- Today's Approach to Security is Broken
- Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks
- The risks of sticking with Windows XP
- JP Morgan to invest £150 million on boosting cyber security
- Lower costs help NZ pip Australia for F5 Networks support centre
Over the last month I've attended four international events that have had a focus on security. And there's one data point that ought to have every CSO, CISO and CIO out there worried. Despite more money than ever being spent on security – and the amount is increasing – the amount of money being lost as a result of security breaches is rising at an even greater rate.
A think tank opinion piece that claims the threat from the Heartbleed bug is overblown has sparked a debate among researchers over the seriousness of the OpenSSL flaw.
What do Target, AOL, LivingSocial, Evernote, and Adobe have in common with one another? Answer: they were all victims of huge data breaches during 2013, part of a phenomenon that a new Symantec report calcuates has reached epidemic levels.
The data breaches like the one at Target and more recently a unit of credit bureau Experian are fueling consumer protection efforts that could have an impact on business.
Industry efforts to shore up payment card security after the massive data breach at Target appear to be devolving into a battle over chip vs. PIN technology between retailers and credit card companies.
Companies that suffer major data breaches almost always portray themselves as victims of cutting edge attack techniques and tools. The reality, though, is often much more mundane.
That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Migrating U.S. payment systems to the Europay MasterCard Visa (EMV) smartcard standard could take significantly longer than envisioned and offer fewer security benefits than what's being touted by proponents of the technology.
Target; Nieman-Marcus; Michaels. Lately, it seems that a week doesn't go by without some major retailer being forced to inform customers that their payment systems have been compromised, potentially affecting millions of cardholders and their finances. Of course, that's on top of the myriad scams that happen every day on a smaller scale and end up costing both consumers and businesses billions of dollars every year.
The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion.
Sign up now »
Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.