Home » data breach

Tag: data breach

File Integrity Monitoring Could Save Your Company

File Integrity Monitoring and How It Could Save Your Company

With the increase in data breaches, the data security world is a much scarier place today. According to the most recent stats from ITRC (Identity Theft Resource Center), 2017 was a record breaking year for data breaches, and 2018 is already on pace to be more of the same. So with threats coming left and right, what steps can you take to better protect your assets? Enter File Integrity Monitoring.

Seconds of Damage, Months of Recovery

In many cases, you may not know for a long time you have been compromised. According to CNBC, most companies aren’t aware of a breach until weeks after it has happened. This is likely due to the speed in which the incident occurs. The attacker is there and gone in seconds. Verizon’s 2016 Data Breach Investigations states that 93 percent of cases where data was stolen, systems were compromised in minutes or less, but in over 80 percent of cases, victims didn’t find the breach for weeks or more. This kind of damage to your business and reputation can take months, if not years, to repair.

Hackers Often Leave a Trail

So back to File Integrity Monitoring and why it is so critically important. File Integrity Monitoring (FIM) is the first line of defense of any organization wishing to protect its assets and data. To explain further, once a breach is under way in your network, the attacker will often do one or more of the following.

  • Modify critical systems, application binaries and configuration files
  • Access or modify data files
  • Modify or delete any log data to hide their tracks

The research done by Verizon analyzed more than 100,000 incidents and 2,260 breaches. They found that more than 90 percent of the breaches will fall into this same pattern. By having a FIM system in place, you’ll be able to monitor for these subtle changes and be instantly alerted if any of the above events have been detected.

File Integrity Monitoring Sniffs Out the Breadcrumbs

File Integrity Monitoring is such a valuable tool that we consider it a vital part of the Advanced Security Package. FIM will run every day at an inspection time determined by you and will watch for any changes within your network. A digest of the inspection report can then be emailed to you on a daily or weekly basis. Additionally, another helpful feature is a heatmap data visualization, which helps you quickly assess the state of your network. Events on this heatmap can be filtered by severity in order to help you focus on the most important events in your environment.

You Don’t Need a Fortress

A further quote from the Verizon study really drives this home. “There’s no such thing as an impenetrable system, but often even a half-decent defense will deter many cybercriminals — they’ll move on and look for an easier target. Sadly, many organizations fail to achieve even that modest ambition.”

Sometimes, it’s not about the size of your castle. It’s more about the size of your moat.

Put FIM in Place Today

File Integrity Monitoring is something that is available to all Wind River customers as part of the Advanced Security Package. If you’re interested in learning more or you’re an existing customer looking to get these tools in place, feel free to contact us today. We believe in creating Security First environments and delivering these capabilities in a way that saves you money.

data security configuration

How Misconfiguration Can Lead to Data Compromise

configuration: the way a computer or computer system is put together; a specific set and arrangement of internal and external components, including hardware, software and devices.

Source: Dictionary.com

Configuration is Key to Data Security

Did you know that just about every data security related compliance framework contains extensive requirements around configuration of hardware and software controls? Why? Because the way in which hardware or software is configured is about as important as having the device or software itself. For instance, having a firewall is a good thing, but it won’t do any good unless it’s configured to filter traffic between the internet and your computer network in a manner consistent with your security goals.

Some examples of the importance of secure configuration come from Trustwave’s 2018 Global Security Report where testing of thousands of web applications found that 100% were found to have at least one vulnerability. In addition, OWASP (Open Web Application Security Project) has security misconfiguration on their top 10 list of the most critical web application security risks for 2017. Lastly, the Verizon 2018 Data Breach Investigations Report (DBIR) recommends routine scans to identify misconfigurations before hackers do. Misconfigured databases, such as those directly connected to the internet and searchable by anyone on the internet, were a notable finding in the report.

Even on brand new computers, the default configuration for the onboard operating system is often not very secure. This is because computer manufacturers often have goals of ease of use, easy setup, or ease of establishing internet-based communications rather than security. As an example of this, I was recently setting up a new computer for my parents. As I was leafing through all configuration settings, I was surprised when I found that one of the default security settings was for the firewall to be turned off. Needless to say, I quickly turned it on.

How to Monitor Your Security Configuration

If you are a business owner or manager busy with running a business, you may not understand or have time to review your computer security configuration settings on a regular basis. For this reason, one of the security services that is included with Wind River Financial’s new Advanced Security Package (ASP) is Security Configuration Monitoring.

This is a service that monitors computer configuration against the relevant PCI Data Security Standard controls. It’s an automated service that detects configuration settings that are non-compliant and may weaken your business’s security posture. It does so on an ongoing basis which is important because sometimes employees intentionally, or unintentionally, change settings on computers on which they are working. It’s important that those responsible for a business become aware when settings are changed that may introduce a risk to the business which is exactly the purpose of this service.

Security Configuration Monitoring is but one of many data security related services that are available as a software agent download as part of Wind River Financial’s ASP. If we have not contacted you about enrolling in this program, you may be hearing from us shortly as it’s being rolled out in phases. If you have not been contacted but would like to get a jump start on it, give us a call or send us an email and we can get you started.

WRF Director of Risk Management – “Is Health Care Ready for the Next Big Data Breach?”

As Wind River’s Director of Risk Management, Doug Buan understands data security and the dangers stemming from a data breach in intricate detail. His 23 years of experience encompass everything from law enforcement to retail loss prevention to fraud investigation. With that history comes a complex understanding of how to better manage data risk and mitigate security weaknesses.

Since joining our team, Doug has been using his expert knowledge to educate health care organizations about the risks associated with data breaches, especially in terms of the loss of sensitive patient financial information.

Recently, Doug contributed an article for the Healthcare Financial Management Association (HFMA). His article asks the question of whether health care is ready for the next big data breach. It’s a vital question. Back in 2017, approximately 5.6 million patient records were put at risk due to data breaches. With each ongoing year, the health care industry becomes a more and more enticing target for hackers. This fact ensures that data security needs to be an absolute top priority for these organizations.

In the article, Doug lays out security practices for how health care organizations can better protect themselves from a breach. The core concept comes down to implementing a Security First mindset. By shifting to focus on security above all else, IT departments and executives will be able to react quickly and strategically to any threat to their organization’s data while still meeting the PCI compliance framework.

If you’d like to read more about Doug’s strategy, make sure to check out the full article over on HFMA.org.

How-Do-I-Protect-Against-Ecommerce-Malware

How Can I Protect Myself From Ecommerce Malware?

In a recent blog post, we discussed your likelihood of suffering a data breach, referencing some of the more recent statistics from the ITRC (Identity Theft Resource Center) 2017 Executive Summary. As the summary points out, data breaches are on the rise, and one of the more insidious methods is through a form of hacking known as ecommerce malware.

Overall, hacking is the number one cause for a data breach, but what exactly is hacking? The term “hacking” is actually an umbrella term that includes breach methods such as phishing, skimming and malware.

Recently, Visa came out with a security bulletin entitled “Protect Against Ecommerce Malware.” While most people are surprised to hear that ecommerce malware is a form of hacking, it is a method that is becoming much more widespread and deadly. This type of malware generally targets the website itself and not the user who visits the website.

Ecommerce malware is like an “online payment data skimmer” designed to capture personal information so it can be used and/or sold illegally. To install the code, the attacker must gain access to your ecommerce server. Most commonly, access is obtained by guessing administrator credentials or using stolen information. That may sound like a tall order until you look further at the ITRC study. Unauthorized Access makes up 10.8% of all breaches.

Additionally, Unauthorized Access can be used for more than just installing ecommerce malware. It can be used for a host of other techniques that cause damage. Between these two reports, it’s becoming even more apparent why you need to have strategies and tools to combat these types of attacks and maintain a Security First mindset.

The best way to fight hackers is by having some ethical hackers on your side. The SpiderLabs team at Trustwave are those ethical hackers. They leverage a Global Threat database and are a significant reason why Trustwave won Best Managed Security Service at the 2017 SC Awards as well as being named a “leader” in Gartner’s Magic Quadrant for Managed Security Services.

Wind River has partnered with Trustwave and the SpiderLabs team to create the Advanced Security Package, a toolkit designed to help our customers be Security First. Web Malware Monitoring and Remote Access Security, two of the 13 tools included in the package, were designed specifically to counter Unauthorized Access and ecommerce malware attacks. If you’d like to learn more, contact us today.

What-Are-My-Odds-of-a-Data-Breach

Seriously, What Are My Odds of a Data Breach?

Unfortunately, your chances of experiencing a data breach are growing each year. In fact, the trends and shifts in awareness pertaining to data security are frightening to watch unfold. I read a recent study that polled adults in the US, UK and Australia that asked if the number of criminals trying to steal personal information is increasing. Not surprisingly, the survey indicated that 85% of respondents felt that it was.

We recently discussed why having a “Security First” mindset and approach is important, and as we look at what is happening with breaches, the importance is highlighted even more.

According to the ITRC (Identity Theft Resource Center), cyberattacks and breaches have grown both in frequency and in the amount of losses sustained. Here are some of the statistics as noted in their 2017 Executive Summary.

  • Breaches again hit a new record in 2017, with 1,579 breaches tracked, up 44.7 percent from 1,091 in 2016, as businesses and government entities move toward timely reporting
  • The number of records exposed rose to about 179 million, compared with 37 million in 2016
  • Businesses saw 870 breaches (55% of the total)
  • Medical/healthcare organizations were affected by 374 breaches (23.7 percent of total breaches)
  • Banking/Credit/Financial saw 134 breaches (8.5%)

For a more detailed breakdown, you can see the year-over-year data breach numbers by sector and category.

Another key statistic from the report indicates that 59.3% of breaches were from hacking. Hacking includes methods such as phishing, malware and skimming.

With the number of breaches increasing and hacking being the number one method, it is clear that one area of your defense strategy needs to focus on identifying and mitigating the damage as quickly as possible.

Part of our “Security First” approach is to help arm all of our customers with additional ways to keep their customer or patient data safe. Our goal this year is to educate our customers about data breach risks and how they can start down the path to be “Security First.” An important component of that process will be encouraging them to take advantage of the security and monitoring tools in our Advanced Security Package.

If you’d like more information about other issues we see becoming more prevalent in the market, feel free to contact us or read about the dangers of ecommerce malware.

Is Being PCI DSS Compliant the Same as Being Secure?

Is Being Compliant the Same as Being Secure?

I was reading a study published by Javelin the other day, and a few details really stood out to me.

“The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters.” (Al Pascual, Senior Vice President, Research Director and Head of Fraud with Javelin Strategy & Research)

One of the implications of this statement is that fraudsters are being even more aggressive and looking for data, all kinds of data. While being PCI DSS compliant at any given point in time may seem comforting, the reality is the fight is ongoing, and it will take a higher level of diligence to not have you or your customers impacted.

How Safe Are We

The study included a frightening statistic that really emphasized current security issues.

“16.7 million Americans were victims last year, up from 15.4 million last year, the previous high.”

These are only the confirmed victims, not those with compromised information that hasn’t been used yet.

It’s Not Just Card Data

Just as sobering was the fact that the fraudsters aren’t just looking for card data.

“Large-scale compromise of existing non-card accounts in 2017 was clearly facilitated by poor controls as fraudsters capitalize on weak authentication.”

Even in the card data arena, the focus is changing.

“Card not present fraud is now 81 percent more likely than Point of Sale (POS) fraud.”

As card present counterfeit fighting capabilities improve with chip cards, the fight starts to shift online.

Compliance is the Wrong Goal

These types of statistics make it clear that the goal of being “compliant” is too small. Being PCI DSS compliant does not equal being secure. To combat these issues, organizations will need to adopt a “security first” mindset and approach, as opposed to the “finish line” approach.

Is there a silver bullet out there? Unfortunately, no.

As with most things that can be complex, it is about being diligent. Part of the answer is to always review your readiness. It also means leveraging key tools and expertise to help minimize exposure.

Are You “Security First”?

A “security first” approach can be hard, as many organizations have IT staff that are already stretched thin and aren’t able to make security their primary focus. Understandably, their role has been to focus the majority of their efforts on keeping your organization’s systems and technology running.

Advanced Security Package: A Strong Step

At Wind River Financial, we see a need to help our clients by bringing a “security first” approach. It is for this reason that we engaged with Trustwave and put together the Advanced Security Package (ASP) as strong steps toward this goal. It is too important not to take these steps.

The benefits of partnering with us and going down this path are many. It allows us to provide tools and capabilities that not only reduce your risk but save you time and money.

It’s Not Always Good to Wait

If you have not yet heard about the Advanced Security Package, you will soon. Our goal for 2018 is to reach out to every customer in order to help them in this endeavor.

This isn’t something that can wait. If you have not been contacted yet, feel free to read the details of ASP and then contact your Relationship Manager.

We look forward to helping you become “Security First.”

It’s not a matter of if, it’s a matter of when

As you may know, the continuous battle between hackers, malicious software, and data security gurus is a continual game of cat and mouse like many things. Some of you have heard the adage that “it’s not a matter of if, it’s a matter of when” you will experience a data breach.

In the data security arms race, bad guys are using very sophisticated means of exploiting computer networks around the world. These same tools are available for purchase or rental in criminal forums on the dark net. Although your first thought may be that they won’t come after you because you’re “not one of the biggies,” you should know that over 90% of data breaches are to small and medium businesses. The thought of much of this is scary and you may feel somewhat helpless. However, there are tools that can help with some effort.

First, we mention the importance of PCI compliance. Yes, the groans are audible as no one likes compliance – we don’t like to be told we have to do something that may distract us from running our business. However, about 1 in 5 businesses fail after a data breach due to related costs and reputation damage. It’s a very real risk. As a compliance framework, PCI’s goal is to be a tool that helps point out the weakest points in your network and data security so that they can be addressed.

As the first generation that has had to manage today’s technology, it’s important to understand that computer technology requires management. The “set it and forget it” approach will bring risks to your business. If we don’t have internal technical staff to manage it, we may have to contract with external IT resources to properly manage the systems that contain not only our business and employee information, but also the sensitive information on our customers – including credit card data.

A basic protection we should be using is an anti-virus/anti-malware solution which we’ll refer to simply as “a/v.” These solutions are changing a lot right now as they migrate from being signature based (has to recognize malicious software that has been added to a negative database) to next generation a/v which may use artificial intelligence, machine learning, or applied mathematics to do their job. The effectiveness of signature based a/v has come under fire as being too slow and having to rely on malicious software being added to a database before you are protected from it.

Some of the next generation a/v solutions can recognize malicious software in real-time. You can imagine the benefit.  We are linking a recent related article from the Wisconsin State Journal.

We should also mention that we are currently working with our PCI compliance partner, Trustwave, on developing a security tools bundle that will be available to our customers. The tools will include an a/v solution and other services to help our customers secure their computer networks. One of the best parts is that they will also help fulfill a number of PCI related requirements. Please watch for future communication on this.

How will these data breaches affect me?

That is a question every merchant should be asking. Unfortunately, no one has the answer. Those of us in the industry, with a vested interest in data security, are anxiously awaiting the answer to that question. As we look into our crystal ball here at Wind River, we can see several different outcomes that are possibilities:

1) As with any high visibility national issue, the folks in Washington will get involved. We can expect new regulations or laws that will be presented as honestly trying to help the situation, but most likely, given Washington’s track record, probably exacerbate the problem. Our biggest fear is that it will be some “stealth” legislation that is tacked on to some other bill. We hope that there will be appropriate time given to comment and react, but we should be prepared for a fire drill to implement the procedures/security that will be proscribed.
2) There will be even more confusion about the correct path to take. Chip cards, biometrics, other cyber security maneuvers…..be prepared to be bombarded with the “silver bullet” solutions.
3) Increased security breaches….if the cyber crooks really believe the industry will be making the infrastructure more secure, they will put on a full court press to take advantage of the current situation.
4) Increased costs….see # 2, 3, and 4. The only thing we can be assured of is that the costs to safeguard the data and apply new standards will go up. We expect new terminals and software to be mandated.
Wind River takes the position that data security is the responsibility of the card issuers, the merchants, the processors, and yes, us the payment processing companies. We are all in this one together.
Our mission here at Wind River will be to provide our merchants with guidance and support as the effects of the recent breaches begin to impact our clients.