• FBI Warns of Rise in Disgruntled Employees Stealing Data
    Wall Street Journal (09/23/14) Barrett, Devlin

    The FBI said Tuesday that it has seen a spike in the number of disgruntled employees who steal company information, sometimes as part of an effort to extort money from previous employers. There have been cases in which individuals used their access to destroy data, steal software, obtain customer data, make unauthorized purchases, and gain a competitive edge at a new job, the FBI said. A common way to steal information, the FBI noted, is to use cloud storage accounts and personal e-mail. Sometimes, terminated employees still have remote access to the company’s system. Organizations that have recently been victimized by data theft have suffered losses of $5,000 to $3 million. The FBI reports that some employees have attempted to extort their employer by restricting access to company Web sites, disabling certain functions in content management systems, or conducting distributed denial-of-service attacks. Companies are advised to quickly end departed employees’ access to computer systems, and change administrative passwords after IT personnel quit or are terminated.

    Web Link

  • The Intelligence Triangle
    Security Management (09/14) Lane, Bryan

    All good corporate intelligence programs require a strong information requirement, access to data, and the tools and expertise to process the data. Those three components make up the intelligence triangle. Information requirements are the base of the triangle and are usually standing requirements, ad hoc requests, or information discovery projects. Information requirements may vary depending on who needs them, so they have to be prioritized within a business. These requirements should also become a part of daily business. Data gathering makes up one side of the triangle and supports intelligence programs by filling gaps in data. Data may include sales, financial statements, current events, and government policies. Data sharing throughout a company can ensure intelligence remains up to date. The final portion of the intelligence triangle is effective communication of the outcome of processed data. Using analytical and data visualization technology can help report information. Structured data is often the easiest to work with as it is information that can be categorized. Unstructured data can be harder to work with as it comes from free text. This form of data needs to be analyzed for a conclusion to be reached.

    Web Link

  • Reviewing Lessons on School Safety
    Security Management (08/14) Tarallo, Mark

    The Columbine shooting in 1999 changed the model for responding to school shootings. Assailants now operate more like terrorists, seeking body counts and media coverage, which leaves little time for the traditional police-response model of setting up a command post. Schools are preparing for active-shooter situations in several new ways, such as response training sessions for faculty and even students. Teachers are encouraged to think of three main options during a shooting: to hide, barricade, or evacuate. Some schools focus more on the physical security of the building or facility. Miller Place Union Free School District in New York upgraded physical security several years ago, improving its ability to go into lockdown by implementing a wireless proximity card-based locking system and applying a special film to all classroom door windows. The Columbine shooting also prompted efforts to address the root causes of violence. Paul Timm, PSP, president of RETA Security, advocates a comprehensive approach to school security that includes antibullying initiatives, drug-abuse programs, and dating-violence education, as well as mental-health education. Such interventions should go hand-in-hand with physical security measures.

    Web Link

  • JPMorgan and Other Banks Struck by Cyberattack
    New York Times (08/28/14) P. B1 Perlroth, Nicole

    JPMorgan Chase and at least four other U.S. banks were the targets of what security experts say was a sophisticated cyberattack. In a series of coordinated attacks this month, hackers infiltrated the banks’ networks and siphoned off gigabytes of data that included checking and savings account information. The FBI and several security firms are involved in the investigation, although the motivation and origin of the attacks remain unclear. Earlier this year, Dallas-based security firm iSight Partners warned that companies should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions, but Adam Meyers, head of threat intelligence at security firm CrowdStrike, said it was too soon to suggest that sanctions were the motive behind the attacks. Hackers may have been after account information, or information about a possible merger or acquisition.

    Web Link |

    New Industry Group Tackles ATM Fraud
    BankInfoSecurity.com (08/20/14) Kitten, Tracy

    ATM manufacturers Diebold and Wincor Nixdorf are laying the groundwork for the formation of a new global industry group focused on thwarting ATM crime. The aim of this group is to establish industrywide technical standards for secure ATM terminals and ATM components and provide a platform for information sharing about attack scenarios and emerging threats, said Joerg Engelhardt, vice president of global product management for Diebold.

    Web Link |

    Security Becoming Less of a Luxury
    Security Management (08/14) Gips, Michael

    Security spending has seen significant growth since 2011, with healthy growth projected in both operational and IT security through 2017. An upcoming survey and report prepared by ASIS International and the Institute of Finance and Management, called “The United States Security Industry: Size and Scope, Insights, Trends, and Data, 2014-2017,” updates the original 2012 ASIS/IOFM survey. Private-sector spending jumped from $282 million in 2012 to $319 billion in 2013 to a projected $341 billion in 2014. Data drawn from surveys of 479 security end users, manufacturers, and service providers, predicts $377 billion in private-sector security spending in 2015, another 10 percent year-over-year increase. Most spending growth is driven by smaller firms with revenues of $1 million to $10 million. Operational security budgets for such businesses are expected to increase 17 percent from 2013 to 2015, with IT security expected to grow by 15 percent in the same period. Spending will include video surveillance, access control, alarm monitoring, IT security software, consulting services, employee screening, training, perimeter protection, and systems maintenance.

    Web Link |

    Tips and Strategies for Securing Datacenters
    Security Today (08/26/14) Hill, Ginger

    The first step in establishing data center security should focus on the physical security of the perimeter, which can add another layer of security between the data and potential hackers. Facilities should develop a physical security policy that every employee is aware of and follows. This may involve biometric access or security guards, as well as closed-circuit TV cameras facing each of the outside walls. Some cameras also should focus on the ceiling, which intruders may try to use to gain entry. Data centers should also separate loading and storage areas to prevent interference with the equipment. Servers should be protected even if they do not contain any data, as they are still susceptible to an attack if a malicious individual can gain physical access to install or implant hacking technology into servers. Facilities also should keep their power and network cabling neat, which can employees avoid mistakes that could compromise data integrity.

    Web Link

« Previous Entries   

Recent Posts

Recent Comments