Displaying articles for: 03-25-2012 - 03-31-2012
Mastercard / Visa confirm credit card theft described as ‘massive’
If you thought we might be past the monster data breachesof 2011, think again.
Four unanswered questions about cyber security bills
Four very good questions especially, [for the purposes of this legislation] 'what exactly is a cyber security threat'?
Twitter take Tweetdeck offline due to vulnerability
Vetting the security of cloud providers
69% of cloud providers place responsibility for security with customers, only 35% of customers think they are responsible for security. Houston, we have a problem.
China hacked RSA
Not surprised at the disclosure, but it does seem that the timing of the disclosure has a political purpose
CIA Chief: We will spy on you through your TV
Great news, soon the CIA will be able to listen in through your household applicances
Online voting is ‘premature’
"...especially when voting systems are connected to the Internet".
Australia's Huawei contract ban stokes fears of a cyber cold war
Banning export of equiment that might contain embedded malware doesn't seem like 'cold war' to me. What do you think?
Only have 50 IPs or less? No problem! nCircle PureCloud provides enterprise-level vulnerability management for small to mid-sized businesses at a lower cost for greater value. Partner with nCircle to offer PureCloud to clients or pass it on to someone who may be seeking an easy-to-deploy and manage network scanner. See what it can cover...Read more...
Open source libraries propagate security flaws
Are you using open source code?
Data breach lawsuits less likely in hacks
Good to know you are less likely to get sued if your organization making every effort to protect customer data
GAO: IT supply chain weak at most federal agencies
Is the IT supply chain in your organization secure?
NDP voting disruption deliberate, hard to track
Distributed denial of service attacks disrupts online voting -- cyber activism or hacktivists?
Small merchants have increasingly become targets for hackers. Small business is the lifeblood of our economy so it should be no surprise that these companies process and store significant amounts of sensitive customer data such as credit card information. These merchants are a virtual treasure trove for hackers because of the relative ease that is required for cybercriminals to steal that data.
That’s a polite and roundabout way of saying that most small businesses that deal with confidential customer information are simply not very secure. They don’t have basic controls in place such as restricting employee access to sensitive information, installing firewalls, using current anti-virus programs or keeping other systems and programs secure and up-to-date. This is a very serious problem that costs merchants, credit card companies and, ultimately, customers millions of dollars each year.
When taken in isolation, any one of these basic controls don’t seem like they would make a big difference in the grand scheme of securing your business. The reality though, is that all it takes is for a hacker to find one small vulnerability to penetrate your network and gain unrestricted access to valuable information. It could be as simple as out-of-date antivirus definitions that don’t catch an email that contains malware (short for malicious software) and you or one of your employees clicks on it. There are a million ways hackers can breach your network, and most of them can be prevented with a simple, easy and low cost network security scan.
The effects of a data breach can be enormous and a breach that leads to the exploitation of customer data would most likely spell the end of any small business unlucky enough to be hacked. In fact, I would venture to say most small business owners don’t really understand their legal exposure as it relates to a data breach of customer credit card data on their network. Merchants are subject to fines should a breach event occur on their network. If cardholder data you are responsible for is compromised legal liabilities can include:
- Potential fines of up to $500,000
- All fraud losses incurred from the use of the compromised account numbers from the date of compromise forward.
- Cost of re-issuing cards associated with the compromise
- Cost of any additional fraud prevention/detection activities required by the card associations (i.e. a forensic audit) or costs incurred by credit card issuers associated with the compromise (i.e. additional monitoring of system for fraudulent activity)
The good news is that most of these data breaches and subsequent penalties can be prevented. A network security scan will check all devices on your network to identify vulnerabilities in operating systems and applications that could be exploited by hackers to gain access to your company's private network. Not all merchants are required to conduct a network security scan as part of their compliance efforts or in some cases need only to “check the box” on the form to attest that they did, but this is a mistake.
Don’t put yourself or your business at risk. Even if you are not required to, a small upfront investment to scan your network could literally save your business. Don’t just check the “network scan” box!
Been reading the recent news articles about the FTC's push for voluntary support for their Privacy Bill of rights? Listen to Episode 29 of our Security Slice podcast and hear Tim 'TK' Keanini, Lamar Bailey and Tim Erlin discuss the limitations of the FTC's current proposal and discuss their thoughts on options that would be better for consumers.
FTP: ubiquitous and dangerously non-compliant
FTP poses compliance problems for GRC auditors, are you still using it?
PwC: Cybercime threat to financial services is increasing
Cyber crime is more than twice as common at financial services companies -- no surprise there. I did find it surprising that 29% of financial services survey respondents said they hadn't received security training
LulzSec and LulzSec reborn hacks military dating site
They're back. Or they never left.
FTC steps up pressure with online privacy report
The FTC seems to be getting more serious about consumer privacy. Think it will make any difference?