The probability that an organization will experience a breach in the next 24 months is high and the current time to identify and contain a breach is still 280 days. XYPRO security solutions reduce the meantime to detect, and the resources required to respond to potential breaches by up to 80%, dramatically reducing the impact of a breach on your enterprise.
Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy. A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0.
Well, we made it. 2021 is finally in the books. The gift of LOG4J and the onslaught of vendor emails made for an eventful end to 2021. Take a minute (and I only mean a minute) to catch your breath before we jump headfirst into 2022. It’s time to look forward to what the cybersecurity landscape will give us this year.
Have we become numb to the news of security breaches? Unfortunately, the attacks on our businesses, personal lives and even global infrastructure are not slowing down. Cybercrime is up over 600% during the pandemic. According to Verizon’s 2021 Data Breach Investigation Report, 61% of cyberattacks targeted credential theft. This far surpasses personal, banking and payment card information which have been primary targets for years. The cybersecurity industry has responded with a variety of ways to protect sensitive data with regulations, technology, and awareness, which has forced attackers to look for easier targets, such as usernames and passwords.
The General Data Protection Regulation, or GDPR, is a major piece of legislation adopted in 2018. It is designed to address the protection and responsible use of every European Union citizen’s personal data. However, GDPR is not an EU-only regulation. It affects ANY business or individual handling the data of EU citizens, regardless of where that business or individual is based.
Since the release of PCI-DSS 3.0 in 2013, the PCI Security Standards Council has been quite busy. A little over a year after it was published, the council released PCI-DSS 3.1, followed by several new templates and supplements, including the “Migrating from SSL and early TLS Information Supplement” in April 2015 which highlighted the risks of SSL and TLS 1.0. The supplement described a migration plan as well as set a migration deadline of 1 July, 2016.
With 2020 finally, in the books, it’s time to look forward and discuss our cybersecurity predictions that will most affect the industry in 2021. I thought long and hard about what I could say that would be impactful and hasn’t been said before. Obviously, COVID-19 and its security ramifications will continue to stay with us for 2021 and well beyond.
2020 was another troubling year in the cybersecurity world. We saw a repeat of 2019’s data breaches on a larger scale. Instagram, TikTok, YouTube, Nintendo, WaWa and many more fell victim to some sort of compromise. Hardly a week went by where we weren’t reading about a new mega breach or ransomware attack.
CyberArk’s Brian Carpenter, Director of Business Development for CyberArk the global leader in privileged access management, and Steve Tcherchian, Chief Product Officer and Chief Information Security Officer for XYPRO Technology Corporation, a leading cybersecurity solutions company Co-presented on the topic of integrating HPE NonStop servers with CyberArk.
The client, a large US-headquartered financial institution, is a multinational, independent investment bank and financial services company assisting individuals, corporations, and municipalities. With more than 8,100 financial advisors serving approximately 3 million accounts in more than 2,600 locations throughout the United States, Canada and overseas, total client assets approach $1 trillion.
Before utilizing XYPRO software solutions and services, one prominent bank depended on non-standard, less secure processes for logging onto their HPE NonStop systems and applications. Relying on a single set of credentials that was managed separately from their corporate Active Directory was both difficult to integrate with enterprise infrastructure and gave poor user experience…
XYPRO’s 2020 Cybersecurity Predictions – Add 2 Factor Authentication and Machine Learning to Your Plans!Steve Tcherchian
As 2020 approaches, it’s time to discuss cybersecurity predictions that will impact the industry in the upcoming year. As a CISSP and Chief Information Security Officer for XYPRO, I thought long and hard about what I could say that would be impactful and hasn’t been said before – that’s a tall order! The reality is, what we predicted would be important in 2019, 2018 and even 2017 – is still applicable. A lot of what we predicted back then was never properly addressed and remains a risk today – credential theft and attacks targeting privileged user logins are more prevalent than ever. Currently, the best way to combat these types of attacks is to use 2-factor authentication.
Every business wants more data. Data on their customers, competition, operations, processes, employees, inventory and more. Data can be used to make better-informed business decisions and provide strategic insights that give your company a competitive advantage in terms of efficiencies, enhancing the customer experience, or refining market strategy. Its uses are limitless. Over the last decade, computing power has advanced to the point where generating and storing massive amounts of data has become highly cost-efficient.
It can take months or even years before a data breach is detected. The latest statistics from Ponemon Institute’s 2018 Cost of Data Breach Report outlines that it takes an average of 197 days to identify a breach. That means someone is in your network, on your systems, in your applications for over six months before they’re detected, IF they’re detected. That’s six months! On the higher end of the same report, there are companies that have been breached for years before they realize it. For example, sources indicate the Marriott data breach occurred back in 2014, but it was not disclosed until 2018. The scale of that breach is still being evaluated and it seems to get bigger and more impactful as more information is discovered.