A key tool for businesses that handle customer credit card information is the payment card industry data security standard (PCI DSS). It's essentially a set of rules that companies handling credit card information need to adhere to.
By not adhering to compliancy rules, a business runs the risk of losing customer trust.
The number of enterprise and personal security breaches increases every year, and this is likely to get worse as technology advances. Over the next five years, it will be important to understand the threats facing businesses.
While not all of these can be avoided, preparing a comprehensive security system and testing it is the best step to take. Subsequently, using advanced measures such as penetration testing and ethical hacking will give businesses the best chance of keeping data secure.
By Drazen Drazic
I won’t start by saying that implementing a strong framework is going to solve all business IT security problems. It won’t, but with one, at least you have one big advantage over now – you have a better picture and understanding of where your problems may lie and you’re less likely to be taken by surprise.
At present, most organisations have little understanding of the risks they face – where they are exposed, what they are exposed to and how these exposures could impact the business. So what are the problems?
1. Management and Governance – If the CEO and Senior Officers of the business do not ultimately own the responsibility and accountability for the security of the business, then it just does not get the appropriate attention. When we do “State of Security” reviews for our clients, we pretty much have 90% of our report written after the first hour if we find this layer of the framework not in place. ie; you can be guaranteed that if there is not an effective and ongoing management and governance layer in place, overall security within the organisation is weak. Matt Jonkman in a previous interview with Securus Global explained it well;
Computer manufacturer HP has recently published the Cyber Risk Report for 2013, created by HP Security Research, a smaller division of the company.
The report identifies the security risks likely to impact businesses and the current threats causing issues right now. HP identified mobile devices, insecure software and growing Java applications as areas of particular risk.
By Sebastien Macke, @lanjelot
During a recent penetration test against an ASP.NET web application, we gained a significant level of control over the server and leveraged our access to get a copy of the application’s database, where the user password hashes were stored.
This post provides details of how we recovered passwords from the hashes. Read on if you want to play along at home and crack them as we did!
Insider threats and employees accessing data they're not approved to see are two of the biggest threats facing the health industry, according to the Healthcare Information and Management Systems Society (HIMSS).
Over the course of its operations, in a bid to increase security, HIMSS has been encouraging health industry organisations to increase security funding and resources. In the last 12 months, 12 per cent of organisations have had at least one medical identity theft case.
A new type of technology in the hardware market experienced rapid growth in 2013 and could soon see even higher adoption rates.
Wearable computing is certainly taking off as companies race to be the first to release new devices such as smart watches, but these could pose a major security threat to enterprises if not correctly managed.
The number of enterprise data breaches and hacking attempts continues to rise as businesses adopt advanced (and complex) technology networks. A growing use of cloud solutions and servers without adopting the proper security measures is also increasing vulnerability.
Unfortunately, many enterprises are unsure of the reason these breaches and hacks are occurring and continue to make the same security mistakes. It's actually quite simple, though, and usually boils down to having something a hacker wants – whether it's related to finances or data.
One of the latest enterprise technology trends, popular among employees, has the potential to cause significant hardship for unprepared businesses.
Bring-your-own-device (BYOD), which involves employees bringing a personal mobile phone or tablet to the workplace and signing in to the enterprise network, has the capability to disrupt sensitive systems and enable leaking of important data.
Businesses are fast moving traditional systems into the cloud in order to take advantage of faster, more secure backups and integration with mobile devices when not in the office. Because so many services are moving into the cloud, enterprises are naturally wondering if the future of digital security is also cloud-based.
A cyber attack is a large risk for a company, as database information, company documents and reputation are usually at stake. Traditional security systems are based locally, on company infrastructure. These systems have been the main safeguard against cyber threats for the past decade, and for most enterprises they provide adequate security.