A new report published this week by Trustwave SpiderLabs shows that the food and beverage industry was the main target for cyber criminals in 2011 and will likely continue to be a target in 2012.
In the "2012 Global Security Report" the food and beverage industry was singled out as the top target for cybercriminals for the second straight year. The industry made up 44% of data breach investigations conducted by SpiderLabs in 2011. The company's report is based on 300 data breach investigations and 2,000 penetration tests.
According to the report, the thieves targeted customer records, making up 89% of breached data investigated. The next targets were trade secrets or intellectual property.
"The food and beverage industry was the top target of our investigations. That may be surprising. Most people might think that banks and governments would be at the top of the list?, said Nicholas J. Percoco, head of SpiderLabs.
"The criminal element wants to turn their criminal activity into money as quickly as they can. They go after the food and beverage industry because it tends to have high transaction volume. The criminals have found that those organizations have a low barrier to entry from an infiltration standpoint. Once they are in the environment, the lack of security awareness within those organizations affords them almost unlimited amounts of time to aggregate that data. They are then able to extract that data out of the environment and use it for fraudulent activities", said Percoco.
SpiderLabs found that restaurant franchises were the most targeted because they often use similar IT systems across all of their locations. Once a cyber criminal has breached a network, they can attack multiple locations with ease. More than one third of the company's investigations were with franchise operations. Things like usb protection are useful in protecting against data breaches.
Unfortunately, self-detection of compromises decreased in 2011 and only 16% of victimized organizations were able to detect the breach themselves. The remaining 84% relied on information reported to them after the breach was discovered by a third party entity: regulatory, law enforcement, or the public.
Using the quick pace of technologies and also the modifications that take location in current technologies, customers frequently buy the following greatest smartphone, tablet or laptop as soon because it hits the marketplace. What's left following the new device is plugged in and operating is the fact that the old telephone, tablet or pc is place away in storage, offered away or maybe sold in to the secondary marketplace.
Nevertheless, what occurs towards the info that was stored on the device. Frequently occasions, the device isn't correctly wiped to be able to shield the sensitive information that would effortlessly be accessible on it. Just lately, Motorola sold refurbished devices that nonetheless contained individual information and info from the prior owners.
Listed here are some actions a consumer can take be particular to shield themselves from a information breach as soon as they no longer use or manage their old device:
1. Alter passwords frequently. If user information is somehow mysteriously intact following each customers and also the manufacturer refreshes a device, an additional tool to assist maintain your self protected would be to alter up your password. For instance, alter your e-mail, bank as well as other on-line account passwords each month. This way, even when somebody gets an old device which has information stored on it, they most likely will not have the ability to access towards the info.
2. Factory reset. This reset will eliminate all of the account information from all of the apps, removes user-downloaded apps, and returns the device's software program to an "as-new" situation.
3. Erase the memory card. This may be simple to forget. There is a bit check box within the factory-reset procedure (but only a few of the time) that asks if you would like to erase the memory card, also. Make certain you check it. That way, apps that you have moved towards the memory card--as nicely as pictures, music files, documents, and so on.--are erased. Much better but, pull the memory card out, stick it into a pc and reformat it.
4. Encrypt your device. Not all devices provide encryption, encrypting the device is accessible via the data security settings. The belief is the fact that even when reset, an encrypted device to factory circumstances, any user information left on the device could be so jumbled as to become unusable.
When people think about cloud computing the two things that are foremost in their minds are data security and privacy. Because of this, many individuals and companies tend to shy away from placing too much data in the clouds and focus on utilizing cloud services that are low in risk. Or even worse, they don’t even consider utilizing cloud-based services.
However there are many in the IT and security industry that feel that cloud computer may be a great deal more secure than anything that a company’s IT department could put into place to secure data. The main fear that has to be overcome is the fear that as a company not owning the infrastructure that the data resides in, puts security at risk. However thinking about this in terms of storing important documents in a safe deposit box is a great analogy. The bank building isn’t owned or maintained by the person placing items into the deposit box. However, if asked most people would agree that the bank is the safest place to keep valuable information.
Of course to gain access to the safe deposit box, the individuals have their own key. They are the only person that can access the contents of the box. Now use this example when thinking about how data would be stored in the cloud. Usb protection is also important.
Trusting the cloud service provider with maintaining and securing the data is important, but realizing that as the owner of the data, only you have the key or access to it. Cloud services must be inherently secure. Once the service is configured there must be no way for anyone but the owner of the data (including the cloud service provider) to access the data.
On top of the data being secured, the cloud service components must also be secured. But how can the individual or company be assured that the data is safe? Especially since the control over the physical infrastructure is placed in the hands of a third party. Encryption seems to be a mandatory requirement in order to provide assurance that the data is secure.
Prior to digital devices and lap top computers became ubiquitous for the business traveler, the issues of traveling safely had been much more about getting your wallet or your passport stolen. Now much more than ever, the expanding concern for all those that travel is concerning the security of their information. But, just as there are lots of kinds of devices to access information or take it with you, there are more threats than many individuals understand to their information security.
There are many actions that may be taken to shield against information theft. Right here are a couple of to think about. Initial, make use of a password on your pc. This really is minimal protection, but at least would stop most laid-back criminals from attempting to steal sensitive info. Some computers permit the user to set up password protection through a screensaver for occasions when the machine is idle, probably the most apparent time that a pc might be stolen.
Second, make sure to encrypt all your files, whether or not on your pc or on disks and flash drives. You will find a number of applications and software programs that permit an individual to encrypt files. Archive utilities like WinZip will permit a user to make encrypted document bundles. Also, keep in mind there might be unencrypted copies or temporary copies on your pc; so becoming diligent about file management will assist also. You will find also methods to encrypt the whole difficult drive through open supply applications or commercial goods. Remember that if your method crashes that it might be challenging to recover encrypted information, so maintain a rescue disk copy somewhere safe and secure that you could access if required.
Whilst traveling, becoming on-line may be the subsequent front which you need to face within the battle to shield your information. This really is extremely accurate for hotel company centers or Web cafes. All of these are locations that location you at danger for losing useful information. In the event you determine that probably the most secure route would be to not travel with your pc, be conscious of the dangers of utilizing a public pc.
Initial off, keystrokes may be recorded and consequently your IDs and passwords may be utilized to access your bank accounts, etc. Additionally, you shouldn’t trust the browser or the e-mail software program that's installed on a public pc system. These may be solved using the use of a secure USB important. With this kind of device, you are able to enter use password protected software program for the use of an onscreen keyboard, which will stop keystroke recording. Also, you are able to maintain a portable version of a Firefox browser on the USB drive to be able to steer clear of utilizing the public computer’s installed browser. USB protection is well worth the expense when traveling. 1 factor to note is the fact that utilizing software program through a USB drive will lead to a slower browser and may be annoying if you're used to fast speeds.
These couple of actions, even though at initial cumbersome will probably be useful whenever you travel to secure your individual information and to provide you with peace of thoughts also.
European parliamentarians are working on methods to simplify the EU Data Protection Directive. This harmonization would offer companies with “one law” and with “one information protection authority”. The European commissioner for justice, basic rights and citizenship, Viviane Reding lately proposed new information protection principles for the Eurozone member countries. These principles would permit businesses to function across all borders from the 27 members within the Eurozone with out legal conflict.
Reding lately stated that there ought to be “one law and 1 single information protection authority” for every company within the EU. This 1 law would then permit company to comply using the information protections laws within the jurisdiction exactly where it has its primary European headquarters. For instance, a business like Facebook that's headquarter in Ireland could be under that country’s jurisdiction, not that of say France or Germany.
Within the past, the fragmented method to information protection produced it extremely challenging for companies to trade also as to become in compliance having a specific country’s guidelines and regulations. Commissioner Reding noted in a current interview that these “unnecessary hurdles” had been costing companies roughly $3.1 billion a year just in administrative expenses.
This new directive updates the Eurozone’s information protection laws to be able to bring the laws as much as date with new and creating technologies like cloud computing. It'll also assist to patch some holes in EU law that had been produced by the U.S. Patriot Act following the September 11, 2011 terrorist attacks within the U.S. Reding emphasized that European law would apply to any business that operates inside the European Union, even when that business is based outside the Eurozone.
At this stage, companies and governments alike haven't been told how and when the reform from the Data Protection Directive will probably be implemented. It has been noted that ought to the original directive be revised, there's additional danger of inconsistencies of implementation and interpretation at a member state level. It'll be determined as soon as the law has been totally approved by the member states.
Many companies have utilized usb encryption in foreign countries to protect data.
The business, Secure Data Sanitization (SDS) has turn out to be the 1st information security business within the United States to create their “Secure Erase” program mobile. In late November, the business took this program literally on the road to Idaho to demonstrate its capabilities. The very first mobile processing units had been tested at no price towards the Idaho Department of Health and Welfare. The program is able to wipe clean an outdated pc system. The test demonstrated that it might be 100% efficient in permanently erasing hard drives for these older computers. It was also able to reset the computers towards the original manufacturers’ settings.
These new mobile units are accessible to travel to any location to be able to assist businesses effectively eliminate information from old pc hard drives. The program will sanitize the drive in order for the gear to be effectively destroyed with out danger of private information becoming taken at some point in the future.
The mobile program initiates the “secure erase” aspect or “electronic data shredding” activity. This procedure then permanently erases difficult drives, resets them and offers proof in a report format. This new mobile system has attracted an excellent deal of attention, particularly amongst businesses that shop big amounts of information. The business has already secured contracts to make use of the mobile program at businesses all over the world.
The Idaho Department of Health and Welfare was anxious to make use of the program stated Michael Farley, the IT administrator for the department. "In order to meet federal guidelines and regulations concerning HIPAA, IRS and SSA information, it's crucial that we've a secure and sound procedure for eliminating information from our pc systems before donation or destruction," stated Farley. "Being in a position to have hard drives securely erased or destroyed on website is essential since it provides us 1 much more layer of protection."
The business is poised to be extremely active within the coming years with new federal and state laws that need businesses to securely erase private information. If not carried out properly, businesses in violation could face millions of dollars in fines, lawsuits and cleanup expenses. SDS provides Certificates of Sanitization and Destruction, printed on-site, which guarantee compliance with state and federal laws. These certificates are backed by a $2 million insurance policy. Usb protection is one way to ensure that data is safe.
As part of the service that SDS offers, they also give their customers the choice after erasing the information to either remarket the old system or donate them to the non-profit organization Computers for Kids.
The consulting firm, Forrester Research lately released a report that has some shocking suggestions to businesses that suffer from a data breach. The firm’s report advises corporate security experts to not immediately fix a security vulnerability following a data breach. The report suggests that just like other crime scenes, you will need to not destroy evidence that might be needed and extremely useful within the prosecution of cyber criminals.
The report, “Planning for Failure” was written by Forresters analysts. The research team makes a solid argument that rushing to fix security after a breach could be unhelpful within the long run. The report suggests, “You should determine if you wish to prosecute prior to you remediate. Things function differently in real life than it does on your favorite crime investigation show. Too often, companies clean up a breach and then determine later they wish to find and prosecute the perpetrator.”
The researchers explained within the report that in the majority of beach instances, the IT security managers should “make an investigation and prosecution decision instantly. You might need to keep a breached program operating in order to preserve evidence.” The report does point out that data breach forensics is really a fairly new fielc and specialization. Discovering a good cyber crime investigator is in high demand. The specialists should be brought in who've the skill sets.
The report went on to describe and outline how you can establish an incident response team, the kinds of information technology, business managers and legal aid who should be part of the procedure. The research firm recently did a survey of 341 enterprise IT choice makers in North America and Europe. They discovered that 25% of the choice makers said their company had suffered from a information breach in the past year.
A few of the crime comes from inside the organization. If an employee steals information they've access to, there is little that may be done to quit it. Downloading files, sending by way of e-mail, printing and even screenshots can collect the information the criminals want and may easily passed onto the highest bidder. Of specific interest is the fact that 25% of criminals stole information that they don’t have authorization to access.
Within the case of encrypted USB flash drives, the way a criminal would steal the info on another employee’s encrypted flash drive could be to gain the employee’s password by way of insertion of undetectable keylogging malware on the employee’s Pc. All encrypted USB flash drives that use software authentication rather than hardware authentication are prone to this type of insider crime.
Oliver David writes and contributes to Lok-it.net and other websites and has highlighted usb flash drive review and also secure usb flash drive review.
As consumerization becomes the norm increasingly more workers are bringing their very own smartphones and tablets into the workplace. It appears from all accounts that most IT departments with businesses and organizations treat these devices just like the other people that the business acquired.
The philosophy that “your device is now our device” ought to be reconsider particularly with regards to private and individual info security. You will find a lot of scenarios that could take location with this kind of IT policy. What will the IT department or the business do when an employee has their distinctive individual information accidently erased? Or the user uploads a software program update that either removes business information or somehow compromises the information. All the possible scenarios could consist of the erasure of irreplaceable family members pictures and videos, bank accounts and passwords. Usb encyrption is another method to secure data.
The very best policy is the fact that do not manage a device that's not owned by the business. When a device is owned by the business, a function ought to clearly comprehend what information they are able to and can't maintain. It's clear that most workers want just 1 device for function and home. Most comprehend a work-only laptop and also why a business does not wish to buy tablets for workers. But, they certainly do not want two phones. What's not some thing most businesses or workers want is for their individual mobile phones to be serviced as although it was a business device.
The cause that this explosion of individual devices becoming managed as although it had been a corporate device is the fact that IT departments have conflated “device management” with “data security.” This has much more to complete with poorly believed out requirement concerning compliance. IT Departments will need to believe via the compliance much more thoughtfully and understand that information security and device management aren’t usually intertwined.
A easy method to manage this really is for IT departments to keep in mind that it is the software program and access towards the corporate servers that's probably the most essential management problem. Securing sensitive information will be the essential and suitable avenue when interacting with employee’s individual devices. If there’s a have to interact with their device and also the company’s systems -- usually put a password on any information. And, if there’s info utilized for company purposes and potentially on an employee’s device, encrypt it and make it extremely challenging to walk out the door on that device.
A leading enterprise storage business recently released its findings from a survey that it undertook. The business surveyed leaders in information technology (IT) to find out their views on cloud storage. Data security is always at the top of the list.
The results were quite interesting. The survey revealed that 81% of IT decision makers had concerns about the security of date in the cloud. Nearly 48% had a concern about the “level of control” they might have to secure information that is stored in the cloud. From the survey results, it was clear that these two concerns were the biggest for these IT professionals when thinking about storing date in the cloud.
In addition to these findings, the percentage of concern was very consistent across many industries and types of businesses. Those surveyed included IT professionals in government, business services, healthcare, education, financial services, manufacturing, telecommunications and software.
Also discovered in the survey was that about 43% of these IT management level decision makers had plans to store information in the cloud within the next 12 month period. However, there is a concern that if the IT professionals don’t make an assessment of high grade cloud storage solutions which have a strong level of security and information control, the corporate users might adopt their own less secure solution in order to obtain some sense of security.
The survey manager stated this about the survey and the participants. He said, “They clearly understand the promise of cloud storage for cost savings, off site backup, unlimited scale, simpler IT management, and on-demand provisioning, but they are also rightfully concerned about the security of their information and whether they have control over it at all times. Unfortunately, this will not deter users…too often willing to use consumer-oriented offerings without It’s permission.”
The survey clearly shows that IT solutions have to look at top grade enterprise storage solutions that will provide the strong benefits in the cloud in a way that will strongly address the issues of security that everyone must have.
As cloud computing continues to gain popularity, users and developers are continuously coming up with new and innovative ways of applying the technology. People knowledgeable in business have at all times been able to recognize and take advantage of chances that present a practical way of making profit. In fact, presently we have many businesses and persons installing virtual data centers on cloud hosting. They have recognized that cloud hosts offer a chance that can be used to establish a data center with few investments in hardware and also technical knowledge. Different from the usual data center system that would need a big financial investment, a cloud based virtual data center is tremendously cost efficient.
When installing a virtual data center with your cloud hosting service, you will require a much smaller team that you would for a modern data center. When starting, one technically skilled individual would be adequate for the job. With their guidance you will need to decide on a number of considerations, factors and resources for the virtual data center you are planning on developing. Choices of operating systems, specs, applications, architecture and other technical features of the data center will be discussed. These decisions will be made based on the intended purpose and long term plans for the virtual data center you are developing on your cloud hosting.
A lot of cloud hosting vendors have made user friendly platforms that let their customers install virtual servers in a very simple way. It does not require extensive technical experience though it would be advisable to engage a professional especially when developing a commercial data center. The cloud host setup wizard will guide you through the process though you must be able to select the capacities, services and applications required for running your servers. In most cases this is the simplest and most popular approach to make virtual data center with a cloud hosting service.
The other option would be to do your own configuration and installation that needs a high level of technical know-how. Being able to do this also needs access to several resources of the cloud host provider you are working with. In some cases, the provider may be unwilling to provide you with access to their resources due to security concerns. Cloud computing involves a difficult incorporation of hardware and software resources and working through this can be difficult.
The virtual data center you build on your cloud hosting service must deliver the basic capabilities of cloud computing. These comprise cost efficiency, flexibility, availability, scalability, automation and more. Having been built on a cloud hosting platform, your virtual data center should deliver the same capability as the platform on which it is based. For the most outstanding outcome, you ought to work with a cloud hosting service provider who has been engaged in installing virtual data centers. Their experience will prove to be very useful since it will assist you to avoid the common difficulties others face as they start similar projects.