Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. Nearly all modern applications, including those sold commercially, are built using some open source components. A single flaw in one library can cascade to all applications that leverage that code. According to Chris Eng, Chief Research Officer at Veracode, “Open source software … More
As breaches and hacks continue, and new vulnerabilities are uncovered, secure coding is being recognized as an increasingly important security concept — and not just for back-room techies anymore, Accurics reveals. Cloud stack risk “Our report clearly describes how current security practices are grossly inadequate for protecting transient cloud infrastructures, and why more than 30 billion records have been exposed through cloud breaches in just the past two years,” said Sachin Aggarwal, CEO at Accurics. … More
The post Technologies in all layers of the cloud stack are at risk appeared first on Help Net Security.
Senior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Results from a global external survey of over 400 security leaders that work in large financial services companies reveal concerns on security measurement and metrics that include data confidence, manual processes, resource wastage and request overload. Issues with processes, people and technologies The results … More
The post Over half of security leaders still rely on spreadsheets appeared first on Help Net Security.
Organizations that put data at the center of their vision and strategy realize a differentiated competitive advantage by mitigating cost and risk, growing revenue and improving the customer experience, a Collibra survey of more than 900 global business analysts reveals. Orgs rarely use data to guide business decisions Despite a majority of companies saying they valued using data to drive decisions, many organizations are not consistently executing. While 84% of respondents said that it is … More
The telecommunications, retail and financial services industries have been increasingly impacted by COVID-19 online fraud, according to TransUnion. From a consumer perspective, Millennials have been most targeted by fraudsters using COVID-19 scams. Overall, the percent of suspected fraudulent digital transactions rose 5% from March 11 to April 28 when compared to Jan. 1 to March 10, 2020. More than 100 million risky transactions from March 11 to April 28 have been identified. “Given the billions … More
The post COVID-19 online fraud trends: Industries, schemes and targets appeared first on Help Net Security.
The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group. The report surveyed business decision makers about cyber vulnerabilities and risk mitigation efforts. Insurance purchasing decisions influenced by media coverage Most businesses surveyed indicated they had purchased cyber insurance, and more than 70% … More
The post Businesses vulnerable to emerging risks have a gap in their insurance coverage appeared first on Help Net Security.
Many educational organizations are at risk of data security incidents during the current period of working from home and virtual learning, a Netwrix report reveals. Weak data security controls According to the survey, even before the COVID-19 pandemic, the majority of educational organizations had weak data security controls. In particular, 54% of IT professionals in the educational sector confessed that employees put data at risk by sharing it via cloud apps outside of IT knowledge. … More
The post Educational organizations use cloud apps to share sensitive data outside of IT control appeared first on Help Net Security.
The Christmas shopping season can increase retailers’ cyber risk, with bad actors looking to take advantage of the massive surge of in-store and online shoppers that comes with it. What is important for retailers to keep in mind is that it’s not only their own network they have to worry about when it comes to mitigating cyber risk, but their entire supply chain ecosystem – from shipping distributors and production partners to point-of-sale technologies and beyond.
Take for example the infamous 2017 NotPetya attack that targeted large electric utilities, but actually ended up stalling operations for many retailers as a result. This nation-state attack had a snowball effect, wreaking havoc on shipping companies like FedEx and Maersk who are responsible for delivering many retail orders. FedEx operations were reduced to manual processes for pick-up, sort and delivery, and Maersk saw infections in part of its corporate network that paralyzed some systems in its container business and prevented retail customers from booking ships and receiving quotes.
Here are some important steps they can take now to mitigate supply chain cyber risk this holiday season and beyond.
An inventory of vendors and the systems they have access to allows security teams to keep track of all possible paths a cybercriminal may exploit and can help them better identify vulnerabilities and improve response time in the event of an incident.
Step 2: Take control of your Third-Party Accounts
Once you have a firm grasp of the supply chain, a critical focus should be to identify and manage any network accounts held by these organizations. While some suppliers may need access to complete their daily tasks, this shouldn’t mean handing them a full set of keys to the kingdom on their terms.
Retailers should ensure each vendor has an email account and credentials affiliated and managed by the retailer – not by the supplier organization and certainly not the user themselves. By taking this step, the retailer can ensure they are the first point of notification if and when an incident occurs and are in full control over the remediation process.
Step 3: Assess your Suppliers’ Security Posture
While a supplier’s security posture doesn’t necessarily indicate that their products and services contain security flaws, in the cyber world, where there’s smoke, there’s eventually fire. Poor security performance can be indicative of bad habits that could lead to increased vulnerability and risk exposure.
Having clear visibility into supplier security performance can help retailers quickly pinpoint security vulnerabilities and cyber incidents, while significantly speeding up communication and action to address the security concern at hand.
Step 4: Continuously Monitor for Changes
Third-party security performance assessment should not be treated as a one-and-done item on the supply chain management checklist.
The cyber threat landscape is volatile and ever-evolving, with new vulnerabilities and attack vectors cropping up virtually every day. That means retailers need solutions and strategies in place that provide a real-time, continuous and measurable pulse check of supplier security posture to ensure they are on top of potential threats before they impact the business and its customers.
Just as retailers track billions of packages and shipments in real-time to ensure there are no mistakes or bumps in the road, their vendor risk management program should be treated with the same due care.
This holiday season and beyond, it is critical that retailers invest in supply chain security management to reduce the risk of data breaches, slowdowns, and outages – and the costs and reputational damage that come along with them. After all, retailers are only as secure as their weakest third-party.