A new report published this week by Trustwave SpiderLabs shows that the food and beverage industry was the main target for cyber criminals in 2011 and will likely continue to be a target in 2012.
In the "2012 Global Security Report" the food and beverage industry was singled out as the top target for cybercriminals for the second straight year. The industry made up 44% of data breach investigations conducted by SpiderLabs in 2011. The company's report is based on 300 data breach investigations and 2,000 penetration tests.
According to the report, the thieves targeted customer records, making up 89% of breached data investigated. The next targets were trade secrets or intellectual property.
"The food and beverage industry was the top target of our investigations. That may be surprising. Most people might think that banks and governments would be at the top of the list?, said Nicholas J. Percoco, head of SpiderLabs.
"The criminal element wants to turn their criminal activity into money as quickly as they can. They go after the food and beverage industry because it tends to have high transaction volume. The criminals have found that those organizations have a low barrier to entry from an infiltration standpoint. Once they are in the environment, the lack of security awareness within those organizations affords them almost unlimited amounts of time to aggregate that data. They are then able to extract that data out of the environment and use it for fraudulent activities", said Percoco.
SpiderLabs found that restaurant franchises were the most targeted because they often use similar IT systems across all of their locations. Once a cyber criminal has breached a network, they can attack multiple locations with ease. More than one third of the company's investigations were with franchise operations. Things like usb protection are useful in protecting against data breaches.
Unfortunately, self-detection of compromises decreased in 2011 and only 16% of victimized organizations were able to detect the breach themselves. The remaining 84% relied on information reported to them after the breach was discovered by a third party entity: regulatory, law enforcement, or the public.
Using the quick pace of technologies and also the modifications that take location in current technologies, customers frequently buy the following greatest smartphone, tablet or laptop as soon because it hits the marketplace. What's left following the new device is plugged in and operating is the fact that the old telephone, tablet or pc is place away in storage, offered away or maybe sold in to the secondary marketplace.
Nevertheless, what occurs towards the info that was stored on the device. Frequently occasions, the device isn't correctly wiped to be able to shield the sensitive information that would effortlessly be accessible on it. Just lately, Motorola sold refurbished devices that nonetheless contained individual information and info from the prior owners.
Listed here are some actions a consumer can take be particular to shield themselves from a information breach as soon as they no longer use or manage their old device:
1. Alter passwords frequently. If user information is somehow mysteriously intact following each customers and also the manufacturer refreshes a device, an additional tool to assist maintain your self protected would be to alter up your password. For instance, alter your e-mail, bank as well as other on-line account passwords each month. This way, even when somebody gets an old device which has information stored on it, they most likely will not have the ability to access towards the info.
2. Factory reset. This reset will eliminate all of the account information from all of the apps, removes user-downloaded apps, and returns the device's software program to an "as-new" situation.
3. Erase the memory card. This may be simple to forget. There is a bit check box within the factory-reset procedure (but only a few of the time) that asks if you would like to erase the memory card, also. Make certain you check it. That way, apps that you have moved towards the memory card--as nicely as pictures, music files, documents, and so on.--are erased. Much better but, pull the memory card out, stick it into a pc and reformat it.
4. Encrypt your device. Not all devices provide encryption, encrypting the device is accessible via the data security settings. The belief is the fact that even when reset, an encrypted device to factory circumstances, any user information left on the device could be so jumbled as to become unusable.
Many IT managers have to adhere to a growing amount of federal regulations regarding data security. Most IT managers likely spend a great deal of their time making certain that their company is in compliance with these federal mandated regulations. Unfortunately, a lot of organizations and IT departments focus on the compliance portion and begin to lose sight of the main goal which is to protect against data breaches.
Many experts agree that it is very possible that an IT department can meet the basic compliance requirements without actually having their data secure. But fortunately there are tools in the marketplace that can provide security and also achieve the necessary compliance mandated by law.
A recent article provided an overview of the federal regulations that can affect any American business. The authors recommended three steps to help achieve regulatory compliance as well as securing critical data. These steps are:
1. Develop a set of well-defined security and compliance policies for the organization. 2. Deploy the right tools to protect the company’s system and all the platforms and apps within the system and finally 3. Develop a systematic backup strategy for the company’s data.
The alphabet soup of compliance is a jumble of acronyms like SOX (Sarbanes-Oxley), GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standards), and FOIA (Freedom of Information Act). Fortune 500 corporations and organizations with dedicated IT staff have a much easier time understanding and addressing the compliance mandates. But for small and medium businesses, it can be overwhelming to even figure out where to begin.
Unless your business is a publicly traded entity governed by the SEC, SOX should not have any impact on you; unless you work for a government agency, it is unlikely that you need to concern yourself with FOIA. However, PCI DSS affects virtually every business, and many small and medium businesses fall under the guidelines of HIPAA, GLBA, or both.
Each of the individual regulatory or industry compliance mandates was developed to address specific concerns. Achieving and maintaining compliance is no easy feat for organizations of any size, and it can seem overwhelming for small and medium businesses. But if using the steps above and staying focused on security first, then the compliance portion should be met.
For more information check out this secure usb drive review.
You will find a lot of small companies that will come into contact with a person’s identity, address, date of birth, social security number and bank-account info. Whether or not it's a revenue tax account, law office, dental office, florist or drug store, there's no method to steer clear of providing this info to small businesses that might not have the very best security for sustaining and protecting the safety of sensitive information. It's imperative these people and companies become much more conscious in the problems they might face should they permit information to become either mistakenly lost or get intentionally swiped.
Sadly, information security is nonetheless considered from an early 1990’s viewpoint and also the believed that a good firewall and up to date virus protection will safeguard a business or company from becoming a victim of a sizable scale information breach. And small businesses have to be as conscious in the problems and dangers of getting the individual information it handles becoming stolen or mishandled.
However it also is not about security. It's also about great company. You will find issues that may be carried out to stop a information beach from occurring, even inside a small company setting. Listed here are a couple of actions which you can take. 1. Create a couple of well-defined security and compliance plans for the organization. 2. Deploy the proper tools to shield the company’s computer system and all of the platforms and apps inside the system and lastly 3. Create a systematic backup technique for the company’s information.
And small companies are exempt from the alphabet soup of state and federal rules set as much as shield customers from getting their individual information mishandled. Some consist of: SOX (Sarbanes-Oxley), GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standards), and FOIA (Freedom of Info Act). Fortune 500 businesses and entities with devoted IT staff have a a lot simpler time comprehending and dealing with the compliance mandates. But for small and medium companies, it could be confusing to even determine exactly where to start.
Achieving and maintaining compliance isn't a simple feat for organizations of any size, and it could appear frustrating for small and medium companies. But if utilizing the actions above and staying dedicated to security 1st, then a compliance portion ought to be met also.
There are other ways like, hardware aunthentication is another method to make certain that a business is achieving data security.
When people think about cloud computing the two things that are foremost in their minds are data security and privacy. Because of this, many individuals and companies tend to shy away from placing too much data in the clouds and focus on utilizing cloud services that are low in risk. Or even worse, they don’t even consider utilizing cloud-based services.
However there are many in the IT and security industry that feel that cloud computer may be a great deal more secure than anything that a company’s IT department could put into place to secure data. The main fear that has to be overcome is the fear that as a company not owning the infrastructure that the data resides in, puts security at risk. However thinking about this in terms of storing important documents in a safe deposit box is a great analogy. The bank building isn’t owned or maintained by the person placing items into the deposit box. However, if asked most people would agree that the bank is the safest place to keep valuable information.
Of course to gain access to the safe deposit box, the individuals have their own key. They are the only person that can access the contents of the box. Now use this example when thinking about how data would be stored in the cloud. Usb protection is also important.
Trusting the cloud service provider with maintaining and securing the data is important, but realizing that as the owner of the data, only you have the key or access to it. Cloud services must be inherently secure. Once the service is configured there must be no way for anyone but the owner of the data (including the cloud service provider) to access the data.
On top of the data being secured, the cloud service components must also be secured. But how can the individual or company be assured that the data is safe? Especially since the control over the physical infrastructure is placed in the hands of a third party. Encryption seems to be a mandatory requirement in order to provide assurance that the data is secure.
There happen to be a great deal of media reports about each information breaches as well as identity theft, but numerous individuals do not understand the distinction in between the 2. There certainly is really a close similarity between the two.
The fundamental definition of the expression breach is really a “hole” or “opening” but additionally using the caveat that these particular holes or openings were not intended to be there in the 1st location. Adding this definition to the phrase information breach and you are able to see that it's an opening to the information, or perhaps a hole by which to view, interact or obtain information. Generally the phrase is utilized to illustrate the loss of information and in most instances this info is sensitive and personal information which has the protection of regulations.
The term “data breach” brings up pictures of hackers or spies. These kinds of breaches are the methods that individual info may be compromised and stolen. Nevertheless, they're not the only methods. Some information breaches really are total accidents. In numerous from the high profile information breaches, either a pc was stolen, lost or maybe a disk or flash drive with info was lost, stolen or mislaid.
It does appear although that most breaches are intentional, and they are generally those that ought to be probably the most regarding to everybody who has made an internet purchase, frequently utilizes e-mail, and/or banks on-line. 1 of the biggest information breaches occurred to more than 130 million clients who had their information (credit card associated info) stored on a credit card processor’s databases. The hackers knew this and specifically targeted the business to ensure that they would acquire usage of sensitive monetary info of these 130 million individuals.
Thankfully, you will find laws that need businesses to shield individual info once they collect it. Being aware of what the connection is in between information breaches and identity theft is an essential step. It is simple to see that the connection occurs when a business has its info breached either through a theft or an accident. If a person’s info is lost from a information breach, specialists point out that they are 6 times much more most likely to turn out to be a victim of identity theft, due to the compromise of the data.
For more information check out this secure usb drive review.
Health related data of people that are kept by using a digital platform are really prone to fraud if they may be not safely placed. One particular unpleasant incident of fraud has emerged just lately. SAIC (Science Applications International Corp.) had been liable for lost data of around 4.9 million recipients. They are told to pay for the expense of informing all those folks of fraud. The data had been kept on data tapes, not encrypted flash drives.
Thievery of health related data and various other personal data is a really vital concern and could lead to plenty of trouble for a person. Those details include quite personal data including SSN details, home address as well as contact number. These records could be utilized for identity fraud and various other similar criminal activities.
The data tapes had been ripped off from the automobile of the Science Applications International Corp. personnel. Science Applications International Corp. is lawfully responsible to safeguard health and fitness data and bear the expenses if there is any kind of disclosure of sensitive data. The expected expense that this company must deal with is around seven dollars for every individual. This might imply around thirty five million for 4.9 million recipients of TRICARE health care program.
In an effort to secure the health related data of people, the govt . has approved the '09 Health Information Technology for Economic and Clinical Health Law. This law is introduced as a portion of '09 U.S. Recovery as well as Reinvestment Law. As per this specific law, a firm could be expected to pay a fee up to one and a half million if they're not able to guard health and fitness data.
In case there is a fraud of files, The Department of Health and Human Services has the 100 % authority to do an intensive examination of situation. if found accountable, the accountable business will need to bear the charges. A right group of professionals will look at the parties involved and subsequently present the verdict for the charges that needs to be compensated.
Health and fitness information is a person’s private belonging and thus must be kept safely and securely. In case any kind of disparity is identified, the liable person or body must be penalized and must be expected to bear the costs of actions necessary for damage control whenever possible. This secure USB flash drive review provides more info about data security.