What the Biggest Data Breaches in Retail Have Taught Us about Cyber Security
|
|
- Maurice Booker
- 8 years ago
- Views:
Transcription
1 What the Biggest Data Breaches in Retail Have Taught Us about Cyber Security With the holiday season upon us, much attention turns to the retail sector, which is expected to see unprecedented activity as shoppers in a strengthening economy take advantage of seasonal deals and yet-further-expanded shopping hours. However,
2 overshadowing the energy of the holiday shopping season, the specter of data breaches past sits more and more heavily on the minds of consumers and companies alike. As they whip out their credit cards and swipe their debit cards at millions of POS terminals this November, will the data on those cards be secure, or will they get their post-holiday statement to find mysterious charges and unfamiliar purchases? The past few years have seen hundreds of data breaches of companies large and small. The ones that makes the headlines, of course, are the ones that involve millions and tens of millions of customers. But what can be done about the security of customer information? Where are the holes? And is there any hope of a victory over cyber criminals whose only job is to find ways around and through corporate security measures? Well, according to cybersecurity experts, there is hope of at least holding our own, but only if organizations take serious strides to implement and vigilantly maintain stringent, systematic plans to ensure that not only their systems, but those of their partners and vendors are secure. This requires that IT security teams be properly supported and funded and that security education and awareness be a part of company culture. It s time, they stress, for the C-suite to make data security one of their primary concerns and, given the cost of data breaches and the frequency with which they are occurring, it would seem foolish to argue. So let s take a look at a few things we ve learned from some of the biggest retail data breaches in the past few years. Lesson 1: Vet your third-party vendors Target and Home Depot
3 More details
4 In both cases, investigations found evidence of the data s being sold in batches on the dark web within a few weeks of being taken. The dark web consists in large part of a collection of forums and websites where criminals can buy and sell credit card information, personally identifiable information (PII), illicit substances, and any manner of illegal contraband. Banks and cybercrime experts monitor these forums watching for indications that their customers data have been compromised. It was bank security that raised the initial flag that led to the discovery of the Home Depot breach. A short time after the Home Depot breach was reported, one of the foremost investigative reporters in the area of cybercrime, noted that the data from the latter breach had appeared for sale on the same underground shop as the Target data had nearly a year earlier. Investigators, he said, had found that the Home Depot registers that had been attacked were infected with a variation of the same malware that had been used in the Target attacks. This software is designed to pull data from cards when they are swiped at an infected P.O.S. system. So how did the malware get into the system in the first place? In both cases, the criminals gained access to the networks through the system of a third-party vendor. In Target s case, it was the HVAC company that maintains their refrigerators they had access to the Targets system so that they could monitor the units electronically. The Home Depot, too, indicated that the thieves got in using credentials stolen from a thirdparty vendor. Once in, they were able to exploit a vulnerability in Microsoft Windows, on which most POS systems run, to upload the malicious program. What did we learn? The practice of going after corporate data through vendors and subsidiaries is becoming more and more common. Where corporations can afford to spring for huge cybersecurity operations (though many have until now chosen not to), smaller vendors may struggle to keep on top of data security. There is, then, a lesson to be learned here for both big corporations and their third-party vendors. The lesson? Get it done. Organizations whose systems contain the personal and financial data of tens, sometimes hundreds of millions of customers have a responsibility to vet the vendors they work with (and the
5 smaller companies they acquire) meticulously. Systems must be set up not only for ensuring security protocol is followed by any vendor given access to your system, but processes should be put in place so that they are able to access only what is absolutely necessary and to check that the security measures on their own systems are robust and reliable. Some things to look for, both in your own security protocol and in that of your vendors: Are the procedures in place for granting and removing systems access to employees satisfactory and are they being followed? Are security logs being routinely and consistently monitored to ensure that any attacks or breaches are identified quickly? What kind of password security protocol is in place? Are employees required to change their passwords regularly? Are they well-educated on the importance of password security, the methods criminals use to acquire login and password information, and what constitutes a secure password? Does the company use two-factor authentication? (This last may not be a must, but it is certainly a good idea.) Are Bring-Your-Own-Device policies clear, comprehensive, and carefully enforced? Is the connection between your networks entirely secure? If sensitive data is being passed back and forth, do have the capability to properly encrypt it? Is their network secure on a basic level? Do they have adequate firewalls, anti-virus, and anti-spam software? Are their terminals secure, or can anyone with a little motivation just walk in and access their system on-site? What do they do with decommissioned hardware? What is their patching policy? Do they have a process in place for ensuring that frequent patches from major software vendors like Microsoft are applied as soon as they are made available? Highly regulated industries like financial services and insurance have long been advised and in many instances required to vet their third party vendors regularly and carefully. In the wake of recent data breaches, it seems clear that retail organizations would do well to follow the same advice.
6 Lesson 2: Data protection at all levels must be prioritized ebay What did we learn? In a report from the International Business Times following the attack, it was reported with regard to an investigation by the relevant regulatory bodies: Of particular interest will be the lack of encryption used to protect customer names, addresses, physical addresses, phone numbers and dates of birth. Investigators will also analyze why it took ebay nearly three months to detect the hackers, how long it took to fix the breach and how long the company waited to notify authorities and customers. Knowing what went wrong in any situation helps to prevent making the same mistakes in the future. With the increase in identity theft and new account fraud, we now know that encrypting PII can be as important as encrypting financial information. We also know
7 that breaches can be difficult to detect if the right systems are not in place to make sure relevant data is reviewed by the right people in a timely manner. Just like any other business process, log reviews, protocol revisions, security updates need to be included in a company s workflow. Not only can systems be set in place to ensure that every feasible measure is taken to protect sensitive information, but the right system can also enable an organization to integrate new protocols smoothly as new threats arise and new solutions are found. Given the pace at which cybercrime is advancing, it has now become imperative for companies to move plans for pervasive data security systems to the front burner, and to turn the temperature up to high. Lesson 3: Everyone has to get involved in cybersecurity PNI Digital Media (vendor for CVS, Sam s Club, Costco, Rite Aid, Wal-Mart Canada, and others)
8 What did we learn? With so little known about the PNI breach, there has been much speculation by experts as to how it happened, why it was allowed to happen, and why it went undetected for so long. While it may not be wise to give too much credence to speculation on a particular case, it can provide much insight into the overarching problems of retail data security and cybersecurity in general. Boardroom support for Internet Security When the news of the breach first broke in July of this year, Brain Krebs noted that PNI Digital Media had been acquired by Staples Corporation around the same time that the PNI breach is thought to have first occurred, which seemed significant because Staples itself had suffered a breach that lasted some six months and exposed more than a million customer credit card records in mid While this may or may not stand as evidence that the company is giving inadequate attention to cybersecurity, it is the case that the importance of boardroom support for internet security efforts is at the forefront of security experts concerns. This has been highlighted even more by the recent breach at Experian that exposed the personal information including social security numbers of 15 million T-mobile customers. During his investigations of that case, Krebs interviewed several security experts who had left the Experian security team because the company refused to dedicate adequate resources to securing the extremely sensitive information stored in the credit bureau s digital files. Following the massive breach at Target in 2013, similar concerns were raised as the company s CIO resigned and a new CIO, CISO, and CCO were sought to take her place. Whether more leadership at the top is a solution to the problem remains to be seen, but the need for the C-suite to have a better understanding of and keep a more watchful eye on its digital security protocols is becoming clear.
9 Employee education One of the most popular methods of infiltration for cybercriminals is through phishing. It is a very simple thing to find out who works for a given company and in what department. With a little social media skulking and seemingly-benign contact, cybercriminals are able to obtain much of the information they need to access login and password information that can grant them broad access to corporate networks. In this day and age, employees must be well informed of the methods criminals use to obtain sensitive information. From clerical workers to the c-suite, everyone needs to understand basic preventative measures like how to recognize a phishing attempt and how to create and maintain secure passwords and corporate policy needs to enforce for them the necessity of following security protocol. Professional expertise from outside the company Another recurring theme as companies seek to keep on top of cybercrime prevention is the question of whether data security is a task that should be left to the experts. Even for very large companies that are able to maintain security teams that can operate much like an independent security contractor might, the reality is that those teams often struggle to get the resources they need in an environment where their success may not be the top priority. In contrast, a security agency relies entirely on this strength to remain in business they have no other task. External agencies are able to be objective about and prioritize security while drawing on a broad range of experience and deep well of expertise and knowledge. This is, in fact, one of the major benefits of moving to the cloud, presuming the right service provider is chosen. A reputable cloud host recognizes that the security of its servers and its ability to protect the data entrusted to it is pivotal to its continued existence. For this reason, cloud servers may well become some of the most secure places to store data into the future. Government anti-cybercrime measures Experts are divided on whether there is really much governments can do to stem the tide of cybercrime, which by its nature operates regardless of national borders. There are,
10 though, many who believe governments will have to become involved, and soon, before the cost of cybercrime outstrips the benefits of conducting business in cyberspace. The call has been raised for an international governing body that would not only work to stop cyber criminals, but would regulate security measures so that companies around the world would be required to employ a strong baseline of prevention and detection methods. Individual cyberhygiene Finally, it is time for consumers to accept that they will have to step up their personal online protection if they are to keep their financial and personally identifiable information (PII) safe from criminals. Just as the time once came when folks began to lock their doors and keep the kids close to home, the time has now come to adopt certain precautions in the virtual world. This will mean that certain inconveniences like using a different password for every online service and storing those passwords in a secure app or, better, their own memories, must become a matter of habit. Credit card and loan offers that could once be discarded as junk mail now need to be shredded or otherwise disposed of securely and credit statements should be reviewed every month. Individuals must be diligent about not opening s from unfamiliar addresses or clicking on unknown links. Even phone calls that seem to come from benign solicitors or even familiar institutions like banks and workplaces can be phishing attempts these days. The more consumers are educated about how to protect themselves from fraud and identify theft, the fewer claims a company has to cover and the less a store loses on fraudulent purchases that no one not the credit card holder, the credit card company, or the credit card fraudster is going to cover. What s more, a customer who knows how to protect themselves will have greater confidence in the security of their information and a better informed consumer will always be a benefit to the market. The time has come for everyone to recognize cybercrime as one of the major threats to economic security facing the individual and the corporation in today s modern world. We may not yet know how to shut down cybercriminals completely, but there
11 remains much to be done before we can say as a community that we have done all we can.
NATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationBreaching Bad: New Cyber Security Risks & Regulations Affecting Suppliers At All Tiers
Breaching Bad: New Cyber Security Risks & Regulations Affecting Suppliers At All Tiers Securing the Infrastructure April 2015 Stan Stahl, Ph.D. President Citadel Information Group Phone: 323.428.0441 Stan@Citadel-Information.com
More informationWhy Data Security is Critical to Your Brand
Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationHow to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors
How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in
More informationData Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.
Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationPolicy for Protecting Customer Data
Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationSecurity Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.
IDENTITY THEFT Security Breaches Our economy generates an enormous amount of data. Most users of that information are from honest businesses - getting and giving legitimate information. Despite the benefits
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationSecuring Remote Vendor Access with Privileged Account Security
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationHOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD
HOW TO PROTECT YOUR BUSINESS AND YOUR CUSTOMERS FROM DATA FRAUD 2 Protecting Data Is Good Business What s at stake? Risky behavior: Results of an NFIB/Visa USA survey 3 Are You a Target? Gauge your risk
More informationCyber Security for your Connected Health Device
Cyber Security for your Connected Health Device Agenda Cyber Security Emerging Threats Implications to Healthcare Healthcare Response OpenSky s timeline Service Evolution Launch IT Optimization 2014 Geographic
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationFraud Prevention Checklist for Small Businesses
Fraud Prevention Checklist for Small Businesses 11 Ways to Minimize the Risk and Impact PAYMENT SOLUTIONS Fraud can have a devastating impact on small businesses. Prevention and mitigation strategies can
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationTop 10 Tips to Keep Your Small Business Safe
Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationCYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015
12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationSESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support
SESSION 507 Thursday, March 26, 11:15 AM - 12:15 PM Track: Desktop Support Desktop Support and Data Breaches: The Unknown Dangers Bryan Hood Senior Solutions Engineer, Bomgar bhood@bomgar.com Session Description
More informationPayment Systems Department
v Note: Please follow these guidelines for your safety as you enjoy the convenience of technology. However these guidelines are general; therefore, specific precautions may be taken as warranted by the
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationCYBERCRIME AND THE HEALTHCARE INDUSTRY
CYBERCRIME AND THE HEALTHCARE INDUSTRY Access to data and information is fast becoming a target of scrutiny and risk. Healthcare professionals are in a tight spot. As administrative technologies like electronic
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationWebsite Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions
Website Security: How to Avoid a Website Breach Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions www.caretech.com > 877.700.8324 An enterprise s website is now
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationWhat happens when you swipe your card?
What happens when you swipe your card? As hacking of top retailers make headlines, Bill Whitaker discovers how insecure your credit card information is this holiday season The following is a script of
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationCybersecurity: A View from the Boardroom
An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationFFIEC CONSUMER GUIDANCE
FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their
More informationNational Cybersecurity Awareness Campaign
National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing
More informationSMALL BUSINESS PRESENTATION
STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationV ISA SECURITY ALERT 13 November 2015
V ISA SECURITY ALERT 13 November 2015 U P DATE - CYBERCRIMINALS TARGE TING POINT OF SALE INTEGRATORS Distribution: Value-Added POS Resellers, Merchant Service Providers, Point of Sale Providers, Acquirers,
More informationAre You A Sitting Duck?
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationSurviving the Era of Hack Attacks Cyber Security on a Global Scale
Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationCorporate Account Takeover & Information Security Awareness
Corporate Account Takeover & Information Security Awareness 1 The information contained in this presentation may contain privileged and confidential information. This presentation is for information purposes
More informationBusiness Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY An Inside Job Cyberthreats to your business are usually blamed on outsiders nefarious programmers writing malicious code designed to pilfer your
More informationCYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO
CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO CYBER, INFORMATION SECURITY - OVERVIEW A cyber security breach is no longer just an
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More informationPREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.
PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database
More informationFrom Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense
1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationOnline security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.
Defeating cybercriminals Protecting online banking clients in a rapidly evolving online environment The threat As the pace of technological change accelerates, so does the resourcefulness and ingenuity
More informationHot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationTHREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS
THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and
More informationDissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University
Dissecting the Recent Cyber Security Breaches Yu Cai School of Technology Michigan Technological University Disclaimers Most information in this presentation was collected from various sources on the Internet.
More information1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.
Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown
More informationOctober Is National Cyber Security Awareness Month!
(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationCustomers Trust. Whitepaper
Steps to improve your Data Security and ensure your Customers Trust intimus consulting is a division of the MARTIN YALE GROUP Bergheimer Strasse 6-12 88677 Markdorf / Germany www.intimusconsulting.com
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationHow To Stop A Cybercriminal From Stealing A Credit Card Data From A Business Network
2012 Payment Card Threat Report The second annual study of unencrypted payment card storage Automated Attacks and Card Data Handling In 2011, data breaches increased 42% and as such, last year was reported
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationTHRIVING IN A POST-BREACH WORLD
THRIVING IN A POST-BREACH WORLD PROTECTING YOUR ORGANIZATION, CUSTOMERS AND MEMBERS IDENTITY THEFT 911 1 RECENT DATA BREACHES HIGHLIGHT NEED FOR TO STRENGTHEN SECURITY PROGRAMS WITH IDENTITY MONITORING
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More information