Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek


Filed under: News | Technology News


How To Prevent Becoming The Next Target

Feb 20 2014, 3:06pm CST | by

1 Updates
How To Prevent Becoming The Next Target

YouTube Videos Comments

Full Story

How To Prevent Becoming The Next Target

Welcome to another installment in my cybersecurity for business owners series. Black Hat held a good webinar today on securing POS (Point of Sale) Systems.  I published an article on this topic (with input from one of our security engineers, Scott “Shagghie” Scheferman) a couple of weeks ago but this webinar had some additional soundbites that may be useful to business owners, particularly those who use POS systems.

Eric Fiterman was the first presenter, and he brought up some interesting points:

  1. Initial results indicate that the compromise Target's network and the initial attach vector may have been the energy control systems.  As we’ve noted in other scenarios and after discussions with many vendors, energy control systems, microgrid systems and other clean energy systems are emerging everywhere, and security implications seems to be a secondary concern at best when they are installed and integrated with existing networks.  In a previous pos t I noted this is a similar situation with networked medical devices being installed in hospitals.
  2. Eric mentioned the heavy emphasis on compliance vs actual security.  We’ve noted this after more than a decade of securing information systems for the Department of Defense, where the emphasis on “doing things right” in the security realm outweighs the importance of “doing the right things” in security.
  3. The push towards the cloud expands the attack surface significantly, often in ways that are not immediately obvious or understood.
  4. Anything that holds a credit card number should be considered a POS system.

Mr. Fiterman recommended the following ways in which to reduce one’s risk as a business owner:

  1. Reduce exposure by getting rid of data that is not required for immediate business purposes and using third party vendors (PayPal, etc) to process credit card payments.
  2. Encrypting credit card numbers at the point of acceptance.
  3. Focusing on security in addition to compliance (you can’t really ignore compliance or else the regulatory agencies get mad at you).
  4. Understanding how your network and domain infrastructure can work against you.
  5. Locating the initial attack vector asap, rather than focusing on the end target (although that also needs to be fixed).  Otherwise you can be chasing a number of feints and actual attacks that are all originating from the same initial entry point and spend for more money and time trying to eliminate the threat.

Jeffery Guy, a former Air Force cyber ninja and current security expert, also spoke.  His message was that every company should expect to be breached and that although a compromise may only take seconds, it will take months of time and an average of $341,000 to fix each breach (as Target is finding out now).

70% of all cyber attacks against businesses happen against small businesses, and although many business owners feel they “aren’t worth the time” of an attacker, the reality is that they are the primary targets and victims of cybercrime.

Source: Forbes


iPad Air Giveaway. Win a free iPad Air.

You Might Also Like


Sponsored Update


More From the Web

Shopping Deals


<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




blog comments powered by Disqus

Latest stories

Jamaal Charles Agrees to $18M Extension with Kansas City Chiefs
Jamaal Charles Agrees to $18M Extension with Kansas City Chiefs
Running back Jamaal Charles agreed to an $18 million contract extension including an extra $5.1 million over the next two seasons with the Kansas City Chiefs on July 23.
Batman Day: Brad Meltzer On Why Batman&#039;s &#039;Cultural Shield&#039; Protects Us All
Batman Day: Brad Meltzer On Why Batman's 'Cultural Shield' Protects Us All
July 24, 2014, marks Batman Day for DC Comics. And writer Brad Meltzer tells why Batman's impact is so important.
Fat Shaming &quot;530 Fatties&quot; Facebook Page Reminds Society Of Bad Behavior
Fat Shaming "530 Fatties" Facebook Page Reminds Society Of Bad Behavior
Facebook Page "530 Fatties" openly mocks overweight people around Sacramento and the 530 area code. But it's certainly not the first time that people have faced body image criticism.
YouTube star Michelle Phan sued over copyright breach
YouTube star Michelle Phan sued over copyright breach
A leading YouTube entrepreneur is facing legal action for alleged copyright infringement in her videos.

About the Geek Mind

Read more about The Geek Mind.