How To Prevent Becoming The Next Target

Feb 20 2014, 3:41pm CST | by

How To Prevent Becoming The Next Target
Photo Credit: Forbes Business

Welcome to another installment in my cybersecurity for business owners series. Black Hat held a good webinar today on securing POS (Point of Sale) Systems.  I published an article on this topic (with input from one of our security engineers, Scott “Shagghie” Scheferman) a couple of weeks ago but this webinar had some additional soundbites that may be useful to business owners, particularly those who use POS systems.

Eric Fiterman was the first presenter, and he brought up some interesting points:

  1. Initial results indicate that the compromise Target's network and the initial attach vector may have been the energy control systems.  As we’ve noted in other scenarios and after discussions with many vendors, energy control systems, microgrid systems and other clean energy systems are emerging everywhere, and security implications seems to be a secondary concern at best when they are installed and integrated with existing networks.  In a previous post I noted this is a similar situation with networked medical devices being installed in hospitals.
  2. Eric mentioned the heavy emphasis on compliance vs actual security.  We’ve noted this after more than a decade of securing information systems for the Department of Defense, where the emphasis on “doing things right” in the security realm outweighs the importance of “doing the right things” in security.
  3. The push towards the cloud expands the attack surface significantly, often in ways that are not immediately obvious or understood.
  4. Anything that holds a credit card number should be considered a POS system.

Mr. Fiterman recommended the following ways in which to reduce one’s risk as a business owner:

  1. Reduce exposure by getting rid of data that is not required for immediate business purposes and using third party vendors (PayPal, etc) to process credit card payments.
  2. Encrypting credit card numbers at the point of acceptance.
  3. Focusing on security in addition to compliance (you can’t really ignore compliance or else the regulatory agencies get mad at you).
  4. Understanding how your network and domain infrastructure can work against you.
  5. Locating the initial attack vector asap, rather than focusing on the end target (although that also needs to be fixed).  Otherwise you can be chasing a number of feints and actual attacks that are all originating from the same initial entry point and spend for more money and time trying to eliminate the threat.

Jeffery Guy, a former Air Force cyber ninja and current security expert, also spoke.  His message was that every company should expect to be breached and that although a compromise may only take seconds, it will take months of time and an average of $341,000 to fix each breach (as Target is finding out now).

70% of all cyber attacks against businesses happen against small businesses, and although many business owners feel they “aren’t worth the time” of an attacker, the reality is that they are the primary targets and victims of cybercrime.

Source: Forbes Business

 
 

Don't miss ...

 

<a href="/latest_stories/all/all/30" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

blog comments powered by Disqus

Latest stories

Pro2col Announces Its Presence at InfoSec and an Exclusive Distribution Deal with Thru
Leading independent file transfer specialists Pro2col who will be exhibiting at InfoSec, is also pleased to announce an exclusive agreement with Thru to distribute their file transfer solution in the UK and Ireland.
 
 
Thousands of Retail Locations Ready to Service Future PinoyWallet Holders
PyxPay and Fuze Network entered into a participation agreement for Fuze Network to accommodate loading funds onto PyxPay’s closed-loop debit card accounts. The partnership, which has commenced on March 12, 2014, aims to open Fuze Network’s thousands of Alternative Financial Services (AFS) partner locations to PyxPay accountholders in the United States.
 
 
Abnormal Volume Stocks To Watch On Wednesday
Abnormal Volume Stocks To Watch On Wednesday
Looking through the closing trading data for the Russell 1000 components, there are some abnormal volume stand-outs that traders will be interested to watch during Wednesday’s upcoming session. To compile this list, we...
 
 
Northwestern MutualVoice: What You Should Know Before Taking A Loan From Your Life Insurance
Northwestern MutualVoice: What You Should Know Before Taking A Loan From Your Life Insurance
Aside from the death benefit, one of the great things about permanent life insurance is that it builds cash value. Your policy becomes an asset you own. As you build cash value in your policy, you can easily access that...
 
 
 

Latest from the Network

Pro2col Announces Its Presence at InfoSec and an Exclusive Distribution Deal with Thru
London, United Kingdom, April 16, 2014 --(PR.com)-- Leading independent file transfer specialists Pro2col has today confirmed it will be exhibiting at InfoSec from 29 April to 1st May 2014 at Earl&#8217;s Court....
Read more on Business Balla
 
Johnny Depp: Age gap with Amber isn't an issue
Johnny Depp doesn't think the age gap between him and his fiancée Amber Heard is an issue. The 50-year-old actor believes the 27-year-old screen beauty, who he fell for on the set of 'The Rum Diary', has a lot to teach...
Read more on Celebrity Balla
 
Lady Gaga praises 'admirable' Lily Allen
Lady Gaga thinks Lily Allen is "admirable" for calling her a "martyr". The singer is extremely grateful to her fellow pop star for defending her latest album 'ARTPOP', which hasn't been selling as well as her previous...
Read more on Celebrity Balla
 
Thousands of Retail Locations Ready to Service Future PinoyWallet Holders
New York, NY, April 16, 2014 --(PR.com)-- PyxPay and Fuze Network entered into a participation agreement for Fuze Network to accommodate loading funds onto PyxPay&#8217;s closed-loop debit card accounts. The...
Read more on Business Balla
 
Abnormal Volume Stocks To Watch On Wednesday
Looking through the closing trading data for the Russell 1000 components, there are some abnormal volume stand-outs that traders will be interested to watch during Wednesday’s upcoming session. To compile this list, we...
Read more on Business Balla
 
Northwestern MutualVoice: What You Should Know Before Taking A Loan From Your Life Insurance
Aside from the death benefit, one of the great things about permanent life insurance is that it builds cash value. Your policy becomes an asset you own. As you build cash value in your policy, you can easily access that...
Read more on Business Balla
 
Spring Is Blossoming -- Are You?
With the spring in full swing here, I realize that nature has such wisdom to share with us as leaders if we let it. As I watch the bursting forth of the young bright green leaves on the trees, hear the symphony of the...
Read more on Business Balla
 
Five Keys To BRAVE Innovation
In most industries, the lowest cost player makes money selling large quantities of product or service at a low price with great discipline. The differentiated player makes money selling smaller quantities of product or...
Read more on Business Balla
 
Roads Versus Rail: The Big Battle Over Public Transportation
EDITOR’S NOTE: Forbes has just published Curbing Cars: America’s Independence From The Auto Industry, an eBook investigating why a growing number of Americans are giving up their cars. Written by Forbes contributor and...
Read more on Auto Balla
 
I Want To Work For Diddy: Meet Sean Combs' Real Revolt Recruits
Back in 2008, a program called I Want To Work For Diddy made its debut on VH1. As its title suggests, the program follows a handful of Millennials as they perform outrageous tasks in order to win approval—and,...
Read more on Business Balla
 
 
Auto Balla Sexy Balla Sport Balla TV Balla Politics Balla Movie Balla Apple Balla Business Balla Ad Balla Celebrity Balla