Archive for March, 2009
Malicious Software (Malware) used in data breaches
According to the 2008 Data Breach Investigations Report malicious code (malcode/malware) contributed to nearly 1/3 of data breaches. I found it interested that they actually found malware on many more systems than just 1/3 but in those cases it wasn’t directly linked to the compromise they were investigating. They look at this other [...]
Sins of Omission…that lead to data breaches
Insider error is the leading cause of data security breaches according to a Verizon report.
It indicates that 62% of cases involve error and in 79% of those cases, it was insiders lack of doing something they should have (omission) that lead to the breach. Not following policies, procedures, and duties by those [...]
March Madness Scam Using SEO Poisioning
With March Madness in the air, you should be aware of a new scam to get your users to get malware installed on their system. It involved the search engine manipulation of Google and others to present malicious and compromised websites at the top of the search results. Websense recently reported that they [...]
Heartland Removed from PCI compliant list by VISA
Both Heartland and RBS Worldpay have been removed from the list of PCI Complaint vendors by VISA. In an article on the bankinfosecurity website it states that Heartland and RBS Worldpay are both on probation and have to recertify their PCI-DSS compliance with a QSA (Qualified Security Assessor). During the probation, they will [...]
Partner and 3rd Party Breach Sources
Partner and other 3rd parties have always been a large risk to a companies data security. The 2008 Data Breach Investigations Report released by the Verizon Business Risk Team gives us an interesting breakdown of breaches that are sourced from partners.
Often, companies look at partner risk from the perspective of “how much [...]
IT Admins 58 times more likely to be the source of an internal data breach
IT Administrators are 58 times more likely to be the source of a data breach than a regular employee and 25 times more likely than an executive.
Size Does Not Matter. Size of Company & Data Breaches.
According to the 2008 Data Breach Investigation Report conducted by the Verizon Business Risk Team it doesn’t appear to matter what size of company you are to experience a data breach.
The study is an analysis of 4 years of data security breaches from 2005 through 2008. There were 500+ cases that were [...]
Data Breach Sources…according to Verizon Business Risk Team
According to the 2008 Data Breach Investigation Report conducted by the Verizon Business Risk Team most data breaches occur as a result of external attacks.
The study is an analysis of 4 years of data security breaches from 2005 through 2008. There were 500+ cases that were analyzed as part of this [...]
How strong is the PCI shield?
Heartland CEO Bob Carr announced that they will fight any lawsuit because they were PCI certified at the time of the breach. Others including Hannaford plan to use the PCI shield as a way to protect their pocketbooks from lawsuits.
If being PCI certification meant that 1) your network was free from hackers, [...]