News Recap: Survey Shows Consumers Shun Brands After a Data Breach

By | April 4th, 2014|Uncategorized|

credit-cardA recent survey commissioned by Semafone and conducted by OnePoll revealed that most consumers do not want to do business with a company that experienced a data breach. Of the 2,000 men and women polled, more than 86 percent said they were “not very likely” or “not at all likely” to do business with a company that experienced a data breach involving credit or debit cards.

According to Information Age reporter Ben Rossi, CEO of Semafone Tim Critchley believes that this kind of reputational damage can seriously hurt businesses.

“The protection of card details is no longer simply a matter of best practice – the economic consequences of a failure to do so are potentially devastating for a business of any size,” Critchley said. “I can’t see how any organization can continue to ignore the increasingly loud demand from customers to keep personal data safe.”

In addition to the high percentage of consumers who would choose to shun brands who experienced a data breach involving credit and debit card information, Retail Times shared that more than 76 percent of people polled would not do business with an organization if they experienced a data breach that involved email addresses, 80 percent if the breach involved telephone numbers and 82 percent if they involved home addresses.

Reputational damage is an important factor to consider when it comes to business security practices. How concerned should organizations be about a damaged reputation after a data breach? How can businesses protect their brand’s reputation after a breach has occurred? Share your thoughts with us on Facebook and Twitter, and be sure to keep up with the latest security stories on our Tumblr.

News Recap: Realities of Cyber Threats Continue to Concern Financial Sector

By | March 14th, 2014|Uncategorized|

blog_031314As companies and organizations continue to fall prey to cyber attacks, the financial sector is on high alert and hoping for changes that might alleviate their worst fears.

John McCrank of the Chicago Tribune reported on how the current state of cyber security is impacting the world’s exchanges. McCrank quotes Magnus Bocker, chief executive of Singapore Exchange Ltd, saying, “We are worried a lot and we are far more worried now than we were just a couple of years ago. Spending on cyber security is on the rise, but exchanges need to do a better job of sharing information with each other on effective ways of combating cyber criminals.” Meanwhile Jeffrey Sprecher, head of New York Stock Exchange comments, “The scary thing for us is not what we control, because we all are focused on it… The reality is we all have common customers that are connected to us, that are connected to each other.”

Vipal Monga of the Wall Street Journal shares the concerns of financial consultants, quoting principal of Rudolph Financial Consulting, Max Rudolph: “Risk managers have become more aware of general vulnerabilities in their computer networks and will likely continue emphasizing the risk to their corporate boards and management.” Monga writes, “Almost half of risk managers saw cyber security as an emerging risk in 2013, up from 40% in 2012, according to a survey released Thursday by the Society of Actuaries.” Monga concludes by mentioning the surprising fact that, for risk managers, the greatest concern in the cyber security conversation is the potential for regulatory changes to negatively impact the nation’s financial growth, as many believe the worst of our financial crisis is in the past.

What sort of defenses should the financial sector be promoting to protect the exchanges from cyber threats? Are there any regulatory measures that should be enacted in order to provide added security? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Security Insights: 8 Cyber Security Predictions for 2014

By | December 31st, 2013|Uncategorized|

Cyber security in 2013:

“Cyber security took center stage in 2013 with nation-state attacks, numerous high-profile data breaches and prominent cybercriminal arrests. According to Websense, in 2014, cyber attacks will be even more complex and diverse. While the general volume of advanced malware will decrease – we predict the volume of targeted attacks and data destruction incidents will increase.” – InformationWeek

Websense 2014 Security Predictions:

  1. Advanced malware volume will decrease – Cybercriminals will rely less on high-volume advanced malware because over time it runs a higher risk of detection. They will instead use lower volume, more targeted attacks to secure a foothold steal user credentials and move unilaterally throughout infiltrated networks. Although the volume of attacks will decrease, the risk is even greater.”
  2. A major data-destruction attack will happen – Historically, most attackers have used a network breach to steal information for profit. In 2014, organizations need to be concerned about nation-states and cybercriminals using a breach to destroy the data. Ransomware will play a part in this trend and move down market to small – and medium-sized organizations.”
  3. Attackers will be more interested in cloud data than your network – Cybercriminals will focus their attacks more on data stored in the cloud vs. data stored on your network. This tactical shift followed the movement of critical business data to cloud-based solutions. Hackers will find that penetrating the data-rick cloud can be easier and more profitable than getting through the “castle walls” of an on-premise enterprise network.”
  4. Redkit, Neutrino and other exploit kits will struggle for power in the wake of the Blackhole author arrest – The Blackhole exploit kit was arguably the most successful in history. Everything changed in October 2013 when “Paunch,” the alleged hacker author behind the famous kit, was arrested in Russia. We will see a fight for market leadership between a number of new entrants and existing exploit kits in 2014. We anticipate Redkit and the Neutrino exploit kit will secure a strong foothold in the coming year.”
  5. Java will remain highly exploitable and highly exploited – with expanded repercussions – Most end points will continue to run older versions of Java and therefore remain extremely exposed to exploitation. IN 2014, cybercriminals will devote more time to findings new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks. Attackers will reserve zero-day Java exploits for targeting high-value networks with good Java patching practices.”
  6. Attackers will increasingly lure executives and compromise organizations via professional social networks – As social networking continues to appeal to the business community in 2014, attackers will increasingly use professional websites, such as LinkedIn, to research and lure executives. This highly targeted method will be used to gather intelligence and compromise networks.”
  7. Cybercriminals will target the weakest links in the ‘data-exchange chain’ – Attackers will go after the weakest links in the information chain and target the consultants outside of the network who have the most information. This includes consultants, contractors, vendors and others who typically share sensitive information with the large corporate and government entities. And, it turns out, few of these partners have sufficient defenses.”
  8. Mistakes will be made in ‘offensive’ security due to misattribution of an attack’s source – For several years, we’ve been hearing more about ‘offensive’ security, where global governments and enterprises have been threatening retaliatory strikes against anyone caught attacking them or their interests. As in traditional warfare, tactical mistakes will increasingly happen in these cyber trenches. Failure to accurately identify a cyber-perpetrator could result in an innocent organization being caught in the crossfire.”

Source: InformationWeek

How to stay secure:

A company cannot stay secure without the help of every singe employee. Below are some tips that you can follow in order to help your company stay secure:

  • Stay informed on emerging trends and threats, such as phishing, viruses, Trojans, etc. via (newsletters, training, etc.)
  • Follow all policies and procedures including Clean Desk Policy
  • Do not re-use, write down or share passwords under any circumstances
  • Create strong passwords consisting of a combination of capital letters, lowercase letters, special characters, and digits (B36o0d!4975$)
  • Verify someone’s identity before providing them any information

– Kristin Badgett, CSID Information Security Officer

What are your security predictions for 2014? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts