Home > RSS Feeds > Security
  • Secure mobile payment apps—mobile wallets—don't transmit a primary account number; they send a randomly generated token to the POS terminal and payment network.

  • Money matters are clearly uppermost in the minds of consumers worried about hackers. Credit cards and bank accounts were by far their top concern, according to Centrify's 2016 Consumer Trust research study, which surveyed 2,400 adults split evenly among the United States, the United Kingdom and Germany. Most of those surveyed see hacking as almost inevitable, but, even so, they hold businesses responsible or breaches. Part of the problem is that many companies aren't communicating with their customers about cyber-attacks: At least half of respondents in each country who were victims of a hack said they heard about the breach from the news or social media. Many said they would stop doing business with a company that was hacked. However, despite their fear of hacking, consumers don't change their passwords very often—in many cases, once a year or less frequently. Many in the survey group said they would be willing to spend 10 minutes or more tightening up security, with half or more citing a fingerprint ID as a security measure they would be comfortable with. "Weak passwords are the leading cause of data breaches," said Tom Kemp, CEO of Centrify. "Consumers need to have better password hygiene and transact with businesses that have next-level security, like multi-factor authentication, in order to protect their financial data."

  • Over the last decade, network access has become far more complex. A multitude of systems and devices—interconnected through mobility and clouds—has transformed the way data flows through the enterprise and to other organizations. Unfortunately, this has ratcheted up security risks. A study conducted by BeyondTrust, "IT Needs More Control Over Network Access Privileges," offers some perspective on the topic. The cyber-security firm surveyed more than 500 senior IT, IS, legal and compliance experts about privileged access management practices. Among the key findings: Weak and recycled passwords are common; many organizations lack a centralized password management policy; and many do not have a credential management framework in place. All of this puts many organizations at greater risk of a breach. Yet, remarkably, addressing the problem isn't overly complex. "This study confirms one of the unfortunate truths about data breaches today—namely, that many are preventable using relatively simple means," observed Kevin Hickey, president and CEO of BeyondTrust.

  • Biometrics is a step forward, but it increases risks. What happens when the digital code for a fingerprint, iris scan, voice print or facial geometry is hacked?

  • Despite clear indications that insider attacks are on the rise, most organizations remain ill-equipped to prevent them. And even though the potential costs of mitigating such attacks can be staggering, the majority of companies don't appear to be allocating additional resources to address the problem. Such are the findings of a recent survey of 500 cyber-security professionals in the "Insider Threat Spotlight Report,” co-sponsored by behavior analytics and monitoring vendor Veriato and other organizations. No longer can organizations afford to take a passive approach to insider threats: The survey findings make it clear that they need to invest in efforts to prevent such attacks. "Your organization is, and will be, compromised by insiders, and to prevent attacks, you need to have some controls in place that are specifically focused on the insider," said Mike Tierney, CEO of Veriato. "Trust is a strategy for failure." Tierney said that companies need to train employees on what data they can share or take with them outside the network, and ensure that departments are working together to detect and prevent attacks.

  • A firm that records the global movement of diamonds adopts blockchain tech to get a complete view of the transactional layers of the industry and specific gems.

  • The California Public Employees' Retirement System deployed a system with full visibility of physical and virtual networks, boosting performance and security.

  • Even though data residing in the cloud can be as secure as data stored in on-premise systems, IT leaders must constantly assuage security and compliance fears.