Home » Trustwave

Tag: Trustwave

How-Do-I-Protect-Against-Ecommerce-Malware

How Can I Protect Myself From Ecommerce Malware?

In a recent blog post, we discussed your likelihood of suffering a data breach, referencing some of the more recent statistics from the ITRC (Identity Theft Resource Center) 2017 Executive Summary. As the summary points out, data breaches are on the rise, and one of the more insidious methods is through a form of hacking known as ecommerce malware.

Overall, hacking is the number one cause for a data breach, but what exactly is hacking? The term “hacking” is actually an umbrella term that includes breach methods such as phishing, skimming and malware.

Recently, Visa came out with a security bulletin entitled “Protect Against Ecommerce Malware.” While most people are surprised to hear that ecommerce malware is a form of hacking, it is a method that is becoming much more widespread and deadly. This type of malware generally targets the website itself and not the user who visits the website.

Ecommerce malware is like an “online payment data skimmer” designed to capture personal information so it can be used and/or sold illegally. To install the code, the attacker must gain access to your ecommerce server. Most commonly, access is obtained by guessing administrator credentials or using stolen information. That may sound like a tall order until you look further at the ITRC study. Unauthorized Access makes up 10.8% of all breaches.

Additionally, Unauthorized Access can be used for more than just installing ecommerce malware. It can be used for a host of other techniques that cause damage. Between these two reports, it’s becoming even more apparent why you need to have strategies and tools to combat these types of attacks and maintain a Security First mindset.

The best way to fight hackers is by having some ethical hackers on your side. The SpiderLabs team at Trustwave are those ethical hackers. They leverage a Global Threat database and are a significant reason why Trustwave won Best Managed Security Service at the 2017 SC Awards as well as being named a “leader” in Gartner’s Magic Quadrant for Managed Security Services.

Wind River has partnered with Trustwave and the SpiderLabs team to create the Advanced Security Package, a toolkit designed to help our customers be Security First. Web Malware Monitoring and Remote Access Security, two of the 13 tools included in the package, were designed specifically to counter Unauthorized Access and ecommerce malware attacks. If you’d like to learn more, contact us today.

CYBER SECURITY AND THE ART OF WAR

Successful cyber-attacks can ruin businesses, livelihoods, and even the lives of Small and Medium Business (SMB) owners and their customers. The enemy continues to grow stronger, launching over 4,000 attacks at SMBs daily. And, the stakes could not be higher. This is not a game……this is a war.

• The majority of cyber-attacks are directed at SMBs, due mostly to the attacker’s perception of weaker defenses at SMBs as compared to larger enterprises with greater resources and defenses in place.
• Post-attack remediation costs of an attack can extend into the hundreds of thousands of dollars for an SMB
• 70% of SMBs attacked go out of business in less than 2 years after a significant breach

So, how do we win?

Oddly enough in these tech forward times, the answers may exist in a book written over 2,500 years ago.

Sun Tzu, the Chinese general, military strategist and philosopher who lived in the 5th century B.C. is best known for authoring, “The Art of War”. This seminal work has influenced military strategy from when it was written to present day. The Japanese military adopted many of the book’s principles as it built itself into a modern military power. During the Vietnam War, Ho Chi Minh had it translated and given to his officers for study, contributing to the Vietnamese Army’s success against the French and American forces. More recently, during the Gulf War American Generals Schwarzkopf and Powell employed Sun Tzu’s philosophies during that conflict. And to this day, “The Art of War” continues to be a part of the Marine Corps Professional Reading Program.

The following are a few key “Art of War” principles, rendered to address the cyber-security challenges faced by today’s business owner.


“Every battle is won before it’s ever fought.”

Sun Tzu speaks to the importance of being fully committed and prepared, well in advance of any engagement with the enemy. Did you know that approximately 80% of businesses are not fully PCI compliant? To extend the analogy, this means that 4 out of 5 businesses are already losing the battle.


“The expert in battle moves the enemy, and is not moved by him.”

An effective cyber-security strategy must be proactive, agile and restless. The advantage exists in forcing the cyber-criminal to react to the defenses being put in place. Ask yourself if you are acting, or reacting.


“A clever fighter is one who not only wins, but excels in winning with ease.”

This idea is similar to the modern day reference to people who exhibit mastery within their field. Elite athletes or artists for instance who, “make it look easy”. But as we all know, that mastery is the result of untold hours of consistent and focused practice of their craft. To “win” against cyber-attacks, you must persistently invest the time and energy necessary to excel at defending your enterprise.


“Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.”

This translates to the importance of establishing and maintaining a very powerful security schema, while remaining opaque to outside forces. This of course includes software solutions, but also includes well-defined security policies and even training protocols for employees, minimizing inroads for attackers. And in the event that an attack is detected, we must move swiftly and strongly to obliterate it.


“The greatest victory is that which requires no battle.”

This is the ideal state that we strive for. One in which the enemy chooses to not attack, as a result of the perceived strength of our defenses.

We at Wind River Financial in partnership with Trustwave are excited to offer our client partners the robust offering with in the Advanced Security Package (ASP) as we all continue to fight this battle. We encourage you to contact your Relationship Manager for your Login so that you can activate these enhanced tools immediately. These types of serial upgrades are critical to defend your business. Equally important is the commitment of the SMB owner to making cyber security a top priority. Having the very best tools in your arsenal, in tandem with a committed and vigilant philosophy is the best strategy for winning this war.

To learn more about the tools you can go here. To speak with a Relationship Manager call our Client Care 800-704-7253 ext. 6828

WEBINAR Chip Cards and Reducing Fraud – Recorded for your convenience

Is it still a mystery to you as to what makes EMV technology more secure? If this is so, and with that in mind, Wind River is offering the opportunity for our clients to participate in a webinar hosted by our security partner, Trustwave.

“EMV Chip Cards & Layered Security” is a webinar that explores EMV technology and how it can be effective in combating fraud. The webinar will also focus on what the impact of EMV migration will be for business owners. You will also learn more about “encryption and tokenization” which are becoming common day language in the credit card world.

We encourage you to participate in this one-hour webinar on Thursday September 17th at 1:00pm CST. You can register for the webinar here. Just click on “Register” and fill in the necessary information.

Now that the date has passed for the live webinar, you can still catch the presentation.  You can view the slide presentation by going here.  Or you can listen to the 30 minute recording by going here.

This is a great opportunity to hear professional experts talk in easy to understand terms and even humorous at times. Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers they are well-known internationally for their work.

We hope you will set the time aside on your calendar and as always, you can contact us with questions or concerns 1-800 704-7253 or info@WindRiverFinancial.com.

PCI 3.0 is Knocking… Are You Ready?

logo PCI

 

The Payment Card Industry Data Security Standard (PCI DSS) updates every three years and version 3.0 is upon us.  Visa, MasterCard, and Discover require that all merchants comply with this standard to help protect credit card data.

Related, the PCI Council requires that, as of January 2015, all merchants migrate to the new version during annual PCI renewal.  Therefore, if renewing after the New Year, there will be a different renewal process than in 2014.  Our PCI compliance partner, Trustwave, will be introducing a new version of TrustKeeper that will include the new standards and provide tools and information to help you through the renewal process.

PCI 3.0 has significant new and expanded requirements including:

  • All e-commerce previously out-of-scope for PCI is now being brought in-scope. This includes payment page redirects and hosted iframes that are marketed under different names from various providers. E-commerce will need to be addressed as part of the PCI questionnaire.
  • All service providers (web hosts, payment gateway providers, etc…) that touch your credit card data must be validated PCI compliant and detailed documentation to demonstrate this will be required to be on file at the merchant.   Wind River Financial is working with our partner gateways to assist with the new documentation requirements. This requirement begins in July 2015.

There are other requirements within the new standard that may impact your PCI compliance validation.  We strongly encourage you to become familiar with the new requirements in preparation for the updates.  A good resource is a recorded webinar from Trustwave in which they discuss the changes and how to prepare for them.  The webinar which lasts about 30 minutes can be accessed here or by following this link: http://trustwave.com/Resources/Library/Webinars/PCI-3-0-is-Knocking-on-Your-Door–Are-You-Ready-/

Express Renewal Option now available for Trustwave

Express Renewal Option now available in Trustwave!

Do you dread receiving the notices that the PCI Self Assessment Questionnaire you completed has expired? Do you find yourself putting the renewal process off knowing that you will have to complete the entire questionnaire all over again? If so, we have some exciting news for you!

We are pleased to announce that Trustwave has recently introduced an Express Renewal option. This new option allows for a much faster and easier renewal process! It is currently available to those businesses that have NOT changed their processing method over the last year. If your processing method(s) have not changed, this option is currently available and is a great time saver!

To take advantage of the Express Renewal process, login to Trustwave now! For detailed instructions on the Express Renewal process please click here.