GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Non-payment mobile options popular this holiday season

Patti Murphy


Industry Update

Holiday season brings tidings of CNP fraud

Tripwire, Verizon advocate cyber-readiness

California vote bumps pot toward legitimatization

Vantiv growth plans to include Moneris USA


2016 ISV study

Smartphone ecommerce on the rise

Daria Rippingale


Payments are live

Dale S. Laszig
DSL Direct LLC

Biometrics hot at Money20/20

Peggy Bekavac Olson
Strategic Marketing


Street SmartsSM:
Sales as a healing profession

John Tucker
1st Capital Loans LLC

Gateways rising

Adam Atlas
Attorney at Law

The friendly fraudster: Your merchants' worst frenemy

Evi Triantafyllides

Expand your time

Steven Feldshuh
Merchants' Choice Solution East

Company Profile

Digitzs Solutions Inc.

New Products

Personalized, mobile, in-store shopping

Contextual Commerce Platform
OmnyPay Inc.

EMV-certified reader for smartphones, tablets, PCs

Walker C2X


Boundless creativity


Letter from the editors

Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 28, 2016  •  Issue 16:11:02

previous next

Tripwire, Verizon advocate cyber-readiness

The National Retail Federation projected a 3.6 percent increase in 2016 retail holiday sales, and leading security firms are warning companies to protect their data. Recently published reports by Tripwire Inc. and Verizon Inc. suggest retailers can do more to safeguard physical stores and ecommerce sites. The Tripwire study, published Oct. 10, 2016, surveyed 763 information technology (IT) professionals, 100 of whom were in the retail sector. Verizon's 2016 Data Breach Investigations Report analyzed over 100,000 incidents that occurred in 2015, including 3,141 confirmed data breaches.

Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire, cautioned IT professionals against complacency. "The increased scrutiny of retail cyber security in the wake of major breaches has forced organizations to focus on securing their environments, yet these survey results show that there's still a lot of room for improvement," he said.

Verizon's study found that 99 percent of reported cyber attacks in 2015 occurred within a period of hours but went undetected for weeks, sharply down from response times in 2014. "There is a dramatic decline in internal discovery and a corresponding increase in discovery by fraud detection in our dataset this year," the authors wrote.

Seven-point protection plan

Tripwire analysts recommend protecting physical and digital infrastructures with a seven-point plan established by the United States Computer Emergency Readiness Team (US-CERT). "When implemented across an organization, these controls deliver specific, actionable information necessary to defend against the most pervasive and dangerous cyberattacks," the company stated.

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats and exchanging critical cybersecurity information with trusted partners around the world, according to its website.

Following are the seven elements to address as part of US-CERT's protection plan:

  1. Accurate hardware inventory
  2. Accurate software inventory
  3. Continuous configuration management and hardening
  4. Comprehensive vulnerability management
  5. Patch management
  6. Log management
  7. Identity and access management

Tripwire cited the following data as evidence of the need for early, automated threat detection:

  1. 84 percent of respondents were confident they could detect intrusions on their networks, but only 51 percent knew exactly how long the detection process would take.
  2. 43 percent of respondents knew how long it would take their vulnerability scanning systems to generate an alert after detecting unauthorized entry on the network; 81 percent believed it would happen within hours.
  3. 51 percent of respondents believed their automated tools do not detect all necessary information, such as locations and departments, needed to identify unauthorized configuration changes to endpoint devices.
  4. 36 percent of respondents said less than 80 percent of patches succeed in a typical patch cycle.

Advanced tools, surveillance

Verizon and Tripwire advise IT professionals to use advanced security tools to protect against increasingly cunning cybercriminals. Verizon cited phishing as a dominant cyberattack method. As multilayered protections against phishing scams, the company proposed spam protection, list blocking, email header/attachment/URL analysis and reporting of suspicious emails.

The Verizon report encouraged companies to authenticate, segment, and monitor all devices, apps and personnel connected to their networks. Report authors also gently poked fun at the idea of enforcing best practices within a security department. "One can't really say 'don't screw up again', or 'pay attention to what you are doing, for Pete's sake,'" they wrote. "Nevertheless, there are some common sense practices that can be implemented to help keep errors to a minimum."

In addition, they recommended the following for reinforcing internal guidelines: learn from your mistakes and implement new training materials for security awareness, use data to map the most common errors to minimize frequency and mitigate damage, and implement procedures to wipe all assets containing data clean before you resell or trash them.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios