More firms eye contractors' computer security plans

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.mysanantonio.com/business/technology/article/More-firms-eye-contractors-computer-security-4947965.php

Cybersecurity for small business is a major concern for large companies and
government entities that interact with them, with many beginning to limit
work with firms that are not secured, panelists said during a Houston event
Friday.

Leaders from Shell, CenterPoint Energy, NASA and the Federal Reserve Bank
of Dallas were among those proposing measures to defend against hackers at
a State of Cybersecurity panel hosted by theGreater Houston Partnership.
They said companies have started to cut off work with businesses that are
not keenly aware of online threats.

Hackers frequently break into small businesses as a gateway to steal
information from large ones, or to cause damage.

“We can protect ourselves, we can protect our people, we can protect our
assets; but when we have these collaborative work spaces and we interface
with other people, now we're trying to protect their assets also,” said
Rashi Bates, general manager for Shell WindEnergy.

Bates said companies are starting to take the same stance with computer
security that they do with physical safety — requiring partners to
strengthen their programs.

“It's getting to be the same thing with cybersecurity,” he said. “We give
preferential treatment to people that actually take that awareness
seriously.”

Computer security also is a concern for retail businesses such as
restaurants, said Bob Borochoff, CEO of Houston restaurant chain Cafe Adobe.

He said a friend got a call from Citibank a few years ago warning that his
credit card was being used in Los Angeles, minutes after he had used it at
one of Borochoff's Houston restaurants.

A bartender had used a hand-held device to swipe the card and move
information through the restaurant's Wi-Fi system, allowing accomplices on
the West Coast to clone it.

“There are crazy terrible things that happen in retail,” Borochoff said. He
added that the company has taken steps to secure itself and urges peers to
do the same.

Working with experts, the Greater Houston Partnership has developed a
cybersecurity guide for small businesses, available at
www.houston.org/cybersecurity. The guide advises firms to promote awareness
within their companies about online threats and encourage “security
hygiene” to keep businesses and their information and finances safe.

“Simply replying to everyone on an email thread is dangerous,” said Andre
Sawyer, director of security for Locke Lord.

Houston Mayor Annise Parker said at the event that the city suffered a
cyberattack nine years ago, initially losing “a few hundred thousand
dollars.” The city was reimbursed under a contract with a bank that
required the bank to prevent such transactions, she said.

But the attack exploited the wide access that city financial employees had
to its system, and thieves experimented with transactions of less than $4
before eventually taking the large sum, said Parker, who was city
controller at the time.

“It is important for all of us to recognize that we have to continuously
work together to make sure that the organization, the entities and the
assets over which we have responsibility are protected,” Parker said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.