BankInfoSecurity.co.uk RSS Syndication

Attack Highlights Third-Party Risks

Hack of Online Billing Provider May Have Exposed 500,000 Cards
The hack of online billing provider WHMCS may have exposed 500,000 payment cards. Experts say the incident highlights the persistent risks third parties pose in cardholder data security.

Insider Case Exposes Security Lapses

Bank Manager Pleads Guilty to Theft
A former PNC Bank manager has pleaded guilty to bank theft - a charge that could lead to 10 years in prison and a $250,000 fine. What common security flaws allow such insider schemes to flourish?

Social Engineering: Mitigating Risks

Symantec Recommends Mix of Tech, Education
Why are socially engineered schemes causing so many headaches? Symantec's new Internet Security Threat Report shows attacks are growing. Here's a list of Symantec's recommendations to thwart risks.

Anonymous Hacks Justice Dept. Database

Bureau of Justice Statistics Information Leaked
The hacktivist group Anonymous says it has stolen 1.76 GB of data from a United States Bureau of Justice Statistics server and posted it online for download. What's the rationale behind this latest attack?

ENISA: Guidelines on Incident Reporting

ENISA has issued guidelines to national telecom regulatory authorities about the implementation of Article 13a, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to ENISA and the European Commission and ad hoc notification of incidents to other NRAs in case of cross-border incidents.

ENISA: Technical Guidelines on Minimum Security Measures

ENISA has issued guidance to national telecom regulatory authorities about the implementation of Article 13a, in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks.

ENISA Launches Information Security Awareness Videos

The European Network and Information Security Agency [ENISA] has launched information security awareness videos in 23 European languages.

ENISA Launches Guide on Building Effective IT Security Public Private Partnerships

The European Network and Information Security Agency has released a new guide on building effective IT security public private partnerships.

Synovus Bank Eliminates Cybercrime - A Case Study

Synovus Bank, one of the largest community banks in the southeast, offers Online Cash Management services to its commercial clients with a simple pledge: "The freedom to manage your cash position anytime, anywhere." After witnessing relentless cyber-attacks on the endpoints of end users, Synovus Bank knew that meeting this pledge required them to take action. The bank's Product Development team carefully selected an endpoint security solution that met their requirements:

Satisfying FFIEC Guidelines
Low customer impact/Ease of installation
Proven effective, quick to implement and easy to manage
Complement the bank's two tier security architecture

Hear how Synovus Bank proactively prevents fraud. Kevin Gibson, Director of Product Development at Synovus Bank, explains the challenges they faced, why Trusteer Rapport was the right fit, and its ease-of-deployment. He also discusses how Trusteer's layered security helps them protect against cybercrime, as well as Trusteer's role in enabling compliance with the latest FFIEC guidance. Trusteer's Director of Product Marketing, Oren Kedem will describe Trusteer's Cybercrime Prevention Architecture and how it stops online banking fraud.

2012 Cloud Security Agenda: Expert Insights on Security and Privacy in the Cloud

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

What are your cloud service provider's security and privacy measures, and have they been audited?
Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

2012 Faces of Fraud Survey: Complying with the FFIEC Guidance

A follow-up to ISMG's 2011 Faces of Fraud Survey, this webinar looks not only at the latest fraud trends and how institutions are fighting back, but also at their progress in putting together layered security controls in conformance with the FFIEC Authentication Guidance.

Given the persistence of fraud threats and the demands of the FFIEC Authentication Guidance, the 2012 Faces of Fraud Survey is crafted with assistance from leading experts in fraud detection and prevention, with a mission to:

Chart the latest fraud trends, including account takeover, skimming and payment card breaches;
Gauge institutions' preparedness to conform to the FFIEC Authentication Guidance, including where they are prioritizing their efforts;
Predict the top areas of focus for 2012, from real-time fraud monitoring tools to new layered security controls.

BYOD: Manage the Risks and Opportunities

From home computers and laptops to cellphones and PDAs, employees have always lobbied to introduce consumer technologies in the workplace.

But with the advent of smart phones, tablets, portable storage and a variety of laptops - powerful computing devices that often rely on unsecured wireless networks - the push today is even greater. Example: Intel, the global computer technologies manufacturer, reports that connected mobile devices grew from 10,000 to 30,000 over the first 10 months of 2011. And by 2014, Intel expects 70% of its employees to use personal devices for some aspect of their job.

So, it's no longer a question of whether to allow employees to use their own devices - no corporate policy can stem the tide of consumerization. The questions now are about:

Inventory - How do you properly account for all of the consumer devices introduced by your employees? Know how to lock down your corporate wireless networks and desktop computers, so you'll also know when employees are trying to access corporate resources via connecting new devices.
Security - How do you protect your systems and data from unauthorized access - and in the event of lost or stolen devices? From identification to proper authentication, appropriate access control, data storage and detecting un-authorized activities - all controls implemented by an organization on 'corporate-owned' resources over the last decade can potentially be rendered useless on an employee-owned device. Learn the importance of each control and the implementation challenges in a large-scale environment.
Privacy - The controls you place on an employee-owned device could potentially compromise the individual's privacy (knowing which sites they visit, or whom they e-mail in their off-hours, for instance). How do you achieve the right balance to protect the enterprise's security and the employee's privacy?
Compliance - Certain international regulations and standards spell out standards for how data is collected and stored, as well as how it must be made available for legal requests. Are you prepared to address these and other top-level compliance issues when it comes to employees storing enterprise data on their own devices? Learn how to weigh the risks and benefits.
Policy - Beyond making employees aware of your policy, how do you enforce it? Awareness is key - make sure employees understand your policies around device usage, access, software licensing and other critical issues. But you also need to articulate specific areas of non-compliance and then monitor appropriately for violations subject to disciplinary action, including termination.
Opportunity - Beyond securing devices, BYOD is an opportunity to improve data and access security in the enterprise, web, mobile, and SaaS applications. The opportunity is for organizations to still have strong security and authentication, but in a way that is "outsourced" to the device owner for all of their applications. This outsourcing can save the company IT budget, as well as reduce help desk support.

In this session, mobile security experts will discuss these topics and more, sharing insights on how today's leading-edge organizations are embracing BYOD as a means of improving employee productivity and creating new business value.

Why Boards of Directors Don't Get It

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

How to Respond to Hacktivism

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

4 Security Priorities for Banks

From mobile and the cloud to DDoS attacks and risks surrounding big data, what should banks and credit unions do now to mitigate exposure? Gartner's Anton Chuvakin offers his top recommendations.

Understanding 'Big Data'

Banks have a lot of data, but how well is it integrated? How much are institutions gleaning from the data they house? State Street Corp's chief scientist says financial services could be doing more.

Fighting Hackers With Public Relations

Understanding Hacktivists' Goals is Key to Thwarting Attacks
By understanding the motivations behind hacktivism, companies can learn why good public relations can play an important role in thwarting attacks or minimizing their impact.

Global: A Lack of Breach Transparency

Processor Promised Updates, But We've Heard Little
Global Payments has been less than forthcoming with information about its data breach. How could this lack of transparency hurt the processor, and what's the lesson for others?

The Business Case for Continuity Planning

Small, Mid-Size Enterprises Especially Need to Develop Strategy
Why do so many small and mid-sized enterprises continue to believe that business continuity planning is just for the big guys? And how do we go about convincing them otherwise? Here are some tips.

Big Data for Fraud Prevention?

Tracking Customers, Not Accounts, Could Reduce Fraud
Do banks and credit unions use all the data they collect? One credit reporting bureau says they could be doing more with their data to track and prevent fraud.