• Payment Innovation Outpacing Security: Study
    Credit Union Times (04/29/15) Urrico, Roy

    A new survey by Experian and Ponemon Institute reveals concerns that virtual currencies, mobile payments, e-wallets, and other new payment technologies increase breach risks. Of the 748 U.S. based professionals involved in their company’s payment systems, 68 percent indicated that pressure to migrate to new payment systems jeopardizes customer data. While 59 percent said EMV chip-and-PIN cards were an important part of their firm’s payment strategy, just 53 percent believed they would reduce data breach risks. As for the innovations most likely to boost data breach risks, 65 percent cited virtual currencies, followed by mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices/apps (57 percent), and near field communications (54 percent). Forty-five percent of respondents said financial institutions were most responsible for ensuring payment systems security, while credit card companies and conventional or Internet retailers were cited by 40 percent and 21 percent of respondents, respectively. The researchers said, “Throughout our study, we found a large percentage of companies are likely to keep moving forward with deployment of new technologies despite concerns about security. More than half of respondents say customer convenience was a higher priority to their organization than security.”

    Web Link

  • Insider Threats Force Balance Between Security and Access
    CIO (04/23/15) Corbin, Kenneth

    Speaking at a recent Symantec-hosted panel discussion on insider threats and other cybersecurity issues, Fairfax County, Va., CISO Michael Dent said IT leaders can help their cause with prudent policies that limit who can access what kinds of data. Organizations must broaden their understanding of what constitutes an insider threat, as the typical enterprise access to sensitive systems and information runs beyond in-house staff, Dent says. He notes insider threats are not just employees, but “also are your contractors, your vendors—your volunteers, potentially—that come in and work for you.” Traditional perimeter defenses such as firewalls and intrusion detection are not going to protect against threats coming from within the organization, Dent warns. Although putting in policies to address bad actors is relatively easy, it is far more difficult to develop an appropriate framework for access and permissions that balances strong security protocols and an open workplace where employees are increasingly expecting to be able to work remotely and on a variety of devices. Dent says Fairfax County currently runs on a least-privilege system, strictly limiting access to certain data assets based on job function and responsibility. The county also has implemented a tough policy for offenders who violate the organization’s data-access rules.

    Web Link

  • Enterprise Security Threat Level Linked to User Demographics, Industry and Geography
    Security Magazine (04/15)

    The study, “Running the Risk” by Aruba Networks shows that there is a shocking disparity around security practices in the corporate world. More than 11,500 workers across 23 countries worldwide were questioned and overall, researchers found that employee attitudes are swaying towards more sharing of devices in the workplace. Aruba found that six in ten people share their work and personal devices with others and nearly a fifth of employees do not have passwords on devices. Additionally, 31 percent of workers admitted to having lost data due to the misuse of a mobile device and nearly nine in ten believe their IT departments alone will keep them protected. The report found a level of disparity among industries when it comes to the treatment of mobile devices. High tech employees are almost two times more likely than hospitality or education workers to give up their device password if asked for it by IT. However, educators are 28 percent more likely to write passwords on a sheet of paper compared to those in high tech. The survey found that 37 percent of those surveyed did not have any type of basic mobile security policy in place and Aruba suggests that businesses may not be prepared for lies ahead.

    Web Link

  • London (CNN)British police investigating a spectacular heist in the heart of London’s jewelry district said Friday they knew a burglar alarm went off but didn’t respond.

    Southern Monitoring Alarm Company called the Metropolitan Police Service, also known as Scotland Yard, at 12:21 a.m. April 3 to report that the burglar alarm had been activated at Hatton Garden Safe Deposit Ltd., MPS said in a prepared statement.

    “The call was recorded and transferred to the police’s CAD (computer-aided dispatch) system,” the statement said. “A grade was applied to the call that meant that no police response was deemed to be required. We are now investigating why this grade was applied to the call. This investigation is being carried out locally.

    “It is too early to say if the handling of the call would have had an impact on the outcome of the incident.”

    The theft was so big that police haven’t come up with a value for what was stolen.

    Over the four-day Easter holiday, an unknown number of thieves broke into the vault of Hatton Garden Safe Deposit Ltd. and might have been able to take as long as four days to rifle through the boxes.

    A former police official in London has speculated that the loss could run to £200 million, or $300 million, in a remark widely reported by news media.



« Previous Entries