Security of third party and gaps in security are affecting major retailers and hospitals, and the numbers of those affected stay to grow. And thus, Third Party/Vendor/Supplier Security risk governace is very important. Larger organizations uses third parties/supplier to provide goods and services, where these third parties gets connectivity to organization IT systems through partner networks or through other connection types like (FTP, VPN, e-mail.. ). Third parties IT systems when connected to organization IT system then it creates one more entry point for hackers. Third parties IT security may not have same level of rigor like the big organization and due to this now hackers are considering third parties as soft targets to launch the attacks on bigger organization. Third parties IT security loopholes are used steal data of these larger organizations.
Almost every day we probably get to know about data breaches. Protecting your data from threats and accidental compromises is a critical concern no matter what business you’re in. Client information, payment information, personal files, bank account details - all of this information can be hard to replace and potentially dangerous if it falls into the wrong hands.
The” Privacy Rights Clearinghouse” has maintained an easily searchable database of breaches from 2005 till present, allowing us to easily track the rise and fall of data breaches. Below shows year-over-year trends of breach data from 2013 through 2015:
Organization must adopt following basic best practices to reduce data breaches :
With the holiday season coming up, much attention turns to the retail sector, which is expected to see unprecedented activity as shoppers in a strengthening economy take advantage of seasonal deals and yet-further-expanded shopping hours. However, overshadowing the energy of the holiday shopping season, the specter of data breaches past sits more and more heavily on the minds of consumers and companies alike. As they whip out their credit cards and swipe their debit cards at millions of POS terminals this November, will the data on those cards be secure, or will they get their post-holiday statement to find mysterious charges and unfamiliar purchases?
Web.com Hacked!! Web.com, a Florida-based web hosting company with up to 3.3 Million customers, has suffered a data breach and may have compromised personal information and credit card data belonging to 93,000 of its clients.
The company on Tuesday confirmed that some unknown hackers had breached one of its computer systems on August 13, 2015, and accessed personal information of nearly 93,000 customers. Web.com, with the goal to help small businesses succeed online, uncovered the unauthorized activity as part of its ongoing security monitoring and shutdown process.
The purpose of writing this article is to bring some light to last year breaches in the world of Information Security. As an Information Security professional, it is our responsibility to protect our company’s assets, our customer’s assets from the world of breaches. In a recent cyber security conference RSA president Amit Yoran’s speech was one of the highlight where he pointed out the need of next generation SIEM’s. He mentioned that only less than 1% of attacks were detected by SIEM. We always believe, we are good and safe with the infrastructure we have. 2015 is going to be a challenging year where more APT’s or different sophisticated cyber attacks are going to witness. Are our Security operations or out customer’s Security team well versed to deal with it?
Consider if we get a message like this one day all of a sudden?
We’ve already warned you, and this is just a beginning.
We continue till our request is met.
Sally Beauty Holdings, Inc which is an international specialty retailer and distributor of professional beauty supplies with revenues of $3.8 billion annually is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores as per the statement mentioned in company's website. They are working with law enforcement and their credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure their customers are protected. The company says that, "Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but they will continue to work vigilantly to address any potential issues that may affect our customers."
Another data breach has happened and this time the victim is The Hard Rock Hotel & Casino in Las Vegas. In a statement available at The Hard Rock website, they have confirmed the breach and believe that hackers have accessed information about credit or debit cards including names, card numbers, and CVV codes used at certain Hard Rock Hotel & Casino Las Vegas retail and service locations.
They have asked customers to review their credit and debit card statements and report any suspicious activity to their bank. Also, in the statement they have given advice and encouraged customers to protect their information by activating the fraud detection tools available through ProtectMyIDÔö£├ÂÔö£├éÔö¼ÔòØ« Elite. Further, to protect the identity of user, The Hard Rock has engaged with Experian, the largest credit bureau in US.