Data Loss Prevention Has Jumped the Shark
By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com
The FTC sending a warning to 100 companies and agencies that their employees are leaking client and sensitive data on the web via Peer to Peer file sharing (P2P) is the single most pathetic and embarrassing communication to come across the desk of an IT professional. It’s over, Johnny IT’S OVER…
Outsourcing Breach Response Lowers Costs
By Doug Pollack, Chief Marketing Officer for ID Experts
The Ponemon Institute last month released their 5th annual 2009 Annual Study: Cost of Data Breach. This year, the report explored several new areas and came up with some interesting and in some cases surprising conclusions…
The Dismal State of Information Security
By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com
The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community. Enterprise networks are becoming hardened and they are still vulnerable. We are fragmented and all over the place with an incredible array of interdependent technologies that are set up with convenience in mind and security second…
Banks Fail to Provide Effective Online Security
By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com
So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it? At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.
Afraid of the Cloud? Ask the Right Questions
By Greg George, Managing Partner of GTI Advisors
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
Targeted Sequel Injection Attacks on the Rise
By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com
SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component. The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into…
Perplexities of Enterprise Privacy Policies
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
Police Make Arrests In ATM Skimming Ring
By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com
Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are.
FaaS: The Emergence of Fraud as a Service
By Mike Meikle, CEO at Hawkthorne Group
Fraud as a service or FaaS for the acronym collectors, has been a topic of concern for security professionals since 2008. Gone are the days where the primary theft is being perpetrated by the sociopath lone-wolf in the basement. The major player is now organized crime, responsible for 70 percent of online fraud and billions in ill-gotten gains…
Behavioral Based Email Security Systems
By Simon Heron, CISSP Internet Security Analyst
There needs to be a change to email security if we want to stop seeing high profile security breeches such as the ones that hit Hotmail and Google in 2009, and the America law firm Gipson Hoffman & Pancione more recently. The problem is, most email filtering systems will trust the email address and therefore allow it through.
