Appsian

Smart consumers – pounded by the relentless onslaught of breaches affecting them directly (my household had new credit cards issued because of the Target and Home Depot breaches) – will eventually demand transparency from their vendors on their security protocols.

If that happens, smart vendors will ‘sell” their security profile as a benefit to their customers. ‘Do business with us. We’ll keep you safe.’

Boeing is arguably the dominant manufacturer of civilian aircraft in the world. But this was not always the case. Coming out of WWII, Douglas Aircraft dominated. Boeing’s very clever consumer targeted marketing campaigns helped make Boeing what it is today. (One of their campaign slogans was ‘If it ain’t Boeing, I ain’t going.’) Boeing’s customers were airlines, not consumers; but by selling to consumers Boeing created a reason for airlines to buy from them – the safety and comfort of their customers.

Fast forward to now, _______ (retailer name, fill in the blank) could re-establish its consumer trust with a security focused marketing campaign that has nothing to do with the products it sells and everything to do with understanding consumers want their vendors to prove they are focused on their digital safety.

Eventually, there will be a Security version of the UL (Underwriters Labs) or Good Housekeeping Seal of Approval. Consumer Reports might grade organizations on their Security protocols.

The Upside of Breach Fatigue.

I heard a term yesterday that frightened me – Breach Fatigue (being in the Security business can make one paranoid).

As a leader in Security technology solutions for ERP, we’ve talked to thousands of organizations about their Security protocols. Many get it and are fully committed to implementing technology and best practices to protect from internal and external breach.

I said ‘many’….unfortunately, I can’t say ‘most.’

A consistent position we observe at organizations purportedly interested in adopting new technology can be characterized as – complacent. Earlier this year we met with a large higher education institution’s Associate CIO who told us – I’m paraphrasing – “we’re going to get hacked no matter what so why should we spend lots of money when it won’t stop the inevitable.”

Wow! Textbook on how to snatch defeat from the jaws of victory.

While there’s lots of press and gnashing of teeth over well-publicized breaches, we still don’t see widespread adoption of Two-Factor Authentication and/or Logging for ERP, two amazingly simple and cost effective technologies to implement and manage.

Breach fatigue will serve to distract people. The movie ‘The Interview’ was pulled from release. At what cost? Does anybody really care? 500+ million digital identities have been compromised. FBI Director Comey warned there are 2 types of companies in the US – those that have been breached and those that don’t know they’ve been breached.

Breach fatigue. Complacency. Frightening.

The year has been full of cyber attacks that have left sensitive information ranging from bank accounts to social security numbers exposed and vulnerable.

From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.

And it’s a problem that will only grow in severity. The value of cybercrime is expected to exceed $1 trillion by 2020, and the current market for security technology is more than $40 billion, according to Hendrix H. Bodden, chief executive officer of GreyHeller.

“It is more frightening than anybody actually realizes that isn’t in this business,”Bodden said in an interview. “I think that 2014 has seen so many high profile breaches, even JPMorgan Chase has been breached. They were able to index virtually every node, “virtually every terminal, every Web server on the JPMorgan network. JPMorgan’s CEO Jamie Dimon said they’re at least doubling their cyber-security budget, and I do think that companies are taking it more seriously.I think boards of directors, shareholders, and customers are starting to ask, ‘What are you doing to protect your valuable assets?”

There Are a Wide Variety of Cyber Criminals

The make-up of cyber criminals is diverse — representatives of foreign governments, international organized crime rings, individuals working alone, and hacking collectives are all trawling the Web for a window of opportunity. It is estimated that 97 percent of U.S. companies have been hacked or will be hacked. Oftentimes businesses aren’t even aware that they’ve been compromised. “The cybercrime environment is multi-layered, it’s incredibly active, it’s 24-7,” Bodden said. “If you believe that the bad guys are always one step ahead, in this case they really are.” Consumers can protect their information by creating secure passwords and using two-step authentication whenever available. They also should be wary of email-based phishing attacks, which can be protected against with a careful eye. Some signs that an email may be fraudulent include poor grammar and punctuation or bizarre phrasing.

“What happens is I’ll click on a link and that link will actually take me to what appears to be a legitimate site and I’ll enter information,” Bodden said. “Once I’ve entered that information, the bad guy’s site will then forward me on to the legitimate site and you’ll never know that there was that intermediate step in between. A lot of this happens and people don’t even know it. The only time they find out is when somebody has bought their credit card number on the black market and all of a sudden they’re seeing purchases at electronic stores or gift cards, which are two of the most favorite ways that cyber criminals monetize stolen identities.”

Mobile Device Management Increasingly Being Used for Protection

Mobile device management is an up-and-coming area of cybersecurity. For example, some systems allow for remote data wipes when a mobile device is lost or permit the company to download updates. GreyHeller’s ERP Firewall protects users by implementing two-factor authentication at the field level. Data masking, logging and analysis, and location-based security also are rising trends in the industry. GreyHeller will kick off the new year with a series of cybersecurity webinars. The first will debut on Jan. 7 and focus on Oracle PeopleSoft security for higher education. These systems often host the same information banks do, making them an attractive target for cyber criminals.

“Higher education is especially challenged by cyber criminals because they have by definition very open networks,” Bodden said. “They’re not behind a firewall, so higher education institutions have to have all of their web applications out and accessible in the wild and on the internet. The bad guys know this and so higher education is one of the top industries that is actually targeted by cyber criminals.”

January Webinar to Focus on PeopleSoft HR Systems

The Jan. 14 webinar centers on PeopleSoft human resources systems, which also typically contain sensitive information vulnerable and valuable to hackers.

“Before the human resources systems were mobilized, they could pretty well contain them behind the corporate firewall,” Bodden said. “But now that a lot of these systems have been mobilized so you can access your paycheck, you can change your benefits, you can do a lot of employee self-service and manager self-service from your mobile device, that exposes those systems to the internet and the bad guys know that so they’re going after them.”

The third and final webinar on Jan. 21 will be presented alongside Duo and discuss two-factor authentication.

Companies, higher education institutions, healthcare organizations are not only fighting organized cybercrime rings (makes the Mafia look like a cottage industry by comparison) but also nation states with virtually unlimited funding.

Data from the UK government’s recently published cybercrime report shows the bad guys are 24×7 omnipresent:

HMRC (Revenue & Customs) has responded to more than 75,000 phishing reports and taken down more than 4,000 illegal websites
Worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15m

But this is perhaps the scariest: Both of the two top areas for UK cybersecurity spending are a response to an “ongoing hacking epidemic, much of it with either the explicit backing or tacit approval of a nation state”.

Read the article in ZDNet: Cybersecurity Spending: Where the Money Goes

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Platforms

Features

Register for an Upcoming Webinar

SAP

PeopleSoft

Appsian360

Review

Webinars

Persona

Register for an Upcoming Webinar

Customers

Video Testimonials

Featured Case Studies

Why Appsian

Management Team

Careers

Press Releases

Partners

Contact Us

Customers

Partners

Home / Blog / CYBERSECURITY PRIORITIES SHIFT TO INSIDER THREATS

CYBERSECURITY PRIORITIES SHIFT TO INSIDER THREATS

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Cybersecurity Tipping Point? Absolutely.

Cybersecurity Tipping Point? Absolutely.

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / GreyHeller January Security Webinar Series

GreyHeller January Security Webinar Series

About GreyHeller

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / January 2015 Security Webinar

January 2015 Security Webinar

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Top Breaches of 2014 – Infographic

Top Breaches of 2014 – Infographic

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / The Upside to Breach Fatigue

The Upside to Breach Fatigue

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Breach fatigue

Breach fatigue

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / OHUG Interview With GreyHeller CEO Hendrix H. Bodden

OHUG Interview With GreyHeller CEO Hendrix H. Bodden

From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.

There Are a Wide Variety of Cyber Criminals

Mobile Device Management Increasingly Being Used for Protection

January Webinar to Focus on PeopleSoft HR Systems

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Scary UK cybercrime data

Scary UK cybercrime data

Related Articles.

Put the Appsian Security Platform to the Test

US Office

India Office

Start your free demo

Register
for an Upcoming
Webinar

Register
for an Upcoming
Webinar