June 2017: The Month in Ransomware

When it seemed that ransomware authors hit the lowest of the low with their attacks a long time ago, they managed to take it a notch further last month. With the revamped Petya Trojan that surfaced on June 27, the crooks broke new ground and started waging a real cyber war against a particular country. This toxic code renders computers inoperable, and paying the ransom does absolutely nothing.

Read the source article at tripwire.com

Ransomware: The Risk is Real | SecurityInfoWatch.com

On May 12, the now-familiar threat of ransomware took the offensive, as more than 230,000 computers in 150 countries were encrypted for ransom at hospitals, telecommunications systems, governments, banks and more. Known as “WannaCry,” the ransomware demanded 300 bitcoin in exchange for decryption. The attack exploited known vulnerabilities in an older version of Microsoft Windows – vulnerabilities that could have been avoided with recent patches.

Read the source article at Security Magazines

How to protect your business data from cyber -attacks?

“By 2018, 40 percent of large enterprises will have formal plans to address aggressive cybersecurity business disruption attacks”-Gartner. Stories of cyber threats disrupting businesses hit headlines almost daily. Cyber-attacks vary from phishing to DDOS attacks to SQL attacks to malware – with ransomware being the latest. So, cyber- attacks have different forms but have one aim – ‘disruption’. They reach deeply into the IT systems and lead to widespread business damage.

Read the source article at mdsc1.com

GameStop Confirms Payment Card Breach | SecurityWeek

Video game and electronics retailer GameStop has started warning customers that their personal details and payment card data may have been stolen by cybercriminals. Security blogger Brian Krebs reported on April 7 that the GameStop.com website had apparently been breached. Krebs learned at the time from his sources in the financial industry that hackers had stolen names, addresses and card data entered on the site between mid-September 2016 and early February 2017.

Read the source article at securityweek.com

In the Hacker Age, How Secure Is Your PLC?

Let’s face it, hackers have racked up some pretty impressive scores lately. From the most recent WannaCry attack, to exposing Ashley Madison, to reportedly “stealing an election”, hackers have been busy exploiting vulnerabilities and gaining massive notoriety. A recent study by the Identity Theft Resource Center concluded that in 2016 U.S companies and government agencies were breached 1,093 times. That’s a new record and a 40% increase from the 780 breaches in 2015.

Read the source article at Automation.com

Credit cards hacks, breaches and thefts: Why they keep happening

SAN FRANCISCO — After the huge Target breach of 2013, you’d have thought retail companies would have figured out how to protect their cash register systems from malware that attempts to steal customers’ data. Then came Home Depot. Then Neiman Marcus. Then Wendy’s. In the past few months, Chipotle, Arby’s and Kmart were all hit. Why are these attacks still happening? Time and money, say experts.

Read the source article at azcentral.com

4 Cybersecurity Best Practices to Bolster Small Business Defenses – National Cyber Security Ventures | Hacker News

As cybervillains intensify efforts to crack into your networks and devices, here’s how to keep your data safe. Through its exercise videos and nutritional shakes and supplements, Beachbody helps people get buff, lose weight and live healthier lives. In fact, the fitness company’s IT team knows all about working up a sweat, but in their case, it’s to add muscle to the company’s cybersecurity defenses.

Read the source article at National Cyber Secuirty University

Get Started: Keep your company’s data safe from cyberattack

Small business owners are getting a reminder about the need for cybersecurity from the worldwide “ransomware” attack on computers.

The attack, which has hit companies, schools, government agencies and hospitals, has put company owners on notice that their businesses could be vulnerable to the invasive software that often arrives by email, locks up the files on a PC or server and renders them useless.

Read the source article at StarTribune.com

Ransomware And Retail

Imagine turning on your smartphone and finding that it has been completely locked out by a stranger demanding payment, a cybercriminal. If you have ever lost access to your phone for other reasons, you know the frustration of not being able to get to your contacts, emails, calendar or any communication convenience. Now imagine this frustration applied to your entire retail operation — blocking all transactions and disrupting your connection to the customer.

Read the source article at Retail TouchPoints

Four Cybersecurity Trends That Every Retailer Needs to Know

Call it optimism or just human nature — retailers, like most people, don’t like to spend a lot of time thinking about unseen threats. A series of painful breaches a few years ago forced the industry to wake up to the dangers of cyber crime and implement new measures to address and control online risks, leading to industrywide security gains.

Read the source article at Total Retail

PCI Compliance is Cheap Compared to EU GDPR

At RBTE at Olympia London, May 09 2017, a panel of payment security experts considered the future of secure payments and the impact that EU GDPR will have in a panel session titled Strengthening security without losing sales. Jeremy King, international director of the PCI Security Standard Council, admitted that PCI compliance is “an expensive, massive thing”, especially, he noted, for smaller merchants without the IT team or the understanding of data and payment security.

Read the source article at Infosecurity Magazine

Is your business too complacent about cyber security?

Cyber security has never been as heavily in the public eye as it is today. But are businesses complacent about this increasingly necessary practice? Top management is committed to continuous vigilance and improving cyber security, recognising that a sound security culture – where everyone in the organisation understands the risk and knows what part they can play in keeping their organisation and stakeholders secure – is essential The results are in.

Read the source article at information-age.com

Top 10 data security tips for small business

Every year for USA TODAY, I write an annual top trends in business column to start the year. For the past few years, there has been one issue that has made my Top 5 consistently, and it wasn’t mobile, social media, or technology. Yes, the issue is that big and the stakes are that high.

Read the source article at blogs.business.microsoft.com

How to Protect Yourself and Your Business from Online Criminals

Today’s online criminals have the ability to move faster and more covertly than ever before. They’re out to get you, and they’re exploiting every vulnerability. Whether you’re a business owner or a consumer, here are four ways to protect yourself. Related: 6 Security Measures Every Startup Should Take in 2017 Fraud has moved online. Back in 2015, the U.S. started using EMV microchip cards.

Read the source article at Entrepreneur

Cybersecurity Essentials to Protect Your Small Business from Hackers

American Small businesses are becoming one of the top targets for global hackers. While a solid deadbolt on the front door and a set of security cameras scoping out the parking lot are still sensible ways to keep your place of business safe and secure, there are a lot more potential security issues lurking in your unassuming laptop or WiFi router than in the physical building itself, and they deserve every business owner’s serious attention.

Read the source article at business2community.com

Intercontinental Hotels Suffer Major Card Breach

The Intercontinental Hotels Group (IHG) has been forced to reveal yet another major data breach of customer card details over the latter part of 2016. In a lengthy missive on Friday, the group explained that an unspecified number of IHG hotels run as franchises were affected between September 29 and December 29 last year.

Read the source article at Infosecurity Magazine

SecurityMetrics 2017 PCI Guide Simplifies PCI Compliance Process

/PRNewswire/ — Many businesses still struggle with PCI compliance, making them vulnerable to data attacks. According to SecurityMetrics’ latest forensic data, the average merchant, at the time of data compromise, wasn’t compliant with at least 47% of PCI DSS requirements. The SecurityMetrics 2017 Guide to PCI DSS compliance demonstrates recent forensic data to show where many businesses are not compliant.

Read the source article at PR Newswire

How To Make Customers And Employees Feel Safe

As a business owner, you’re responsible for the safety of your employees and patrons. Ask yourself: Do your customers and workers feel physically secure when they’re in your store? Do your patrons feel confident using their credit cards? To run a successful business, you need to be able to answer “yes” to these questions without hesitation. If you think your store could use some help in these areas, consider implementing the ideas below.

Read the source article at home – Information Security Buzz

Insights from a PCI Forensic Investigator

At the PCI Acquirer Forum in Las Vegas on 9 May, PCI Forensic Investigator (PFI) Tom Arnold, Payment Software Company, will share with acquirers and processors insights and recommendations from recent data breach investigations. Ahead of his presentation, he discusses some of the challenges he sees in payment security and what keeps him awake at night.

What role do you play in merchant payment security as a PFI?

Read the source article at PCI Perspectives

Defending against ransomware attacks in the payment card industry – IT Governance Blog

Ransomware is currently the biggest cyber security concern for many businesses, and the danger of an attack is continuing to grow. There has been a 600% growth in new ransomware families since December 2015, according to a recent Payment Card Industry Security Standards Council (PCI SSC) guide, which also reported that ransomware crime cost businesses an estimated $1 billion (approximately £800 million) last year.

Read the source article at IT Governance

Point of Sale Hacking and What it Means for Small Businesses

While many business owners purchase point of sale machines with the belief that they are secure, this is often far from the truth. POS, or Point of Sale, hacking is the process of stealing data such as credit card information using remote attacks and malware. More importantly, hundreds of thousands of point of sale hacks happen every year, and some affect thousands of businesses at once.

Read the source article at Threat Sketch

Payment Card Industry Security Compliance: What You Need to Know

A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments. In the dynamic world of payments, transaction security is of paramount importance. When we speak with our customers and partners, the topic of payment security and Payment Card Industry (PCI) compliance always comes up. Although there is a lot of useful information about payment security available, the industry is also filled with many questions regarding PCI.

Read the source article at Dark Reading

Safety First: The Basics of Website Security for Ecommerce Retailers

For ecommerce retailers, website security is the cornerstone of a successful online business. Why? It’s simple: people only want to give their money and their business to companies and organizations that they can trust. If a retailer has an insecure website, then, all other marketing and inbound efforts simply won’t bring results.

Read the source article at HubSpot Blog Homepage

The Growing Threat of Data Breaches in Grocery

With every year that passes, data breaches become a bigger and more frightening threat for retailers. In 2016, nearly 1,000 cases were reported, the highest number since The Identity Theft Resource Center, in San Diego, began keeping records in 2005. And grocers are a hot place for data criminals. According to research from Chicago-based fraud protection firm Rippleshot, they make up the No. 1 channel for data breaches in terms of the percentage of compromised accounts.

Read the source article at Progressive Grocer

Why You Should Think of Security as a Skill, Not Just a Role

A common mistake that we see organizations make is putting off security until they hire someone who specializes in it. Depending on the size of your company and the nature of your business, this could mean waiting several years to start taking security seriously. In today’s threat environment, that’s not realistic or practical.

Read the source article at Cloud Security News, Cloud Security Blog

10 Important Cyber Security Tips For Small Business Owners

Massive kind of cyber security breaches that shattered some top enterprises threw the topic of cyber security to the popular discussion. Though only large companies find their way to the headlines, small businesses are not free from several cyber security threats. The horrible fact remains that the impact of cyber-attack on a small business can often be devastating.

Read the source article at TG Daily

Top 7 Questions to Ask Your Vendors about Their Security Policies

Cyber security is one of the most critical issues the U.S. faces today. The threats are real, and the need is pressing. The cyber security status is unstable, especially when considering the enormous and growing scope of these threats. So, cyberspace’s dynamic nature must be acknowledged and addressed by policies that are equally dynamic. As many breaches happened previously via targeting vendors first, so there is a need to address cyber threats associated with the vendors.

Read the source article at InfoSec Resources

Ensuring Proper Cyber Security Measures for Small Businesses

Cyber security issues for small businesses have been showing an increasing trend in the last five to six years. In fact, small businesses are preferred targets for many cyber criminals; the reasons are obvious. Firstly, many small businesses won’t be having the resources to invest in security, especially the way big enterprises do. Secondly, there might not be trained security personnel in such small companies and the employees working there might not be too security conscious either.

Read the source article at Know about SSL and the latest threats

Proactive security approach: 3 tips to prevent cyber attacks

With cyber threats growing more rapidly than ever, the issue of security has been brought to the forefront of every CIO’s mind. Today, cyber crime is a billion dollar enterprise, and it’s on the rise. According to data from Arbor Networks, the number and size of cyber attacks increased by 73% in 2016. With the incidents of cyber attacks growing year over year, no organization, regardless of size or industry, is free from the risk of a data breach.

Read the source article at Arrow Magazine

How Security Awareness Training Can Protect Small Businesses

Small businesses are progressively utilizing information technology in business processes, but aren’t doing it securely. In essence, they do not believe adversaries will target them when there several other big, profitable organizations to attack. As a result, they neglect important measures like security awareness training, which leaves their firm in the crosshairs of cyber criminals.

Read the source article at InfoSec Resources

Managed Security, The Answer To Growing Cyber Threats

With the nature of cyber attacks becoming more sophisticated and complex, it’s quite difficult for organizations to keep a close watch on the activities of the cybercriminals and update themselves at the pace of hackers and disruptors. Considering the several limitations, enterprises today intend to completely outsource the security to the third party managed service providers and free themselves from the headache of designing security architecture and framing security policies.

Read the source article at cxotoday.com

The Sweet Spot between ‘Compliant’ and ‘Secure’

Proofpoint recently joined a group of security leaders at the World Cybersecurity Congress in London, UK. The main topic of conversation? Regulation. Security and IT professionals are increasingly concerned that the recent uptick in compliance requirements, such as the EU General Data Protection Regulation (EU GDPR), could negatively affect security programs. But complying with regulations and implementing cybersecurity best practices don’t have to be at odds.

Read the source article at proofpoint.com

Is Your Company Actually Secure? 6 Security Risks You Might Not Know About

Businesses have always struggled with the idea of business security. Are you doing enough to protect your company, clients, and employees? Is there really such a thing as too much security? Technology is constantly changing, and as such, so are the threats many businesses face. Everywhere you turn, some security company is trying to point out flaws in your security practices and scare you into purchasing additional services that you might not need.

Read the source article at tripwire.com

7 cybersecurity issues small businesses need to understand in 2017

Security breaches and cybercrime incidents hit the headlines in 2016, as high-profile news of data breaches, malware, DDoS attacks and compromised systems became mainstream news. The news reports inevitably focused on cyber-attacks on major corporations, such as the data thefts from TalkTalk, Three and Tesco Bank, as well as the extraordinary autumn story of the attack on Dyn, which made use of IoT-enabled household devices, such as fridges and toasters, to form a botnet that successfully brought down an enormous number of websites, both large and small. Whilst the past year was eventful, to say the least, in terms of …

Read the source article at bytestart.co.uk

8 Ways to Prevent a Security or Data Breach

Here are some security tips all small businesses should heed and implement to protect their customers — and business.

You may not think your small business is large enough to attract the attention of virtual thieves and cybercriminals, but any business that processes customer payment information is a potential victim of a security or data breach.

Here are some security tips all small businesses should heed and implement to protect their customers and business:

Read the source article at Business.com

Security and Compliance – A Relentless Battle – ISACA Now

The overall objective for security controls is to support the organization’s services and infrastructure by identifying risks, improving the security level, and enabling rapid detection and response to security attacks. It is also true that, in practice, no organization can place all the security controls against every cyberattack by itself. Consequently, it is now a growing practice that many organizations leverage a hybrid model for their security controls.

Read the source article at Information Technology