Page 34 - GS150702
P. 34
Features
Outsmarting now just an everyday expectation," said Marc Punzirudu,
Senior Security Consultant with ControlScan Inc. "The
cyber predators biggest vulnerability point in any business is its people,
especially when security is loosely managed in-house
through a small team."
Punzirudu stated that social engineering can be very
difficult for smaller enterprises, and the rapidly changing
pace of technology is adding even greater security risk for
SMBs. "Business process hasn't kept up with technology, so
the risk assessment is no longer the same, but security is
still something SMBs do around ops as a second priority,"
he said.
However, security advancements such as Europay,
MasterCard and Visa (EMV), cloud computing, tokenization,
and point-to-point encryption represent key steps in the
ust like businesses, cyber threats come in all fight against cyber crime and sensitive business data
shapes and sizes, and any business with an email protection. Both Bretz and Punzirudu urge businesses of
address or a bank account is vulnerable. If a all sizes to take seriously precautionary security measures
J business handles private customer information, such as Payment Card Industry Data Security Standard
electronic payments or large volumes of cash, for example, compliance, software and firewall updates, installation of
its security stakes automatically increase. anti-virus software enterprise-wide, and POS upgrades.
Assistance, tools available
Cyber-security breaches and information phishing
schemes have occurred through a multitude of business In addition, they suggest implementing ironclad risk
channels, including POS systems, websites, online accounts mitigation practices. "Businesses need to adopt mitigation
and email. Even outdated business software programs are processes that are very similar to what a bank would do,
a prime target for predators seeking to punch through such as financial approval systems that require two people,
a business' security front to get into the back end where secured white listings of who can be paid, etc.," Bretz said.
sensitive data lives. He added that fighting today's criminals requires "more
than social engineering," because they know how to do the
"If you go back two or three years, there were a lot of attacks reconnaissance. They will track a company's day-to-day
where criminals would take over online banking sessions patterns or watch for known events where they can swoop
to install malware, then they would send a fraudulent wire in, undetected, to spoof a system.
transaction," stated Charles Bretz, Director of Payment
Risk for the Financial Services Information Sharing and For example, the FS-ISAC recently published guidelines in
Analysis Center (FS-ISAC), an organization established by response to a rash of email scams through which criminals
the global financial services sector to analyze and share are taking over chief executive and chief financial officer
information about risks and mitigation. email accounts, then using the accounts to direct staff to
make wire transfers – something employees who routinely
Bretz noted that he has observed criminals concentrating make wire transfers wouldn't question if they hadn't been
on various services retailers have implemented. "For alerted in advance.
instance, remote access for software maintenance services
is now being attacked," he said. "Criminals are monetarily Although the prognosis may seem a bit gloomy at times,
driven, so when they find a successful entry point they can there is good news. In addition to increased compliance
continue to exploit, they will." with data and device security standards and more abundant
SMBs a prime target access to effective security tools, SMBs are choosing to use
more secure, cloud-hosted software and improve employee
Business owners often believe cyber criminals will focus training to reinforce best practices for data security.
only on highly lucrative targets, but often it's the small
to midsize businesses (SMBs) that are at most risk. SMBs Also, federally sponsored education initiatives, such as the
have fewer resources to put toward combating fraud, very Federal Trade Commission's Start With Security business
little or no security training, rudimentary check-and- education initiative (www.ftc.gov/news-events/press-
balance systems, and recovery from a major data breach is releases/2015/06/ftc-kicks-start-security-business-education-
nearly impossible. They are the sitting ducks savvy cyber initiative), are being implemented to help business owners
criminals love to prey upon. grasp the reality of cyber threats and guide them to take
greater accountability for their own data privacy and asset
"Threat and vulnerability management is talked about security.
quite a bit, and things like software security patches are
34
Outsmarting now just an everyday expectation," said Marc Punzirudu,
Senior Security Consultant with ControlScan Inc. "The
cyber predators biggest vulnerability point in any business is its people,
especially when security is loosely managed in-house
through a small team."
Punzirudu stated that social engineering can be very
difficult for smaller enterprises, and the rapidly changing
pace of technology is adding even greater security risk for
SMBs. "Business process hasn't kept up with technology, so
the risk assessment is no longer the same, but security is
still something SMBs do around ops as a second priority,"
he said.
However, security advancements such as Europay,
MasterCard and Visa (EMV), cloud computing, tokenization,
and point-to-point encryption represent key steps in the
ust like businesses, cyber threats come in all fight against cyber crime and sensitive business data
shapes and sizes, and any business with an email protection. Both Bretz and Punzirudu urge businesses of
address or a bank account is vulnerable. If a all sizes to take seriously precautionary security measures
J business handles private customer information, such as Payment Card Industry Data Security Standard
electronic payments or large volumes of cash, for example, compliance, software and firewall updates, installation of
its security stakes automatically increase. anti-virus software enterprise-wide, and POS upgrades.
Assistance, tools available
Cyber-security breaches and information phishing
schemes have occurred through a multitude of business In addition, they suggest implementing ironclad risk
channels, including POS systems, websites, online accounts mitigation practices. "Businesses need to adopt mitigation
and email. Even outdated business software programs are processes that are very similar to what a bank would do,
a prime target for predators seeking to punch through such as financial approval systems that require two people,
a business' security front to get into the back end where secured white listings of who can be paid, etc.," Bretz said.
sensitive data lives. He added that fighting today's criminals requires "more
than social engineering," because they know how to do the
"If you go back two or three years, there were a lot of attacks reconnaissance. They will track a company's day-to-day
where criminals would take over online banking sessions patterns or watch for known events where they can swoop
to install malware, then they would send a fraudulent wire in, undetected, to spoof a system.
transaction," stated Charles Bretz, Director of Payment
Risk for the Financial Services Information Sharing and For example, the FS-ISAC recently published guidelines in
Analysis Center (FS-ISAC), an organization established by response to a rash of email scams through which criminals
the global financial services sector to analyze and share are taking over chief executive and chief financial officer
information about risks and mitigation. email accounts, then using the accounts to direct staff to
make wire transfers – something employees who routinely
Bretz noted that he has observed criminals concentrating make wire transfers wouldn't question if they hadn't been
on various services retailers have implemented. "For alerted in advance.
instance, remote access for software maintenance services
is now being attacked," he said. "Criminals are monetarily Although the prognosis may seem a bit gloomy at times,
driven, so when they find a successful entry point they can there is good news. In addition to increased compliance
continue to exploit, they will." with data and device security standards and more abundant
SMBs a prime target access to effective security tools, SMBs are choosing to use
more secure, cloud-hosted software and improve employee
Business owners often believe cyber criminals will focus training to reinforce best practices for data security.
only on highly lucrative targets, but often it's the small
to midsize businesses (SMBs) that are at most risk. SMBs Also, federally sponsored education initiatives, such as the
have fewer resources to put toward combating fraud, very Federal Trade Commission's Start With Security business
little or no security training, rudimentary check-and- education initiative (www.ftc.gov/news-events/press-
balance systems, and recovery from a major data breach is releases/2015/06/ftc-kicks-start-security-business-education-
nearly impossible. They are the sitting ducks savvy cyber initiative), are being implemented to help business owners
criminals love to prey upon. grasp the reality of cyber threats and guide them to take
greater accountability for their own data privacy and asset
"Threat and vulnerability management is talked about security.
quite a bit, and things like software security patches are
34
