Security Trends: A Look Back at 2014 and Ahead to 2015

By | December 11th, 2014|Uncategorized|

Security Trends2014 was a busy year for the security industry, with an unprecedented number of breaches, malware strains and POS hacks. With cybercrime becoming an unfortunate but increasingly common consequence of seemingly benign Internet activities, business and consumers alike will have to up the ante on the measures they use to protect themselves. Here’s a round up of some of 2014’s most talked about security problems and some measures that can help mitigate their prevalence in the new year.

Medical Identity Theft
Looking Back: As CSID President Joe Ross discussed in his Huffington Post column, medical identity theft has become an easy and lucrative target for criminals.

Looking Forward: Our recent webinar highlighted a number of effective best practices to reduce the opportunities for medical identity theft. We suggest auditing third party vendors who can access patient credentials and implementing a robust authentication system across all business platforms. With medical identity theft likely to increase in the new year, businesses must continue to practice diligent monitoring and alert techniques to circumvent the problem.

Recruiting Top IT Talent
Looking Back: Over the past few years we have seen a shortage in cyber security and IT talent, and this has become even more difficult as demand continues to surpass supply.

Looking Forward: While there is no overnight resolution to the talent deficit, talent advisory company CEB has identified two significant shifts that can help the industry expand the number of potential candidates:

  1. Look to other IT hubs – Silicon Valley has long been the center of IT activity, but looking beyond to incubator cities like Denver, Phoenix and CSID’s hometown Austin can help expand the pool of potential candidates.
  2. Changing the competency evaluation model – While traditional skills are still necessary, looking for individuals who can learn and adapt quickly to IT needs can help businesses change with the pace of the industry.

Additionally, look out for information on our upcoming SXSW Interactive panel where we will discuss ways to recruit talent and encourage malicious hackers to move away from dark web practices and use their skills and expertise for good.

Tackling Global Identity Theft And Data Breaches
Looking Back: Identity theft – as well as that which occurs through data breaches – is an increasingly global issue, particularly as we all become more connected and dependent on the digital world.

Looking Ahead: The first step towards confronting identity theft with viable solutions is to recognize that the problem requires global collaboration and strategies. While tools like our comprehensive Global Protector can help protect businesses and consumers against breach on a global scale, government initiatives and global agendas must also be implemented to confront the issue. We will discuss solutions and a comprehensive global approach to the problem in our panel at the 2015 SXSW Interactive conference.

What do you think will be our biggest security challenge in 2015? Tell us your predictions on Twitter, Facebook or LinkedIn.

Keylogging malware on public computers is a growing concern

By | July 23rd, 2014|Uncategorized|

keylogger malwareThis month, the U.S. Secret Service issued a warning about the increasing practice of hackers installing keylogger malware on computers in hotel business centers. The malware captures keys struck by hotel guests that use the computers and then sends that information via email to the malicious hacker. The result – any sensitive information the traveler types in to the computer is compromised.

Hotel systems hold a treasure trove of data, including email addresses and email account logins, card details, even logins to travel and rewards accounts. More importantly, they are more likely to host information related to a government issued ID like a driver’s license or passport, common documents that are referenced when traveling.

While keylogger malware is nothing new, we have seen a huge increase in hotels being targeted by this remote malware. We have seen more than 50 different hotel chains compromised in the past few weeks via our CyberAgent software including a handful of large US-based hotel chains. We’ve also seen the same type of installations at libraries and museums – virtually any environment that offers public access to a computer. Keylogger malware is an opportunistic, low risk and high reward attack method, and anyone using a public computer should be aware the risks.

To avoid being the victim of keylogger software, consider the following:

  • Keyloggers can’t record what isn’t typed. When using a public computer be aware of the accounts you log in to and the information you share. Avoid logging in to high value accounts like your bank account or Amazon account. In instances where logging in to a high value account is unavoidable, change your password when you get home.
  • Speaking of changing your password, it is generally a good practice to update your passwords frequently. This practice alone will hamper most keylogging attacks.
  • Assume that anything you do on a public computer will be recorded and used by others. Follow this advice and you should be okay.

Customer Alert: Heartbleed SSL Vulnerability

By | April 9th, 2014|Uncategorized|

heartbleedOn the morning of April 8, 2014, the OpenSSL community revealed a security vulnerability in recent versions of the OpenSSL software. Dubbed Heartbleed, the vulnerability poses a serious security concern because cyber criminals could exploit the vulnerability to expose site users’ Personally Identifiable Information (PII).

What does this mean, exactly?

OpenSSL is an open-source encryption technology used by a approximately 75% of web servers. This technology safeguards site visitors who are sharing PII and financial information to make a transaction. Sites that employ OpenSSL are typically indicated with a lock icon and live at an HTTPS address. In other words, an OpenSLL site may be at the core of your business, and you probably use sites that incorporate this technology daily.

How do I mitigate risk?

The only way for businesses to avoid Heartbleed is to upgrade their site with the latest, patched version of the OpenSSL software, which addresses the vulnerability.

CSID customers should be assured that CSID has done this to its servers, and strongly recommends that they take the same action and immediately renew their SSL Certificates used with CSID services. As an additional security precaution and due to the breadth of this vulnerability, CSID joins other security professionals in recommending that businesses patch any instances of OpenSSL in their environments, and renew any SSL certificates immediately.

Further details surrounding the Heartbleed vulnerability and its disclosure can be found here.

Load More Posts