Security

OHUG Interview With GreyHeller CEO Hendrix H. Bodden

By Hendrix Bodden • December 18, 2014

Hendrix H Bodden
Data Magnifed

The year has been full of cyber attacks that have left sensitive information ranging from bank accounts to social security numbers exposed and vulnerable.

From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.

And it’s a problem that will only grow in severity. The value of cybercrime is expected to exceed $1 trillion by 2020, and the current market for security technology is more than $40 billion, according to Hendrix H. Bodden, chief executive officer of GreyHeller. Graphic 01“It is more frightening than anybody actually realizes that isn’t in this business,”Bodden said in an interview. “I think that 2014 has seen so many high profile breaches, even JPMorgan Chase has been breached. They were able to index virtually every node, “virtually every terminal, every Web server on the JPMorgan network. JPMorgan’s CEO Jamie Dimon said they’re at least doubling their cyber-security budget, and I do think that companies are taking it more seriously.I think boards of directors, shareholders, and customers are starting to ask, ‘What are you doing to protect your valuable assets?”
Hr Arrow 01

There Are a Wide Variety of Cyber Criminals

The make-up of cyber criminals is diverse — representatives of foreign governments, international organized crime rings, individuals working alone, and hacking collectives are all trawling the Web for a window of opportunity. It is estimated that 97 percent of U.S. companies have been hacked or will be hacked. Oftentimes businesses aren’t even aware that they’ve been compromised. “The cybercrime environment is multi-layered, it’s incredibly active, it’s 24-7,” Bodden said. “If you believe that the bad guys are always one step ahead, in this case they really are.” Consumers can protect their information by creating secure passwords and using two-step authentication whenever available. They also should be wary of email-based phishing attacks, which can be protected against with a careful eye. Some signs that an email may be fraudulent include poor grammar and punctuation or bizarre phrasing.
Graphic 02 “What happens is I’ll click on a link and that link will actually take me to what appears to be a legitimate site and I’ll enter information,” Bodden said. “Once I’ve entered that information, the bad guy’s site will then forward me on to the legitimate site and you’ll never know that there was that intermediate step in between. A lot of this happens and people don’t even know it. The only time they find out is when somebody has bought their credit card number on the black market and all of a sudden they’re seeing purchases at electronic stores or gift cards, which are two of the most favorite ways that cyber criminals monetize stolen identities.”
Hr Arrow 01

Mobile Device Management Increasingly Being Used for Protection

Mobile device management is an up-and-coming area of cybersecurity. For example, some systems allow for remote data wipes when a mobile device is lost or permit the company to download updates. GreyHeller’s ERP Firewall protects users by implementing two-factor authentication at the field level. Data masking, logging and analysis, and location-based security also are rising trends in the industry. GreyHeller will kick off the new year with a series of cybersecurity webinars. The first will debut on Jan. 7 and focus on Oracle PeopleSoft security for higher education. These systems often host the same information banks do, making them an attractive target for cyber criminals.
Graphic 03 “Higher education is especially challenged by cyber criminals because they have by definition very open networks,” Bodden said. “They’re not behind a firewall, so higher education institutions have to have all of their web applications out and accessible in the wild and on the internet. The bad guys know this and so higher education is one of the top industries that is actually targeted by cyber criminals.”
Hr Arrow 01

January Webinar to Focus on PeopleSoft HR Systems

The Jan. 14 webinar centers on PeopleSoft human resources systems, which also typically contain sensitive information vulnerable and valuable to hackers.

“Before the human resources systems were mobilized, they could pretty well contain them behind the corporate firewall,” Bodden said. “But now that a lot of these systems have been mobilized so you can access your paycheck, you can change your benefits, you can do a lot of employee self-service and manager self-service from your mobile device, that exposes those systems to the internet and the bad guys know that so they’re going after them.”

The third and final webinar on Jan. 21 will be presented alongside Duo and discuss two-factor authentication.

Graphic 04 Graphic 05
 

Stay Updated

Security, Tips and Techniques

Phishing attacks increase

By Greg Wendt • August 8, 2014

June phishing attacks accounted for over $400 million in global losses. 57% of global phishing attacks are targeted at the U.S.

The attacks in June were a 43% increase over May attacks.

Protect your systems before it is too late.

Stay Updated

Security, Tips and Techniques

Change your passwords

By Greg Wendt • August 8, 2014

A Russian crime ring has collected over 1.2 billion user names and passwords. The statistics within this breach are stunning. 420,000 websites, 4.5 billion records, 542 million unique email addresses.

According to the article – most of the sites are still vulnerable to the hacker’s exploits. The hackers used SQL injection attacks to gain access to this data.

The average breach cost increased 15% last year from $3.1 million to $3.5 million. These costs will continue to rise for the foreseeable future.

As a consumer, create unique user ids and passwords for EVERY site you use. Use an algorithm to make them easy to remember and make them long. An example might be concatenating two of your favorite things together with something separating them. $k11n6Fb$n0wB0@rd1ng! for example. Other techniques can be found here.

As a company, stay on the offensive. Mine your logging data, keep your defenses up to date, insist on tough security protocols over convenience and do not assume you are safe.

Stay Updated

Security, Tips and Techniques

Protect Against Mistakes

By Greg Wendt • July 31, 2014

Homeland Security issued a new report warning about hackers attacking remote access software. Checking in from home leaves entry for hackers. Victims of these attacks include Target, P. F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International, the nonprofit agency that operates thrift stores around the country.

The report recommends….making two factor authentication the status quo.

Seattle University got caught with scanned images on an internal drive without permissions. Seattle University donor checks exposed. Incorrect permission settings on an internal drive made it possible for anyone with a Seattle University computer account to view the information.

Two-factor authentication invoked upon accessing the drive would have prevented unauthorized access without first passing a two-factor challenge

Stay Updated