Menu
Three Breast Woman Jasmine Tridevil is a Hoax

Three Breast Woman Jasmine Tridevil is a Hoax

iPhone 6 Plus Has Not the Best Smartphone Screen

iPhone 6 Plus Has Not the Best Smartphone Screen

Amber Heard Topless Photo Leaked

Amber Heard Topless Photo Leaked

Kim Kardashian Leaked Photos Backlash

Kim Kardashian Leaked Photos Backlash

Stephanie Beaudoin Dubbed Worlds Hottest Criminal

Stephanie Beaudoin Dubbed Worlds Hottest Criminal

How To Prevent Becoming The Next Target

Feb 20 2014, 3:06pm CST | by , in News | Technology News

How To Prevent Becoming The Next Target
 
 

YouTube Videos Comments

Full Story

How To Prevent Becoming The Next Target

Welcome to another installment in my cybersecurity for business owners series. Black Hat held a good webinar today on securing POS (Point of Sale) Systems.  I published an article on this topic (with input from one of our security engineers, Scott “Shagghie” Scheferman) a couple of weeks ago but this webinar had some additional soundbites that may be useful to business owners, particularly those who use POS systems.

Eric Fiterman was the first presenter, and he brought up some interesting points:

  1. Initial results indicate that the compromise Target's network and the initial attach vector may have been the energy control systems.  As we’ve noted in other scenarios and after discussions with many vendors, energy control systems, microgrid systems and other clean energy systems are emerging everywhere, and security implications seems to be a secondary concern at best when they are installed and integrated with existing networks.  In a previous post I noted this is a similar situation with networked medical devices being installed in hospitals.
  2. Eric mentioned the heavy emphasis on compliance vs actual security.  We’ve noted this after more than a decade of securing information systems for the Department of Defense, where the emphasis on “doing things right” in the security realm outweighs the importance of “doing the right things” in security.
  3. The push towards the cloud expands the attack surface significantly, often in ways that are not immediately obvious or understood.
  4. Anything that holds a credit card number should be considered a POS system.

Mr. Fiterman recommended the following ways in which to reduce one’s risk as a business owner:

  1. Reduce exposure by getting rid of data that is not required for immediate business purposes and using third party vendors (PayPal, etc) to process credit card payments.
  2. Encrypting credit card numbers at the point of acceptance.
  3. Focusing on security in addition to compliance (you can’t really ignore compliance or else the regulatory agencies get mad at you).
  4. Understanding how your network and domain infrastructure can work against you.
  5. Locating the initial attack vector asap, rather than focusing on the end target (although that also needs to be fixed).  Otherwise you can be chasing a number of feints and actual attacks that are all originating from the same initial entry point and spend for more money and time trying to eliminate the threat.

Jeffery Guy, a former Air Force cyber ninja and current security expert, also spoke.  His message was that every company should expect to be breached and that although a compromise may only take seconds, it will take months of time and an average of $341,000 to fix each breach (as Target is finding out now).

70% of all cyber attacks against businesses happen against small businesses, and although many business owners feel they “aren’t worth the time” of an attacker, the reality is that they are the primary targets and victims of cybercrime.

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Stephen Smith Applauded The Illegal Hit On Nick Foles
Stephen Smith Applauded The Illegal Hit On Nick Foles
Stephen A. Smith claimed that Foles “got what he deserved” after he was taken down by an illegal hit.
 
 
Jack Ma is Richest Chinese
Jack Ma is Richest Chinese
Jack Ma leads the list of Richest Chinese after Alibaba IPO.
 
 
Kylie Minogue to leave vacancy for Rita Ora on The Voice
Kylie Minogue to leave vacancy for Rita Ora on The Voice
Kylie Minogue is to leave a vacancy on The Voice for Rita Ora.
 
 
Lucy Lawless brings Xena Power to S.H.I.E.L.D.
Lucy Lawless brings Xena Power to S.H.I.E.L.D.
Xena actress Lucy Lawless joins the new season of S.H.I.E.L.D.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.