How To Prevent Becoming The Next Target

Feb 20 2014, 3:41pm CST | by

How To Prevent Becoming The Next Target
Photo Credit: Forbes Business

Welcome to another installment in my cybersecurity for business owners series. Black Hat held a good webinar today on securing POS (Point of Sale) Systems.  I published an article on this topic (with input from one of our security engineers, Scott “Shagghie” Scheferman) a couple of weeks ago but this webinar had some additional soundbites that may be useful to business owners, particularly those who use POS systems.

Eric Fiterman was the first presenter, and he brought up some interesting points:

  1. Initial results indicate that the compromise Target's network and the initial attach vector may have been the energy control systems.  As we’ve noted in other scenarios and after discussions with many vendors, energy control systems, microgrid systems and other clean energy systems are emerging everywhere, and security implications seems to be a secondary concern at best when they are installed and integrated with existing networks.  In a previous post I noted this is a similar situation with networked medical devices being installed in hospitals.
  2. Eric mentioned the heavy emphasis on compliance vs actual security.  We’ve noted this after more than a decade of securing information systems for the Department of Defense, where the emphasis on “doing things right” in the security realm outweighs the importance of “doing the right things” in security.
  3. The push towards the cloud expands the attack surface significantly, often in ways that are not immediately obvious or understood.
  4. Anything that holds a credit card number should be considered a POS system.

Mr. Fiterman recommended the following ways in which to reduce one’s risk as a business owner:

  1. Reduce exposure by getting rid of data that is not required for immediate business purposes and using third party vendors (PayPal, etc) to process credit card payments.
  2. Encrypting credit card numbers at the point of acceptance.
  3. Focusing on security in addition to compliance (you can’t really ignore compliance or else the regulatory agencies get mad at you).
  4. Understanding how your network and domain infrastructure can work against you.
  5. Locating the initial attack vector asap, rather than focusing on the end target (although that also needs to be fixed).  Otherwise you can be chasing a number of feints and actual attacks that are all originating from the same initial entry point and spend for more money and time trying to eliminate the threat.

Jeffery Guy, a former Air Force cyber ninja and current security expert, also spoke.  His message was that every company should expect to be breached and that although a compromise may only take seconds, it will take months of time and an average of $341,000 to fix each breach (as Target is finding out now).

70% of all cyber attacks against businesses happen against small businesses, and although many business owners feel they “aren’t worth the time” of an attacker, the reality is that they are the primary targets and victims of cybercrime.

Source: Forbes Business

 
 

Don't miss ...

 

<a href="/latest_stories/all/all/30" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

blog comments powered by Disqus

Latest stories

Number of Ebola cases may reach 20,000: WHO
Geneva, Aug 28 (IANS/EFE) The number of people infected with the Ebola virus in Western Africa could reach 20,000, six times more than the current estimates, the World Health Organisation (WHO) warned Thursday.
 
 
Trim down your 'side fat'
Los Angeles, Aug 28 (IANS) Eliminate that extra padding on the sides of your waist by doing the right moves, eating well and moving around.
 
 
Girl-gang members at greater risk of unprotected sex
New York, Aug 28 (IANS) Young girls who join gangs to find their lost freedom are at a greater risk of unprotected sex with multiple partners and substance abuse, says a new study.
 
 
Diaspora meet to focus on Bahrain-India trade
Dubai, Aug 28 (IANS) A key meeting of the Indian diaspora in Bahrain next week will set the stage for partnership agreements and investment announcements initiated during and after King Hamad's visit to India in February this year, a Bahrain daily reported Thursday.
 
 
 

Latest from the Network

Asiad-bound India women lose football friendly
Shanghai, Aug 28 (IANS) The Asian Games-bound Indian women's football team went down 0-3 to Century Park FC in their first practice match here Thursday. India conceded on both sides of halftime with their best chance...
Read more on Sport Balla
 
IS captures, executes dozens of Syrian soldiers
Cairo, Aug 28 (IANS/EFE) Militants of the Islamic State (IS) Sunni extremist organisation have executed dozens of Syrian soldiers captured after the rebels seized al-Tabaqa military airport from government forces...
Read more on Politics Balla
 
Brazilian man found alive in body bag
Brasilia, Aug 28 (IANS) A man pronounced dead after suffering respiratory failure and multiple organ failure was found alive two hours later in a morgue body bag in Brazil's Salvador city, a media report said Thursday...
Read more on Politics Balla
 
Number of Ebola cases may reach 20,000: WHO
Geneva, Aug 28 (IANS/EFE) The number of people infected with the Ebola virus in Western Africa could reach 20,000, six times more than the current estimates, the World Health Organisation (WHO) warned Thursday. This...
Read more on Business Balla
 
Saina survives scare, enters quarters
Copenhagen, Aug 28 (IANS) Saina Nehwal survived a scare to eventually make her way into the women's singles quarter-finals of the World Badminton Championships at the Ballerup Super Arena here Thursday. Japanese 13th...
Read more on Sport Balla
 
Indian-American woman now faces foeticide charge in US
New York, Aug 28 (IANS) An Indian-American woman, who has been accused of neglect in the death of her newborn baby a year ago, has been additionally charged with foeticide, a media report said. While allowing the...
Read more on Politics Balla
 
Brad Pitt, Angelina Jolie now 'Mr. &amp; Mrs.'
Paris, Aug 28 (IANS) Star couple Brad Pitt and Angelina Jolie, who have been dating since featuring in "Mr. &amp; Mrs. Smith" in 2005, have finally walked down the aisle, reports tmz.com. According to a spokesman...
Read more on Celebrity Balla
 
Stephen Lee dies at 58
Los Angeles, Aug 28 (IANS) "Seinfeld" actor Stephen Lee has died, his friend and actress Lisa Pescia has confirmed. He was 58. Lee passed away after suffering a heart attack in his apartment here Aug 14, but the news...
Read more on Celebrity Balla
 
Ukraine kicks off early parliamentary election campaign
Kiev, Aug 28 (IANS) Ukraine Thursday started a two-month campaign for an early parliamentary elections in October, the country's electoral authority said. The political parties have the rights to register their...
Read more on Politics Balla
 
Erdogan sworn in as Turkish president
Ankara, Aug 28 (IANS) Recep Tayyip Erdogan was sworn in as president of Turkey at the Parliamentary General Assembly here Thursday. Representatives of some 90 countries from Asia, Africa, the Middle East and Europe,...
Read more on Politics Balla