How 3D printing puts manufacturers at risk of cybertheft
The rise of 3D printing provides a new portal for cyberthieves—so you better protect your trade secrets.
The FBI says you’ve been breached by a nation-state. Now what?
What to do if your company’s network falls victim to hacking by a nation-state.
Anatomy of a Skimmer Attack
Lately it seems every day brings news of a cybersecurity attack in the retail space. How do cyber criminals pull it off? Let’s break down the anatomy of a skimmer attack. Thieves install electronic software “skimmers” on point of sale (POS) terminals. As customers swipe their credit cards, these skimmers collect the track data— the electronically encoded data on the magnetic strip on the back of a credit card. The capture of track data enables a cybercriminal to create counterfeit cards. They do so by encoding the track data onto a new card with a magnetic strip. In addition to the track data, thieves can secure information about the store’s location and zip code. This data enables cybercriminals to enhance the value of the stolen card numbers and evade fraud detection techniques based upon card user zip codes. Some cybercriminals work with insiders. Insiders are unreliable and unmonitored employees, contractors, or vendors with authorized access to the retailer’s POS infrastructure. The insider can use both access and knowledge of the system to install the skimmer, establish the collection and exfiltration process and software, and either disable, circumvent, or otherwise remain under the visibility of security controls. If the thief is …
Espionage tradecraft targeting businesses
Defending against sophisticated cyber attacks starts with awareness training.
Bring Your Own Cloud—Another BYOD in the Making?
As personal smartphones, tablets and other devices continue to penetrate the enterprise, another new phenomenon is emerging with the potential to disrupt existing IT architectures: Bring Your Own Cloud (or BYOC). Like the Bring Your Own Device (BYOD) concept before it, BYOC refers to the increasing use of personal third-party cloud storage and application services by employees in the enterprise. Many of these services are already familiar to us—Apple iCloud, Box, Dropbox, Evernote, Google Drive and Microsoft SkyDrive, to name a few. What’s new, however, is the blurring between personal and business activities on these platforms. In a recent survey, 75% of U.S. consumers said they planned to use a personal cloud service in the near future, and 72% said they planned to use it to store both work and personal documents. To users, the benefits of BYOC are compelling: The ability to access files and tools seamlessly from any device or location Data backup in the background without the need for configuration or disruption to their workflow Nominal cost or free While for businesses, BYOC presents its share of risk too: Loss of data security and control and many points of vulnerability Cloud “sprawl”— when employees are not using …
The internet of things raises new security questions
There are 10 billion internet-connected objects. IoT is creating security vulnerabilities that need to be carefully considered.