CSID at SXSW 2015

By | March 12th, 2015|Uncategorized|

Cyber SecurityTomorrow, March 13 marks the first day of the SXSW Interactive conference. Over the next five days more than 50,000 of tech and digital’s best and brightest will converge on Austin and talk about emerging technology, digital creativity and all things inherent with the two.

Cyber security promises to be a key issue this year, especially with the growing number of high profile breaches and the security uncertainties that the Internet of Things and growth of mobile technologies are introducing to the market.

CSID is partaking in this conversation and will be participating in a number of security-focused sessions at this year’s conference. If you are attending SXSW, feel free to stop by the sessions. If you are not at this year’s conference but want to follow along with the conversation and conference, we will be live tweeting our panels and other security news at @csidentity.

Check in later next week for a recap of the security issues and themes prevalent at SXSW.

Wi-Fi Privacy: When Sniffing Becomes Snooping
Friday, March 13, 5:30 pm, Austin Convention Center Ballroom C
Image that your daily activities are being recorded and collected: your early morning jog in the park, your daily trip to the local coffee shop, your commute to work. No, we’re not referencing the NSA. We are referring to an emerging class of location-based marketing companies that sniff out signals emitted from Wi-Fi-enabled smartphones (Wi-Fi sniffing) to better understand your habits based off of your location – where you go, how often, how long you stay there, what time you generally visit, and more! All this information is being used to construct a profile that businesses are using for marketing purposes. CSID’s CIO, Adam Tyler will be leading a discussion on the security and privacy issues involved we can expect from Wi-Fi sniffing technology.

Hacker to InfoSec Pro: New Rock Star Generation
Sunday, March 15, 11 am, JW Marriott Salon 8
Malicious hackers tend to be smart, young – many are only teenagers – and they seek respect, power and financial gain. Many of them perceive hacking like being a rock star – they jump into the action and start reaping the rewards. But what if we could help young malicious hackers understand the damage they are doing, the legal ramifications of their actions, and how these actions could hamper their future? What if we could reshape their mindsets and encourage them to channel their work into something more productive – like Information Security, white hat hacking or even working with the government? It’s a wonder that the InfoSec and IT industries have a shortage of talent when salaries are rising and work is comparable to that of hackers, but they are doing it for good. It’s time we turn InfoSec and IT professionals into the new rock stars, the new hot ticket future for the hacker generation. Kent Bloomstrand, CTO at CSID, Tiffany Rad, manager of operational security, embedded technologies at Cisco, and Tom Edwards, Resident Agent in Charge with the United States Secret Service will address why and what we need to do, and how to start making changes.

Steak, Eggs, and Cybersecurity: A Passcode Conversation
Monday, March 16, 8:30 am, Fogo De Chao
Adam Tyler, CSID CIO, will be joining some of the sharpest practitioners and researchers for a discussion about cyber security innovation and trends. Adam will be joining Daniel Weitzner, head of the new MIT Cybersecurity Policy Initiative; John Dickson, principal of the Denim Group, and Stephen Coty, chief security evangelist at AlertLogic for this conversation. Register for this event at Passcode’s website.

Follow the Money: Cyber Crime and the Black Market
Tuesday, March 17, 12:30 pm, JW Marriott Salon 4
What exactly happens when a cyber criminal steals your credit card number? Believe it or not, in a matter of a couple hours your personal information could have taken a trip to multiple countries before being sold on the Black Market. When it comes to cyber crime, the Internet is a global ecosystem and hackers know no borders. Come take a behind-the-scenes look as we follow a stolen credential’s international journey through the Black Market. See for yourself how cyber crime isn’t a single issue impacting one country, but rather a global issue impacting consumers, corporations and governments around the world. In what country will our stolen credential end up? Join CSID’s development director Joel Lang and IDT911 editor-in-chief Byron Acohido, to find out.

News Recap: United Kingdom Increasing Cyber Security Initiatives

By | December 19th, 2014|Uncategorized|

60 MinutesThe UK minister for the Cabinet Office, Francis Maude, announced new cyber security initiatives taking place in Britain to make it a safer place to do business, reported Mike Hine with Infosecurity Magazine. Hine broke down the 24-page document into different initiatives, including:

  • Developing 13 cyber security “clusters” around the country
  • Providing financial assistance for universities to expand cyber security education
  • Creating a mentoring program that gives students and recent graduates the ability to be guided by professionals in the security industry
  • Re-launching a Scottish information sharing system
  • Developing a “new Cyber Security Information Sharing Partnership (CiSP)”
  • Creating “Cyber Camps” for recent college graduates

According to Doug Drinkwater of SC Magazine UK, “these objectives are backed by the £860 million National Cyber Security Programme, money which is going on improving the national sovereign capability for ‘detecting and defeating’ high-end cyber-threats, ensuring law enforcement has the appropriate skills and capabilities to tackle cyber-crime, and to keep critical UK systems and networks robust against cyber-threats.”

Maude shared the cyber security strategy of Britain’s government in a statement shared with the press:

“We have made significant strides towards all these goals this year and throughout the course of the Programme’s existence. The long-term economic plan of this government continues to make the UK one of the most secure places globally for cyber-innovation and commerce.”

Which of these initiatives do you think will be most effective? Should other countries adopt similar initiatives? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Security Trends: A Look Back at 2014 and Ahead to 2015

By | December 11th, 2014|Uncategorized|

Security Trends2014 was a busy year for the security industry, with an unprecedented number of breaches, malware strains and POS hacks. With cybercrime becoming an unfortunate but increasingly common consequence of seemingly benign Internet activities, business and consumers alike will have to up the ante on the measures they use to protect themselves. Here’s a round up of some of 2014’s most talked about security problems and some measures that can help mitigate their prevalence in the new year.

Medical Identity Theft
Looking Back: As CSID President Joe Ross discussed in his Huffington Post column, medical identity theft has become an easy and lucrative target for criminals.

Looking Forward: Our recent webinar highlighted a number of effective best practices to reduce the opportunities for medical identity theft. We suggest auditing third party vendors who can access patient credentials and implementing a robust authentication system across all business platforms. With medical identity theft likely to increase in the new year, businesses must continue to practice diligent monitoring and alert techniques to circumvent the problem.

Recruiting Top IT Talent
Looking Back: Over the past few years we have seen a shortage in cyber security and IT talent, and this has become even more difficult as demand continues to surpass supply.

Looking Forward: While there is no overnight resolution to the talent deficit, talent advisory company CEB has identified two significant shifts that can help the industry expand the number of potential candidates:

  1. Look to other IT hubs – Silicon Valley has long been the center of IT activity, but looking beyond to incubator cities like Denver, Phoenix and CSID’s hometown Austin can help expand the pool of potential candidates.
  2. Changing the competency evaluation model – While traditional skills are still necessary, looking for individuals who can learn and adapt quickly to IT needs can help businesses change with the pace of the industry.

Additionally, look out for information on our upcoming SXSW Interactive panel where we will discuss ways to recruit talent and encourage malicious hackers to move away from dark web practices and use their skills and expertise for good.

Tackling Global Identity Theft And Data Breaches
Looking Back: Identity theft – as well as that which occurs through data breaches – is an increasingly global issue, particularly as we all become more connected and dependent on the digital world.

Looking Ahead: The first step towards confronting identity theft with viable solutions is to recognize that the problem requires global collaboration and strategies. While tools like our comprehensive Global Protector can help protect businesses and consumers against breach on a global scale, government initiatives and global agendas must also be implemented to confront the issue. We will discuss solutions and a comprehensive global approach to the problem in our panel at the 2015 SXSW Interactive conference.

What do you think will be our biggest security challenge in 2015? Tell us your predictions on Twitter, Facebook or LinkedIn.

Combating Cyberterrorism with Cyber Security

By | March 5th, 2014|Uncategorized|

Ginger Guest PostThis guest blog post comes from Ginger Hill, associate content editor at securitytoday.com and Security Products magazine.

As I sat in the classroom at GovSec West 2013 listening to Jeff Snyder, VP of cyber programs at Raytheon, talk about cyber threats and remediation, I quickly learned that we have no global laws to fight cyberterrorism. With the eroding economic viability of America, cyber threats are increasingly targeting critical infrastructures and major systems. The cyber criminal’s mentality is: why invent when you can simply steal?

According to Snyder, China is the number one threat when it comes to cyberterrorism as they have 1-2 million making up their human capital. With such a large number of people, China can carry out their cyber threats, making them into a “cyber reality.”

During his presentation, Snyder frequently brought up the term “cyber resiliency” as an essential part of any security strategy – on a personal, business or national level – to thwart cyberterrorism. Being able to take the hit from cyber terrorists without destroying your entire system and quickly recovering is the key strategy to fighting back. But how do we accomplish such a feat?

I’m going to take the viewpoint of a business and work in suggestions to develop your own personal cyber security plan.

The 3-Pronged Approach to Cyber Security

Dealing with cyber terrorists and cyberterrorism takes a thoroughly thought-out and developed plan, and the willingness to take immediate action, preferably before a terrorist event takes place. The following is a simplistic approach to cyber security:

  1. Do whatever it takes to protect the infrastructure.
  2. Invest to protect your products.
  3. Protect your clients, including their personal data.

Be sure that your infrastructure, whether that is your personal computer, social media and online accounts or the multibillion-dollar waterworks station is protected. Start small. Make sure that all passwords are strong by incorporating capital and lower case letters, numbers and symbols in unlikely combinations. Invest in products that increase system security, like malware protection and virus detection, and use encryption to help protect your client’s personal information.

Taking security to a higher level, consider hiring an ethical hacker to attempt to gain access to your system, and patch any vulnerability immediately. Also consider insider threat monitoring to identify behaviors and anomalies with your system and to help meet human capital demands. It takes a lot of people to adequately protect an organization, just as it takes a large number of people to complete a cyber attack. Therefore, think like a cyber terrorist to beat them at their own game. They use technologies to achieve their terrorist goals, so follow suit and use ethical technologies to battle against their unethical acts and spread security as far as possible within your organization.

Surviving Cyberterrorism

Fighting back against highly sophisticated, intelligent cyber terrorists seems to be a no-win situation, but with the proper technologies, experts and the willingness to respond, exploitation can be minimized.

The following steps teach you exactly what to do before, during and after a cyberterrorism attack.

  1. Anticipate cyber attacks: The question is not if cyber terrorists are going to attack, it’s when. Think about prevention strategies and what you can do now. Do not wait until you are attacked to do something about it because it will be too late.
  2. Respond immediately to enhance business continuity: When attacked, the goal is to keep the business functioning as a cohesive unit at all times. This is possible if you have established your security plan and have practiced what to do before an attack rears its ugly head.
  3. Monitor all systems in real time: Invest in technologies and experts to monitor your systems 24 hours a day, 7 days a week, 365 days a year.
  4. Evolve: Never stop learning ways to survive cyber attacks, and always use each cyber attack as an educational tool to enhance your overall security plan.

Cyberterrorism is a 24/7, 365 days-a-year giant that never sleeps; it doesn’t need to eat and it never stops preying. Developing a multifaceted, layered approach to fight against this giant will minimize exploitation of vulnerabilities, allowing people, organizations and the nation to sleep a little easier at night.

The Breach Heard Around the World

By | November 25th, 2013|Uncategorized|

A recent security breach at Adobe put millions of user accounts, encrypted passwords and email addresses in the hands of hackers. But according to Ammon Bartram of SocialCam, what was “even more disturbing was the number of people who used the same password for their bank accounts, email, Facebook and home garage door codes as a password on the Adobe website. Some even used their Social Security numbers as passwords.” Plus, in a survey last year we found that 61% of consumers reuse passwords across multiple websites.

So why is password reuse one of the most alarming parts of the Adobe breach?

If you use the same account credentials across websites, when those credentials are compromised for one website, they will also be compromised for the others. With readily available technologies, hackers can easily determine for which sites you reuse those credentials. This puts you and those third party websites at additional risk. Thus, a breach can affect more than just the initial company and their customers; the impact can spread like wildfire.

Eventbrite 2PandoDaily is calling the Adobe breach the “security breach heard ‘round the world.” In fact, many third party website are taking action secure their own customers and their own sites. For instance, EventBrite sent notices to their users encouraging them to check if their email addresses were on Adobe’s list, and to change their EventBrite passwords no matter what. Facebook, too, took action. “Facebook users who used the same email and password combinations at both Facebook and Adobe’s site are being asked to change their password and to answer some additional security questions,” according to notable security expert Brian Krebs.

As a business owner or employer, take note of what these companies are doing, and consider reaching out to your customers and employees as well. For advice on creating secure passwords, see our white paper, webinar and infographic on the topic.

Do you ever reuse credentials across websites? Have you seen any other companies taking action to protect their own customers in wake of Adobe breach? Let us know what you think! As always, join the conversation on Twitter and Facebook.

Spill the Beans: The Significance of Breach Disclosure Laws Status

By | January 9th, 2013|Uncategorized|

If a company is breached, should the breach be reported to authorities? To customers? To the public? While breach disclosure laws have been debated on and off for the past few years, it looks like they are making it back into the spotlight.

Many companies would prefer to keep security breaches to themselves – to avoid the authorities, protect their brands and handle the issue privately. Governments, however, argue that such disclosure provides essential insight and is necessary to tackle cybercrime. 

In Europe, for instance, the Europol recently attributed the cause of some of the biggest card fraud cases to a lack of breach disclosure laws. The Europol says, “A major problem in the EU is the lack of proper regulations for reporting data breaches to police authorities. Law enforcement agencies, even if aware of a breach, have difficulties finding information on, and links to, the point of compromise, stolen data and illegal transactions.”

Meanwhile, in the U.S., President Obama just signed the National Defense Authorization Act. The Wall Street Journal reports that this act “gives the Department of Defense 90 days to establish procedures for defense contractors to disclose cyber breaches” – or in other words, companies will soon be required to tell the federal government when hacked. Previously, though breach disclosure was encouraged, it remained voluntary.

Beyond this federal push, many U.S. states have already enacted their own notification laws—all but four have some statewide disclosure requirements. See here for a state-by-state list.

What do you think about breach notification laws? Share your thoughts with us on Facebook and Twitter.


CSID’s Global ID Protector Wins 5 Golden Bridge Awards

By | October 4th, 2012|Uncategorized|

Wow! We got some exciting news yesterday. Our Global ID Protector product was honored with five – yes, five – Golden Bridge Awards.

The Golden Bridge Awards program recognizes the world’s best in innovations from across the globe. More than 40 experts from a broad range of industries judged this year’s program.

We are excited to announce that CSID was recognized as a Gold Winner in the following categories:

  • Enterprise Data Protection – Innovations
  • Enterprise (Global Business and Offices) – Innovations
  • Information Technology (Services) – Innovations
  • Security Service (Now or Upgrade Version) – Innovations

We were also recognized as a Bronze Winner in the Security Solutions for Enterprise (Large) category.

Needless to say we are excited by the win. CSID’s Global ID Protector is an offering we have worked hard to develop. When CSID’s Global ID Protector came to market in August 2011, there was no international identity monitoring solution that could tie global customer data together and provide an online portal that is customizable by language preference. Global ID Protector filled this need and remains, to this day, one of the few customizable identity protection and fraud detection solutions that can be scaled on a global level.


CSID’s Global ID Protector is on a Roll

By | August 27th, 2012|Uncategorized|

We did it again. Our Global ID Protector has been honored with another award—the International Business Awards has selected CSID’s Global ID Protector technology as the winner of the Silver Stevie Award for Best New B2B Product of the Year. As the only globally scalable comprehensive identity protection solution on the market, our technology has created a name for itself in the security industry.

The International Business Awards are one of the world’s premier business awards program, with more than 3,200 entries received this year from more than 50 countries. We’re honored to have our technology among so many other distinguished applicants. Take a look at the complete list of this year’s winners, as well as our press release of the announcement.

And to keep the ball rolling, our Global ID Protector technology has been named a finalist in multiple categories—including Innovations in Information Technology and Enterprise Data Protection—by the Golden Bridge Awards, a global awards program that recognizes innovations for every major industry in the world. Wish us luck and stay tuned for early October, when the winners will be announced.

FBI Leads Undercover Operation Against Cyber Crime

By | July 3rd, 2012|Uncategorized|

CSID’s CyberAgent technology scans more than 10,000 underground websites and forums per day—more than 600,000 individual web pages—for personal identifying information (PII) being bought and sold. This PII includes bits like Social Security Numbers, email addresses, passwords and credit and debit card numbers. In fact, the credit and debit card numbers often come with the expiration dates, associated names and addresses, and a validity check.

We often get asked, “Why don’t the authorities do anything about it?”

The answer? Yes, they do—but it is a long and intensive process that strategically evades the public eye. News broke recently that the FBI coordinated with law enforcement agencies around the world for a two-year undercover operation to crack down on online trafficking of stolen financial data and credit card information. According to an official statement by the United States Attorney’s Office for the Southern District of New York, this global operation was the largest coordinated international enforcement action against online “carding” gangs. As Fahmida Rashid wrote in PC Mag, “Online carding groups act as a marketplace where criminals can buy or sell stolen credit card and other financial information.”

To target the groups, the FBI sold stolen data and hacking tools through their own carding site, Carder Profit. Through this site they were able to monitor and record all activities, including visitors’ IP addresses and registrants’ email addresses.

The two-year collaboration among the FBI and law enforcement agencies from 13 other countries ultimately lead to the arrest of 24 people who had been trafficking stolen credit card and financial details. According to the FBI, the operation prevented more than $205 million in losses and notified credit card providers of more than 411,000 compromised cards. 

These efforts from the FBI and law enforcement agencies show us just how serious an issue cyber crime and identity theft is. While it is great to have major agencies like the FBI watching out for us, we must still remember to be diligent in protecting and monitoring our identity online – you never know who might be waiting to steal your information.

Meet the EU’s New Privacy and Breach Regulations

By | May 31st, 2012|Uncategorized|

Starting May 26, the EU began enforcing its E-Privacy Directive that passed last year. This directive requires that websites notify all individuals in the EU about any tracking that takes place on the site and receive consent before carrying out the tracking (i.e. tags, cookies).

What does this new directive mean for businesses?

So many businesses are dependent on having access to consumer information – for marketing, analysis, proper website and application functionality, etc. – that they will need to adjust their current practices to accommodate the new regulations. Forbes contributor Lisa Arthur has put together a list of recommendations for marketers on how best to comply with the regulations. 

It seems the E-Privacy Directive is just the beginning. The European Commission (EC) is also drafting legislation that would “reform and harmonize data protection laws across the EU,” according to IT security reporter Thor Olavsrud in this CIO article. This legislation would install a number of regulations, including:

  • Requiring organizations to undergo regular data protection assessments;
  • Establishing fines for non-compliance; and
  • Mandating that all organizations report a data breach within 24 hours or provide reasons why they cannot do so.

These stricter regulations highlight the importance of having breach preparedness measures in place and ready to go. Our recap of the SXSW panel “Data Breaches: Taking the Bull by the Horns” provides some additional tips for proactively preparing for a data breach.

Whether or not the EC’s proposed legislation passes, these regulations will likely pave the way for similar privacy law developments around the world. Do you like the new regulations imposed by the EU’s new E-Privacy Directive. Would you like to see something similar in the U.S.? Let us know in the comments or join the conversation on Twitter or Facebook.   

Load More Posts