Wednesday, July 30th, 2008
Small- and medium-sized businesses are in denial about the threat posed by cyberattacks, security software firm McAfee concluded in a study published this week.
While most small- and medium-sized companies believe that they operate under cybercriminals’ radar, the study found that one-in-five firms have been attacked. The survey — which polled 500 companies with 1,000 employees or less — found that for every eight firms, only ten employees were dedicated to managing the businesses’ information-technology systems. A vast majority of the firms, more than 90 percent, stated that online access is very important to running their business.
"What came out of this (report) was, not only are they are target, but that a lot of the cybercriminals would prefer to go after the small- and medium-sized businesses," said Darrell Rodenbaugh, senior vice president for McAfee’s mid-market sector. He added: "And one-in-three have said that if they had a serious attack, it would put them out of business."
While large companies have dedicated staff and invest in security technology, their networks continue to be successfully attacked. In 2007, the number of publicly reported data leaks reached a record high while the amount of malicious code detected by software giant Microsoft jumped 40 percent. In December, a survey of privacy and security professionals found that 85 percent believed that a reportable breach had occurred in their company in the past year.
The most recent study adds more fodder to corporate IT concerns. The average company had a single person spending one hour per week on information-security issues, the study found. McAfee’s Rodenbaugh sees that as a challenge for security companies that want to target the small- and medium-sized business market.
"The last thing they should have to worry about is security, and this tells us that, in fact, that is the last thing they are worrying about," he said. "That means that we need to provide these companies with security technology that allows them to only spend an hour a week and still be secure."
If you have tips or insights on this topic, please contact SecurityFocus
Posted in Information Security | No Comments »
Monday, July 7th, 2008
In 2007, there were 329 reported security breaches in the U.S., according to the Privacy Rights Clearinghouse. That’s millions of names, Social Security numbers, credit card numbers and other personal information lost by or stolen from universities, government agencies and private businesses (small and large). Today’s legislation requires that states notify individuals and the respective parties about these data breaches.
As data loss from careless employees or thieves becomes ever more common, every organization should have a plan to notify its constituents if personal information is lost. Download this new expert eBook which includes the latest on legislation, how to create a plan and whether you, the CIO, should be in the public eye if the undesirable happens.
Download this new eBook now:
http://go.techtarget.com/r/3982787/5360955
Posted in Information Security | No Comments »
Thursday, July 3rd, 2008
These tips can help you make sure you are PCI compliant and tell you what it may cost your company if you aren’t.
June 26, 2008 — CIO — CIO.com and CSOonline.com team together to bring you the most pertinent information on PCI compliance. Whether you think you’re already in compliance or you’re in complete denial of the June 30, 2008 deadline, these tips can help you make sure you are compliant and tell you what it may cost your company if you aren’t.
FUD Watch: Vendor Hype Escalates Over PCI Deadline
Monday is the day merchants must be in compliance with PCI DSS Requirement 6.6. That means the security vendor PR machine is in overdrive.
PCI Is Security Simplicity, Not Complexity
Payment card industry data security: the standard that makes people stupid.
All About the PCI Data Security Standard
More than just another data-security standard, the PCI program is corporate America’s most ambitious effort yet to prove that it can self-regulate. But even a standard with everything going for it might not be enough to stop the loss of credit card data.
A Guide to Practical PCI Compliance
Myriad merchants find themselves at the end of the PCI compliance barrel and are spending significant amounts of time, money and effort in achieving PCI compliance. Advice from companies that have been there can help smooth your path.
Acceptance Growing for PCI Security Standard
PCI chief says the PCI DSS security requirements have gained considerable momentum in the US and globally.
PCI: Smart or Stupid?
The data security standard isn’t as complex as some would have you believe.
PCI Standards Body Moves Ahead on Payment-Application
PCI Security Standards Council releases list of certified payment applications under Payment Application Data Security Standard.
Does the PCI Standards Council Have a Clue?
In version 1.1. of the PCI DSS (Payment Card Industry Data Security Standard), there are requirements for securing the application layer of a credit card.
The PCI Data Security Standard
Learn about the validation requirements of the payment card industry’s data security standard (PCI DSS), including administrative and technical elements of the program, and the potential sanctions for failure to comply.
Building a Strategic, Comprehensive Solution for PCI-DSS Compliance
Security trends and hacking techniques are continually changing and, as a result, the PCI-DSS continues to evolve. To stay ahead of these trends and prove compliance, your organization needs a powerful solution for collecting and monitoring user activity. Learn more about how you can use compliance as a means of competitive differentiation.
Industry View: Calculating the True Cost of PCI Non-Compliance
Compliance costs, but the cost of non-compliance may be more.
Payment Card Industry Compliance
Ignoring the PCI Data Security Standard is risky business. Here’s how you can prepare for compliance.
Do We Need Whistle-Blower Laws in Security?
Security laws aren’t all black and white.
PCI Is Security Simplicity, Not Complexity
The payment card industry data security standard seems to make relatively smart people instantly dim-witted as they complain about its so-called complexity.
Can Mid-Market Merchants Comply with PCI Standards In Time?
If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don’t comply face fines or worse. So why aren’t more mid-market merchants already in compliance?
One-third of Visa Merchants Missed Security Deadline
Companies face fines for non-compliance.
Why Should Merchants Keep Credit Card Data?
The retail industry advocates keeping a bare minimum of customer financial information. Just enough to still serve your customers without providing potential thieves what they need.
Crushed by Compliance Tyrants
Are you beset by compliance regulations that just don’t make sense? Cutting back on important security measures to pay for them?.
Tear Down that Silo: Compliance in the Executive Suite
Treating compliance as a one-time project costs far more for IT measures than if you take a proactive and integrated approach.
I’ve Got My CrankyPants on Again
Will PCI’s PA-DSS (Payment Application Data Security Standard) be a mess?
© 2008 CXO Media Inc.
Posted in Information Security | 1 Comment »
