Tuesday July 12th is online retail giant Amazon’s self-styled “Prime Day,” and the potential deals mean a surge in online shopping. Designing systems and applications to handle the amount of traffic a site like Amazon sees day to day, much less during promotions like Prime Day, can be difficult in and of itself. Throw in the complexity of cybersecurity and it becomes clear why so many online retailers have trouble keeping up. Amazon itself has relatively good security, but what exactly does that mean for customers? We’ll look at what measures Amazon has in place, what they mean, and a few simple steps to tighten security even further.
You've seen enough empty Hollywood blockbusters about casino heists to know that today's gambling institutions are constantly in the crosshairs of attackers—online and off. In the digital realm, however, better malware tools and access to deep funding make today's cyber criminals more than a bad movie, especially when lucrative payloads are for the taking.
Since 2000, the nonprofit Center for Internet Security (CIS) has provided the public service of creating and distributing hardening guidelines for common operating systems and applications. Alongside documents describing what configuration to check, how they should be configured, and how to fix them, CIS also offers a software solution that can analyze a system for compliance with the CIS benchmarks. Despite those resources, and their criticality for information security, the fact remains that becoming and staying secure is a persistent problem. Why is system hardening so hard?
There are really only a few ways to get funding: an individual such as a venture capitalist or billionaire, a partnership or strategic investment by a corporation or state agency and getting a large number of people to give you a very small amount of money. Crowdfunding websites claim to offer a platform for the latter, giving inventors, artists and small businesses a method by which to propel themselves on the merits (or popularity) of their ideas, without needing inside connections or extensive business acumen as the other methods usually require. But because all of the transactions involved in crowdfunding take place on the internet, cybersecurity should be a number one concern for both users and operators of these websites. We used our external risk grader to analyze 7 crowdfunding industry leaders and see how they compare to each other and other industries.
Cybersecurity news items are usually one of two things: your "run-of-the-mill" data breach announcement or vulnerability alert, usually software-related. This week's Symantec fiasco falls into the latter bucket, but it isn't your average vulnerability alert. In fact, this is the one that most enterprise security professionals have been dreading and horrified to hear: that your security defenses are not only ineffective—they can be used against you by attackers.
No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcement: on June 9th, the international fast food chain disclosed that its January 2016 security compromise was, in fact, a lot worse than originally stated—potentially eclipsing the Home Depot and Target data breaches.
A few days ago, Taiwanese computer manufacturer Acer disclosed that "a flaw" in their online store allowed hackers to retrieve almost 35,000 credit card numbers, including security codes, and other personal information. Most of the major personal computer retailers have online stores like Acer's, allowing people to buy directly from the manufacturer, rather than through a reseller like Amazon. But how secure are these digital outlet stores, and what are the chances that if you use them you'll end up like Acer's customers? We examined seven industry leaders with our external risk grader to see how they stacked up, and unfortunately, Acer wasn't alone in its security practices.
Glassdoor's 2016 Employees' Choice Awards Highest Rated CEO List includes household names like Marc Beniof, Mark Zuckerberg, and Tim Cook—CEOs of companies that also score high marks for strong security. Is there any correlation between a company's cyber risk profile and its CEO employee approval rating?
The term cyber risk is often used to describe a business’ overall cybersecurity posture, i.e., at how much risk is this business, given the measures it has taken to protect itself. It’s often coupled with the idea of cyber insurance, the necessary coverage between what a company can do security-wise, and the threats it faces day in and day out. Cybersecurity used to belong exclusively in the realm of Information Technology, one of many business silos that while important, was only a small piece of the business and as such, often delegated to a C-level manager who interfaced with other executives as necessary. Today’s businesses have outgrown this model, as what used to be considered information technology has grown to encompass business itself, permeating every aspect of it, governing its speed, its range, its possibilities. As a CEO or CFO, the way your business handles information technology, more specifically cybersecurity, reflects the way you think about your company and its place in the contemporary market.
A routine fill-up at the local gas station or ATM withdrawal might cost you dearly these days. With the recent surge in ATM and gas pump skimming attacks, you certainly wouldn't be alone—in fact, the odds are one in three that you'll fall victim to identity theft once your financial data is swiped. Is there any hope in an increasingly hostile landscape rife with external threats?