BreachExchange mailing list archives
More firms eye contractors' computer security plans
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 6 Nov 2013 23:20:10 -0700
http://www.mysanantonio.com/business/technology/article/More-firms-eye-contractors-computer-security-4947965.php Cybersecurity for small business is a major concern for large companies and government entities that interact with them, with many beginning to limit work with firms that are not secured, panelists said during a Houston event Friday. Leaders from Shell, CenterPoint Energy, NASA and the Federal Reserve Bank of Dallas were among those proposing measures to defend against hackers at a State of Cybersecurity panel hosted by theGreater Houston Partnership. They said companies have started to cut off work with businesses that are not keenly aware of online threats. Hackers frequently break into small businesses as a gateway to steal information from large ones, or to cause damage. “We can protect ourselves, we can protect our people, we can protect our assets; but when we have these collaborative work spaces and we interface with other people, now we're trying to protect their assets also,” said Rashi Bates, general manager for Shell WindEnergy. Bates said companies are starting to take the same stance with computer security that they do with physical safety — requiring partners to strengthen their programs. “It's getting to be the same thing with cybersecurity,” he said. “We give preferential treatment to people that actually take that awareness seriously.” Computer security also is a concern for retail businesses such as restaurants, said Bob Borochoff, CEO of Houston restaurant chain Cafe Adobe. He said a friend got a call from Citibank a few years ago warning that his credit card was being used in Los Angeles, minutes after he had used it at one of Borochoff's Houston restaurants. A bartender had used a hand-held device to swipe the card and move information through the restaurant's Wi-Fi system, allowing accomplices on the West Coast to clone it. “There are crazy terrible things that happen in retail,” Borochoff said. He added that the company has taken steps to secure itself and urges peers to do the same. Working with experts, the Greater Houston Partnership has developed a cybersecurity guide for small businesses, available at www.houston.org/cybersecurity. The guide advises firms to promote awareness within their companies about online threats and encourage “security hygiene” to keep businesses and their information and finances safe. “Simply replying to everyone on an email thread is dangerous,” said Andre Sawyer, director of security for Locke Lord. Houston Mayor Annise Parker said at the event that the city suffered a cyberattack nine years ago, initially losing “a few hundred thousand dollars.” The city was reimbursed under a contract with a bank that required the bank to prevent such transactions, she said. But the attack exploited the wide access that city financial employees had to its system, and thieves experimented with transactions of less than $4 before eventually taking the large sum, said Parker, who was city controller at the time. “It is important for all of us to recognize that we have to continuously work together to make sure that the organization, the entities and the assets over which we have responsibility are protected,” Parker said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- More firms eye contractors' computer security plans Audrey McNeil (Nov 11)