The Growing Need to Manage Third-Party and Vendor Risk

Organizations are increasingly outsourcing key processes to third parties and using an ever-wider range of vendors in their supply chains. Among the benefits most cited are the opportunity to reduce operating costs, access to specialized expertise, and the ability to better focus on core competencies. But, organizations looking to work with third parties must balance…

Using Web Session Analysis to Prevent Fraud

Every organization that relies on websites and web applications to do business is a potential target for hackers. According to ePayment management company CyberSource, total revenue loss to eCommerce merchants in North America in 2012 amounted to $3.5 billion, up $100 million from the previous year. With online fraud so high, organizations are finding it…

Would You Rather, Part 1: Authenticate Users or Monitor Transactions?

There is a popular conversational game that children play typically known as “Would You Rather,” in which someone asks you to choose between two options and explain your reasons for making that choice. For example, “would you rather be rich or famous?” Or “if you could have one superpower, would you rather have superhuman strength…

Taking the Pulse of Identity in Retail

In a recent webcast on Identity management for the retail sector, we asked attendees five poll questions to better understand their level of concern and the state of their capabilities for managing and governing user identities and access. It comes as no surprise that security continues to be top of mind for retailers. Ninety percent…

Coordinating Incident Response at Internet Scale (CARIS)

Coordinating incident response at Internet scale as a concept sounds fabulous, but can we achieve it? What will it take? For those working in incident response and information sharing efforts, we know there is much to be done. While there is a lot of good work progressing this area of information security, there are still very few…

How Would I? … Inside the Devious Mind of a Security Professional

“It ain’t evil baby, if ya ain’t hurting anybody. Evil urges baby.” – From Evil Urges by My Morning Jacket Do you like a good movie about a bank heist? How about a jailbreak flick or spy story? If so you’re amongst friends. I’m sure we’ve all not only enjoyed these movies but also at…

From The Archives: Detecting BlackPOS and Poison Ivy

You’ve seen it over and over in the headlines…”Point of Sale (POS) systems attacked!” & “Remote Access Trojans (RATs) used by Hackers!“…and don’t expect to stop hearing about these any time soon. As long as we pay with credit cards, POS systems will be in use, and as long as they are, they will be the…

Keep Criminals from Shopping for Identities

Retail data breaches continue to expose retailers to significant losses, both tangible and intangible, including loss of customer data, loss of customer trust, and brand erosion. There are a lot of security-related risks for any organization, but these risks are especially true for retail organizations, who depend on strong, lasting customer relationships to survive and…

Four ways the financial industry could have fought Carbanak

It sounds like something out of a movie script — robbing a bank over the Internet — but that’s essentially what happened recently with the Carbanak malware. If you hadn’t heard about it, this was a campaign which ran over the course of 24 months and is believed to have netted thieves about US$1 billion.…

A Common Language for Risk Management

Speaking at OpRisk World 2015 recently, I was struck by the way in which the complexity of issues is increased by the disparity of terminology when talking about risk. For example, during the panel session on the “three lines of defense” strategy for GRC, much of the discussion focused on what that term actually means.…