Category: BAI Security Blog

The State of Data Security Intelligence

The Informatica and Ponemon Institute’s second annual survey on data centric security, “The State of Data Security Intelligence,” has been released. Given the growing number of high-profile breaches, the report’s findings won’t shock anyone. Instead, they will confirm what we all know. That said, the number of organizations who admitted that they have little to no data security protections in place is disturbing. The key points made in the report include the following: Organizations report a loss of confidence in their ability to govern their data, and less understanding on how to secure it and use it to generate actionable business intelligence. Organizations say it is a growing struggle to find ways to reduce data breach risk and improve their

Read More »
BAI Security June 11, 2015

Preventing Retail Data Breaches: Defining Best Practices

The National Retail Federation recently presented Congress with a set of solutions aimed at better protecting consumers and helping businesses prevent data breaches. “We should not be satisfied with simply determining what to do after a data breach occurs,” NRF senior vice president for Government Relations David French said in a statement. “Instead, it is important to look at why such breaches occur and what the perpetrators get out of them so that we can find ways to reduce and prevent not only the breaches themselves but the follow-on harm.” French presented the proposals during his testimony before the House Oversight and Government Reform Committee’s Subcommittee on Information Technology. Here’s a brief overview of its solutions and goals: Expanding consumer

Read More »
BAI Security June 2, 2015

Need to Know Now News Roundup: PoS Breaches, Destructive Malware, and Patch Tuesday

POS Breach Bigger Than Reported? Point-of-sale (POS) maker Harbortouch last week disclosed a breach involving “a small number” of its restaurant and bar customers, who were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity is reporting that a major U.S. card issuer has said that the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide. Brian Krebs notes that “banks were so anxious about the unexplained fraud spikes as stolen cards were used to buy goods at big box stores that they instituted dramatic changes to the way they processed debit card transactions. Glastonbury, Ct. based United Bank

Read More »
BAI Security May 13, 2015
BAI Security Audit

Healthcare Records Theft On The RIse

Insider negligence is no longer the number one cause of data breaches in the healthcare industry – cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access their valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that

Read More »
BAI Security May 12, 2015

Insights From Verizon’s Data Breach Investigations Report

In early spring, while many people are anticipating the return of warm weather and blue skies, the information security industry is looking forward to the release of Verizon’s annual Data Breach Investigations Report (DBIR). Published since 2008, DBIR is a data security reference guide, playbook and bible. Global in scope, the report analyzes thousands of confirmed data breaches and security incidents, sorts out the trends, and provides best practice guidance that informs the industries’ approach to cyberthreats and digital security. This year’s report includes the obligatory alarming statistics, among the most eye-opening being that in 60 percent of investigated incidents attackers were able to compromise a target network within minutes. Equally interesting, the majority of the 79,790 incidents and 2,122

Read More »
BAI Security May 6, 2015
BAI Security Audit

Key Takeaways from Interop

Security was on everyone’s mind at this year’s Interop Las Vegas conference, with workshops ranging from insider threats to social engineering, supply chains and managing targeted attacks. One key point that emerged from all of the discussion was that businesses and governments need to understand the motivations of cyber attackers. Dmitri Alperovitch led the INTEROP workshop which was focused solely on the benefits of knowing your enemy. The days when security was a matter of “merely” battling cyber criminals and young hackers out for a joyride are over. Today, we also have cyberespionage, hacktivists and state-sponsored hacking to contend with as well. Seems that everyone is exploiting digital to gain even the tiniest edge in business or politics. Given these

Read More »
BAI Security May 5, 2015
Breach

Key Takeaways from RSA 2015

RSA 2015 drew more than 28,000 security-minded people to its latest week-long conference in San Francisco. The key takeaways from the discussions, workshops, and keynotes were highlighted by the tech, business, and mainstream press. The Associated Press coverage pointed out that attending RSA is a particularly sobering experience for those not involved in the security industry. The reporter noted that many breaches are the result of human error – one click on a link in a phishing e-mail, malicious text message, or website can open a network to attack. “Verizon researchers estimate one in five phishing emails were read by their targets and one in 10 persuaded someone to open an attached file,” the reporter noted, adding that the newest

Read More »
BAI Security April 30, 2015
BAI Security Audit

Retail PoS Systems, Ancient Passwords – What You Need To Know Now

You’ve probably seen coverage of the big RSA reveal regarding the fact that point of sale devices from a specific vendor have used the same pre-set administrator password for the last quarter of a century. Security researchers Charles Henderson and David Byrne, at their RSA presentation, were the ones who shared this discovery. More troubling, according to Henderson and Byrne, 90% of the systems they see have retained that exact admin username and the password: 166816. You’d wonder why retailers aren’t changing the default admin and password when they deploy the system, but it seems like many assumed that the 166816 password was uniquely assigned to them. The PoS system in question is widely used, but the vendor isn’t the

Read More »
BAI Security May 1, 2015

Retail Digital Security Best Practices

The National Retail Federation recently presented Congress with a set of solutions aimed at better protecting consumers and helping businesses prevent data breaches. “We should not be satisfied with simply determining what to do after a data breach occurs,” NRF senior vice president for Government Relations David French said in a statement. “Instead, it is important to look at why such breaches occur and what the perpetrators get out of them so that we can find ways to reduce and prevent not only the breaches themselves but the follow-on harm.” Rench presented the proposals during his testimony before the House Oversight and Government Reform Committee’s Subcommittee on Information Technology. Here’s a brief overview:         Expanding consumer liability protection when using debit

Read More »
BAI Security April 23, 2015
Malware

New Retail PoS Malware Discovered

A new malware family targeting point-of-sale (PoS) systems, is infecting machines in order to scrape [payment card iinformation from memory. The malware, dubbed PoSeidon, was initially spotted by researchers from Cisco’s Security Solutions (CSS) team. PoSeidon, like most point-of-sale Trojans, scans the RAM of infected terminals for unencrypted strings that match credit card information. End-to-end encryption technology would protect payment card data from these sorts of attacks, but few PoS terminals have this capability right now. Cisco’s researchers say that PoSeidon is comprised of a keylogger, a loader and a memory scraper that also has keylogging functionality. As one would expect, the keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and

Read More »
BAI Security April 21, 2015

Recent Posts

Keywords

No Tags Found !

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact