Archive for the ‘Optimize Operations’ Category

Automation seen as relief for payment fraud worries

June 19th, 2017

Financial and payment professionals don’t anticipate any respite from cyber fraud and attacks in the near future, according to a recent survey conducted by TD Bank.

An overwhelming 91 percent of the 392 finance professionals surveyed by the bank at the recent 2017 NACHA Payments conference said they expect payments fraud will become a bigger threat in the next two to three years.

The concerns are not without merit, the report said, with 64 percent of the respondents saying either their organization or one of its clients was involved in a cyber security event in the past year.

The most commonly cited incidents were business email compromise (20 percent); account takeover (19 percent); and data breach (15 percent).

“Companies need to be mindful that everyday tools from email to the Internet can pose risk to payment operations, and the criminal toolbox is expanding,” said Rick Burke, head of corporate products and services at TD Bank. “Corporate treasurers need to create layers of control for accounts and payments processing, both within their organization and in conjunction with their banking partners.”

The finance professionals surveyed said automating payments processing could offer greater defense against attacks, Burke noted. When thinking about the advantages of automating payments, 21 percent cited fraud control and security as the top benefit.

 

This article was written by Bob Violino from Information Management and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post Automation seen as relief for payment fraud worries appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

How to avoid a disastrous recovery

June 14th, 2017

Every chief information officer speculates on the health and resiliency of their data center to ensure the continuity of their business in the event of a disaster. Many go as far as to hold periodic tests to discover and mitigate vulnerabilities.

Netflix has gone even further by introducing testing in the form of their Simian Army which randomly tests the resiliency of their production environment against all manner of failures. And though cloud computing has provided a wealth of options for ensuring business continuity in the event of natural or manmade interruptions, disaster recovery (DR) is your last line of defense when every business continuity procedure and plan fails.

With outages costing enterprises up to $60 million a year, according to IHS Markit, DR planning is a critical component of every data center plan, even if the data center is in the cloud.

Furthermore, there are now regulations that require companies to have a DR plan in place. For instance, the Federal Financial Institutions Examination Council (FFIEC) has guidelines about the maximum allowable downtime for IT systems based on how critical downtime is to the business. If a disaster arises and a company isn’t prepared for it, the company can face fines and legal penalties in addition to the loss of service, data, and customer good will.

The ultimate goal of DR planning is to move “cold” data, complete copies of the data center frozen at a point in time, to the most cost effective location possible that provides for meaningful SLA recovery if/when necessary. These copies are then constantly updated to ensure any subsequent changes to the production environment are replicated to the DR environment.

Before moving forward with DR planning, organizations must look at industry-specific regulations such as HIPAA or the Sarbanes-Oxley Act to determine the right hosting infrastructure for their data. For example, strict data sovereignty and security requirements prevent organizations from saving personal data to the cloud if that data leaves the country of residence at any time.

After evaluating these requirements, it may be that the CIO will see that hybrid cloud makes the greatest financial and risk permissive option for that organization. Where previously, “cold” data was moved to tape for offsite storage, cloud based cold storage provides for cost effective retention of data and quicker recovery in the event of a disaster.

Implementing a hybrid IT infrastructure where data is backed up to the cloud – private or public – enables IT to continue to control and align the appropriate levels of data performance, protection, and security across all environments. By replicating data to the cloud and/or other physical sites, organizations can quickly recover operations to that facility when a primary site outage occurs.

Even in the absence of natural disasters, one potential disaster that is wreaking havoc on sensitive enterprise data today is ransomware – malware that takes the victim’s data hostage until ransom is paid. However, organizations with backup/DR solutions as simple as snapshot management software can use it to combat ransomware as part of the DR plan.

The concept is rooted in user-driven data recovery, and fights ransomware with its read-only feature that prevents encryption of the snapshot by an outside source. The protection occurs in the background for added reassurance and halts the need to pay cyber criminals for taking data hostage, as users will have a point-in-time recovery from which to restore their uncompromised data.

These days it’s rarely a matter of if disasters will strike, rather when they will strike. Organizations must create and test a comprehensive DR plan to prevent the potential for lost productivity, reputation, and revenue for the business.

By understanding the threats to their data, taking compliance regulations into careful consideration and creating an all-encompassing DR strategy, organizations will be well positioned to quickly recover operations and avoid the consequences of downtime from any disaster.

 

This article was written by Mike Elliott from Information Management and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post How to avoid a disastrous recovery appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

4 Tips to Secure Your IoT Deployment

June 8th, 2017

After years of delays and false starts, 2017 is supposed to be the year where the Internet of Things (IoT) truly starts to become a ubiquitous part of our lives. But while progress has been made, deploying IoT devices has been slowed by various concerns, of which the biggest are the very real security concerns around any IoT network.

Any IoT breach can carry serious consequences. A survey released today found that “Almost half of all companies in the US using an IoT network have been the victims of recent security breaches,” which can cost smaller companies around 13 percent of their annual revenue. Each of the tens of billions devices which make up IoT networks are a security threat, and the network is only as strong as its least protected device.

None of this takes away from the IoT’s benefits. But if companies want to use the IoT without being worried about threats like ransomware or privacy breaches, there are some critical steps in order to ensure your network and organization’s security.

1. Prioritize your devices

A February estimate of IoT forecasts that there will be 8.4 billion connected things worldwide in 2017 and that this number will increase to 20 billion by 2020. But just because a device can be connected to the Internet does not mean it should. And each one of those devices represents a security threat, as shown by cyberattacks where hackers took down major websites like the New York Times by hacking baby monitors and webcams.

I did not make that last sentence up. Each one of these devices represents a risk. And newer, more innovative devices using the IoT are more problematic because toaster and refrigerator manufacturers do not possess the same technological knowledge needed to protect their devices which larger tech companies have.

If you are creating a network with an IoT signal booster, whether for your home or your business, each and every device added is a potential security risk. Consequently, take the time to ask yourself if you really need that new device which boasts Internet connectivity to be connected to the Internet. If you cannot think of a good reason, then do not connect it. As so many more companies create new devices as part of the IoT, users have to realize that some devices are not worth the risk.

2. Hold cyber security drills

You have probably heard stories about how some businesses pay hackers to try and break into their business so they know what their weaknesses are. Such an approach may be a bit extreme, but a business should consider holding cyber security drills in order to identify weak IoT devices and how secure your system is.

Drills are not just about knowing your cyber security weaknesses. They are about ensuring that everyone knows what to do in the event of a breach. Businesses should have a plan for a data breach or hacking just as a business in Japan should have a plan for what to do in the case of an earthquake. If a hacker breaks into your business through your IoT devices and uncovers data, testing beforehand should make it clear what sort of response your business should give and what sort of data is the most likely to be at risk.

3. Communication within the business

As noted above, a major threat with IoT security is that there are a lot of IoT-related devices out there where security is a secondary concern for the device makers and tacked on at the end. This cannot happen if you are deploying an IoT network yourself. Leadership must be in constant communication with their IT departments so that everyone is on the same page.

This may seem obvious, but IT departments everywhere have always complained about how leadership does not understand the security risks they are going under, and IoT will just make this worse. I have personally heard in certain companies the idiotic paradigm of leaders who say the IT department is pointless when things are going fine, and then complain how they are not doing their job when things are going badly.

The IoT necessitates further cooperation between IT and the highest levels of leadership to know what security measures should be implemented for your business. Get on it.

4. Change passwords

A basic example of the lack of communication between leadership and IT concerns passwords. Most IT professionals know that it is important to have strong passwords which are changed regularly, but leadership can chafe at trying to remember those more complicated passwords. But a strong password really matters for IoT devices. Many of them come with a default password, but businesses never bother to change them as they are unaware of the security risks.

Passwords and encryptions remain some of the most basic yet critical aspects to protecting your devices. Talk with IT about ensuring that all of your devices carry strong protection and make sure it is regularly changed.

 

This article was written by Gary Eastwood from CIO and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post 4 Tips to Secure Your IoT Deployment appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

Majority of organizations expect cyberattack this year

June 7th, 2017

A majority of organizations think they will experience a cyber security attack this year, and many are not prepared, according to a new report from ISACA, a global association that helps individuals and enterprises optimize their use of technology.

ISACA’s State of Cyber Security report, based on a survey of more than 600 security executives worldwide, shows that four out of five organizations think they will be attacked this year. Only 46 percent of those organizations have confidence in their cyber defense teams.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” said Christos Dimitriadis, ISACA board chair and group head of information security at INTRALOT. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Among the other key findings of the research is that cyber security budgets are still expanding, but more slowly. Half of the respondents (50 percent) anticipate budget growth over the next year, which is down from 61 percent last year.

Enterprises continue to have difficulty finding qualified personnel. Only 30 percent receive 10 applicants or more for an open position, of which less than half are qualified. At the same time, the threat environment is increasingly hostile, with 53 percent of respondents reporting an increase in attacks in 2016.

The Internet of Things (IoT) is replacing mobile technology as a major area of concern. IoT concerns show no sign of slackening, the report said. And ransomware is expanding, but the processes to address it are not. About two thirds of organizations (62 percent) experienced ransomware attacks in 2016, but only 53 percent have a formal process in place to address it.

 

This article was written by Bob Violino from Information Management and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post Majority of organizations expect cyberattack this year appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

How To Plan For Security Incident Response

June 6th, 2017

Planning for the seemingly unlikely event of a severe cybersecurity incident seems unwieldy and time-consuming for many organizations. But consider this: According to the Ponemon Institute, 90% of organizations that go offline due to a cyberattack shutter their windows in the following two years.

A strong incident response plan is clearly a necessity these days. From threats like the recent WannaCry ransomware attack to the Google Docs phishing scam, there are a number of ways a security incident can unfold at your organization. Having a tested incident response plan in your back pocket can make the difference between a swift recovery or a high stress situation where every minute the incident remains unresolved results in more financial or reputational damage.

There are three fundamental components that will help ensure that your company’s incident response plan is a success.

Define security incidents and likely scenarios. While all IT service incidents deserve swift identification and triage, security incidents – which often have malicious intent – must be identified and tackled even more quickly. For example, a server at your company is unexpectedly rebooted in the middle of the day. This could be caused by an innocuous outage or it could be something far more sinister. Perhaps an unknown third party has installed a rootkit, and the system is restarting so changes can be applied allowing that third party unauthorized system access.

As you think through the possible incidents and scenarios, think about security best practices that can be circumvented (such as authentication) and cues from the news as your guide to recent, real threats (such as phishing and ransomware attempts).

What experts and stakeholders will be mobilized to handle all of the security, privacy and legal implications when a security incident occurs? How will your organization recover from a successful phishing attack? How will your organization cope with news of a severe data leak? What will you do once hackers are booted from your system? Play out each possible incident and how you would realistically respond. From there, write your incident response plan and procedures accordingly.

One resource to get you started is a generic incident handling procedure template from the Computer Security Incident Response Team. This is a good baseline document, but you’ll need to tailor it to meet your organization’s specific needs.

Communicate and train on the plan. Once your plan has been developed, reviewed and approved, the roles and responsibilities everyone plays should be disseminated to all relevant parties. An incident can be detected by anyone with the right “visibility.” Your IT team is obviously on the front lines for incident detection and response, but many people in your organization could end up identifying a problem first. Maybe your marketing team, who owns the website, notices some highly suspect traffic one day or encounters issues with the server. Do they know where to go? Any of your end users could click on a link in an email and realize afterwards that it seemed suspicious. Do they know who to call or email?

A hands-on and interactive way to ensure that key stakeholders know what role they play in incident response is to conduct tabletop exercises. A tabletop exercise is usually led by a security subject matter expert who walks a team of diverse stakeholders (from IT, security, management, legal, HR, etc.) through an impactful security incident scenario, facilitating the decisions made and providing feedback afterwards on how well the participants were aware of their responsibilities and the company’s policies. Tabletop exercises are one way of doing “red teaming” because they simulate how internal processes will play out if a real security incident gets reported and escalated.

Proactively mitigate your losses. A security incident that turns into a validated security breach can lead to devastating financial or reputational loss. Such losses are not easy to recover from, and in some scenarios, organizations never fully rebound. The Anthem Healthcare breach of 2015 came with a price tag well into the billions of dollars. And the code-hosting service, Code Spaces, went under in the months following its breach.

In addition to putting preventative best practice technical measures in place and preparing an actionable incident response plan, consider building relationships and lines of communication now with relevant government agencies, external legal counsel, digital forensics firms and potentially procuring cybersecurity liability insurance. All of these measures will be things your Board of Directors will and should expect you to have answers to, and communicating with your Board on these matters is an art unto itself.

In a world where it isn’t a question of “if,” but “when” your company may find itself the target of a cyber incident, a detailed incident response plan will be your lifeline to weathering the storm of security incidents in measurable ways. Executed well, it can help you demystify the what-if scenarios, decrease your panic about who will do what and plan through the worse-case scenarios to make sure you have all the experts and resources you need to handle any security incident scenario.

 

This article was written by Christie Terrill from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post How To Plan For Security Incident Response appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

A lack of IoT security is scaring the heck out of everybody

June 5th, 2017

Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released by the Ponemon Institute.

The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.

The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.

Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.

Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.

Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.

Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.

 

This article was written by Jon Gold from NetworkWorld and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post A lack of IoT security is scaring the heck out of everybody appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

A lack of IoT security is scaring the heck out of everybody

June 5th, 2017

Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released by the Ponemon Institute.

The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.

The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.

Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.

Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.

Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.

Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.

 

This article was written by Jon Gold from NetworkWorld and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post A lack of IoT security is scaring the heck out of everybody appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

A lack of IoT security is scaring the heck out of everybody

June 5th, 2017

Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released by the Ponemon Institute.

The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.

The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.

Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.

Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.

Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.

Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.

 

This article was written by Jon Gold from NetworkWorld and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post A lack of IoT security is scaring the heck out of everybody appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

A lack of IoT security is scaring the heck out of everybody

June 5th, 2017

Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released by the Ponemon Institute.

The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.

The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.

Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.

Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.

Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.

Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.

 

This article was written by Jon Gold from NetworkWorld and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post A lack of IoT security is scaring the heck out of everybody appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)

A lack of IoT security is scaring the heck out of everybody

June 5th, 2017

Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released by the Ponemon Institute.

The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.

The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.

Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.

Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.

Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.

Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.

 

This article was written by Jon Gold from NetworkWorld and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

The post A lack of IoT security is scaring the heck out of everybody appeared first on McAfee Blogs.

Posted in Optimize Operations | Comments (0)