Tag: BAI Security Compromise Assessment

BAI Security Compromise Assessment

Unseen Consequences: The Ripple Effects of a Data Breach

A data breach results in some obvious, immediate impacts. Your customers’ and/or patients’ data is exposed, for one. Even if you don’t lose their business, there will likely be some fences to mend to regain their trust. However, what often gets lost in the aftermath of significant breaches is the ripple effect these attacks can have on all levels of your business. These ripples are currently shaking an in-transition Yahoo to its core. Market Loss As you’ve probably heard, Yahoo recently announced that at least 500 million user accounts were breached in a late 2014 attack, making it potentially one of the largest cyber breaches ever. This news came at a particularly bad time, as Verizon was willing to bid

Read More »
BAI Security Audit

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that close to 45% of

Read More »
BAI Security Audit

Data Security Lessons To Learn Right Now

Data Security Lessons To Learn Right Now Much has been said about the recent Ashley Madison (AM) hack attack, and even more was said about the subsequent data dump of highly sensitive customer information. Are there lessons to be learned from AM? To some extent—the consequences would have been worse had card data not been encrypted. But in the wake of last week’s court ruling that gives the U.S. Federal Trade Commission (FTC) the authority to sue companies for failing to maintain adequate cyber security, it’s obvious that business needs to pay more attention to their security controls. The FTC Is Watching The court decision came in response to the FTC’s lawsuit against Wyndham Worldwide Corporation for digital security failures—storing payment

Read More »
Assessment

Securing Government Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of the prevalence of security issues within software code, the application’s compliance with basic best security standards, and how frequently customers updated or fixed flawed applications are included in the report. The study found that Web applications in use by federal agencies failed to comply with security standards 76 percent of the time. By contrast, financial service companies are in compliance a comforting-only-by-comparison 42 percent of

Read More »
BAI Security Audit

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to the network. Security experts have warned that 2015 will be the year of the particularly malicious hacker. Such attackers will wipe compromised networks after a successful attack in order to destroy forensic evidence. In other cases, as we’ve seen with the various “locker” ransomwares, data is encrypted and held for ransom. If demands aren’t met, the data isn’t released from its encrypted prison. “Defensive Best

Read More »
BAI Security Audit

Healthcare Records Theft On The RIse

Insider negligence is no longer the number one cause of data breaches in the healthcare industry – cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access their valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that

Read More »
BAI Security Audit

Key Takeaways from Interop

Security was on everyone’s mind at this year’s Interop Las Vegas conference, with workshops ranging from insider threats to social engineering, supply chains and managing targeted attacks. One key point that emerged from all of the discussion was that businesses and governments need to understand the motivations of cyber attackers. Dmitri Alperovitch led the INTEROP workshop which was focused solely on the benefits of knowing your enemy. The days when security was a matter of “merely” battling cyber criminals and young hackers out for a joyride are over. Today, we also have cyberespionage, hacktivists and state-sponsored hacking to contend with as well. Seems that everyone is exploiting digital to gain even the tiniest edge in business or politics. Given these

Read More »
BAI Security Audit

Retail PoS Systems, Ancient Passwords – What You Need To Know Now

You’ve probably seen coverage of the big RSA reveal regarding the fact that point of sale devices from a specific vendor have used the same pre-set administrator password for the last quarter of a century. Security researchers Charles Henderson and David Byrne, at their RSA presentation, were the ones who shared this discovery. More troubling, according to Henderson and Byrne, 90% of the systems they see have retained that exact admin username and the password: 166816. You’d wonder why retailers aren’t changing the default admin and password when they deploy the system, but it seems like many assumed that the 166816 password was uniquely assigned to them. The PoS system in question is widely used, but the vendor isn’t the

Read More »
BAI Security Audit

BAI Security: “Most Promising Enterprise Security Companies”

BAI Security is pleased and proud to announce that we have been included in the CIO Review Enterprise Security list of the “20 Most Promising Enterprise Security Companies.” The companies included in this year’s list were selected by a panel of CIOs and CEOs of public companies, analysts, and the CIO Review editorial board. The list highlights a select group of companies that “provide uniquely effective approaches to enterprise security threats.” CIO’s write-up also states that it “believes these companies have achieved significant momentum and will rise above the rest.” So you can see why we’re so pleased to be included. In CIO Review’s article on BAI Security, we were (correctly!) described as a “singularly-focused IT Security and Compliance firm

Read More »
BAI Security Audit

Update on Superfish/Komodia Malware – How to find and remove it

As we get more details about the ugly Superfish debacle, it’s become apparent that the impact of this malware extends further than a limited amount of laptops compromised by a manufacturer (Lenovo) eager to monetize customer’s screen space. Lenovo says it only wanted to “enhance the online shopping experience” for its users. (Of course, as many of us have learned, if it “enhances the online experience” it should immediately raise security suspicions). The other two companies involved are search startup Superfish (whose eponymous software is the malware in question), and a software “solution provider” Komodia. Superfish used one of Komodia’s software development kit, which is clearly identified as an SSL Hijacker, in its adware. Lenovo factory-installed the Superfish “visual search”

Read More »