Friday, November 30, 2012

Bank Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case

In a case watched closely by banks and their commercial customers, a financial institution in Maine has agreed to reimburse a construction company $345,000 that was lost to hackers after a court ruled that the bank’s security practices were “commercially unreasonable.”

Image source: Article
People’s United Bank has agreed to pay Patco Construction Company all the money it lost to hackers in 2009, plus about $45,000 in interest, after intruders installed malware on Patco’s computers and stole its banking credentials to siphon money from its account.

Although the UCC places some burden on the customer to “exercise ordering care,” the court found that it was unclear what obligations a customer had when the bank’s security system was found to be commercially unreasonable.

How much does your CU have to lose for not taking the right steps to protect your members?

Thursday, November 29, 2012

Online Service Offers Bank Robbers for Hire

An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.

Image source: Article
The service, advertised on exclusive, Russian-language forums that cater to cybercrooks, claims to have willing and ready foot soldiers for hire in California, Florida, Illinois and New York.

The proprietors of this service say it will take 40-45 percent of the value of the theft, depending on the amount stolen.

In 2010, the U.S. Justice Department targeted one such network in New York City, charging more than three dozen J1s with knowingly assisting in the theft of funds from organizations that had been victimized by cyber fraud. But was that enough? Read the article to find out more about these e-robbers.

Monday, November 26, 2012

Big Data in Banking: Driving Value in Next Best Action

It’s difficult to read a banking technology article or go to a conference without hearing about big data.

Image source: Article
Most of us now believe that big data is more than just hype, that it can offer business benefits to those that can leverage big data into new business capabilities.

But a common question I hear is “How does it relate to my day-to-day business? What does a “big data” business use case look like?”

What does Big Data look like for your CU?

Monday, November 19, 2012

Best BYOD management: Work zones for smartphones

Anthony Perkins wants employees at BNY Mellon to bring their personal smartphones to work and use those instead of company-issued BlackBerries to access business email, applications and data.

Image source: Scoop.it
But there's a catch: Not all employees are comfortable with the prospect of having their personal phones locked down and controlled as tightly as the BlackBerries that Perkins would like to phase out. That's where the notion of containerization comes in.

Because corporate apps and data are often mixed in with the user's personal content, mobile device management (MDM) tools tend to be very strict when it comes to managing corporate resources on users' phones. Usage policies often apply to the entire device, covering both personal and professional apps and data. Users may not be willing to give up control of their personal phones in exchange for the privilege of using them for business.

Where is your CU investing in BYOD? Mobile containers or MDM?

Monday, November 12, 2012

imsmartin presents identity theft trends and protections

Sean Martin, CISSP, and founder of imsmartin consulting, presented to a group of over 100 attendees during the Firefighter's National Credit Union Summit. The group represents the growing National Coalition of Firefighters Credit Unions.

Image source: Advioso
Identities are at the core of nearly everything that takes place within a credit union. And, with the number of fraudulent attempts to use a stolen identity increasing dramatically, credit unions must take a good hard look at how they are managing their members' and employees' identities - including the transaction auditing and access control mechanisms surrounding them.

In his presentation, Martin covered the following topics:
  • Identity theft trends
  • Detecting identity-based fraud
  • Tips for consumers
  • Tips for credit unions

Fill in the form at Advioso to obtain a copy of the presentation, along with a few identity theft protection whitepapers from content sponsors TeleSign, Guardtime, and CSID.

Cryptography attack: side-channel cloud threat is all nerd and no knickers

Side-channel attacks are nothing new. Their arrival in the cloud, or rather the potential for a side-channel approach to touch the cloud threat surface, most certainly is though; but is it something you need to worry about?

Image source: Article
In order to answer that, you first have to get your head around what a side-channel attack actually is.

Is the cloud safe from side-channel attacks on crypto keys in a real world scenario or not? Good question. The researchers suggest that there is room for a potential breach within the imperfect isolation of VMs found in public clouds, and advise that 'highly sensitive workloads' should not be stored there.

Without spoiling the article, side channel attacks could threaten cloud security in a big way. It's best to be prepared. Read the article to start getting prepared.

Friday, November 9, 2012

The Day A Computer Virus Came Close To Plugging Gulf Oil

The Shamoon scenario could repeat again with financial companies.

Image source: Article
“If this would happen to the three biggest banks in the U.K., all of their systems went down, all of their servers went down, [it would] mean that people can’t see their bank account online anymore, so they don’t know whether or not they still have money anymore. All the ATMs have a blue screen,” says Schenk.

Is your CU safe from these types of attacks?

Read the article to find out if you are prepared.

'There's an App' for Legal Teams

The catchphrase for the mobile lawyer? "There's an app for that." That may be true, but finding it and making it work for you or your law firm is a journey where law firms should let technology drive the business model.

Image source: imsmartin
This article captures the most presented and discussed applications used by lawyers — specifically looking at them from the perspective of lawyer mobility.

While there are thousands of commercial apps available, the next big wave is in the form of custom apps.

Is your CU building its own apps? Are you building them for your lawyers? Read the article to learn more about a few mobile development platforms.

Security Debate: On-premise or in the cloud?

There are many things that are easier to do in the cloud, but is security one of them?

Image source: Article
Proponents argue that basing security tools in the cloud provide all the benefits of any cloud-based resource, including low cost of entry, simplicity of maintenance/upgrades, etc.

But critics say not so fast. Getting security is hard enough when you control all the resources. Moving them to the cloud just further complicates the job.

Read the article to get these experts' opinion in this Network World Tech Debate.

Guidance on Cloud Security

The banking and financial sector with its strict regulations and need for high security, had always been seen as the last sector, to adopt cloud computing.

Image source: Article
Prior to embarking into cloud computing, organisations must consider a number of threats.

A number of factors also need to be taken into consideration when choosing the proper software security for cloud computing.

This article captures both lists.

Thursday, November 8, 2012

End-users admit ignorance of corporate cloud policies

Already tested by the BYOD movement, security-conscious IT admins are increasingly forced to cope with employees exposing their organization to security risks and unforeseen expenses by signing on to unauthorized cloud services.

Image source: Article
This includes storing customer records on Dropbox, enlisting Amazon Web Services to test beta code, or creating and sharing sensitive documents via Google Docs.

A new study from Symantec titled "The Myth of Keeping Critical Business Information Out of Clouds" points to the chasm between users and IT admins over access to cloud applications.

Read the article to see the survey results.

Wednesday, November 7, 2012

Mobile is impacting cloud security issues

The burgeoning influx of employee-owned smartphones and tablets in the workplace has added to the complexity of securing cloud-based systems, according to a panel of experts who urged IT security teams to consider setting enforceable mobile policies alongside cloud policies.

Image source: chetansharma
The process for setting policies addressing both mobile and cloud is easier said than done.

Hybrid cloud policies developed in conjunction with mobile security policy should be as a collaborative effort involving all of an organization's data owners, administrators and others who know the business and can find a middle ground.

View what the panelists say in full detail in this article.

Thursday, November 1, 2012

Gartner: How big trends in security, mobile, big data and cloud computing will change IT

When you go to a Gartner conference one of he main things you'll notice is the sheer volume of data they can generate on just about any IT topic.

Image source: Gartner
The Gartner conference, attended by some 9,000 executives focused on the changes security challenges, mobile computing, big data and cloud will be bringing to IT in the near future.

Trying to get through it all can be daunting so we've tried to simplify that process by distilling a variety of Gartner ITxpo presentations and coming up with the most salient information.

What are you interested in? Mobile? Big Data? Cloud? All of the above? Read the article to learn more about each.