Much has been made of the recent data breach at Target, and many place blame squarely on those responsible for making the breach possible. I’ve heard about a few arrests here and there of individuals with stolen credit card numbers, but the company and it’s employees paid the biggest price of all. Certainly negligence played a part here and that should be dealt with, but how much damage was actually done because of the security breach? For Target, and many other companies, it may not even be measurable.
Given my security background and focus, I keep an eye on new security related activity going on in the market. It never fails to amaze me how incredibly persistent and creative cyber-criminals can be. One particular type of cyber-criminal, the email phisherman, for lack of a better description, sends emails offering such amazing opportunities that some people bite, and then get taken.
I had a little fun with this one and put together a video highlighting some of the lines I’ve seen in phishing emails recently. I hope you enjoy it!
Given the recent credit card mega-breach at Target, it’s no surprise that the Feds will soon be jumping in to add a new layer to the already existing compliance guidelines and regulations. I’m sure this seems like a reasonable response for many, given the publicity around this breach and the potential for widespread fraud that could result. But as usual, I am concerned that Congress will be placing an undue burden on credit card processing companies instead of taking a balanced look at the industry as a whole.
Thankfully, Congress is considering ways to make credit and debit cards more secure. I’d suggest they take a good look at Europe, which has been ahead of the US for some time in this area. For starters, the smart card technology that many European countries have adopted is extremely difficult to duplicate or forge and has built-in tamper-resistance. It’s been about a decade since card issuers in EU and Japan started using smart chips. And in that time, it’s no coincidence that the US has become a high-value target in the fraud game.
Unless Congress adopts new regulations that require card issuers to update their technology, the real issue will never be addressed. By avoiding new technology Continue reading
Just about every week, an announcement is made that a new data breach may possibly affect thousands of people. Every once in a while (although somewhat rare) a breach can affect millions. While it’s true that companies are doing a better job of protecting personally identifiable information, there’s still much room for improvement. Too many companies are making data safety assumptions that just aren’t true. Didn’t anyone ever tell you about assumptions?
Earlier this month, it was announced that a hospital in Oregon experienced another data breach. And it wasn’t the first time for this hospital; Prior data leaks have occurred due to stolen and exploited employee devices. This breach, however, was attributed to data being stored in the cloud in an unsecured manner.
Now before everyone jumps on the “I knew the cloud wasn’t safe” bandwagon, let’s think this through. The cloud, for all intents and purposes, is as safe a place to store Continue reading