Immediate Vault Immediate Access

Guarding Against PoSeidon and Other Point-of-Sale Breaches

According to Cisco’s Security Solutions team, there is a new malware family targeting point-of-sale (PoS) systems, infecting machines to scrape memory for credit card information and send the payment card data to servers for harvesting and, likely, resale. This malware, which the group has nicknamed PoSeidon, works like this:

Unlike other PoS memory scrapers that store captured payment card data locally until attackers log in to download it, PCWorld reported, PoSeidon communicates directly with external servers and can update itself automatically, and also has defenses against reverse engineering.

PoS malware using the “memory scraping” technique also caused the Home Depot and Target data breaches. In the latter, hackers were able to save names, credit card numbers, expiration dates, security codes from the backs of cards and encrypted PINs when at least 40 million customers swiped at in-store registers.

“The new PoSeidon malware has retailers on alert, particularly as the frequency and relative ease with which POS system breaches are occurring is forcing them to take a closer look at their IT infrastructure and reassess how secure it actually is,” said Andrew Avanessian, EVP of consultancy and technology services at security firm Avecto. “It is also prompting many to ask, what will it take to get ahead of these attacks?”

Avanessian believes the answer is clear: a more defense-in-depth approach to security. “While perimeter technologies like firewalls can prevent against certain types of external attack, it cannot block malware that has already found its way onto endpoints within an organization,” he explained.

buy abilify online metabolicleader.com/p7pmm/img/jpg/abilify.html no prescription pharmacy

“With a multi-layered security strategy that incorporates solutions like patching, application whitelisting and privilege management, organizations can more effectively protect against the spread of malware, defending their valuable assets and ultimately their reputation.”

As I wrote in the March 2014 issue of Risk Management, the adoption of EMV chip technology presents one of the most promising ways to increase PoS security. Already common in Europe, EMV technology—named for its founders, Eurocard, MasterCard and Visa—utilizes embedded chips that, unlike magnetic strips, make it nearly impossible to counterfeit cards. In Europe, 81% of cards have EMV chips, and countries that have adopted the technology saw sharp declines in credit card fraud. Meanwhile, the United States accounts for 27% of worldwide credit transactions, but sees 47% of card fraud.

As organizations roll-out chip and pin technology across the country, these breaches may start to decline, Avanessian agrees, but he urges a more holistic approach to fighting PoSeidon and other PoS malware. “EMV (or chip-and-pin) will absolutely help stop card fraud, however, retailers should not become complacent and think this is the silver bullet they have been waiting for,” he said. “Yes it will help stop fraud once the details have been stolen, but it does not stop businesses from being breached. Companies gather a huge amount of data about their patrons, such as names and addresses, and this data is still valuable to fraudsters.

buy lexapro online metabolicleader.com/p7pmm/img/jpg/lexapro.html no prescription pharmacy

Unless retails take a multi-layer defense-in-depth approach to security, they will still get breached.”

To prevent consumers from losing and shopping elsewhere, Avanessian believes it is critical to evolve the means of combatting cyberattack just as the means of hacking has changed. “In our experience, retailers are still relying on antiquated ‘detection’-based technologies to keep the bad guys out. They all spent hundreds of thousands of dollars on detection, yet they still get breached,” he said.

buy arimidex online metabolicleader.com/p7pmm/img/jpg/arimidex.html no prescription pharmacy

“The world has changed, the players have changed, cyberattacks are now a trillion dollar industry—the approach has to change.”

Managing the Risk of Cyberattacks: When Will Boards Learn?

Even after the many cyberattacks initiated by Anonymous and Lulzsec, it seems boards are still not exercising appropriate governance over the privacy and security of their digital assets, that’s according to a new study by Carnegie Mellon CyLab entitled “Governance of Enterprise Security.”

The study says that “even though there are some improvements in key ‘regular’ board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts between ‘occasionally,’ ‘rarely,’ and ‘never.'”

A look at the numbers:

And even with the advancement of enterprise risk management throughout organizations, it seems there is still a disconnect between boards and senior executives understanding that privacy and security and IT risks are a part of ERM. A whopping 58% of those surveyed said their board did not review the organization’s insurance coverage for cyber-related risks.

buy abilify online www.dino-dds.com/wp-content/uploads/2023/10/abilify.html no prescription pharmacy

The survey proved that they do not have full-time senior level personnel in place to manage privacy and security risks.

Less than two-thirds of the Forbes Global 2000 companies surveyed have full-time personnel in key roles responsible for privacy and security in a manner that is consistent with internationally accepted best practices and standards.

buy antabuse online www.dino-dds.com/wp-content/uploads/2023/10/antabuse.html no prescription pharmacy

Moreover, the common practice of assigning security personnel both privacy and security responsibilities creates segregation of duties issues at line responsibility levels.

Though there are signs of progress compared to previous years, the 2012 CyLab survey shows a serious lack of attention at the top in regards to cybersecurity.

buy wellbutrin online www.dino-dds.com/wp-content/uploads/2023/10/wellbutrin.html no prescription pharmacy

October Issue of Risk Management Now Online

The October issue of Risk Management magazine is now online. The cover story, “Immovable Objects,” focuses on how complacent boards of directors fear change, often retaining CEOs past the expiration date of their effectiveness. We also cover food safety in a feature by John Turner, North America product recall manager at XL Insurance. And, as is tradition with our October issue, we highlight cyberrisk, this time in a four-part feature covering cyberattacks and critical infrastructure, the military and its vulnerability to hacking, the cost of protection and a guide to selecting cyber insurance.

Our columns explore topics such as:

If you enjoy what you seen online, you can subscribe to the print edition to enjoy even more content.

Please let us know what you think in the comments below. And stay tuned to the blog for even more coverage in the future. Lastly, you can follow the magazine on Twitter“like” us on Facebook and join our LinkedIn group.

The Financial Industry: Cyber Security Laggards

We have seen it all around us lately — the financial industry’s inability to guard against major data breaches.

Just last month, Citibank, the third largest bank holding company in the U.
buy flagyl online https://royalcitydrugs.com/flagyl.html no prescription

S., experienced a data breach when hackers obtained information on more than 360,000 credit card accounts of North American customers. And just last week, Morgan Stanley announced that data of 34,000 clients was lost or stolen.

According to two letters sent to clients, and obtained by Credit.com, the information [of Morgan Stanley customers] includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers. The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted. The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, Wiggins said.

The Citibank breach has been referred to as the largest direct attack on a major U.S. financial institution. Since the attack, the Federal Deposit Insurance Corporation has been preparing new measures on data security, which proves to be much needed.

The financial industry has become somewhat of a laggard when it comes to data security initiatives and the risks of data theft are rising.

online pharmacy tadalista with best prices today in the USA

According to a June report by IDC Financial Insights, “As financial institutions expose more capabilities to their clients through their digital channels, they must introduce more sophisticated mitigation and control techniques at a similar pace.” The report points to mobile applications as the next new target of cyberattacks.

online pharmacy revia with best prices today in the USA

(Check out the next issue of Risk Management for more on this topic — online August 1st).

To approach these inevitable risks, there needs to be a change in the role and focus of enterprise risk functions, according to the IDC Financial Insights report. “Cyber risk is an enterprise risk issue, not an IT issue, and as such needs to be addressed from a strategic, cross line-of-business, and economic perspective. The CFO, not the CIO or CTO, is the most logical person to set strategies and lead the efforts required to address the cyber risk challenge.”

The following is a chart that shows that cyber risk is an operational risk component, according to IDC Financial Insights.


Do you agree with these findings? If not, how do you think the management of cyber risks fits within the realm of business’s risk management plan?

online pharmacy lariam with best prices today in the USA