As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it’s just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches.
This is especially true of finance teams and financial executives. Financial executives are tasked with the job of ensuring consistent fiscal well-being and driving economic growth within their organizations, while determining and avoiding risk factors. Additionally, 38 percent of employees in financial roles claimed CFO as the role responsible for cybersecurity at their organization. To this end, corporate finance teams have to be concerned with, and take ownership of, cybersecurity initiatives within their organizations.
In this article, we will look at recent developments in cryptocurrency, from a regulatory perspective and developments in cybercrime adoption.
Cryptocurrency is hot. According to coinmarketcap.com, there are now over 1300 cryptocurrencies with new initial coin offerings (ICOs) accelerating all the time. We are seeing the beginning of regulatory acceptance as the British territory Gibraltar’s Financial Services Commission offers a new regulatory framework for Distributed Ledger Technology (DLT). The new framework will become operational as of January 2018 and will regulate the activities of firms operating in or from Gibraltar that use DLT to store or transmit value belonging to others, such as virtual currency exchanges.
Recommended! FortiGate 7060E and 3000D Excel in Combined Security Effectiveness, Performance and TCO in the First NSS Labs Data Center Security Gateway Group Test
Threats are constantly evolving to evade security defenses at the same time that digital transformation initiatives are introducing new attack vectors. And in addition to staying ahead of the latest threats, security solutions must also keep up with the vast amounts of differing network traffic types they have to inspect, such as IPv4 and IPv6, and increasingly, encrypted traffic as well. And they must do all this without adding latency or decreasing the speed of access. Today’s threats also proliferate quickly, requiring advanced threat prevention to be matched with dedicated processing and high throughput.
Generally speaking, there are two types of attacks against retailers: attacks at point of sale where a POS device is compromised or fraudulent cards are used for purchases, and attacks at the corporate location where criminals compromise a retailers entire customer and transaction history. This blog post focuses on the latter, the nature of the attacks, and how retailers can detect breaches before data is lost.
The Scope of the Cybersecurity Challenge is Evidenced by Boardroom Interest
The scale of the cybersecurity problem for retailers can be measured not evaluating threat activity and losses but also by studying the priorities of boardrooms and executives in the retail sector.
In a survey conducted by Lastline studying the 2016/2017 annual reports of FTSE 250 retailers with a Market Capitalisation of £1 billion or more, the strategic risk from Information Security and data protection is addressed in the annual reports by 100 percent of retailers. The threats mitigated by Cybersecurity is further highlighted as a principal risk by 93 percent of retailers. Additionally, implementing processes and controls to achieve compliance with the General Data Protection Regulation (GDPR) by May 2018 is specifically mentioned in 73 percent or major retailers’ annual reports.
The Boardrooms of major retailers have stated without exception – 100% of reporting organizations – that regular briefings, reviews and the reporting of cybersecurity status happen not only at board level but additionally, is reviewed by internal and external audit functions in order to measure the effectiveness of risk management from cyber threats. Finally, 47 percent of major retailers also have proactively tested the effectiveness of their controls or have conducted a simulated breach response planning exercise.
Retail-specific Cybersecurity ThreatsCyber threats can generally be bucketed into causing one or more of three risks:
Responding to a Breach Starts Before it Happens
Having a clearly defined incident response process is vital for gauging how to react to different types of scenarios or situations. Even a simple assertion that a hack indeed resulted in a breach needs to be considered and planned for given that a hack often is a precursor to a larger data breach.
For example, the sale of stolen merchant accounts is big business on the dark web (see example below of how stolen accounts are promoted).
A criminal group could buy stolen accounts for a number of fraudulent reasons. Often simply purchasing goods with stolen credit cards is the goal, known as Carded Items on the dark markets. Or returns fraud is another popular technique by criminal groups. This known bad activity is a factored loss, well understood by retailers.
But there are other, more challenging scenarios for which retailers also must prepare themselves. What has proven more difficult to detect and gain visibility into is the threat actor that takes the stolen credentials and then tries to move deeper into the organization, moving laterally until they compromise sensitive databases and payment systems. The key step retailers need to take is to ensure appropriate visibility into the precursors of unauthorized network access that indicate the potential for a future breach of sensitive data.
Responding quickly and effectively is a critical success factor here. This requires, at a minimum, understanding the full scope of the breach (i.e. all systems and data that’s been affected), isolating and cleaning infected systems, and notifying customers and regulatory organizations as appropriate.
Adequate Protection Requires TechnologyRetailers have invested heavily in cyber response teams. However, the size of these teams is typically too small for them to be consistently successful, and just like with every other industry, there simply aren’t enough qualified candidates to fill open positions.
Retailers need to arm their security teams with strong detection technologies reinforced with automated analysis platforms that proactively study and analyze user activity and internal system behaviors. Such technologies will enable small teams to hunt for the high-risk precursors to a breach, and stop unauthorized access before it causes harm.
Looking Ahead – Retail Cybersecurity Threats in 2018 and Beyond
The Lastline survey of major retailers’ annual reports uncovered that in 100 percent of retailers there was not a single mention of bitcoin, blockchain or cryptocurrency. However, we are seeing the use of domain names using blockchain technology to host stolen data and credit card information, making it harder to be shut down and traced by law enforcement. As retailers increasingly adopt cryptocurrencies, the potential for increased losses via stolen wallet data will increase the overall level of fraud.
In addition, proving that no harm was done (that is, data was not exposed or stolen) will become an important metric for cybersecurity in retailers, and automating the gathering of evidence that clearly shows that infections and unauthorised access did not expose sensitive data will be a critical function in the decision making process on whether to alert regulatory bodies under the 72 hour notification requirement in GDPR (which regulates all companies doing business with European citizens, not just European companies).
Educational institutions have become regular targets for cybercriminals. In fact, the education sector accounted for 13 percent of data breaches in the first half of 2017, resulting in the compromise of around 32 million records.
One of the top reasons that schools are targeted is the diverse data they store on students and staff, including personally identifiable information (PII), healthcare information, and financial information. These records can then be sold on the dark web to be used for purposes of identity theft and fraud.
The threat landscape is growing every day, and so is the risk of suffering a demanding data breach. While a dedicated security strategy can keep organizations out of headlines, many are still plagued by disjointed response workflows and manual processes that slow down their mean time to detect and respond to real threats.Commissioned by LogRhythm, Frost and Sullivan conducted a study to ascertain the level of security maturity among 400 enterprise IT decision makers in Asia-Pacific. Here are five major vulnerabilities troubling enterprises today:
The latest Fortinet Threat Landscape Report (Q3 2017) is sobering but not entirely surprising reading. The number of zero-day vulnerabilities continues to increase, with FortiGuard Labs identifying 185 this year to date. Attacks designed to exploit these vulnerabilities are penetrating more organizations, and they are being engineered to rapidly mutate in ways that makes their detection more difficult and their effects more unpredictable.
But there’s something else going on behind the scenes. It’s also becoming easier and cheaper for adversaries to formulate and launch exploit-plus-malware technology-based attacks. Such attacks are built around pieces of arbitrary code that are embedded in an object in order to force legitimate applications to behave in a malicious manner, thereby enabling bad actors to gain control of an affected application or even the broader IT infrastructure. Like a binary nerve gas, attackers use exploits to poison a system so that they can subsequently wreak havoc.
From Bad Rabbit to NotPetya, bad actors are constantly evolving their malware attack vectors–how they distribute sophisticated malware attacks. This ever-growing network threat landscape requires organizations to keep abreast of changes in the way in which malware is delivered.
APAC Team is organizing 3 Moving to Industry Collections Webinars targeted at M2S Eligible Customers.
During these webinars, customers will understand their subscription options and how industry collections can help them do their best work.
If your M2S Eligible customers have any questions on their subscription options and what moving to subscription/collection means for them, this will be a good chance to get their questions answered by the experts.
Please find attached the webinar invite that you can send to your customers to encourage them to sign up
Moving to Collection Webinar Details
Over the last several years, public cloud computing resources have developed into a flourishing IT supermarket of processing capacity, storage, applications, and a variety of automated tasks (networking, security, and system maintenance), all offered “as a service” by third-party vendors.
These and other public cloud computing services have mushroomed largely due to the economic and strategic advantages they offer their paying customers: