As more and more transactions are carried out online, credit card security and the need to achieve universal PCI Data Security Standard (PCI DSS) compliance continue to be a key issue. Many eCommerce merchants, especially retailers who fall within the small to medium category, are neglecting to keep up to date with the PCI standards required ...
Read Blog
A few weeks ago, Iran reported intensified cyberattacks on its energy sector that they observed as a direct continuation of the Stuxnet and Duqu attacks. Over the weekend, the IR Cert (Iran’s emergency response team) published a new report that describes this attack as Flame and/or Flamer. Some other news agencies also called  the attack ...
Read Blog
I’m kicking off a series of blog posts over the coming weeks and months related to emerging markets. Look for countries such as Mexico, Brazil, Peru, Colombia, and South Africa to be discussed. Later, we’ll explore other countries including those in Asia as well as Europe and the Middle East. The terms “emerging markets” and ...
Read Blog
Facebook, Twitter, LinkedIn and other social media platforms are invaluable tools for 21st century enterprise collaboration and marketing, but they introduce multiple security hazards that organizations struggle to address. Dangers include confidential data leakage, reputational damage, social engineering opportunities for hackers, malware, and lawsuits stemming from inappropriate use by employees who see social media as ...
Read Blog
In late 2011, the FBI released documents and data focusing on "Operation Ghost Click." This malicious operation, leveraging a variety of DNSChanger-type malware, was defined by the FBI as an "international cyber ring that infected millions of computers." Associated malware samples and events can be traced back several years, and multiple platforms were targeted. To this day many remain ...
Read Blog
I'm a huge fan of PayPal and use it on a regular basis - it's linked to my bank account and credit cards, and it has a lot of my close friends and family's shipping addresses for easy gift giving.  So it's no wonder that I get a lot of emails from PayPal confirming receipts, ...
Read Blog
According to a 2010 Verizon Business study, more than 90% of records breached involved a database, with over 87% based on exploits requiring significant technical skills. We need to take studies like this as an important lesson about security management. In our profession, it is always necessary to have the right tools for the right ...
Read Blog
As soon as you contract with a cloud provider, you should be concerned not only with your IT security but the provider’s as well. If you’re a small or medium-sized business you may assume the provider’s security is superior to your own, and you might be right, but make sure you ask the right questions ...
Read Blog
Cloud security is a huge, ever evolving subject that is difficult to cover in a short space, especially with so many different cloud service types and architectures (SaaS, IaaS, PaaS, external, internal, and hybrid). However, there are a few cloud security practices that just about any organization should apply when working with the cloud. Don’t ...
Read Blog
If you can't measure it, you can't manage it.  Metrics, the bane and blessing of corporate citizens, emerge from this truism.  Metrics allow managers to determine the efficacy of process changes and technology implementation.  However, poor metrics sometimes impose an atmosphere of micromanagement that damages employee and customer relationships. The use of business intelligence (BI) ...
Read Blog