On October 1, 2015, a liability shift occurred as it relates to responsibility for paying for chargebacks for counterfeit cards used at a retail store. Between the retail stores, the bank that issued the credit card, and the payment processor, whoever is prepared the least to accept EMV payment cards will now be responsible to pay for the chargebacks. With this still being a relatively new practice it can still be confusing for some users. The folks at Counterpoint POS have put together an infographic below, debunking common myths regarding EMV credit card processing.
The last several years have shown us that, despite our best efforts to secure our networks, the bad guys are still getting in. Perimeter defenses continue to fail, and data continues to be stolen. What’s more, the perimeter isn’t as clear a notion as it once was. Consequently, IT security teams are beginning to change their thinking and focusing on data security. A key aspect of data security is encryption, but it must be implemented in a comprehensive manner. If not, data may not be secured in all locations, leading to a false notion of security that can end in theft.
The days of being able to keep all of your files under lock and key are long gone. Everything is created and kept digitally now and, as our communications and records creation get modernized so, too, must a business’s security efforts. It isn’t enough to simply have your own internal server anymore, now that everything is online all the time.
There are few things worse for an IT Operations executive than a mission-critical application outage. The operations team must address it immediately, and as the clock ticks, the bottom line shrinks. The pressure is on to reduce the mean time to repair (MTTR), but when the application is up again, it’s time to consider how this fire drill could have been avoided.
Security is, justifiably, a top concern about public cloud environments. Application developers are migrating to the cloud for the agility and speed that the cloud can provide.
KnowBe4, issued an alert today on a malicious new trend in ransomware. Instead of “just” encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs. This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims).
Security breaches made big news in 2015. It seemed that every week brought with it a new high-profile data breach from a trusted major company—from retail giants to health insurers, and even government agencies. For many organizations, this was a wakeup call to ensure their security procedures fully protect their networks, critical infrastructure and sensitive data. But are organizations really more prepared today?
In the era of crippling state-sponsored hacks, cybercrime rings and data breaches, businesses are looking at all forms of preventative measures to keep attackers at bay. Even a modern-day James Bond would find it challenging to keep his data, and identity, a secret in the Information Age. And unlike in the famous films, the real-life ‘villains’ capable of stealing trade secrets, personal information and other forms of sensitive data are oftentimes anonymous and numerous. Reports estimated more than 317 million new pieces of malware were created within 2015 alone. Imagine what they can do today!
Transport Layer Security (TLS) is a protocol that offers a high level of security to help authenticate and encrypt information between a client and server for both inbound and outbound email (and website) traffic. Encryption protocols such as TLS help create secure connections for communications that must transfer across unsecured networks. Although there are others, SSL and TLS are two of the most popular security protocols of their kind.
Attackers are moving away from direct assault, and instead are hijacking and exploiting user credentials to thwart security tools, and gain easy access to business data. How can you strike back and stop breaches that attack your users far, far away?
Let’s face it. With so many credentials having been compromised and made available to attackers, password-based security is no longer effective. We know that eliminating passwords is the right thing to do, but that takes time, and the bad guys are already inside our networks.
Passwords are the weakest link in your security. Learn how to strengthen security with adaptive multi-factor authentication across enterprise identities and resources — without frustrating users.
with Jeremy Moskowitz, Founder and CEO, PolicyPak SoftwareIn this interview, Jeremy Moskowitz, founder and CEO of PolicyPak, speaks with IT Briefcase on the challenges and opportunities of using a virtual desktop infrastructure (VDI.)Read More >>>
In this report, you will gain a greater understanding of how industry and online presence drive your threat profile, how the Cyber Kill Chain construct drives understanding, and get recommendations on how to improve your security posture.
by Stefan Bernbo, CompuverdeAs the data deluge continues on unabated, vertically scaling legacy approaches to storage are falling short. Organizations need to find a way to store high volumes of data without busting the budget, all while maintaining high levels of performance… Read More >>>
Among providers of disaster recovery as a service there is wide variance in experience and service quality, together with other key differentiating factors. Data center managers should use this Magic Quadrant to help them evaluate providers of DRaaS services.
with Ed Macnair, CEO, CensorNetIn this interview, Ed Macnair, CEO of CensorNet, speaks with IT Briefcase on how security technologies needs to evolve to meet the challenge and opportunities of cloud computing.Read More >>>
This blog contains an eyewitness account we received from one of our U.S. bank customers following a security incident. Names and details have been withheld for confidentiality purposes.
Protecting data has become a priority for many organizations, but it’s becoming increasingly difficult for IT and data security departments to keep sensitive information from moving outside the network perimeter. This is due primarily to the proliferation of data-sharing tools, such as email, social media, mobile device access and cloud storage media. The reality is that the data security perimeter is forever changed as data is accessed and stored in multiple locations. With workers uploading data to a wide array of unsecured data sharing services, the people you have working inside your organization pose one of the biggest data security threats.
Software piracy continues to be a growing threat to software producers’ revenue and reputation as many have unknowingly left their products exposed, including market leaders like Microsoft®. How can you thwart digital theft? One of the most effective approaches is by leveraging the power of cloud licensing servers.
In a recent and highly publicized quarrel, Apple fought against the U.S. government’s request to create a workaround that would allow the FBI to break into an iPhone, essentially hacking into their own device. Without taking a deep dive into the implications of the situation, the FBI’s ability to work with a third party to crack that iPhone’s encryption gave many of us in the tech industry pause. At the same time, it proved a point that all of us who live, eat, and breathe security already know: no single security solution is infallible.
As I tour the world helping Active Directory administrators, auditors and security professionals secure their Windows environment, I often get questions about privileged access. The questions usually are about how privileges are granted and how an organization can know if its privileges are correct. These are great questions considering the onset of so many attacks on Windows in the past five to seven years. It is important to see that privileged access is usually at the core of these attacks.
Company boards now recognize the growing cyberthreat and the havoc data breaches can wreak. CISOs need to be ready to answer some fundamental questions as their role earns a bigger seat at the boardroom table.
Accepting a variety of payment forms — including credit and debit cards, and mobile and Web-based payments — is beneficial to all business owners. Not only does payment flexibility give customers the right to choose how to pay, based on the size and nature of their purchase, it can level the playing field between small business owners and well-established competitors.