during

now browsing by tag

 
 

#cybersecurity | #hackerspace | Managing Risk During an M&A

Source: National Cyber Security – Produced By Gregory Evans

Build cybersecurity due diligence processes into your M&A strategy to protect your organization against security risks

A merger or acquisition can introduce security risks, sometimes years after the transaction is finalized. In the case of Marriott International’s acquisition of Starwood Hotels & Resorts, it took two years for Marriott to discover that there had been unauthorized access to Starwood’s guest reservation database, with breaches occurring since 2014. The security breach exposed the personal information of 383 million customers and has cost Marriott $72 million to date, with additional costs expected.

During an M&A, ensuring that proper security procedures are in place often gets overlooked, as was the case in the Starwood acquisition. Adding cybersecurity risk assessment as part of your M&A due diligence is critical to protect your organization. Here are some steps to consider.

Leadership Support for Due Diligence During M&A

Support in the form of an organization-wide policy from senior management is critical when developing a cybersecurity due diligence program. Once the policy is approved, ensure that appropriate resources and budget are available for the program.

During the M&A process, leadership must emphasize to both organizations the importance of cybersecurity due diligence, making it clear this step must be completed before the close of the transaction. 

Data Mapping

Data mapping can help you identify data handling processes and controls that may need to be strengthened and/or opportunities to anonymize or delete sensitive data. Interviews and/or questionnaires can help you quickly identify how and where the target company processes, transmits and/or stores sensitive data (e.g. PII, credit card numbers, health information) and how that data is protected and regulated, depending on the industry. It’s important to understand how sensitive data comes in to the target company, moves throughout the company, and whether or not data is sent to third parties.

Cybersecurity Practices Questionnaire

Require the target company to complete a short questionnaire (ideally 50 questions or less) detailing their cybersecurity best practices. The Center for Internet Security’s Critical Security Controls (CIS CSC) is a good example. The questionnaire is a quick and effective way to discover how mature the target company’s cybersecurity practices are and whether there are major risks such as stored sensitive data not being encrypted. The questionnaire also gives you the chance to identify areas where you might need to follow up or dig more deeply.

Focus on critical cybersecurity controls such as encryption of stored sensitive data, system patching, privilege management and logging. Ask whether the target company has experienced any recent security breaches, if the company’s cybersecurity program is based on a best practices framework (e.g., CIS CSC, NIST, CSF) and to identify all third parties such as MSSPs that provide cybersecurity services.

If the target company has had a recent third-party assessment of their cybersecurity practices (e.g., SSAE18, PCI DSS), request the full assessment report and review it thoroughly. Such assessments are performed by third-party experts and their reports are full of useful information.

Risk-Scoring Tool

Develop a risk-scoring tool to quantify the target company’s level of cybersecurity risk (high, medium, low), per the results of their data mapping and cybersecurity questionnaire. A typical approach is to assign scores (1, 2, 3) to specific questionnaire responses and data mapping findings, then combine all the individual scores into an overall cybersecurity risk score.

Base the tool on the factors that are most important and relevant to your organization, such as how much sensitive data is stored at the target company, whether the company has had a recent security breach or whether it sends sensitive data to third parties, for example. The tool is an easy to use and effective way to communicate to your senior management the cybersecurity risk of the target company.

There’s an inherent risk with any M&A transaction and creating a merger and acquisition cybersecurity due diligence program requires time and effort. But in the long run, it’s a great way to reduce your cybersecurity risk, helping to minimize the chance of post-transaction security breaches.

Source link

The post #cybersecurity | #hackerspace |<p> Managing Risk During an M&A <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How To #Shop Safely #Online During the #Holidays

Source: National Cyber Security – Produced By Gregory Evans

Shopping online for your holiday gifts is incredibly convenient. Why stand in long lines at the mall, when you can find everything you need for your friends and family in your pajamas? The National Retail Federation reports that 59 percent of consumers shop online for the holidays. But you can also open yourself up to identity theft, scams and hacking.

Here are a few ways to keep your information safe.

1. Only shop on websites that have a reputation for being trustworthy with your financial information, like Amazon or Target.com. Moreover, it helps to track your credit score to ensure that you haven’t been hacked. Forty-five percent (45%) of people use a credit monitoring tool so that they have access to tools and resources they need to improve or protect their credit, according to the 2017 Capital One Credit Protection Survey.

2. Check the url of the website. Never put your credit card information online unless there is a padlock icon, and the url starts with “https”. This is called a secure sockets layer or SSL. “Use different passwords for different websites whenever possible, specifically ensuring your banking password is different for other merchants,” says Sarah Strauss, head of fraud and managing vice president, U.S. Card at Capital One

3. Track your credit report on a regular basis so you’ll know when something goes wrong. Thirty-six percent (36%) of people could be doing more to protect their credit, according to the same survey. “You can regularly monitor your credit with a free tool like CreditWise,” says Strauss. “Also, sign up for purchase notifications from your credit card company or bank so you know when your card is used.”

4. Avoid simple passwords. Have at least eight characters that include both upper and lowercase letters, numbers and symbols. Never use your date of birth, name, or any other personal information that a hacker can guess. “If your information is compromised, a fraudster can use that information to open new accounts, access existing accounts, and/or use stolen credit card numbers to make fraudulent purchases,” says Strauss. “One of the biggest risks to your credit score is if a fraudster opens an account in your name, and then defaults on the loan.”

In the worst case scenario, you still have the power to save your credit score. If you see that someone has stolen your identity, you can call one of the three major credit bureaus — Experian, Equifax or TransUnion — and do a credit freeze. This means that you cannot open any new cards under your own name. But the thief can’t, either.

“While your liability for credit card fraud is limited, the process to clean up the fraudulent information on your credit bureau can be time consuming,” says Strauss. “In a world where our information is increasingly digital, the best strategy for consumers is to be vigilant and regularly monitor your credit report and bank accounts to catch fraud quickly.”

The post How To #Shop Safely #Online During the #Holidays appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season

Source: National Cyber Security – Produced By Gregory Evans

It’s time to take advantage of all those holiday specials and spend all your hard-earned bitcoin — er, I mean money — buying gifts for friends, family and, of course, yourself. Many retailers, large and small, online and brick-and-mortar, run holiday promotions as early as September. Gone are the days of waiting until Black Friday or Cyber Monday to take advantage of sales and specials.

The bad guys will be shopping, too — just not for the same items you are. Instead, they will be shopping for your wallet.

It’s true that some cyber Grinches ramp up their malicious activities during the holiday season, perhaps in the form of holiday-specific spam, spear phishing or compromised sites. While increased vigilance is encouraged during this time, there are a number of cybersecurity tips and best practices consumers and retailers should follow throughout the year to help mitigate threats. Having the right controls and awareness in place before the holidays can go a long way during the busy shopping season.

For Retailers: Vigilance Encouraged Throughout the Year

Black Friday and Cyber Monday are heavy shopping days and are likely to remain so for the foreseeable future. However, IBM X-Force research conducted over the past few years revealed that there was no significant uptick in network attacks targeting X-Force-monitored retailers during the traditional holiday shopping period in late November. In fact, last year, the volume of attacks for those two days fell below the daily attack average for retailers.

However, now that the shopping extravaganza lasts for two or more months, it’s possible that this four-day window is too short of a time period to identify notable network attack trends.

So far in 2017, network attacks targeting retail networks were highest in Q2, with June being the most-targeted month. Attacks dropped notably beginning in August and have been steadily declining, with the volume of attacks monitored for October below the monthly average for the year.

Time to celebrate? Not necessarily. In 2016, we observed a notable surge in the volume of attacks targeting retailers in mid to late December. Additionally, malware compromises occurring earlier in the year that have gone undetected can wreak havoc once the busy season commences. In December 2016, a security researcher discovered that nearly 7,000 online stores running Magento shopping cart software were infected with data-stealing skimmer malware capable of logging credit cards and passwords and making them available to attackers as image files for exfiltration.

Furthermore, bad actors do not have to steal anything to wreak havoc on the retail industry. A distributed denial-of-service (DDoS) attack is enough to cost the sector millions. In fact, the average cost of DDoS attack for organizations across all industries rose to over $2.5 million in 2016.

Retailers are encouraged to monitor their networks with increased vigilance during this holiday season. Vulnerable point-of-sale (POS) systems, compromised websites, and targeted spam and phishing campaigns can be costly.

To help keep your security posture strong over this holiday shopping season and all year long, review and implement the recommendations outlined in the IBM report, “Security Trends in the Retail Industry.”

For Consumers: What Cybersecurity Tips Are Missing From Your Repertoire?

Many online consumers have improved their security awareness as media coverage and education opportunities have increased. However, below are a few cybersecurity tips that many consumers likely haven’t thought of.

Assess Convenience Versus Risk

Our digital interactions leave data trails. Finding the right balance between personalization and privacy is the consumer’s responsibility, not just the retailer’s. Many sites have the option to save your card data for future use. While this feature offers convenience to the consumer, the stored data can be stolen via SQL injection attacks or other database compromises — after all, there are billions of leaked records due to misconfigured servers. Always look for the green lock icon in the browser address bar to ensure a secure connection to websites.

Be Wary of Unsuspicious Emails

Criminals have gotten really good at devising phishing lures that are extremely difficult to recognize as fraudulent. Receive an attachment from someone that appears to be in your contact list? Call them to confirm. Order something online? Before clicking the “track package” link in the confirmation email, ensure that it is actually an item you purchased from the correct vendor.

Use Passphrases and Multifactor Authentication

Exercise strong password hygiene by choosing to use a long, easy-to-remember passphrase, such as “ipreferpassphrasesoverpasswords,” instead of complex passwords containing a combination of letters, numbers and special characters. Unfortunately, this is not always an option since many websites now require a password that contains this combination. Use different passphrases for each site. If this seems too daunting, use a password manager. Rather than managing dozens of passphrases on your own, you’ll just have to remember the one key to your digital vault.

Always opt for multifactor authentication when available, and figure out which option is the most secure when choosing a real-time short message service (SMS) text message, an email message or an automated phone call.

Get Creative With Security Questions

When setting up new accounts, opt for security and password reset questions that aren’t public to make it harder for fraudsters to get their hands on your information. For example, don’t use your mother’s maiden name, which could be easily found online. Even answers to opinion-based questions, such as favorite movie, food, etc., can be found on social media. For increased security, lie about your answers or use passphrases as the answers.

Skimmers Abound

By now, you have most likely heard of skimmers being placed on the card readers at gas stations and bank ATMs. A skimmer is a hidden device placed inside the mouth of a payment card reader that is designed to copy your card data for criminals to user later. But what about in-store POS systems? Be on the lookout for suspicious-looking card swiping terminals that could be skimmers, or cash register attendants who seem to swipe your card on two different readers. Maintain this vigilance not only during the holiday season, but all the time, especially if you travel to other countries.

Know Your Card Security Features

Banks and credit card companies have implemented some great security features, such as being able to set limits on the number of times the card can be used within an hour or on the amount that can be spent on one purchase. However, if you’re unaware of these limits for your personal accounts or your phone number is not up to date in your bank profile, you may end up with a declined card.

Cover Your Card

Is the person in line behind you taking a selfie, or is he or she taking a picture of your card as you make a purchase? By obtaining the credit card number, name, expiration date and the card security code or card verification value on the back, an attacker may be able to use the information to make online purchases.

Keep Your Guard Up Year-Round

The holiday season is a great time to take stock of the past year while relaxing and spending time with loved ones, but it’s no time to let your guard down, especially given the increasing sophistication of cybercriminal tactics targeting holiday shoppers and sellers alike. We encourage retailers and consumers to follow best practices not only this holiday season, but also all year long to help mitigate attacks and compromise.

The post Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

During Cybersecurity Awareness Month, Experts Say Too Many Remain Unaware of Threats

Source: National Cyber Security – Produced By Gregory Evans

After an onslaught of hacking, breaches and malware this year, and the resultant waves of publicity, National Cybersecurity Awareness Month should be a bit anticlimactic. But for some people, the message never gets old. One of the organizations most aware of cyberthreats and most active in countering them is CIS,…

The post During Cybersecurity Awareness Month, Experts Say Too Many Remain Unaware of Threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

No one helped during violent, sexual assault on train

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Two Auckland teenagers were violently and sexually assaulted while taking a train home on the weekend. The mother of one of the victims has voiced her concerns on social media to try to track down the…

The post No one helped during violent, sexual assault on train appeared first on Become007.com.

View full post on Become007.com

Tokyo plans cybersecurity hub to protect infrastructure during 2020 Olympics

Source: National Cyber Security – Produced By Gregory Evans

The government said Thursday it will create a new body to oversee the protection of crucial infrastructure from cyberattacks during the Tokyo Olympics and Paralympics in 2020. The cybersecurity response center will compile and share information with government agencies and companies that operate crucial infrastructure such as transportation and power…

The post Tokyo plans cybersecurity hub to protect infrastructure during 2020 Olympics appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Auditors were able to hack Arizona DES during routine cybersecurity review

Source: National Cyber Security – Produced By Gregory Evans

Auditors were able to hack Arizona DES during routine cybersecurity review

State auditors were able to access confidential information when testing cybersecurity at the Arizona Department of Economic Security, revealing vulnerabilities that could have put residents’ personal information at risk. More …

The post Auditors were able to hack Arizona DES during routine cybersecurity review appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Malwarebytes Details Cybersecurity Threats Seen During Q1 2017 For Windows, MacOS And Android

Source: National Cyber Security – Produced By Gregory Evans

Many people don’t know as much about personal cybersecurity as they think they do. The bad news is that misunderstanding and lack of knowledge can put you at serious risk. The good news is that in many cases simply knowing …

The post Malwarebytes Details Cybersecurity Threats Seen During Q1 2017 For Windows, MacOS And Android appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

6 Changes To Make In Your Dating Life During App-less April, A Month Without Dating Apps

Whether dating apps are causing a “dating apocalypse” or are merely the easiest way to get a date, there’s no denying these tools have been total gamechangers in the dating scene within the last few years. And even though dating apps are most popular among millennials, according to a recent Bustle survey with dating app Happn of over 1,000 dating app users, 78 percent of women and 85 percent of men still want to meet people IRL. Read More….

The post 6 Changes To Make In Your Dating Life During App-less April, A Month Without Dating Apps appeared first on Dating Scams 101.

View full post on Dating Scams 101

Winchester Man Sentenced To 24 Months For Hacking Into Website During Steubenville Rape Case

Source: National Cyber Security – Produced By Gregory Evans

The man who admitted to hacking into a website during the 2012 Steubenville, Ohio rape case was sentenced to 24 months in prison Wednesday. Deric Lostutter pleaded guilty to charges of illegally accessing a computer and lying to an FB …

The post Winchester Man Sentenced To 24 Months For Hacking Into Website During Steubenville Rape Case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures