What can we take away from the recent Zappos breach? Lucky for us, InformationWeek listed 8 lessons that all businesses should learn from the Zappos situation.
2011 was a record breaking year for data breaches. Will 2012 be the same? If companies do not tighten up their security, it may just be.
In recent news, another popular website fell victim to a cyber-attack. Zappos.com, an online shoe and clothing retailer, was hacked by an unknown criminal who was able to tap into their internal network/systems through one of the company’s servers in Kentucky. So what exactly was stolen?
According to Zappos CEO Tony Hsieh, the unknown criminal genius was able to nab customer names, email addresses, billing and shipping addresses, the last four digits on their credit card number, and a “cryptographically scrambled” version of their website password. In response to this, Zappos immediately emailed its 24 million customers explaining the situation at hand. They also advised their customers to reset their current Zappos passwords and to change their passwords on any other website that uses the same email address.
At this moment, Zappos does not know when they were attacked. Nor do they know how long the attacker had access to their internal networks. What they do know is that they will be temporarily closing their phone lines and answering all questions through email.
Although this was not a heavy breach, the attack still hurts the company. It disrupts the company’s activity, performance, and it ultimately affects their customers.
We can all agree that shopping during the holidays can get pretty hectic – so hectic that we dread making that trip to the mall, finding a parking space, and waiting in line to checkout. To avoid all of this, more and more consumers are shopping online during the holiday season. According to a report by comScore, “Online shopping around the holidays has increased 10 percent since the same time in 2010, to around $30.9 billion dollars spent thus far this season.”
In this season alone, four specific days have generated over $1 billion in spend each. This number obviously shows that online shopping is a solution for many consumers during the holiday season. Although this is great, many consumers probably don’t know that over $10 million of an expected $60 billion in sales will be stolen by cyber criminals this year.
You’re probably asking yourself, how do I avoid being targeted? It starts off with the simple things. You should always visit websites directly, use internet security software, and always check a site’s URL. Become a smart consumer and be aware of what site you visit and what links you click on.
To learn more about this report and what’s happening this holiday season, click here.
Now that we understand the importance of visibility, Ipswitch’s Frank Kenney is going to explain why having one consolidated view is critical and why organizations are having such a hard time achieving visibility.
To follow up on that, Frank Kenney will also explain how visibility into your file transfer process allows you to correlate critical information.
Visibility can be described in a number of different ways, but what does visibility mean when you’re talking about files and data flowing into, within and out of your company.
Here is the Ipswitch File Transfer definition.
Visibility: “Unobstructed vision into all data interactions, including files, events, people, policies and processes”
For more on visibility, please visit the Knowledge Transfer Blog at Ipswitch File Transfer (the Planet’s parent company) and view the Ipswitch File Transfer video below.
The Department of Homeland Security (DHS) and the FBI are investigating the events surrounding the security breach of an Illinois water plant’s computer system that damaged a water pump last week. Officials have traced the logs back to an IP address in Russia, which would make this event the first “foreign cyber attack on a US utility”, according to an article on Gizmodo.
The hacker gained access to the database of credentials managed by a vendor that provides technical support for the water plant, and used information taken from that database to remotely turn the water pump on and off, damaging the pump.
Service to the plant’s customers was not interrupted, and no one was hurt as a result of the attack. The bigger issue is the vulnerability of such systems, and the possibility of larger cyber attacks on similar infrastructure.
Although the DHS says “…there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety”, the fact that it did happen from a computer halfway across the world is alarming. This is just a small example that reiterates the need for sensitive systems to have the highest security and resistance to infiltration possible to protect against cyber attacks.
Here’s the link to the story on CNN, and the followup over at Gizmodo.
With Black Friday and Cyber Monday a little over a week away, people are patiently waiting to get their shopping fix. Last year, an estimated 100 million consumers spent $1 billion on Cyber Monday. Although these numbers are remarkably high, most people don’t know that roughly 75% of all consumers are worried about online fraud.
To get a better understanding of this, ThreatMetrix (an online fraud prevention company) and the Ponemon Institute (a data-security research firm) conducted a joint study. Based on their research, they reported that 26% of all consumers are seriously worried about being scammed while shopping online. In addition to this, another 53% of all consumers had some concerns for the same thing. To top it off, their study showed that 43% of their respondents were affected by online fraud at some point in their life!
This fully explains why people are so worried. According to Alisdair Falkner, chief products officer at ThreatMetrix, “Credit card fraud and identity theft are so common in today’s society that it would be unusual to find a family in the U.S. today that has not been affected. People are worried about fraud in online transactions, primarily because they don’t have visibility or transparency into how safely their information is being stored or potentially used downstream.”
Even though Falkner is right, most people will still participate in online shopping. The best way to prepare for Cyber Monday and to make sure you’re not a victim of online fraud is to be careful when shopping online. Take some time to look things over before purchasing right away. Make sure the website you visit is fully secure (this can be seen by the “https” and/or green lock in the address bar) and do what you can to increase your knowledge on online security.
With the year winding down, more breaches and attacks have surfaced and made headline news. To solve this issue, companies should tighten up their security and be more cautious of their surroundings and how they transfer valuable data. Losing personal and/or sensitive data and having it in the wrong hands can crumble a company. Therefore, it is extremely important to enforce and follow all security practices at all times.
In recent news, another major corporation has reported it was the target of a cyber attack. On November 3, 2011, Adidas became aware of the attack and immediately took action. They took down any site that was affected, left a message apologizing to their users, and then added in data security measures to their websites.
Some of the websites that were taken down include adidas.com, reebok.com, miCoach.com, adidas-group.com, and several other local ecommerce shops. Although all these sites were affected, there was no evidence shown of any stolen data.
Following the attack, Adidas left a message. “Nothing is more important to us than the privacy and security of our consumers’ personal data. We appreciate your understanding and patience during this time.”
To read the full story and learn more about the cyber attack on Adidas, visit UK’s ITPro.
Many companies in 2011 have been hit by high level attacks and breaches by malicious hackers. How are these organizations being targeted, and how are hackers penetrating their networks? It all starts with the lack of security awareness by individuals at a company.
In a recent article by Computer Weekly, Lieberman Software conducted a survey with 300 international IT professionals. The survey showed that:
50% of the respondents have worked for a company that have not changed their privileged passwords
50% of the respondents have worked for a company that have had its computer networks breached
42% of the respondents were aware that an IT staff was sharing passwords with others and giving them access to several systems
26% of the respondents knew of an IT staff abusing a privileged login to gain access to sensitive data
These results show that senior management need to enforce and pay attention to basic IT security practices. This means to constantly change passwords when you can, and to limit and/or lock down access to any systems that carry sensitive data. These little things will increase security and help keep hackers away.
Formerly FTPplanet.com, we have redesigned and relaunched as FileTransferPlanet.com, a community site for discussions about file transfer, web design, software deals, and other cool topics! Registration is free -- Post a question in the Discussion Forums or comment on any blog posts.
Monday, January 23, 2012
0
