BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

3 Ways Companies Can Protect Against Hackers

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 27 Jan 2014 19:09:33 -0700
http://www.retailsolutionsonline.com/doc/ways-companies-can-protect-against-hackers-0001

Experts say attacks on retailers like Neiman Marcus, Target, others will
happen again if businesses don't change their online security systems

More than 130 million customer accounts were compromised when online
security systems failed in 2013. While Target and Neiman Marcus were the
most high-profile of those illegal intrusions, they were far from the only
businesses targeted. Adobe,LivingSocial and Snapchat also suffered breaches
in 2013, along with many other businesses whose problems weren't publicized.

Andreas Baumhof,  the CTO for San Francisco computer and network security
firm ThreatMetrix, wrote in a recent article for The Business Journals that
the problem with passwords is that once cybercriminals have login info,
they then have access to personal data and identification that can be used
in a myriad of fraudulent ways. "Once an attacker apprehends a username and
password, the possibilities for fraud are endless, especially if the same
information is used across multiple accounts -- such as retail, social
media, and online banking accounts," Baumhof wrote. He said retailers and
web businesses have shied away from a two-layer authentication system --
 which are available by consumer choice on sites such as LinkedIn, Twitter,
and Google -- - because they don't want to inconvenience users.

So how can businesses find a balance in their security systems between
caution and intrusion, and better protect their users in 2014? Baumhof
outlines three steps businesses can take to fight password theft:

- Integrate login and payment screening for a single view of customers that
determines risk levels across logins, devices, history, and behavior. He
said most websites and companies don't have automated systems between their
fraud and security operations for sharing risk profiles.
- Share intelligence networks so more accurate, up-to-date information is
available to tell if an online user is a customer or a cybercriminal.
Baumhof said shared networks have the capability of analyzing a customer's
history of logins, payments, new account registrations and remote access
attempts. Having that information can quickly ascertain if if a user's
actions are suspicious.
- Institute "content-based authentication." For instance, a computer system
can "tag" a device and user that have successfully authenticated in the
past through a two-factor authentication. Then, when that user logs on from
the same machine in the future, a simpler authentication process can be
used.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: