The switchover to EMV (Europay, MasterCard, and Visa) chipped credit cards is well underway. According to a new report from research and advisory firm Aite Group, sponsored by device intelligence and fraud prevention company iovation, 81% of credit cards in the U.S. will be EMV capable by the end of 2016. And the increased adoption of the more secure cards is fueling an increase in counterfeit fraud.To read this article in full or to leave a comment, please click here(Insider Story)
You've doubtless heard about the Panama Papers, a leak of 2.6TB of documents from the one of the world's largest offshore law firms, Mossack Fonseca. The dump of over 11 million files containing detailed financial information on 214,000 companies illustrates how offshore tax havens are exploited.Whatever you may think of Mossack Fonseca's business dealings, there are lessons to be learned about what the company could have — and should have — done to ensure that its clients' data was protected.[ Related: What's the deal with the massive Panama Papers data leak? ]To read this article in full or to leave a comment, please click here(Insider Story)
You've doubtless heard about the Panama Papers, a leak of 2.6TB of documents from the one of the world's largest offshore law firms, Mossack Fonseca. The dump of over 11 million files containing detailed financial information on 214,000 companies illustrates how offshore tax havens are exploited.To read this article in full or to leave a comment, please click here(Insider Story)
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.To read this article in full or to leave a comment, please click here(Insider Story)
Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.
The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Amy Bennett ([email protected]).To read this article in full or to leave a comment, please click here(Insider Story)
The App Store and Google Play stores are awash in home security apps. How do you choose?
Some of the features you should look for are the "ability to save CCTV footage to your mobile device, view live CCTV footage through your mobile device, store recordings on your cloud, control your security system from your mobile device and activate a 'call to action'," says James McCann of JMC Technologies, a UK-based supplier of CCTV equipment. In addition, all of the best apps offer instant notification whenever unusual activity is detected, says McCann.
McCann has rounded up 10 of the best mobile home security apps for iOS and Android — all free to download and all worth a try. These apps come recommended by industry experts and have (mostly) positive reviews on their respective app stores, says McCann. And he personally vouches for every last one of them.To read this article in full or to leave a comment, please click here(Insider Story)
What will the cause of your next security breach?
Will it be your firewall?
Will it be your VPN?
Will it be your website?
Nope.
Chances are, your next security breach will be caused by hackers exploiting someone within your organization.
In just the last two months, a single, simple phishing scam targeted seven organizations, gaining access to W2 information. And business email compromise attacks, in particular, are growing fast and hard to defend against.To read this article in full or to leave a comment, please click here(Insider Story)
Application security is arguably the biggest cyber threat, responsible for 90 percent of security incidents, according to the Department of Homeland Security. Yet it suffers from not-my-job syndrome, or, as SANS put it in its 2015 State of Application Security report, "Many information security engineers don’t understand software development — and most software developers don’t understand security."To read this article in full or to leave a comment, please click here(Insider Story)
Four of the top identity management products on the market are Oracle Identity Manager, CA Identity Manager, IBM Tivoli Identity Manager, and SailPoint IdentityIQ, according to online reviews by enterprise users in the IT Central Station community.But what do enterprise users really think about these tools? Here, users give a shout out for some of their favorite features, but also give the vendors a little tough love.Oracle Identity Manager
Valuable Features:
"The most valuable features are the attestation of identities and the robust set of identity analytics." - Mike R., Lead Solutions Architect at a media company with 1000+ employees
"I feel the Provisioning and Reconciliation Engine as well as the Adapter Factory are the most valuable, apart from the standard features which most identity management solutions provide." – Gaurav D., Senior Infrastructure Engineer at a tech services company with 1000+ employees
"Automated User Creation and provisioning of connected resources in the case of Identity Manager, Access control to protected web resources with regards to Oracle Access Manager." - Mwaba C., Identity and Access Management at a manufacturing company with 1000+ employees
Room for Improvement:
"With Oracle, it's always about the learning Continue reading
Good news, singletons. According to research from device intelligence and fraud prevention company iovation, fraud on online dating sites is lower leading up to Valentine's Day.In February 2015, 1.23 percent of all online dating transactions were fraudulent, compared to 1.39 percent during all of 2015, according to iovation.This doesn't mean that fraudsters are less active around Valentine's day, but rather that there are more legitimate fish in the online dating sea. "The reason that online fraud rates dip at Valentine's Day is simply because there is a disproportionately high volume of legitimate dating site traffic during that time," said iovation’s VP of Operations Molly O’Hearn. "So it's not that the fraudsters are taking a breather, it's that the legitimate users of data services ramp up, causing the ratio of fraud in the mix to temporarily decline."To read this article in full or to leave a comment, please click here(Insider Story)
Another day, another data breachImage by ThinkstockThere were 736 million records exposed in 2015 due to a record setting 3,930 data breaches. 2016 has only just started, and as the blotter shows, there are a number of incidents being reported in the public, proving that data protection is still one of the hardest tasks to master in InfoSec.To read this article in full or to leave a comment, please click here
In 2009, a team of journalists who were investigating the electronic waste, purchased a computer in a Ghana market that was found to contain "sensitive documents belonging to U.S. government contractor Northrop Grumman," wrote Robert McMillan in a story at the time. "Northrop Grumman is not sure how the drive ended up in a Ghana market, but apparently the company had hired an outside vendor to dispose of the PC."That's a nightmare scenario, to be sure.And in the years since, businesses have continued to store vast quantities of data on servers, hard drives, and media storage devices — sensitive data that should be protected or destroyed. But the options for data destruction can be overwhelming.To read this article in full or to leave a comment, please click here(Insider Story)
Web application attacks are among the leading causes of data breaches, according to Verizon's 2015 Data Breach Investigations Report, which looked at data from 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries. The report also found that weak or stolen credentials account for over 50 percent of breaches involving Web applications, and those in the financial services sector are favored targets for Web application attacks.Statistics like that are enough to make anyone sit up and take note.To read this article in full or to leave a comment, please click here(Insider Story)
New research from messaging security provider Cloudmark and technology research company Vanson Bourne provides new insight into IT professionals' views and experiences with spear phishing attacks, as well as the security and financial impact of these attacks on their organizations."With the wealth of information about individuals and organizations now available online, cybercriminals can easily craft targeted attacks to gain access to valuable personal and financial information. Spear phishing has emerged as one of the largest threats facing enterprises today," said George Riedel, CEO of Cloudmark.Vanson Bourne surveyed 300 IT decision makers at organizations with more than 1,000 employees in the U.S. and the U.K. to assess the impact of spear phishing attacks, as well as what measures enterprises were taking to combat them.To read this article in full or to leave a comment, please click here(Insider Story)
This Internet usage policy from a manufacturing company with fewer than 50 employees establishes the company's ownership of data transmitted over its computer systems, establishes the right to monitor, and ofifers examples of activities that violate the policy.You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]).
Internet Usage Policy
COMPANY may provide you with Internet access to help you do your job. This policy explains our guidelines for using the Internet.To read this article in full or to leave a comment, please click here(Insider Story)
This password policy from a large financial services institution with more than 5,000 employees covers standards for creation of strong passwords, the protection of those passwords, and the frequency of change.
You are free to use or adapt this sample policy, which was contributed by the security community, for use in your own organization (but not for re-publication or for-profit use).
Want to provide a policy or checklist? Contributions are welcome, as is expert commentary. Send your thoughts to Amy Bennett ([email protected]).
Overview
Passwords are an integral aspect of our computer security program. Passwords are the front line of protection for user accounts. A poorly chosen password may result in the compromise of critical (organization) resources. As such, all (organization) staff and outside contractors and vendors with access to our systems are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.To read this article in full or to leave a comment, please click here(Insider Story)
The year in security researchImage by CSOSecurity researchers were busy in 2015 — almost as busy as the criminals whose work they studied.Among the notable numbers this year: Low tech 'visual hacking' proves to be successful nine times out of ten, most websites had at least one serious vulnerability for 150 or more days, click fraud costs businesses $6.3 billion a year in wasted ad money, and oh so much more!To read this article in full or to leave a comment, please click here
CSO Contributing Writer Ira Winkler (The Irari Report) recently sat down for an interview with Alejandro N. Mayorkas, the deputy secretary of Homeland Security.We’ve separated the interview into three video segments, covering a variety of security-related topics.In the first video (above), Mayorkas describes the role of Homeland Security when it comes to cybersecurity, and how government agencies are working together to improve the overall cybersecurity of critical systems and infrastructure.In part 2, Winkler and Mayorkas discuss whether the power grid is vulnerable to cyberattack, and where opportunities exist for improving our defenses.To read this article in full or to leave a comment, please click here
It has been a whirlwind few years for John McAfee, the man noted for developing the first commercial anti-virus program. It was only a few years ago when rumors were frantically flying around in following an incredibly sensational story of McAfee as a murder suspect. With all of that seemingly behind him, he now turns his attention to taking up residency in the White House.McAfee, 70, who founded the McAfee security brand, which was later sold to Intel in 2010, recently filed papers as a candidate for president as a member of the Cyber Party. McAfee’s political views are likely to be viewed by many as out of the mainstream, and he believes that if the government is not working for the people, then the citizens have the right to abolish it. He believes that the government has gotten too big and unwieldy. He often cites how it would take 600 years to read all of the laws Congress has passed through the years.To read this article in full or to leave a comment, please click here
CSO staff