Rise in cyberattacks means firms must develop security skills and mindset

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.siliconrepublic.com/strategy/item/34758-rise-in-cyber-attacks-means/

The recent spate of data breaches that saw 43,000 Irish people’s credit and
debit card details fall into the hands of hackers are a stark warning to
public and private-sector organisations to be on their guard.

A cyberattack on Ennis-based LoyaltyBuild, which operates loyalty schemes
on behalf of Supervalu, Axa and Stena Line, resulted in the credit and
debit card details of 43,000 customers being accessed.

The breakdown included 39,000 Supervalu customers, 4,368 Axa customers and
more than 50 Stena Line customers.

It is understood that the CVV numbers on the back of cards required to
complete transactions were not stored on the compromised servers.

The same spate of attacks affected 102,000 people in Norway and Sweden.

The cyberattacks reported this week is a stark warning to all organisations
that they need to be better prepared to guard against sophisticated threats
that can cripple information technology systems, according to RSA, the
security division of EMC which employs 3,000 people in Ireland.

Firms need to upskill and develop a security mindset

Gerry Murray, EMC’s country manager, said the cyberattacks reported this
week was symptomatic of new risks to our IT systems, as cyber-adversaries
around the world try to disrupt organisations.

“The rate and rise of cybercriminality shows that IT systems have never
been more vulnerable and organisations need to take more proactive steps to
prevent cyberattacks as part of a new defence strategy,” Murphy said.

“With the rise of targeted and sophisticated adversaries, we learn more
about weaknesses and we now know that intelligence-driven information
security is emerging as the clear pathway for all organisations to protect
their IT infrastructure.

“That means collecting reliable cybersecurity data and researching
prospective cyber-adversaries to better understand risk and learn about why
and how attacks occur.

“It means developing new skills in the IT team to produce and analyse
intelligence and identify normal and abnormal system and end-user behaviour
in the IT environment,” Murray added.

He said combating advanced threats will require a new security mindset and
improved practices for gathering, sharing and acting on cybersecurity
intelligence.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.