SEE ALSO: Security Pros Split on Whether Private Data is Safer with Government or Private Companies

The documents, later obtained by Bloomberg, span 2,239 pages and are heavily redacted. The records don’t identify hackers or say whether sensitive information was accessed or money was stolen, Reuters said. The Fed didn’t immediately have a comment on the report.

Cyber security at central banks is under increased scrutiny following the theft of more than $80 million from the Bangladesh central bank’s accounts at the New York Fed. The Reuters article covered cases involving the Fed’s Board of Governors in Washington and the news agency didn’t have access to reports from local teams at the 12 regional Fed banks, which include New York.

Theft Briefing

House Science Committee Chairman Lamar Smith, a Texas Republican, on Tuesday sent a letter to New York Federal Reserve President William Dudley asking for a briefing and information related to the February theft. Hackers stole from Bangladesh Bank’s account at the New York Fed, which has said instructions to make the payments were authenticated by the Swift message system that’s widely used by financial institutions.

READ MORE: Half-Baked Government Consolidation Causes Cybersecurity Headaches: Report

While acknowledging that the Bangladesh bank’s systems “appear to have been the weak link” in that case, the Smith letter states that it’s Congress’s responsibility to ensure that the New York Fed is “taking all precautions to protect American finances and aggressively execute its own role as overseer of Swift.”

In response to a letter earlier this year from Democratic Representative Carolyn Maloney of New York, New York Fed General Counsel Thomas Baxter said that “there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question.”

Source: TheWHIR

Whereas an attacker needs to find some way to access your network, a malicious employee’s already inside. From the beginning, they’re operating from within your firewall, from within every line of defense designed to prevent a data breach. Not only does this make them significantly more difficult to stop, it also means they can cause far more damage if left unchecked.

So what can you do, exactly? How can you prevent an insider from wreaking havoc within your security perimeter?

First, understand their motivations

The motive behind a malicious insider’s actions often boil down to one of two things: either they’re acting on some frustration or grievance with their company, or they’re motivated purely by financial gain. The good news is that the former can be mitigated through good management techniques. After all, an employee won’t generally have reason to cause harm to their company if they love their job, right?

Of course, understanding’s only the first step. You aren’t really going to be able to do much to satisfy an employee that’s angry about being laid off, nor can you really stop a greedy insider threat with kind words and good management. In order to actually protect your data, you’ll need to take things a little further.

Second, implement strict access controls

Too often, I see enterprises that seemingly take a communal approach to file security. That is to say, everyone has access to everything – even a lowly desk jockey in accounting is able to log in to a file repository containing their business’s most sensitive data. Simply put, this is unacceptable – an employee should only be able to access a particular file or repository if it’s directly related to their work.

Otherwise, they need to be locked out.

Third, utilize document-centric security

Now, even access controls won’t always stop an employee if they’re aware of a particular security hole or glitch. That’s where document control comes in. If you protect all of your sensitive files with a solution that lets you control how, when, and where they’re accessed, then it won’t matter if a malicious insider releases them into the wild – you can just flick a switch and they’ll be unusable.

Finally, be proactive

Last but certainly, always make sure you stay abreast of the latest vulnerabilities, and remove access permissions from employees that no longer work for you. A disgruntled former IT professional might be aware of an unpatched vulnerability that they can exploit to access your network – it falls to you to keep that from happening. Active prevention offers more protection than even the most hardened firewall.

About the Author

Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.

HostForWeb Facebook

HostForWeb Twitter

Source: TheWHIR

Demandware is based in Burlington, Massachusetts, and traded on the NYSE, with share prices just below $48 at Tuesday’s close. Salesforce estimates it will bring in an extra $100 to $120 million in the second half of fiscal 2017, but Demandware’s value to Salesforce will largely come through providing ecommerce to its existing customer base, and in bringing Demandware’s enterprise customers onto Salesforce’s core CRM products.

“Demandware is an amazing company—the global cloud leader in the multi-billion dollar digital commerce market,” said Marc Benioff, chairman and CEO, Salesforce. “With Demandware, Salesforce will be well positioned to deliver the future of commerce as part of our Customer Success Platform and create yet another billion dollar cloud.”

SEE ALSO: Magento, WooCommerce Lead Ecommerce Platform Market Share: Report

Demandware’s customers include globally recognized brands like L’Oreal and Marks & Spencer, and the company enables them to deliver personalized experiences with software for web, mobile, social, and in-store shopping.

“Demandware and Salesforce share the same passionate focus on customer success,” said Demandware CEO Tom Ebling. “Becoming part of Salesforce will accelerate our vision to empower the world’s leading brands with the most innovative digital commerce solutions that enable them to connect 1:1 with customers across any channel.”

It appears from comments in a blog post by Ebling that Demandware employees will all join Salesforce.

A report released in March by aheadWorks shows the Demandware platform is used by 1.2 percent of the Alexa top 1 million sites. It trails far behind Magento and WooCommerce in that regard, but is still tied for 11th among all ecommerce providers, and adding even a small percentage of Salesforce’ customers would easily push it into the top ten.

Source: TheWHIR

DigitalOcean has hired a local team and partnered with NASSCOM’s 10,000 Startups initiative in order to support the Indian startup ecosystem. The NASSCOM program brings corporations and early stage Indian tech companies together.

“India is poised to unleash a tremendous amount of innovation in the next decade,” Ben Uretsky, CEO and co-founder of DigitalOcean said in a statement. “We want to empower the next generation of software companies by providing them robust and easy to use cloud infrastructure they need to grow.”

Bangalore is DigitalOcean’s second data center in Asia. The facility will feature DigitalOcean’s latest servers and network architecture.

Source: TheWHIR

“The FCC’s proposal is potentially damaging to the entire online advertising ecosystem,” said Dan Jaffe, Group Executive Vice President of Government Relations for ANA. “This attempted regulatory overreach by the FCC is not necessary. Existing privacy self-regulatory programs such as those carried out by the Digital Advertising Alliance are working well and already provide consumer transparency, notice and choice for interest-based advertising.”

The Digital Advertising Alliance provides a voluntary self-regulation program for companies using online behavioral advertising. The program includes group principles, implementation resources, and a registry through which consumers can opt out of data collection.

Jaffe calls digital advertising and interest-based advertising a “growth powerhouse that supports much of the freely available content online,” calls for the FCC to produce evidence that it harms consumers. He also says there is no distinction made in the proposal between sensitive and non-sensitive information. He also says that the First Amendment protects ISPs and marketers commercial speech rights against targeted restrictions like those proposed by the FCC, that the commission failed to consider an opt-out strategy, and suggested that the courts would side with the ANA if the proposal was challenged legally.

“The industry has designed strong privacy self-regulatory programs, buttressed with enforcement by the Federal Trade Commission and state attorneys general, are an effective framework that provides consumers with the ability to control how information about them is collected and used,” Jaffe said.

Reply comments on the proposal are due June 27.

Source: TheWHIR