Every organization needs to face the fact that breaches can and do happen. Hackers have the resources, the expertise, and the persistence to infiltrate any organization, and there is no such thing as a 100 percent effective, silver-bullet detection technology. As security professionals, we tend to focus on what we can do to defend directly against hackers that will infiltrate a system. But, what about our own users? Increasingly we need to look at how user behavior contributes to attacks and how to deal with that.
The 2013 Verizon Data Breach Investigation Report found that 71 percent of malware attacks target user devices. And, the 2014 report finds that the use of user devices as an attack vector has been growing over time, probably because they offer an easy foot in the door. According to the 2014 Cisco Midyear Security Report, global spam is at its highest level since 2010 and that’s just one technique targeted at end users. “Watering hole” attacks, phishing, and drive-by attacks launched from mainstream websites are all popular ways to target devices. And, then there’s the shadow IT phenomenon where users will ignore approved corporate standards to use the hottest technologies or whatever device or application will help them get their job done faster, better, and easier.
Educating users is important. They need to be wise to attackers’ techniques and the dangers that unsanctioned websites and applications can present. Also, putting policies in place to restrict user behavior can go a long way toward preventing malicious attacks that often rely on relatively simple methods. But it is not enough.
Read More »
Tags: AMP, data breach, security
Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.
The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.
“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”
For more on this topic please visit Patrick Finn’s entire post over on the Cisco Government Blog.
Tags: byod, cybersecurity, data breach, govtech, mobile security, security
Don’t be the Next Victim
Even as the latest breach headline fades away, we all know there is another waiting in the wings (read Part I of my blog). How can organizations protect themselves? There is no panacea for securing a payment environment, and implementing advanced technology alone will not make an organization compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS provides a solid foundation for a security strategy that covers payment and other types of data, but overall security does not begin and end with PCI compliance. Therefore, an organization’s security strategy should employ best practices and an architecture that will not only facilitate PCI compliance, but also help secure the cardholder environment, prevent identity theft, reliably protect brand image and assets, mitigate financial risk, and provide a secure foundation for new business services.
Read More »
Tags: Cisco, data breach, data loss, data loss credit card, design, pci, PCI Compliance, pci-dss
Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids. However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser. In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…
With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us. So, how are these breaches continuing despite all of the efforts to secure customer data? In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.
Anatomy of a Data Breach:
It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today. It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult.
Read More »
Tags: compliance, credit card, data breach, data loss, malware, pci, security
These tips can protect your business and customers from financial loss and identity theft
So far this year, 369 data breaches have been reported to the Open Security Foundation Data Loss Database, affecting 126,749,634 records. A breach in your business data can come from loss, theft, or exposure of information, which opens you and your customers up to such risks as financial loss and identity theft. Most reported breaches involve stealing private information, like customers’ email addresses and credit card numbers.
A small business can suffer data loss through a variety of data breaches, not all of which can be pinned on a malicious hacker. Data can be lost when a mobile device goes missing, gets accidentally deleted from a server or computer, or when an employee inadvertently makes private data public or steals it outright. And sometimes data is lost not by human error or interference but by an unfortunate accident such as a natural disaster or computer failure. In some way and at some time, a data breach can—and eventually will—happen to everyone.
These five steps can help you secure your critical data against breaches and mitigate the risk of losing customers, intellectual property, and regulatory compliance.
Read More »
Tags: data breach, data protection, security, small business