find the best solutions to ensure the best cyber security in the middle of this fast‐moving technological war, we must avoid regulatory mandates that will quickly become obsolete and potentially hinder the ability of high tech companies and broadband providers to innovate and coordinate to defeat ever-evolving cyber threats," he wrote. "These companies must maintain the flexibility to deploy new technologies in real-time to secure networks and to protect customers."

Milch believes that having a strong partnership between the public and private sectors will bring forth a more secure era of online communication and data sharing, thereby helping the company grow economically. This brand of data security will take teamwork, he said, but he believes that as more realize how important securing the cyber world is, the easier it will get to come together and do as such.

Data Security News from SimplySecurity.com by Trend Micro.

"Once an attacker or piece of malware is inside the network, it can often lurk unseen among the mass of data that enterprise systems generate and trying to locate it, even if you're aware that an attack has taken place is extremely difficult," he wrote. "That's why the new frontier of enterprise security is big data and statistical analysis specifically in machine data. Every interaction with a 'machine' – whether it's a website, mobile device, application server, corporate network, sensor or electronic tag, and whether it's automatically generated or a manual transaction – leaves a trail and a record."

The have been a few major issues that have come out to affect the Internet security landscape among enterprises in the past couple of years, Seward wrote, including the fact that organizations are now essentially under constant attack. While hackers were more sporadic years ago, there are now a greater number of cybercriminals online who are trying to steal money or data and perhaps just trying to cause a business to go down. These attacks understand how much pressure IT departments are under to keep up with trends and know many don't monitor as well as they should, so many of these hackers can become very difficult to stop once they have made their way into a network.

With this constant threat of attack, Seward wrote on The Guardian that IT departments have turned into a reactive and administrative role where many businesses end up purely responding instead of trying to stop these attacks before they start. This means most are not coming up with new and creative ways to stop these attackers, instead simply giving in to the fact that they will have to deal with these attacks eventually. Seward said these organizations should start using big data to help see these attacks before they infect the business and stop them at their root.

"The days of rules-based security engines looking for known threats are drawing to a close, as they're simply not built to handle the volume and sophistication of attacks today," he said. "To truly understand the nature of the threats they face, companies need to move beyond traditional approaches to security and delve deeper into the machine data being generated every second of every day."

Securing the big data itself
Patrick Gray wrote on TechRepublic that the big benefit of big data is that it can consolidate huge data sets from many source and use them to solve a business or data security problem. However, organizations cannot forget to secure the big data itself, as he said security is often an afterthought by companies in these sets. Especially for companies that have a lot of confidential sales, customer or employee information, security should be one of the first thoughts when using big data.

"Also, remember that a key element in any type of security is the human element," Gray wrote. "If you have neither the time nor inclination to implement extensive security, ensure that staff with access to the data can be trusted, and that they understand the nature of the data they're dealing with. Where consultants are involved, ask to see their data security policies, and ensure they're appropriate for the type of data the consultants will have access to."

Data Security News from SimplySecurity.com by Trend Micro.

One effect of this hacking was the Dow Jones Industrial Average plummeting by approximately 140 points. Although the market quickly recovered when the AP revealed that they were the victim of an attack, CNBC's Sue Herera said that this shows how sensitive the market is right now, as any report of a terror-related attack can send it into a tailspin.

Politico said the Syrian Electronic Army, which supports the government of Syrian President Bashar al-Assad, has claimed responsibility for the erroneous Tweet, writing on its own website that it wrote the fake tweet about an explosion in the White House. The SEA boasted that this tweet created chaos and started a decline in U.S. stocks. This same group has claimed they were responsible for attacks on NPR and CBS News Twitter accounts in previous instances.

Lessons can be learned from this attack on Internet security, according to Matthew Schwartz on InformationWeek. In this instance, it seems as though the cause of the password leak was a phishing email sent to multiple AP employees, which one worker said was "impressively disguised" to look like a real email from a co-worker.

"How can businesses prevent an AP-style Twitter account hijacking?" Schwartz said. "The short answer is that it's very difficult for users to spot every phishing attempt, and also difficult to adequately protect Twitter accounts against hijackings, whether you're an individual or a business. For starters, that's because only a username and password are required to log into a Twitter account, and the username is already publicly known, because it's a user's Twitter handle."

It is more difficult especially for Twitter accounts that have multiple people with access to the master password, as this makes two-factor authentication much harder to use in a secure way. Each company that uses accounts like this will need to learn a lesson from this event and make sure they are diligent with regard to keeping the passwords secure by only giving access to individuals that need it and being wary of suspicious emails.

Security News from SimplySecurity.com by Trend Micro

"Our nation's cyber security requires the active participation of the government, business and every consumer," according to the letter. "We believe these bills encourage the participation of all, while providing the tools to defend against cyber threats by funding research and development activities."

While the National Association of Federal Credit Unions did not sign this letter, Credit Union Times quoted vice president of legislative affairs Brad Thaler who said the exclusion means they want to emphasize the importance of data security in this legislation. The group penned their own personal letter which said credit unions often need to charge to make up for fraud related losses. Thaler said in the letter that he wants the House to hold every entity storing financial or personal data to a minimum set of standards in an effort to better protect the information they hold.

The Credit Union Times said bills passing on to the Senate include:
- The Cybersecurity Enhancement Act, H.R.  756, which will likely be vetoed by President Barack Obama
- The Advancing America's Networking and Information Technology Research and Development Act, or H.R. 967
- The Federal Information Security Amendments Act, or H.R. 1163

A recent survey published in NAFCU's Economic & CU Monitor showed that data security is still a big issue for the cost of doing business in credit unions. In 2012 alone, 3,800 member accounts were affected by breaches which cost $86,000 on average to fix. There was an average of $112,000 spent on data security by credit unions that year. About 38.5 percent said they expect security costs to rise in 2013 with a mere 2.6 percent expecting to spend less.

"Many credit unions tailor their efforts according to target group," according to the NAFCU's write up of the report. "Of the survey respondents, 78.8 percent said they offer training to students; 57.9 percent offer training to the elderly; and 68.4 percent have programs for high-risk borrowers. The most common type of educational program offered focused on home buying."

Data Security News from SimplySecurity.com by Trend Micro.