Mar 26 2014

Most common type of data breaches

Category: data security,Security BreachDISC @ 9:24 pm

DataSecurityBreach

Cyber attacks have become a regular occurrence in the last few years; in fact, you can’t turn the news on without some mention of a business suffering an attack. Most attacks are fuelled by criminals looking to steal valuable information, but what type of information is being stolen?

According to a report by Veracode, the top 5 types of information that are stolen are:

Payment Data

No surprises here of course. Card payment data is a very attractive form of information for cyber criminals to steal. Card data provides quick access to money in multiples ways such as siphoning the victims account, using their card for purchases or selling on the black market.

Selling and purchasing card payment data online is terrifyingly easy, so easy in fact that you could have bought several card details in the time it’s taken you to read this far.

Authentication Details

Details that allow authorised access into online systems are very valuable on the black market. Imagine the price tag on login credentials for the email address of a celebrity, or the president of an international bank.

Unfortunately, humans are subjects to bad habits such as using the same password for online accounts. So if cyber criminals manage to get hold of your Facebook password, then they will most likely be able to login to any of your accounts.

Copyrighted Material

Why would a cyber criminal pay for software when they could just steal it? With most websites being vulnerable to attack, a cyber criminal could in theory steal any software they fancy, costing organisations a large sum of money.

Medical Records

Thieves could sell your stolen personal health information on the Internet black market, use your credentials to obtain medical services and devices for themselves and others, or bill insurance companies for phantom services in your name.

Medical ID theft is worse than financial identity theft, because there are fewer legal protections for consumers. Many victims are forced to pay out of pocket for health services obtained by the thieves, or risk losing their insurance and/or ruining their credit ratings.

Classified Information

Depending on how you define classified, this could include information such as your organisation’s top secret product idea or the code for your security door. Either way, if it’s labelled classified then you don’t want it to be in the hands of cyber criminals.

Protecting this information

There is a high chance that the five forms of information listed above can be found on your organisation’s network, so what are you doing to protect it?

Data Security Breaches: Notification Law

Related articles

Tags: Computer security, data breach, data stolen, data theft, Identity Theft

Mar 14 2014

Hacking Point of Sale

Category: cyber security,data securityDISC @ 9:28 am

Hacking Point of Sale

A hands-on guide to achieve better security at point of sale

Hacking Point of Sale – A must-have guide for those responsible for securing payment card transactions. Hacking Point of Sale is a book that tackles the issue of payment card data theft head on. It covers issues from how attacks are structured to the structure of magnetic strips to point-to-point encryption, and much more.

Packed with practical recommendations, it goes beyond covering PCI DSS compliance to offer real-world solutions on how to achieve better security at point of sale.

Hacking Point of Sale…

•A unique book on credit and debit card security, with an emphasis on point-to-point encryption of payment transactions (P2PE) from standards to design to application
•Explores most of the major groups of security standards applicable to point of sale, including PCI, FIPS, ANSI, EMV, and ISO
•Details how protected areas are hacked and how hackers notice vulnerabilities.
•Highlights ways of defending against attack, such as introducing cryptography to payment applications and hardening application code

An essential guide for security professionals that are charged with addressing security issues with point of sale systems.

Related articles

Tags: debit card, Information Security, Payment card industry, Payment Card Industry Data Security Standard, Point of sale

Feb 09 2014

Why to use hardware-encrypted USB sticks

Category: data securityDISC @ 10:17 pm

Hardware encryption has tangible benefits as file sharing and mobility tools, as backup drives and much more. Also hardware based encryption is more secure because the keys are embedded in the flash drive, require physical access to get, and very specialized knowledge to extract them.

  • Safeguard keys and critical security parameters within crypto-hardware
  • Authentication takes place on the hardware
  • Cost-effective in medium and larger application environments, easily scalable
  • Encryption is tied to a specific device, so encryption is “always on”
  • Does not require any type of driver installation or software installation on host PC
  • Protects against the most common attacks, such as cold boot attacks, malicious code, brute force attack

if you want your organization to avoid the risk of a data breach, you need to use hardware-encrypted USB sticks when you transfer data outside of the organisation, such as SafeXs 3.0. Using SafeXs 3.0 sticks will protect any data stored on them to a high degree as the data is hardware encrypted, which is more secure than using software encryption.

You should also use a USB stick management solution such as SafeConsole to ensure you are managing your secure USB sticks. This offers the advantage of being able to remote wipe data if a stick goes missing, enforce security policy across your sticks and a whole host of other security features.

Ensure your information security runs smooth through the use of a simple, secure USB stick such as SafeXs 3.0 that is  used in conjunction with SafeConsole Secure USB Management.

Integral® 16GB Crypto Drive – FIPS 197 Encrypted USB

Hardware Encrypted USB Flash Drive

Nov 08 2011

Looking for a secure USB stick with hardware encryption

Category: Access Control,data securityDISC @ 10:55 pm

CESG Approved USB Stick
CESG is the UK Government’s National Technical Authority for Information Assurance

Over 1 million SafeSticks are now in use in the NHS helping to keep patient data and other confidential data secure! Buy your SafeStick today!

SafeStick is a secure USB stick with AES 256 bit hardware encryption and is FIPS 197 certified.

SafeStick includes brute force attack lockdown protection. This means should the password to your SafeStick be entered incorrectly a number of times, the SafeStick is disabled or the data on it wiped.

The antivirus and anti-mailware software available for SafeStick (at an extra cost) prevent any nefarious software from spreading on your SafeStick. With one in four virus or mailware attacks now spread by USB sticks, this is an essential control to have in place.

Key Features and Benefits:

  • Uses AES 256 (FIPS 197 certified) hardware encryption to protect your data – this makes it highly unlikely that, should a drive be lost, that anyone would be able to access the data.
  • This stick is the one that was chosen for use by the UK’s National Health Service (NHS). To date over 1 million SafeSticks are now in use in the NHS helping to keep patient data and other confidential data secure!

    • SafeStick is a fully manageable enterprise solution when used in partnership with SafeConsole (available at an extra cost). SafeConsole allows you to kill a stick if it has gone missing. It also enables you to enforce group policies, allowing you to enforce such policies as allowing certain file types to be put on the drive whilst denying others. You can also reset passwords using SafeConsole.

    SafeStick is tough, durable, waterproof, heat resistant, crush proof. It can take anything you can throw at it.

    SafeStick is compatible with Windows 7, Vista, XP, 2000, 2003, 2008, Mac OSX, Linux and Citrix in an ultra small form factor and can be used as a either a standalone or enterprise solution.

    Simply plug in a SafeStick and within minutes you can be up and running. All you need do is set a password and any data placed on the SafeStick is encrypted.

    Order your SafeStick today!!!

    BlockMaster SafeStick 1G Encrypted USB Flash Drive

    BlockMaster SafeStick 2G Encrypted USB Flash Drive

    BlockMaster SafeStick 32G Encrypted USB Flash Drive

    Nov 03 2011

    Knowledge Management finally gets it’s own book: WKIDM

    Category: Data mining,data securityDISC @ 9:11 am

    by Melanie Watson
    That’s right, Knowledge Management finally has it’s own book: Information Lifecycle Support: Wisdom, Knowledge, Information and Data Management (WKIDM).

    The primary role of Knowledge Management is to “improve the quality of decision making” by making sure that information throughout the Service Lifecycle is accurate, reliable and trustworthy. This book covers all four areas of knowledge: data, information, knowledge and wisdom.

    This book, (endorsed by the OGC – the creators of the ITIL methodology) provides a comprehensive and much-needed source of information on data and information management. It examines the effective production, coordination, storage, retrieval, dissemination and management of information from internal and external sources.

    Information Lifecycle Support: Wisdom, Knowledge, Information and Data Management (WKIDM)

    Tags: it service management, ITIL, ITSM

    Oct 20 2011

    Finding And Securing Sensitive Data In The Enterprise

    Category: data securityDISC @ 9:40 am

    By Robert Lemos @ DarkReading.com

    Your organization’s most valuable data may be stored in scattered – and insecure – locations. Here are some tips for identifying that data and making sure it doesn’t leak out

    When Michael Belloise joined human resources outsourcing firm TriNet four years ago as the IT manager, the amount of sensitive data held by the company put him on edge.

    TriNet handles payroll and benefits for its customers. As such, its systems store Social Security numbers, birth dates, employee ID numbers, and addresses for 100,000 workers at other companies. That data isn’t necessarily subject to the kind of detailed privacy and security rules covering financial transactions or healthcare information, but it’s highly sensitive nonetheless.

    Belloise brought in data loss prevention vender Vontu (now part of Symantec) to install a data discovery appliance that finds and monitors all data leaving the company’s network. The results, says Belloise, were shocking.

    “I dare not drop any numbers about what we saw, but it was egregious,” he says.

    TriNet had secure ways of transmitting and storing data, but its employees were using alternative, less-secure methods, including unencrypted portable media, drop boxes, and attachments to email sent from personal accounts. In most cases, they were skirting the rules in order to serve customers faster, but some of the activity looked questionable and possibly malicious. The security violations didn’t result in any data breaches, but the results were eye opening, Belloise says.

    “It was to the point where you couldn’t put your head in the sand anymore, because it was that shocking,” he says.

    Belloise called a meeting of C-level execs and embarked on a mission to secure the company’s data. TriNet first studied its data to gauge the risk it faced. Then it altered processes and educated employees to minimize misuse of data, and also installed a DLP system to monitor compliance.

    TriNet’s experience isn’t all that unusual. Sensitive data has a habit of spreading throughout companies and ending up in places it shouldn’t be–places it’s more likely to be stolen or accidentally leaked. Lost, stolen, and inappropriately disposed-of laptops have accounted for the greatest number of breach incidents in most of the last five years, according to The Leaking Vault 2011, the Digital Forensics Association’s comprehensive report. But much of the information that’s on those laptops shouldn’t have been there to begin with.

    Read more on Finding and Securing Sensitive Data >>>

    Related topics to Secure the Enterprise Data

    Data Protection for Virtual Data Centers

    The Data Asset: How Smart Companies Govern Their Data for Business Success

    Privacy and Big Data

    « Previous Page