Accounting for transaction assurance
Illena Armstrong, VP, editorial, SC Magazine
Given the majority of today's headlines, the fact that nine out of 10 companies have been breached during the last year is far from shocking.
According to recent research from Ponemon Institute and Juniper Networks, many of the 583 U.S.-based IT and IT security practitioners responding to the survey have not only experienced a successful attack against their networks, about 59 percent of them have seen their infrastructures successfully compromised at least a couple of times during the year.
On the positive side, I suppose, most have been able to ferret out just where data was lost or exposed. In those instances where the IT pros were able to define the source, attacks typically were launched by outsiders.The news seems to mirror just a couple of stories that emerged across North America recently. In June, 283,000 Honda and Acura customers in Canada fell victim to attackers hitting the companies' websites to steal customer information stored in a database. Meanwhile, Citibank in the United States reported that same month that cybercriminals had penetrated its online banking platform, likely exposing the personally identifiable information of about 200,000 customers. Insider abuse is still a huge problem, as well.
Even with the updates to Federal Financial Institutions Examination Council (FFIEC) guidance that were released in July, which direct financial institutions conducting “high-risk transactions” to implement layered security to mitigate threats, the breach of Citi's transaction platform likely would have been successful, say many experts.
While the FFIEC document defines layered security as “different controls at different points in a transaction process,” calling for dual customer authorization or transaction monitoring/anomaly detection, most banks haven't really begun investing in such tools, experts contend.
That's why, for the 2012 SC Awards U.S., we've added new categories to account for technologies that help to minimize online fraud. Most organizations are reliant on their web presence to conduct transactions with their customers. Finding the best ways to safeguard these exchanges is critical. The deadline to submit nominations for the SC Awards is Aug. 26. You can visit www.scmagazineus.com/awards to learn more. We'll look to celebrate finalists and winners in all the groups during February's RSA Conference in San Francisco. Stay tuned for more details.
Illena Armstrong is editor-in-chief of SC Magazine.
