It’s been less than a month since mega retailer Target announced that a little more than 40 million customer debit and credit cards had been stolen by hackers. Not long after that, we saw the first of those cards being sold a few hundred thousand at a time, in a variety of underground hacker forums. Although not that underground, since I was able to register on the most notorious hacker sites and see for myself how easy it was to buy an identity.
Category: Cybersecurity News
As we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.
Ever heard the saying “if you fail to plan then you plan to fail”? This is just as true in security as it is in business, and the lack of a clear plan to protect your business from cyber risks usually results in no real protection at all.
An information or cyber security plan is a very simple and free tool that can have a profound impact on how well your business is protected from cyber threats. A security plan is a short document, often no longer that a few pages, that outlines:
The Open Web Application Security Project (OWASP) was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.
As more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.
In a report published at the end of 2012 on the growing hacking threat to websites, research firm Frost and Sullivan found that of all cyber security vulnerabilities, more than 98% were discovered by third-party researchers, while less than 2% were discovered by the people who made the applications that contained the vulnerabilities.
According to Frost and Sullivan, more than 80% of websites have at least one known vulnerability. If that vulnerability is known to security researchers, you can bet it’s also known to hackers who use automated tools to sniff out unpatched vulnerabilities, millions of websites at a time.
And as it turns out, four of the top five of all known vulnerabilities have something to do with websites – Adobe Shockwave Player, Adobe Acrobat, Apple QuickTime, and Microsoft Internet Explorer.
The report also found that the most common attacks on websites include: