How To Prevent Becoming The Next Target

Feb 20 2014, 3:41pm CST | by

How To Prevent Becoming The Next Target
Photo Credit: Forbes Business

Welcome to another installment in my cybersecurity for business owners series. Black Hat held a good webinar today on securing POS (Point of Sale) Systems.  I published an article on this topic (with input from one of our security engineers, Scott “Shagghie” Scheferman) a couple of weeks ago but this webinar had some additional soundbites that may be useful to business owners, particularly those who use POS systems.

Eric Fiterman was the first presenter, and he brought up some interesting points:

  1. Initial results indicate that the compromise Target's network and the initial attach vector may have been the energy control systems.  As we’ve noted in other scenarios and after discussions with many vendors, energy control systems, microgrid systems and other clean energy systems are emerging everywhere, and security implications seems to be a secondary concern at best when they are installed and integrated with existing networks.  In a previous post I noted this is a similar situation with networked medical devices being installed in hospitals.
  2. Eric mentioned the heavy emphasis on compliance vs actual security.  We’ve noted this after more than a decade of securing information systems for the Department of Defense, where the emphasis on “doing things right” in the security realm outweighs the importance of “doing the right things” in security.
  3. The push towards the cloud expands the attack surface significantly, often in ways that are not immediately obvious or understood.
  4. Anything that holds a credit card number should be considered a POS system.

Mr. Fiterman recommended the following ways in which to reduce one’s risk as a business owner:

  1. Reduce exposure by getting rid of data that is not required for immediate business purposes and using third party vendors (PayPal, etc) to process credit card payments.
  2. Encrypting credit card numbers at the point of acceptance.
  3. Focusing on security in addition to compliance (you can’t really ignore compliance or else the regulatory agencies get mad at you).
  4. Understanding how your network and domain infrastructure can work against you.
  5. Locating the initial attack vector asap, rather than focusing on the end target (although that also needs to be fixed).  Otherwise you can be chasing a number of feints and actual attacks that are all originating from the same initial entry point and spend for more money and time trying to eliminate the threat.

Jeffery Guy, a former Air Force cyber ninja and current security expert, also spoke.  His message was that every company should expect to be breached and that although a compromise may only take seconds, it will take months of time and an average of $341,000 to fix each breach (as Target is finding out now).

70% of all cyber attacks against businesses happen against small businesses, and although many business owners feel they “aren’t worth the time” of an attacker, the reality is that they are the primary targets and victims of cybercrime.

Source: Forbes Business

 
 

Don't miss ...

 

<a href="/latest_stories/all/all/30" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

blog comments powered by Disqus

Latest stories

Odyne Systems, LLC Partners with Allison Transmission’s Midwest Distributor, Inland Power, to Deliver on $45.4 Million Contract
Odyne Systems, LLC Partners with Allison Transmission’s Midwest Distributor, Inland Power, to Deliver on $45.4 Million Contract
Department of Energy Program Administered Through the Electric Power Research Institute to Apply Over 120 Odyne Plug-In Hybrid Systems to Trucks Throughout North America
 
 
Cleared Of Fraud Against SMEs, RBS Eases Rules For Distressed Businesses
Last week, The Royal Bank of Scotland Group was cleared by law firm Clifford Chance over allegations that the U.K.-based banking group deliberately put failing small and medium enterprise customers out of business to...
 
 
Cost Savings Are Allowing Colgate To Invest Back In Building Brands And Products
In the past several quarters, balancing the business mix between developed and emerging markets has helped Colgate-Palmolive to achieve above market growth and experience only a moderate impact on net sales from...
 
 
Shift In Agricultural Sales Timing, Lower Chemical Prices Weigh On DuPont's Earnings Growth
DuPont reported modest earnings growth for the first quarter due to lower agricultural sales volume and continuing pricing pressures in the chemicals segment. The company’s adjusted diluted earnings per share of $1.58...
 
 
 

Latest from the Network

Apple's Sales Figures Prove A Sad Fact: There's Still No PC As Desirable As A Mac
Mac sales make up just a tenth of Apple's revenue, but they’ve received a significant amount of attention following the company’s quarterly report yesterday, both from analysts and from the CEO Tim Cook himself. Cook’s...
Read more on Apple Balla
 
Apple's Analysts Almost Universally Positive On The March Quarter Results
Apple’s shares are up over $40 today driven by its very solid March quarter results and better than expected guidance for the June quarter. I have summarized over a dozen sell-side notes below and many analysts have...
Read more on Apple Balla
 
Odyne Systems, LLC Partners with Allison Transmission’s Midwest Distributor, Inland Power, to Deliver on $45.4 Million Contract
Waukesha, WI, April 24, 2014 --(PR.com)-- Odyne Systems of Waukesha and Inland Power Group of Butler, Wisconsin have teamed up to deliver on a $45.4 million contract from the Department of Energy, administered through...
Read more on Politics Balla
 
Odyne Systems, LLC Partners with Allison Transmission’s Midwest Distributor, Inland Power, to Deliver on $45.4 Million Contract
Waukesha, WI, April 24, 2014 --(PR.com)-- Odyne Systems of Waukesha and Inland Power Group of Butler, Wisconsin have teamed up to deliver on a $45.4 million contract from the Department of Energy, administered through...
Read more on Business Balla
 
Cleared Of Fraud Against SMEs, RBS Eases Rules For Distressed Businesses
Last week, The Royal Bank of Scotland Group was cleared by law firm Clifford Chance over allegations that the U.K.-based banking group deliberately put failing small and medium enterprise customers out of business to...
Read more on Business Balla
 
Cost Savings Are Allowing Colgate To Invest Back In Building Brands And Products
In the past several quarters, balancing the business mix between developed and emerging markets has helped Colgate-Palmolive to achieve above market growth and experience only a moderate impact on net sales from...
Read more on Business Balla
 
Shift In Agricultural Sales Timing, Lower Chemical Prices Weigh On DuPont's Earnings Growth
DuPont reported modest earnings growth for the first quarter due to lower agricultural sales volume and continuing pricing pressures in the chemicals segment. The company’s adjusted diluted earnings per share of $1.58...
Read more on Business Balla
 
Google's Glass Explorer Program Was A Social Experiment That Backfired
Google Glass was launched without any clear explanation of what it was supposed to be used for. When promotional videos started to show people going about their daily routine, it quickly became clear that what we were...
Read more on Business Balla
 
America's 100 Best Corporate Citizens in 2014
America’s 10 Best Corporate Citizens In 2014 In December Bristol-Myers Squibb joined the Medicines Patent Pool, an international organization in Geneva, Switzerland, that makes drugs available at low cost to people...
Read more on Business Balla
 
Talent Knows No Limits
Last month I had the pleasure of attending Cirque Du Soleil’s Michael Jackson tribute The Immortal World Tour. To say the performance was out of this world would be an understatement. If you’ve ever seen a Cirque show...
Read more on Business Balla
 
 
Auto Balla Sexy Balla Sport Balla TV Balla Politics Balla Movie Balla Apple Balla Business Balla Ad Balla Celebrity Balla