Bystanders help detain credit card theft, vehicle burglary suspect
Several bystanders helped deputies hold down a man Riverside County sheriff’s officials say used a credit card that had been stolen in a series of vehicle burglaries in Menifee, California. Ramon Daniel Aguayo, 32, of Moreno Valley was near the entrance of the Target store when deputies approached him the evening of May 26, according to a new release. “Aguayo fought deputies’ attempt to detain him,” the release said. “Several citizen bystanders came to the aid of deputies and he was ultimately arrested.” The deputies had been summoned by Target store asset protection, who suspected that Aguayo may have made a fraudulent credit card purchase, the release said. Authorities learned the credit card belonged to someone whose vehicle had just been burglarized in the parking lot of a gym less than 2 miles from the Target, officials said. It was one of three vehicles in the gym parking lot that had been broken into. Investigators found items taken from the vehicles inside Aguayo’s car, along with a loaded Glock 9mm handgun that was reported stolen out of a vehicle in Los Angeles County.
Aguayo was out on $10,000 bail following a recent arrest on suspicion of purchasing or receiving a stolen vehicle, court records show. He also had an active felony warrant for his arrest out of Los Angeles County for auto theft and evading, the sheriff’s release said. Aguayo was booked at the Southwest Detention Center on suspicion of resisting arrest, evading and petty theft with priors, all felonies, jail records show. He remained in jail Thursday, with bail set at $65,000. Charges have not been filed in the Target incident or the case in which he was out on bail. Sheriff’s officials asked anyone with information regarding this case or who may have been a victim to contact them at 951-210-1000 or PerrisStation@RiversideSheriff.org. [For more: The Press-Enterprise]
New Jersey man stabs clerk during shoplifting attempt
A 46-year-old man is charged with stabbing a Dollar Deal store employee while attempting to shoplift from the North Olden Avenue shop, Ewing police said. Police were on the way to the store at about 5:15 p.m. Tuesday for a reported shoplifting when the subject pulled a knife, police said. Officers were then informed from police dispatch that the suspect was being held down. Officers arrived to find Kenneth Reyes, of Trenton, being detained and a store employee suffering an injury to his arm, from the suspect stabbing him, police said. The employee refused medical attention. Reyes is charged with robbery and weapon possession charges. [For more: NJ.com]
Shoplifting suspects threatened employee with needle
Hobbes, New Mexico, Police are looking for two people who made a shoplifting spree scary. Police say a man and a woman tried to take more than $600 worth of items from the Hobbs Walmart. They say when loss prevention associates confronted the woman she pulled out what looked like a hypodermic needle and threatened employees with it. The couple then took off in a red Chevrolet Impala. Police tried to pull them over at a one point but they fled. If you recognize the suspects, you are asked to call Hobbs police. [For more: KRQE News 13]
Five ways to lead through a data breach crisis
At no time are CISOs and more tested, and in danger of losing the confidence of the C-suite, than in a breach crisis. As the headlines continue to pile up in the wake of the global WannaCry ransomware attack, now is a good time to remember that CISOs who resign themselves to “surviving” a breach are at great risk of losing influence, and possibly even their jobs. In contrast, CISOs who cultivate their role as business leaders are often seen as part of the solutions team, not a victim, when a breach occurs.
In the course of hundreds of incident response engagements annually (700+ in 2016), SecureWorks has observed some common denominators among client CISOs who were successful in leading through a breach. Not surprisingly their success had a lot to do with the groundwork they laid ahead of time. I’m a firm believer that it’s never too late to get started on the rest of your career, so here are five ways you can take action now to ensure you’re positioned to lead through crisis.
#1 Manage expectations in the boardroom
Boards often look back on cybersecurity reporting post-incident to determine whether the CISO adequately managed the company’s expectations. Get off on the right foot today by driving consensus on the top business risks, e.g. “what would happen to us ‘if’,” and “what is our tolerance for those risks?”
#2 Forge good partnerships and keep them at the ready
Talk to anyone who’s been through the fire and they’ll agree: “The worst time to negotiate an incident response contract is in the midst of crisis.”
#3 Insist on a dynamic incident response plan
Simply having a plan in place doesn’t ensure that you’ll have control when a breach becomes a crisis. Incident response plans should be dynamic, or adaptable, to the needs of the business. Engage the whole business. Without buy in from all parties, it’s unlikely a plan will be executed as intended. If a plan can’t be executed, it’s not a plan. It’s just an idea.
#4 Lead with the “right” (The right information, to the right people, at the right time)
In a crisis situation, security leaders must be prepared to get facts as quickly and accurately as possible in order to manage the message, timing and chain of command from the get-go.
#5 Apply Lessons Learned
What we learn makes us stronger, and a sign of true leadership is when a CISO leads the charge to apply what company learned through the breach crisis (or breach simulation) back into the company. [For more: SecureWorks]
LP Worldwide: Tesco lays down gauntlet to Amazon with one-hour food delivery by robot
Tesco has laid down the gauntlet to technology giant Amazon after delivering a grocery order within an hour using a robot. The supermarket giant delivered a basket of goods using a six-wheeled machine as part of its wider Tesco Now one-hour delivery trial. Now Britain’s biggest retailer is mulling a wider roll-out of robot deliveries following the successful pilot in London. Tesco has linked up with hi-tech firm Starship Technologies to deliver the service, according to The Grocer.
The robots are able to carry items within a three-mile radius, taking goods to customers’ homes either from stores or special delivery hubs. The machines are fitted with anti-theft protocols so that, if someone attempts to tamper with or steal the robot, a human operator can take control, talking to the culprit and sending police to its location. Customers can also monitor the progress of the robots via smartphone. A Tesco spokesman said: “We are always looking at new ways to improve the shopping experience for our customers. “We carried out a one-off trial as part of our Tesco Now initiative in partnership with a technology company. “We learned a great deal from this trial and we’ll be reviewing feedback before deciding our next steps.”The supermarket giant began testing the Tesco Now app in central London in April, promising delivery within an hour on orders of 20 products or less. It is currently listening to feedback from that broader trial. [For more: RetailWeek]
US bill seeks tougher penalties for counterfeiting meds
A bill introduced in the US seeks to strengthen the pharma supply chain by increasing penalties for counterfeiting. Introduced by Republican Leonard Lance in May, the new bill looks (HR 2376) to amend the Federal Food, Drug and Cosmetic Act so that the penalties dished out to common counterfeiting medicines are on a par with criminals who divert legitimate drugs. Currently there is a discrepancy between the two crimes. If a person is found guilty of producing and distributing counterfeit drugs in the US they can expect to receive no more than a year in prison with fines up to $1,000. In contrast, diverting US-made drugs for foreign markets back into the US can carry a 10-year prison sentence with fines reaching $250,000. Meanwhile, cases where drugs are manufactured overseas and destined for foreign markets but which get diverted to the US are treated leniently with individuals slapped with a simple misdemeanor.
According to the new bill, dubbed the Drug Diversion and Counterfeit Crackdown Act of 2017, there is no grounds for differing penalties. “There should not be unequal treatment of counterfeiting and diversion, enabling criminal enterprises to exploit statutory loopholes and jeopardise patient and consumer safety without fear of significant penalties,” the bill says, calling for the penalties against counterfeiters to increase to 10 years to match the penalties for diversion.”Counterfeit drugs are flooding into the US and too many Americans are falling victim to knock-offs that have infiltrated the US supply chain,” Lance said in a statement.
Meanwhile, some states in the US have taken legislative measures into their own hands to crackdown on counterfeit opioid drugs. Florida, for instance, has passed a bill that adds fentanyl and other synthetic opioids to the state’s drug trafficking statute as schedule I controlled substances, which will result in stricter punishment for dealers, including 25 years behind bars for possession, along with a fine of between $50,000 and $500,000, and a first-degree murder charge in the case of an overdose death. [For more: Retail Gazette UK]
Data loss prevention and cybersecurity: A Practical Guide
Cybercrime has become a focal point of national security and a frequent topic in discussions of risk management. News about major corporate and government breaches affirms that no organization or public agency is immune to a persistent, skilled attacker. Critical infrastructure is also increasingly becoming an attractive target for criminals due to its growing reliance on technology. Adapting and responding to evolving cyber threats and protecting critical infrastructure and proprietary business assets are essential for both government agencies and businesses. Postmortem analyses of breaches offer a treasure trove of lessons learned and reveal attack tactics, techniques and procedures.
Cyber criminals leverage technology vulnerabilities and trickery to exploit the human-technology gap, by targeting sensitive passwords, data and applications regularly used by staff. Data theft is the goal of most recent breaches. Cyber criminals typically break into vulnerable systems and pivot between systems using stolen credentials or posing as a third-party contractor to gain access to valuable data. Targeted confidential data comprises personnel records, public billing information, credit card numbers, financial or health records and more. The theft of your city’s legally protected data can result in significant regulatory fines, loss of public trust and damage to the city’s reputation. Fortune.com estimates that in 2016, the cost of data breaches averaged $4 million dollars or $158 per record. Medical history, credit card data and Social Security numbers have the highest cost per stolen record at $355.
No amount of funding or technology tools can prevent all data breaches. However, cities can significantly reduce the risk of data breaches by raising employee awareness through cybersecurity awareness and data hygiene training, creating strong policies around PII data, scanning and removing outdated and duplicate data and implementing protocols to prevent data from leaving the agency. [For more: USA Today]