Content

Accounting for transaction assurance

Given the majority of today's headlines, the fact that nine out of 10 companies have been breached during the last year is far from shocking.

According to recent research from Ponemon Institute and Juniper Networks, many of the 583 U.S.-based IT and IT security practitioners responding to the survey have not only experienced a successful attack against their networks, about 59 percent of them have seen their infrastructures successfully compromised at least a couple of times during the year.

On the positive side, I suppose, most have been able to ferret out just where data was lost or exposed. In those instances where the IT pros were able to define the source, attacks typically were launched by outsiders.

The news seems to mirror just a couple of stories that emerged across North America recently. In June, 283,000 Honda and Acura customers in Canada fell victim to attackers hitting the companies' websites to steal customer information stored in a database. Meanwhile, Citibank in the United States reported that same month that cybercriminals had penetrated its online banking platform, likely exposing the personally identifiable information of about 200,000 customers. Insider abuse is still a huge problem, as well.

Even with the updates to Federal Financial Institutions Examination Council (FFIEC) guidance that were released in July, which direct financial institutions conducting “high-risk transactions” to implement layered security to mitigate threats, the breach of Citi's transaction platform likely would have been successful, say many experts.

While the FFIEC document defines layered security as “different controls at different points in a transaction process,” calling for dual customer authorization or transaction monitoring/anomaly detection, most banks haven't really begun investing in such tools, experts contend.

That's why, for the 2012 SC Awards U.S., we've added new categories to account for technologies that help to minimize online fraud. Most organizations are reliant on their web presence to conduct transactions with their customers. Finding the best ways to safeguard these exchanges is critical. The deadline to submit nominations for the SC Awards is Aug. 26. You can visit www.scmagazineus.com/awards to learn more. We'll look to celebrate finalists and winners in all the groups during February's RSA Conference in San Francisco. Stay tuned for more details.  

Illena Armstrong is editor-in-chief of SC Magazine.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.