June phishing attacks accounted for over $400 million in global losses. 57% of global phishing attacks are targeted at the U.S.
The attacks in June were a 43% increase over May attacks.
Protect your systems before it is too late.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
A Russian crime ring has collected over 1.2 billion user names and passwords. The statistics within this breach are stunning. 420,000 websites, 4.5 billion records, 542 million unique email addresses.
According to the article – most of the sites are still vulnerable to the hacker’s exploits. The hackers used SQL injection attacks to gain access to this data.
The average breach cost increased 15% last year from $3.1 million to $3.5 million. These costs will continue to rise for the foreseeable future.
As a consumer, create unique user ids and passwords for EVERY site you use. Use an algorithm to make them easy to remember and make them long. An example might be concatenating two of your favorite things together with something separating them. $k11n6Fb$n0wB0@rd1ng! for example. Other techniques can be found
As a company, stay on the offensive. Mine your logging data, keep your defenses up to date, insist on tough security protocols over convenience and do not assume you are safe.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
Homeland Security issued a new report warning about hackers attacking remote access software. Checking in from home leaves entry for hackers. Victims of these attacks include Target, P. F. Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply, and Goodwill Industries International, the nonprofit agency that operates thrift stores around the country.
The report recommends….making two factor authentication the status quo.
Seattle University got caught with scanned images on an internal drive without permissions. Seattle University donor checks exposed. Incorrect permission settings on an internal drive made it possible for anyone with a Seattle University computer account to view the information.
Two-factor authentication invoked upon accessing the drive would have prevented unauthorized access without first passing a two-factor challenge
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
Top 10 Data Breaches of the Past Five Years
(Infographic)
By TSC Advantage, Holistic Security Consultancy
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
Kevin R. Brock, a leading cybersecurity expert and the FBI’s former Principal Deputy Director, National Counterterrorism Center and Assistant Director for Intelligence, in a recent Forbes article stated –
“The impacts of cyber intrusions and disruptions are much greater and often devastatingly public—bringing to bear significant risk to company reputation, shareholder value and creating an entire new set of liabilities. Historically, the management of this risk has been delegated down in the organization. Current studies still show that upper management in most companies is rarely briefed on cyber threats.”
When working with PeopleSoft customers to help them understand their security risks, we often find that these organizations believe they are better protected than they actually are.
Our advice? Stop being reactive. Be proactive.
Correct preparation makes incidents far easier to resolve. Detailed and specific event-driven logging can alleviate some of the frustrations. Within the PeopleSoft application stack, it is often difficult to understand what users are doing after the fact. Sometimes effective dated pages make that easier, but nothing can replace a great logging solution.
Case in point….a user gets phished and the attacker then impersonates that user to update data within the PeopleSoft application. It might be easy to see the one row the attacker updated, but what about the data the attacker just looked at? How would you like to definitively answer what that attacker did?
Correct preparation would give you these answers – all the components, pages, and records that attacker saw. Yes, that’s right – know what the attacker accessed. Correlate by times, IP address or other information that you choose to log.
How about another scenario in which a professor travels abroad, accesses their personal data and updates an address? Later on in the day the organization is attacked from the country visited. The security staff at the University wants validation of the transaction(s). With the right logging this is an easy question to definitively answer – a quick resolution to a false positive.
Detailed, specific, event driven, customizable logging designed for your business processes greatly simplifies incident response.
The costs of resolving an incident continue to increase.
Our advice? Minimize the risks by being proactive with your security.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
San Ramon, California – July 15, 2014
Today, GreyHeller announced the hiring of Greg Wendt as the Executive Director of Security Solutions to further develop GreyHeller’s security products suite and to work directly with Oracle’s PeopleSoft customers to protect their sensitive data from cybercrime. In his role, Wendt will assume oversight of the security platform and operations, with responsibility for product and customer solutions. “I believe Oracle’s PeopleSoft is the best ERP system on the planet. I’ve worked with the platform since 2009 and with GreyHeller since 2011 when we implemented GreyHeller’s mobile and security systems at TCU. GreyHeller is well positioned to help organizations extend their investment in PeopleSoft,” said Greg.
Wendt is a recognized leader in PeopleSoft application architecture, data security and business operations and comes to GreyHeller with more than 17 years of experience. Greg has held top technology positions at industry-leading organizations, including RadioShack and Texas Christian University (TCU). “Greg has extensive experience as a PeopleSoft security expert. Together, we understand what is needed to help protect PeopleSoft users from cybercrime. We expect to establish GreyHeller’s security software suite as the de facto standard for protecting customers’ PeopleSoft systems,” stated Hendrix Bodden, GreyHeller’s CEO.
Wendt led implementations and PeopleSoft upgrades at TCU and RadioShack and the implementation of GreyHeller at TCU. He served as the Chairman of HEUG Tag (Technical Advisory Group), an international organization consisting of Higher Education institutions that use Oracle application software and helps guide its members on product strategy. As a certified ethical hacker, Greg has taught numerous criminal justice and cyber security courses focusing on hacking techniques. “I look forward to helping PeopleSoft customers understand their security risks and to developing tools to resolve these risks. Cyber criminals have figured out that ERP systems store as much sensitive information as do banks. I am honored to join GreyHeller in its mission to protect PeopleSoft customers from criminal breach,” said Wendt.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
In our conversations with Oracle® PeopleSoft customers about modernizing and mobilizing their PeopleSoft pages and customizations, we always introduce the concept of Responsive Design.
What is Responsive design? According to Wikipedia:
Responsive web design (RWD) is a web design approach aimed at crafting sites to provide an optimal viewing experience—easy reading and navigation with a minimum of resizing, panning, and scrolling—across a wide range of devices (from mobile phones to desktop computer monitors).
There are a number of significant benefits from leveraging responsive design techniques in a mobile strategy for PeopleSoft pages and customizations:
When applying Responsive Design techniques to legacy PeopleSoft transactions, there are a number of hurdles to overcome:
PeopleSoft Timesheet
To illustrate these challenges, let’s take a look at the PeopleSoft Timesheet where there is a complex structure with lots of data elements, hard coded widths and a grid that is wider than a standard desktop view.
Standard Desktop View
With GreyHeller’s Responsive Design technology, we make this transaction responsive out-of-the-box.
Responsive Design view on an iPhone
Note how the data reflows and that grid information is vertical and summarized, yet all data entry fields are easily accessible.
Responsive Design view on an iPad
Note page elements are displayed side-by-side, and the grid responds to display in a tabular versus vertical format.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.
Click to Call allows 2FA pins to be delivered via a telephone voice call.
Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.
iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.
The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.
Click to Call joins ERP Firewall’s other 2FA challenges methods:
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
If organizations won’t spend what’s necessary to license technology that protects their sensitive data because of cost considerations,we believe class action lawsuits will be a sea change in that way of thinking.
Here’s a link to the PC Chang breach class action law suit.
Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives
"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"
Trusted by hundreds of leading brands
