{ "version": "https://jsonfeed.org/version/1.1", "user_comment": "This feed allows you to read the posts from this site in any feed reader that supports the JSON Feed format. To add this feed to your reader, copy the following URL -- https://www.pymnts.com/category/cybersecurity/feed/json/ -- and add it your reader.", "next_url": "https://www.pymnts.com/category/cybersecurity/feed/json/?paged=2", "home_page_url": "https://www.pymnts.com/category/cybersecurity/", "feed_url": "https://www.pymnts.com/category/cybersecurity/feed/json/", "language": "en-US", "title": "Cybersecurity Archives | PYMNTS.com", "description": "What's next in payments and commerce", "icon": "https://www.pymnts.com/wp-content/uploads/2022/11/cropped-PYMNTS-Icon-512x512-1.png", "items": [ { "id": "https://www.pymnts.com/?p=2081119", "url": "https://www.pymnts.com/cybersecurity/2024/data-breaches-are-surging-what-that-means-for-enterprise-llms/", "title": "Data Breaches Are Surging: What That Means for Enterprise LLMs", "content_html": "

This has been the year of enterprise artificial intelligence (AI).

\n

From healthcare and financial services to government agencies, critical sectors around the globe are embracing the benefits that large language models (LLMs) and other AI systems can provide when it comes to driving efficiencies, enabling data-driven decision-making and powering innovative products and services.

\n

But 2024 has also been the year of the data breach and the cyberattack, with high-profile disruptions downing critical sectors \u2014 like healthcare, finance, retail and even government agencies.

\n

As AI technologies become increasingly integrated into our enterprise operations, the potential for misuse and abuse is growing, necessitating robust strategies to safeguard against malicious use.

\n

And with the news Monday (Aug. 2) that Meta has released a new suite of security benchmarks for LLMs, CYBERSECEVAL 3, to empirically measure LLM cybersecurity risks and capabilities, the fundamental need for protecting data privacy in the development and deployment of AI technologies is top of mind for businesses processing sensitive information for algorithmic development and deployment.

\n

Read more: At Your Service: Generative AI Arrives in Travel and Hospitality

\n

Advancing the Evaluation of Cybersecurity Risks in LLMs

\n

Data breaches, like AI systems, are not a new phenomenon, but their scale and impact have grown exponentially in recent years as digital transformation has swept the business world and the cost of computing power has significantly decreased relative to its capabilities.

\n

Against this backdrop, the increasing sophistication of cybercriminals, coupled with the vast amount of data being generated and stored by businesses to train purpose-built AI models for enterprise use, has created a perfect storm for data breaches.

\n

\u201cAI is vulnerable to hackers due to its complexity and the vast amounts of data it can process,\u201d\u00a0Jon Clay, vice president of threat intelligence at cybersecurity company\u00a0Trend Micro,\u00a0told PYMNTS in an earlier discussion. \u201cAI is software, and as such, vulnerabilities are likely to exist which can be exploited by adversaries.\u201d

\n

One of the key risks associated with LLMs is the possibility of data leakage. If a breach occurs during the training phase, sensitive information could be inadvertently exposed within the model itself. For instance, if an LLM is trained on email communications that include sensitive information, such as contracts or financial data, that information could be retrievable from the model even after the training process is complete.

\n

For enterprises using LLMs trained on sensitive data, the implications of a data breach are far-reaching. First and foremost, there is the risk of regulatory noncompliance. In many jurisdictions, companies are required to adhere to strict data protection laws, such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the United States. A breach involving sensitive data could result in significant fines and legal action, not to mention damage to the company\u2019s reputation.

\n

PYMNTS Intelligence finds that over a quarter of surveyed firms (27%) use AI for high-risk, complex tasks, while nearly 90% have at least one high-impact use case for the innovative technology.

\n

Read more: Most CFOs See Limited ROI From GenAI, but Boost Its Investment

\n

The Intersection of Data Breaches and AI Security

\n

According to the research paper published by Meta, key strategies in mitigating the risks associated with powerful AI tools include red teaming; adversarial training; robustness checks; transparency in AI development, with comprehensive documentation of models, datasets, and methodologies; and engaging with the broader AI community.

\n

\u201cCYBERSECEVAL 3 assesses 8 different risks across two broad categories: risk to third parties, and risk to application developers and end users,\u201d the researchers wrote.

\n

PYMNTS explored the\u00a0business impact\u00a0of Meta\u2019s Llama 3.1 in July, noting\u00a0that businesses\u00a0are weighing the implications of access to powerful, cost-free AI against the difficulties related to implementation and security.

\n

And as enterprises increasingly rely on AI and LLMs to drive innovation and growth, the risks associated with data breaches cannot be ignored. The sensitive nature of the data used in training these models, combined with the growing threat of cyberattacks, makes securing AI systems a top priority for businesses across all industries.

\n

But by implementing robust security measures, adopting ethical AI practices and preparing for potential breaches, enterprises can protect their valuable data assets and maintain the trust of their customers in an era where data breaches are everywhere.

\n
\n

For all PYMNTS AI coverage, subscribe to the daily\u00a0AI\u00a0Newsletter.

\n
\n

The post Data Breaches Are Surging: What That Means for Enterprise LLMs appeared first on PYMNTS.com.

\n", "content_text": "This has been the year of enterprise artificial intelligence (AI).\nFrom healthcare and financial services to government agencies, critical sectors around the globe are embracing the benefits that large language models (LLMs) and other AI systems can provide when it comes to driving efficiencies, enabling data-driven decision-making and powering innovative products and services.\nBut 2024 has also been the year of the data breach and the cyberattack, with high-profile disruptions downing critical sectors \u2014 like healthcare, finance, retail and even government agencies.\nAs AI technologies become increasingly integrated into our enterprise operations, the potential for misuse and abuse is growing, necessitating robust strategies to safeguard against malicious use.\nAnd with the news Monday (Aug. 2) that Meta has released a new suite of security benchmarks for LLMs, CYBERSECEVAL 3, to empirically measure LLM cybersecurity risks and capabilities, the fundamental need for protecting data privacy in the development and deployment of AI technologies is top of mind for businesses processing sensitive information for algorithmic development and deployment.\nRead more: At Your Service: Generative AI Arrives in Travel and Hospitality\nAdvancing the Evaluation of Cybersecurity Risks in LLMs\nData breaches, like AI systems, are not a new phenomenon, but their scale and impact have grown exponentially in recent years as digital transformation has swept the business world and the cost of computing power has significantly decreased relative to its capabilities.\nAgainst this backdrop, the increasing sophistication of cybercriminals, coupled with the vast amount of data being generated and stored by businesses to train purpose-built AI models for enterprise use, has created a perfect storm for data breaches.\n\u201cAI is vulnerable to hackers due to its complexity and the vast amounts of data it can process,\u201d\u00a0Jon Clay, vice president of threat intelligence at cybersecurity company\u00a0Trend Micro,\u00a0told PYMNTS in an earlier discussion. \u201cAI is software, and as such, vulnerabilities are likely to exist which can be exploited by adversaries.\u201d\nOne of the key risks associated with LLMs is the possibility of data leakage. If a breach occurs during the training phase, sensitive information could be inadvertently exposed within the model itself. For instance, if an LLM is trained on email communications that include sensitive information, such as contracts or financial data, that information could be retrievable from the model even after the training process is complete.\nFor enterprises using LLMs trained on sensitive data, the implications of a data breach are far-reaching. First and foremost, there is the risk of regulatory noncompliance. In many jurisdictions, companies are required to adhere to strict data protection laws, such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the United States. A breach involving sensitive data could result in significant fines and legal action, not to mention damage to the company\u2019s reputation.\nPYMNTS Intelligence finds that over a quarter of surveyed firms (27%) use AI for high-risk, complex tasks, while nearly 90% have at least one high-impact use case for the innovative technology.\nRead more: Most CFOs See Limited ROI From GenAI, but Boost Its Investment\nThe Intersection of Data Breaches and AI Security\nAccording to the research paper published by Meta, key strategies in mitigating the risks associated with powerful AI tools include red teaming; adversarial training; robustness checks; transparency in AI development, with comprehensive documentation of models, datasets, and methodologies; and engaging with the broader AI community.\n\u201cCYBERSECEVAL 3 assesses 8 different risks across two broad categories: risk to third parties, and risk to application developers and end users,\u201d the researchers wrote.\nPYMNTS explored the\u00a0business impact\u00a0of Meta\u2019s Llama 3.1 in July, noting\u00a0that businesses\u00a0are weighing the implications of access to powerful, cost-free AI against the difficulties related to implementation and security.\nAnd as enterprises increasingly rely on AI and LLMs to drive innovation and growth, the risks associated with data breaches cannot be ignored. The sensitive nature of the data used in training these models, combined with the growing threat of cyberattacks, makes securing AI systems a top priority for businesses across all industries.\nBut by implementing robust security measures, adopting ethical AI practices and preparing for potential breaches, enterprises can protect their valuable data assets and maintain the trust of their customers in an era where data breaches are everywhere.\n\nFor all PYMNTS AI coverage, subscribe to the daily\u00a0AI\u00a0Newsletter.\n\nThe post Data Breaches Are Surging: What That Means for Enterprise LLMs appeared first on PYMNTS.com.", "date_published": "2024-09-04T11:35:24-04:00", "date_modified": "2024-09-04T11:35:24-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/09/data-breaches-LLMs.png", "tags": [ "AI", "artificial intelligence", "California Consumer Privacy Act", "Cybersecurity", "Data Breaches", "data privacy", "digital transformation", "GDPR", "General Data Protection Regulation", "large language models", "LLMs", "Meta", "News", "PYMNTS News", "Security", "Technology" ] }, { "id": "https://www.pymnts.com/?p=2077486", "url": "https://www.pymnts.com/cybersecurity/2024/guarding-the-gate-cyberattacks-wont-stop-but-their-fallout-can-be-prevented/", "title": "Guarding the Gate: Cyberattacks Won\u2019t Stop, But Their Fallout Can Be Prevented", "content_html": "

Most businesses have a target on their back. And for good reason \u2014 their data and credentials are incredibly valuable to fraudsters, especially when it comes to large enterprises.

\n

Against this backdrop, credential theft has become the emerging initial attack vector of choice for many hackers, as both the recent information systems breach at Dick\u2019s Sporting Goods and the rising fallout from the April data theft from National Public Data, which exposed billions of individuals\u2019 personally identifiable information, show.

\n

The reasons are relatively straightforward: stolen credentials can grant direct access to internal systems, often without raising immediate alarms. With these credentials, attackers can move laterally within a network, exfiltrate data or deploy ransomware with minimal resistance.

\n

The appeal for cybercriminals lies not just in the immediate access but in the potential to remain undetected for extended periods, allowing them to maximize the damage.

\n

In the case of Dick\u2019s Sporting Goods, hackers exploited stolen credentials to gain access to sensitive customer data, leading to a breach that compromised millions of accounts. Similarly, the breach at National Public Data underscored how the theft of a single set of credentials can have far-reaching consequences, potentially exposing vast amounts of personal information.

\n

But while cyber and data breaches are becoming almost unavoidable, that doesn\u2019t mean businesses should just sit back and take intrusions on the chin.

\n

Read more: Why Business Email Compromise Scams Target Valuable B2B Relationships

\n

How Enterprises Can Prevent Disasters

\n

In today\u2019s digital landscape, large businesses will continue to be attractive targets for cybercriminals. The combination of valuable data, complex systems and the potential for significant ransom payments makes them particularly vulnerable.

\n

By understanding the methods used by attackers and implementing a multi-layered approach to security, businesses can take key steps that help prevent a disruption from escalating into a disaster.

\n

In\u00a0interviews\u00a0for the \u201cWhat\u2019s Next in Payments\u201d series, executives stressed\u00a0to PYMNTS\u00a0that a multilayered security strategy, also known as\u00a0defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.

\n

That\u2019s because when an attacker gains initial access through stolen credentials, the potential for escalation is significant. What might begin as a minor disruption \u2014 such as a temporary data breach or unauthorized access \u2014 can quickly spiral into a full-scale disaster.

\n

\u201cYou may not have realized it yet, but they\u2019re going to hit you,\u201d\u00a0Amount Director of Product Management Garrett Laird told PYMNTS. \u201cThe fraudsters are jerks\u00a0\u2014 and they like to hit you on holidays and on weekends, at two in the morning.\u201d

\n

The larger the organization, the more complex its IT infrastructure tends to be. This complexity can create gaps in security, providing multiple points of entry for attackers. Large businesses often have extensive supply chains, where each link can be a potential vulnerability. Hackers often target these weaker links to gain access to the larger enterprise. Once inside the network, attackers can move laterally, gaining access to more sensitive systems and data. This movement is often done quietly, allowing the attacker to remain undetected.

\n

Read more:\u00a0Delta, CrowdStrike Fallout Highlights Why Firms Need a Recovery Plan

\n

Reduce the Risk of Initial Access Through Stolen Credentials

\n

As long as there is valuable data to steal or systems to exploit, cybercriminals will continue to innovate and develop new methods to breach even the most secure networks. No organization, regardless of size or industry, can ever be completely immune to cyberattacks. However, while it may be impossible to stop all breaches from occurring, organizations can \u2014 and must \u2014 take steps to minimize the damage and impact when they do happen.

\n

Having a well-defined incident response plan in place is crucial. This plan should include clear steps for containing a breach, mitigating damage and communicating with stakeholders. Regular drills can help ensure that the plan can be executed effectively under pressure.

\n

According to Dick\u2019s\u00a0filing with the U.S. Securities and Exchange Commission reporting its recent cyber breach, \u201cimmediately upon detecting the incident \u2026 the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.\u201d

\n

Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.

\n

David Drossman, chief information security officer at\u00a0The Clearing House, described it to PYMNTS as building a \u201clabyrinth of control\u201d to offset damage, even if one layer fails.

\n

The post Guarding the Gate: Cyberattacks Won\u2019t Stop, But Their Fallout Can Be Prevented appeared first on PYMNTS.com.

\n", "content_text": "Most businesses have a target on their back. And for good reason \u2014 their data and credentials are incredibly valuable to fraudsters, especially when it comes to large enterprises.\nAgainst this backdrop, credential theft has become the emerging initial attack vector of choice for many hackers, as both the recent information systems breach at Dick\u2019s Sporting Goods and the rising fallout from the April data theft from National Public Data, which exposed billions of individuals\u2019 personally identifiable information, show.\nThe reasons are relatively straightforward: stolen credentials can grant direct access to internal systems, often without raising immediate alarms. With these credentials, attackers can move laterally within a network, exfiltrate data or deploy ransomware with minimal resistance.\nThe appeal for cybercriminals lies not just in the immediate access but in the potential to remain undetected for extended periods, allowing them to maximize the damage.\nIn the case of Dick\u2019s Sporting Goods, hackers exploited stolen credentials to gain access to sensitive customer data, leading to a breach that compromised millions of accounts. Similarly, the breach at National Public Data underscored how the theft of a single set of credentials can have far-reaching consequences, potentially exposing vast amounts of personal information.\nBut while cyber and data breaches are becoming almost unavoidable, that doesn\u2019t mean businesses should just sit back and take intrusions on the chin.\nRead more: Why Business Email Compromise Scams Target Valuable B2B Relationships\nHow Enterprises Can Prevent Disasters\nIn today\u2019s digital landscape, large businesses will continue to be attractive targets for cybercriminals. The combination of valuable data, complex systems and the potential for significant ransom payments makes them particularly vulnerable.\nBy understanding the methods used by attackers and implementing a multi-layered approach to security, businesses can take key steps that help prevent a disruption from escalating into a disaster.\nIn\u00a0interviews\u00a0for the \u201cWhat\u2019s Next in Payments\u201d series, executives stressed\u00a0to PYMNTS\u00a0that a multilayered security strategy, also known as\u00a0defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.\nThat\u2019s because when an attacker gains initial access through stolen credentials, the potential for escalation is significant. What might begin as a minor disruption \u2014 such as a temporary data breach or unauthorized access \u2014 can quickly spiral into a full-scale disaster.\n\u201cYou may not have realized it yet, but they\u2019re going to hit you,\u201d\u00a0Amount Director of Product Management Garrett Laird told PYMNTS. \u201cThe fraudsters are jerks\u00a0\u2014 and they like to hit you on holidays and on weekends, at two in the morning.\u201d\nThe larger the organization, the more complex its IT infrastructure tends to be. This complexity can create gaps in security, providing multiple points of entry for attackers. Large businesses often have extensive supply chains, where each link can be a potential vulnerability. Hackers often target these weaker links to gain access to the larger enterprise. Once inside the network, attackers can move laterally, gaining access to more sensitive systems and data. This movement is often done quietly, allowing the attacker to remain undetected.\nRead more:\u00a0Delta, CrowdStrike Fallout Highlights Why Firms Need a Recovery Plan\nReduce the Risk of Initial Access Through Stolen Credentials\nAs long as there is valuable data to steal or systems to exploit, cybercriminals will continue to innovate and develop new methods to breach even the most secure networks. No organization, regardless of size or industry, can ever be completely immune to cyberattacks. However, while it may be impossible to stop all breaches from occurring, organizations can \u2014 and must \u2014 take steps to minimize the damage and impact when they do happen.\nHaving a well-defined incident response plan in place is crucial. This plan should include clear steps for containing a breach, mitigating damage and communicating with stakeholders. Regular drills can help ensure that the plan can be executed effectively under pressure.\nAccording to Dick\u2019s\u00a0filing with the U.S. Securities and Exchange Commission reporting its recent cyber breach, \u201cimmediately upon detecting the incident \u2026 the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.\u201d\nSegmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.\nDavid Drossman, chief information security officer at\u00a0The Clearing House, described it to PYMNTS as building a \u201clabyrinth of control\u201d to offset damage, even if one layer fails.\nThe post Guarding the Gate: Cyberattacks Won\u2019t Stop, But Their Fallout Can Be Prevented appeared first on PYMNTS.com.", "date_published": "2024-08-29T12:13:59-04:00", "date_modified": "2024-08-29T12:13:59-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/cyberattacks-hackers-cybersecurity.jpg", "tags": [ "Cyberattack", "Cybercrime", "Cybersecurity", "Data Breach", "data theft", "Dick's Sporting Goods", "fraud", "Hackers", "National Public Data", "News", "Personally Identifiable Information", "PII", "PYMNTS News", "social security numbers", "SSN" ] }, { "id": "https://www.pymnts.com/?p=2068763", "url": "https://www.pymnts.com/cybersecurity/2024/dicks-sporting-goods-uncovers-cybersecurity-breach/", "title": "Dick\u2019s Sporting Goods Uncovers Cybersecurity Breach", "content_html": "

Dick\u2019s Sporting Goods is the latest high-profile organization dealing with an information systems breach.

\n

The retailer revealed the incident in a filing with the Securities and Exchange Commission (SEC) Wednesday (Aug. 28), one week after it discovered \u201cunauthorized third-party access\u201d to its systems, including some confidential information.

\n

\u201cImmediately upon detecting the incident, the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate and contain the threat,\u201d the filing said.

\n

Dick\u2019s added in the filing that it has notified federal law enforcement, that its investigation is ongoing, and that it has no knowledge that the breach disrupted its business operations.

\n

\u201cBased on the company\u2019s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material,\u201d the filing said.

\n

The incident comes on the heels of several other high-profile cyberattacks and cyber incidents, such as last month\u2019s Crowdstrike outage, or the more recent breach at the Port of Seattle, which runs the Seattle-Tacoma Airport.

\n

\u201cTraditional cybersecurity measures, while still crucial, are no longer sufficient to safeguard against sophisticated attacks,\u201d PYMNTS wrote earlier this week. \u201cTo protect critical assets and maintain operational integrity, organizations must blend established best practices with innovative, emerging security solutions.\u201d

\n

In interviews for the \u201cWhat\u2019s Next in Payments\u201d series, executives stressed to PYMNTS the same: General best practices should be coupled with emerging security solutions.

\n

A multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.

\n

David Drossman, chief information security officer at The Clearing House, described it to PYMNTS as building a \u201clabyrinth of control\u201d to offset damage even if one layer fails. Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.

\n

\u201cYou may not have realized it yet, but they\u2019re going to hit you,\u201d Amount director of product management Garrett Laird told PYMNTS, adding, \u201cthe fraudsters are jerks \u2014 and they like to hit you on holidays and on weekends, at two in the morning.\u201d

\n

The post Dick\u2019s Sporting Goods Uncovers Cybersecurity Breach appeared first on PYMNTS.com.

\n", "content_text": "Dick\u2019s Sporting Goods is the latest high-profile organization dealing with an information systems breach.\nThe retailer revealed the incident in a filing with the Securities and Exchange Commission (SEC) Wednesday (Aug. 28), one week after it discovered \u201cunauthorized third-party access\u201d to its systems, including some confidential information.\n\u201cImmediately upon detecting the incident, the company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate and contain the threat,\u201d the filing said.\nDick\u2019s added in the filing that it has notified federal law enforcement, that its investigation is ongoing, and that it has no knowledge that the breach disrupted its business operations.\n\u201cBased on the company\u2019s current knowledge of the facts and circumstances related to this incident, the company believes that this incident is not material,\u201d the filing said.\nThe incident comes on the heels of several other high-profile cyberattacks and cyber incidents, such as last month\u2019s Crowdstrike outage, or the more recent breach at the Port of Seattle, which runs the Seattle-Tacoma Airport.\n\u201cTraditional cybersecurity measures, while still crucial, are no longer sufficient to safeguard against sophisticated attacks,\u201d PYMNTS wrote earlier this week. \u201cTo protect critical assets and maintain operational integrity, organizations must blend established best practices with innovative, emerging security solutions.\u201d\nIn interviews for the \u201cWhat\u2019s Next in Payments\u201d series, executives stressed to PYMNTS the same: General best practices should be coupled with emerging security solutions.\nA multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.\nDavid Drossman, chief information security officer at The Clearing House, described it to PYMNTS as building a \u201clabyrinth of control\u201d to offset damage even if one layer fails. Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.\n\u201cYou may not have realized it yet, but they\u2019re going to hit you,\u201d Amount director of product management Garrett Laird told PYMNTS, adding, \u201cthe fraudsters are jerks \u2014 and they like to hit you on holidays and on weekends, at two in the morning.\u201d\nThe post Dick\u2019s Sporting Goods Uncovers Cybersecurity Breach appeared first on PYMNTS.com.", "date_published": "2024-08-28T13:07:20-04:00", "date_modified": "2024-08-28T13:07:20-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2023/03/Dicks-Sporting-Goods.jpg", "tags": [ "Cybersecurity", "Data Breaches", "Dick's Sporting Goods", "fraud", "Hackers", "News", "PYMNTS News", "scams", "Security", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=2064397", "url": "https://www.pymnts.com/cybersecurity/2024/cyber-outages-reveal-need-for-multilayered-defenses-across-digital-economy/", "title": "Cyber Outages Reveal Need for Multilayered Defenses Across Digital Economy", "content_html": "

The Port of Seattle, which operates the Seattle-Tacoma International Airport, is the gateway to Asia.

\n

And over the weekend (Aug. 24), it suffered a \u201cpossible cyberattack\u201d that was described as an internet and web systems outage \u2014 just weeks after the July Microsoft\u00a0outage that sidelined critical systems around the world, and not just the Seattle area, although that disruption came as a result of an issue from\u00a0CrowdStrike, not due to illicit actors.

\n

Still, both incidents serve as an uncomfortable illustration of just how brittle the connected economy\u2019s core internet structure can be, particularly when faced with stressors. But as the world goes increasingly digital, the risk of online systems being targeted by cybercriminals who want to disrupt operations, steal data, or ransom sensitive information is only growing.

\n

That\u2019s why the FBI issued a cybersecurity-centric private industry notification (PIN) in July for infrastructure providers that stressed the importance of embracing a dual-pronged approach where general security best practices are paired with emerging security solutions.

\n

Of course, a month later, an audit from the Department of Justice\u2019s (DOJ) Office of the Inspector General (OIG) identified \u201csignificant weaknesses\u201d in the FBI\u2019s own inventory management and disposal of electronic storage media, aka data held on flash drives and other physical devices \u2014 highlighting the many-faceted challenges that enterprises face when securing their own perimeters against a rising tide of modern threats.

\n

Read more: NIST\u2019s Post-Quantum Cybersecurity Standards Ready for Enterprise Use

\n

Future of Cybersecurity

\n

Traditional cybersecurity measures, while still crucial, are no longer sufficient to safeguard against sophisticated attacks. To protect critical assets and maintain operational integrity, organizations must blend established best practices with innovative, emerging security solutions.

\n

And for the \u201cWhat\u2019s Next in Payments\u201d series,\u00a0eight executives stressed to PYMNTS the same: General best practices should be paired with emerging security solutions, and that being proactive is the first step in protecting the perimeter.

\n

A multilayered security strategy, also known as defense in depth, is essential for mitigating risks at various levels. This approach involves implementing multiple defensive measures across the enterprise network, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and network segmentation. By creating multiple barriers, organizations can prevent or contain breaches before they cause significant damage.

\n

Read more: Delta, CrowdStrike Fallout Highlights Why Firms Need a Recovery Plan

\n

Embracing a \u201cdefense in depth\u201d strategy involves creating multiple layers of defense to protect an organization\u2019s most valuable assets, often known as \u201ccrown jewels.\u201d David Drossman, chief information security officer at\u00a0The Clearing House, told PYMNTS. Drossman described such an approach as building a \u201clabyrinth of control\u201d to mitigate damage even if one layer fails. Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.

\n

As PYMNTS has reported, many of the fundamental challenges for organizations looking to maintain\u00a0data security\u00a0result from the sheer volume of an organization\u2019s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.

\n

Effective cybersecurity is not a one-time effort but an ongoing process. Continuous monitoring of networks, systems and endpoints is vital for detecting and responding to threats in real time. Coupled with a well-developed incident response plan, this ensures that organizations can quickly address security incidents, minimizing their impact.

\n

Read more: AWS and Mastercard Lead Call for Urgency in Protecting the Payments Perimeter

\n

At the same time, while best practices provide a solid foundation, the changing threat landscape necessitates the adoption of emerging security solutions. These technologies offer advanced capabilities that complement traditional approaches, enabling organizations to stay ahead of sophisticated cyberthreats.

\n

Artificial intelligence (AI) and machine learning have revolutionized threat detection. By analyzing user behavior and detecting anomalies, AI-driven tools can identify potential threats that may bypass conventional defenses. Behavioral analytics provides a deeper understanding of normal user activities, enabling more accurate detection of suspicious behavior.

\n

Ultimately, the cyberthreat landscape is defined by change. The only constants are vigilance and adaptability, which can be companies\u2019 best weapons when it comes to defending the perimeter.

\n

The post Cyber Outages Reveal Need for Multilayered Defenses Across Digital Economy appeared first on PYMNTS.com.

\n", "content_text": "The Port of Seattle, which operates the Seattle-Tacoma International Airport, is the gateway to Asia. \nAnd over the weekend (Aug. 24), it suffered a \u201cpossible cyberattack\u201d that was described as an internet and web systems outage \u2014 just weeks after the July Microsoft\u00a0outage that sidelined critical systems around the world, and not just the Seattle area, although that disruption came as a result of an issue from\u00a0CrowdStrike, not due to illicit actors. \nStill, both incidents serve as an uncomfortable illustration of just how brittle the connected economy\u2019s core internet structure can be, particularly when faced with stressors. But as the world goes increasingly digital, the risk of online systems being targeted by cybercriminals who want to disrupt operations, steal data, or ransom sensitive information is only growing.\nThat\u2019s why the FBI issued a cybersecurity-centric private industry notification (PIN) in July for infrastructure providers that stressed the importance of embracing a dual-pronged approach where general security best practices are paired with emerging security solutions. \nOf course, a month later, an audit from the Department of Justice\u2019s (DOJ) Office of the Inspector General (OIG) identified \u201csignificant weaknesses\u201d in the FBI\u2019s own inventory management and disposal of electronic storage media, aka data held on flash drives and other physical devices \u2014 highlighting the many-faceted challenges that enterprises face when securing their own perimeters against a rising tide of modern threats.\nRead more: NIST\u2019s Post-Quantum Cybersecurity Standards Ready for Enterprise Use\nFuture of Cybersecurity\nTraditional cybersecurity measures, while still crucial, are no longer sufficient to safeguard against sophisticated attacks. To protect critical assets and maintain operational integrity, organizations must blend established best practices with innovative, emerging security solutions.\nAnd for the \u201cWhat\u2019s Next in Payments\u201d series,\u00a0eight executives stressed to PYMNTS the same: General best practices should be paired with emerging security solutions, and that being proactive is the first step in protecting the perimeter. \nA multilayered security strategy, also known as defense in depth, is essential for mitigating risks at various levels. This approach involves implementing multiple defensive measures across the enterprise network, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and network segmentation. By creating multiple barriers, organizations can prevent or contain breaches before they cause significant damage.\nRead more: Delta, CrowdStrike Fallout Highlights Why Firms Need a Recovery Plan\nEmbracing a \u201cdefense in depth\u201d strategy involves creating multiple layers of defense to protect an organization\u2019s most valuable assets, often known as \u201ccrown jewels.\u201d David Drossman, chief information security officer at\u00a0The Clearing House, told PYMNTS. Drossman described such an approach as building a \u201clabyrinth of control\u201d to mitigate damage even if one layer fails. Segmentation is critical, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.\nAs PYMNTS has reported, many of the fundamental challenges for organizations looking to maintain\u00a0data security\u00a0result from the sheer volume of an organization\u2019s data, the many ways users can access the data (on-site versus remote, computer versus mobile device), and the potential for the compromise of valid user credentials being used by unauthorized users.\nEffective cybersecurity is not a one-time effort but an ongoing process. Continuous monitoring of networks, systems and endpoints is vital for detecting and responding to threats in real time. Coupled with a well-developed incident response plan, this ensures that organizations can quickly address security incidents, minimizing their impact.\nRead more: AWS and Mastercard Lead Call for Urgency in Protecting the Payments Perimeter\nAt the same time, while best practices provide a solid foundation, the changing threat landscape necessitates the adoption of emerging security solutions. These technologies offer advanced capabilities that complement traditional approaches, enabling organizations to stay ahead of sophisticated cyberthreats.\nArtificial intelligence (AI) and machine learning have revolutionized threat detection. By analyzing user behavior and detecting anomalies, AI-driven tools can identify potential threats that may bypass conventional defenses. Behavioral analytics provides a deeper understanding of normal user activities, enabling more accurate detection of suspicious behavior.\nUltimately, the cyberthreat landscape is defined by change. The only constants are vigilance and adaptability, which can be companies\u2019 best weapons when it comes to defending the perimeter.\nThe post Cyber Outages Reveal Need for Multilayered Defenses Across Digital Economy appeared first on PYMNTS.com.", "date_published": "2024-08-26T18:14:21-04:00", "date_modified": "2024-08-26T18:14:21-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/port-of-seattle-cybersecurity.jpg", "tags": [ "Cybersecurity", "data security", "David Drossman", "defense in depth", "News", "Port of Seattle", "PYMNTS News", "The Clearing House", "What\u2019s Next In Payments: Protecting The Perimeter 2024" ] }, { "id": "https://www.pymnts.com/?p=2063192", "url": "https://www.pymnts.com/cybersecurity/2024/microsoft-to-host-summit-on-resiliency-after-july-crowdstrike-outage/", "title": "Microsoft to Host Summit on Resiliency After July CrowdStrike Outage", "content_html": "

Microsoft plans to meet with CrowdStrike, other providers of endpoint security technologies and government representatives to discuss ways to improve resiliency and protect the critical infrastructure of the companies\u2019 mutual customers.

\n

The meeting, dubbed the Windows Endpoint Security Ecosystem Summit, will be hosted by Microsoft at its Redmond, Washington, headquarters on Sept. 10, the company said in a Friday (Aug. 23) blog post.

\n

\u201cOur objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers,\u201d Aidan Marcuss, corporate vice president, Microsoft Windows and Devices, wrote in the post.

\n

The event follows the July CrowdStrike outage, the blog post noted.

\n

\u201cThe CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem,\u201d Marcuss wrote in the post. \u201cOur discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.\u201d

\n

Marcuss added in the post that the presence of government representatives will ensure transparency of this collaborative effort, that the summit will lead to both short-term and long-term next steps, and that updates on these conversations will be shared after the event.

\n

The July outage Marcuss mentioned grounded flights, disrupted banks and financial services, knocked doctors\u2019 booking services offline and caused other havoc when it struck users of Microsoft\u2019s Windows operating system. The outage stemmed from a software update by CrowdStrike, a cybersecurity firm.

\n

\u201cThis is a very, very uncomfortable illustration of the fragility of the world\u2019s core Internet structure,\u201d Ciarin Martin, professor at Oxford University\u2019s Blavatnik School of Government, told Reuters when interviewed for a July 19 report on the incident.

\n

The event put software updates under the microscope. Adam Lowe, Ph.D., chief product and innovation officer at CompoSecure/Arculus with more than a decade of experience with software updates, told PYMNTS in an interview posted in July that issues with essential security software like CrowdStrike can escalate dramatically. If an update disrupts core system functions, particularly at the Windows startup level, rectifying the problem can be daunting.

\n

The post Microsoft to Host Summit on Resiliency After July CrowdStrike Outage appeared first on PYMNTS.com.

\n", "content_text": "Microsoft plans to meet with CrowdStrike, other providers of endpoint security technologies and government representatives to discuss ways to improve resiliency and protect the critical infrastructure of the companies\u2019 mutual customers.\nThe meeting, dubbed the Windows Endpoint Security Ecosystem Summit, will be hosted by Microsoft at its Redmond, Washington, headquarters on Sept. 10, the company said in a Friday (Aug. 23) blog post.\n\u201cOur objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers,\u201d Aidan Marcuss, corporate vice president, Microsoft Windows and Devices, wrote in the post.\nThe event follows the July CrowdStrike outage, the blog post noted.\n\u201cThe CrowdStrike outage in July 2024 presents important lessons for us to apply as an ecosystem,\u201d Marcuss wrote in the post. \u201cOur discussions will focus on improving security and safe deployment practices, designing systems for resiliency and working together as a thriving community of partners to best serve customers now, and in the future.\u201d\nMarcuss added in the post that the presence of government representatives will ensure transparency of this collaborative effort, that the summit will lead to both short-term and long-term next steps, and that updates on these conversations will be shared after the event.\nThe July outage Marcuss mentioned grounded flights, disrupted banks and financial services, knocked doctors\u2019 booking services offline and caused other havoc when it struck users of Microsoft\u2019s Windows operating system. The outage stemmed from a software update by CrowdStrike, a cybersecurity firm.\n\u201cThis is a very, very uncomfortable illustration of the fragility of the world\u2019s core Internet structure,\u201d Ciarin Martin, professor at Oxford University\u2019s Blavatnik School of Government, told Reuters when interviewed for a July 19 report on the incident.\nThe event put software updates under the microscope. Adam Lowe, Ph.D., chief product and innovation officer at CompoSecure/Arculus with more than a decade of experience with software updates, told PYMNTS in an interview posted in July that issues with essential security software like CrowdStrike can escalate dramatically. If an update disrupts core system functions, particularly at the Windows startup level, rectifying the problem can be daunting.\nThe post Microsoft to Host Summit on Resiliency After July CrowdStrike Outage appeared first on PYMNTS.com.", "date_published": "2024-08-23T16:31:35-04:00", "date_modified": "2024-08-23T16:31:35-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/07/CrowdStrike.jpg", "tags": [ "CrowdStrike", "Crowdstrike outage", "Cybersecurity", "Government", "Microsoft", "Microsoft Windows", "News", "PYMNTS News", "Security", "What's Hot" ] }, { "id": "https://www.pymnts.com/?p=2062388", "url": "https://www.pymnts.com/cybersecurity/2024/cyber-hygiene-the-constant-defense-against-evolving-b2b-threats/", "title": "Cyber Hygiene: The Constant Defense Against Evolving B2B Threats", "content_html": "

Today\u2019s cybersecurity and fraud landscape is increasingly becoming an arms race.

\n

For every 12-foot-tall wall that businesses build, fraudsters start to shape an ever-more sophisticated 13-foot ladder. In this tit-for-tat landscape, constant vigilance has become crucial.

\n

\u201cWhat you want to do is catch it before it becomes a crisis,\u201d Boost Payment Solutions Chief Technology Officer Rick Kenneally told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d

\n

He added that the first step in threat detection can be as simple as \u201ckeeping up with the basics\u201d as it relates to monitoring and compliance checks, noting that \u201cthey will turn things up.\u201d

\n

Within the world of B2B payments in particular, the ongoing challenge of thwarting fraudsters is especially pronounced due to the large transaction values and complex processes that can create unique and attractive vulnerabilities.

\n

Kenneally explained that detection, prevention and protection in the B2B environment is not just about internal vigilance but also about selecting strong partners who can provide valuable insights and support.

\n

\u201cWe ensure that we are getting that information not just from our own monitoring but also from partners who help us stay informed,\u201d he said.

\n

This proactive approach is important in a landscape where new threats emerge constantly, and the consequences of a breach can be catastrophic.

\n

The Importance of Staying Informed and Proactive

\n

In today\u2019s rapidly evolving digital landscape, where cybersecurity threats are becoming increasingly sophisticated, protecting the perimeter of an organization\u2019s digital infrastructure has never been more critical.

\n

Learning from industry incidents, such as the CrowdStrike event in July, is also a critical part of Boost\u2019s strategy. Kenneally explained how this particular incident prompted his team to reevaluate their own processes.

\n

\u201cThe CrowdStrike incident made us sit down and think, \u2018OK, what would we do if suddenly all of our laptops bricked, and people couldn\u2019t log in? What\u2019s our recovery process?\u2019\u201d he said.

\n

This type of scenario planning is essential for ensuring that companies can respond quickly and effectively to unforeseen challenges.

\n

While the basic approach to developing contingency plans has remained consistent over the years \u2014 bringing together the right people to think through potential scenarios \u2014 the specific threats that companies face have evolved.

\n

\u201cThe things that we discussed change over time,\u201d Kenneally noted, highlighting the emergence of new fraudsters and types of threats. Despite these changes, he stressed, the fundamentals remain the same: developing plans, testing them regularly and making adjustments as needed.

\n

When it comes to strengthening the defenses against both internal and external threats, Kenneally emphasized the importance of a multifaceted approach.

\n

\u201cYou need to look at the cybersecurity aspect and the fraud prevention aspect,\u201d he said.

\n

For Boost, which operates in the B2B credit card payment space, fraud prevention is built into the business model. Payments can only be made to companies that have passed a rigorous vetting process and are registered with Boost, reducing the risk of fraudulent transactions.

\n

Building a Culture of Resilience Across Products and People

\n

By partnering with companies that provide early warnings about threats and scams when they see them independently, such as domain spoofing attempts, businesses can stay ahead of potential threats.

\n

\u201cThat\u2019s an important control, and I strongly recommend it for any company,\u201d Kenneally said, stressing the benefits of collaborative working partnerships.

\n

\u201cIt\u2019s about ensuring that the controls are in place and that we are partnering with our customers to mitigate risks,\u201d he added.

\n

This is particularly relevant given the increasing sophistication of phishing attempts, some of which may be assisted by artificial intelligence.

\n

Another aspect of Boost\u2019s strategy is fostering a culture of resilience and agility within the organization. This involves continuous training and education, not just for the IT team but across the entire company.

\n

\u201cTraining is critical,\u201d Kenneally said. \u201cIt needs to be consistent, prioritized and focused on keeping employees aware of the latest threats.\u201d

\n

Regular exercises, such as phishing campaigns, are also essential in maintaining vigilance.

\n

\u201cWe take examples of phishing attempts and share them with the company to keep these threats top of mind,\u201d he said.

\n

As the cybersecurity landscape continues to evolve, the need for companies to protect their digital perimeter becomes more pressing. But while the threats may change, the fundamental principles of good cybersecurity \u2014 vigilance, education and proactive planning \u2014 remain constant.

\n

For all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.

\n

The post Cyber Hygiene: The Constant Defense Against Evolving B2B Threats appeared first on PYMNTS.com.

\n", "content_text": "Today\u2019s cybersecurity and fraud landscape is increasingly becoming an arms race.\nFor every 12-foot-tall wall that businesses build, fraudsters start to shape an ever-more sophisticated 13-foot ladder. In this tit-for-tat landscape, constant vigilance has become crucial.\n\u201cWhat you want to do is catch it before it becomes a crisis,\u201d Boost Payment Solutions Chief Technology Officer Rick Kenneally told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d\nHe added that the first step in threat detection can be as simple as \u201ckeeping up with the basics\u201d as it relates to monitoring and compliance checks, noting that \u201cthey will turn things up.\u201d\nWithin the world of B2B payments in particular, the ongoing challenge of thwarting fraudsters is especially pronounced due to the large transaction values and complex processes that can create unique and attractive vulnerabilities.\nKenneally explained that detection, prevention and protection in the B2B environment is not just about internal vigilance but also about selecting strong partners who can provide valuable insights and support.\n\u201cWe ensure that we are getting that information not just from our own monitoring but also from partners who help us stay informed,\u201d he said.\nThis proactive approach is important in a landscape where new threats emerge constantly, and the consequences of a breach can be catastrophic.\nThe Importance of Staying Informed and Proactive\nIn today\u2019s rapidly evolving digital landscape, where cybersecurity threats are becoming increasingly sophisticated, protecting the perimeter of an organization\u2019s digital infrastructure has never been more critical.\nLearning from industry incidents, such as the CrowdStrike event in July, is also a critical part of Boost\u2019s strategy. Kenneally explained how this particular incident prompted his team to reevaluate their own processes.\n\u201cThe CrowdStrike incident made us sit down and think, \u2018OK, what would we do if suddenly all of our laptops bricked, and people couldn\u2019t log in? What\u2019s our recovery process?\u2019\u201d he said.\nThis type of scenario planning is essential for ensuring that companies can respond quickly and effectively to unforeseen challenges.\nWhile the basic approach to developing contingency plans has remained consistent over the years \u2014 bringing together the right people to think through potential scenarios \u2014 the specific threats that companies face have evolved.\n\u201cThe things that we discussed change over time,\u201d Kenneally noted, highlighting the emergence of new fraudsters and types of threats. Despite these changes, he stressed, the fundamentals remain the same: developing plans, testing them regularly and making adjustments as needed.\nWhen it comes to strengthening the defenses against both internal and external threats, Kenneally emphasized the importance of a multifaceted approach.\n\u201cYou need to look at the cybersecurity aspect and the fraud prevention aspect,\u201d he said.\nFor Boost, which operates in the B2B credit card payment space, fraud prevention is built into the business model. Payments can only be made to companies that have passed a rigorous vetting process and are registered with Boost, reducing the risk of fraudulent transactions.\nBuilding a Culture of Resilience Across Products and People\nBy partnering with companies that provide early warnings about threats and scams when they see them independently, such as domain spoofing attempts, businesses can stay ahead of potential threats.\n\u201cThat\u2019s an important control, and I strongly recommend it for any company,\u201d Kenneally said, stressing the benefits of collaborative working partnerships.\n\u201cIt\u2019s about ensuring that the controls are in place and that we are partnering with our customers to mitigate risks,\u201d he added.\nThis is particularly relevant given the increasing sophistication of phishing attempts, some of which may be assisted by artificial intelligence.\nAnother aspect of Boost\u2019s strategy is fostering a culture of resilience and agility within the organization. This involves continuous training and education, not just for the IT team but across the entire company.\n\u201cTraining is critical,\u201d Kenneally said. \u201cIt needs to be consistent, prioritized and focused on keeping employees aware of the latest threats.\u201d\nRegular exercises, such as phishing campaigns, are also essential in maintaining vigilance.\n\u201cWe take examples of phishing attempts and share them with the company to keep these threats top of mind,\u201d he said.\nAs the cybersecurity landscape continues to evolve, the need for companies to protect their digital perimeter becomes more pressing. But while the threats may change, the fundamental principles of good cybersecurity \u2014 vigilance, education and proactive planning \u2014 remain constant.\nFor all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.\nThe post Cyber Hygiene: The Constant Defense Against Evolving B2B Threats appeared first on PYMNTS.com.", "date_published": "2024-08-23T04:01:53-04:00", "date_modified": "2024-08-22T21:30:57-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/Boost-SB3-security.jpg", "tags": [ "B2B", "B2B Payments", "Boost Payment Solutions", "commercial payments", "Cybersecurity", "digital transformation", "Featured News", "fraud", "Fraud Prevention", "News", "pymnts tv", "Rick Kenneally", "Security", "Technology", "video", "WhatsNextInPaymentsSeries", "What\u2019s Next In Payments: Protecting The Perimeter 2024" ] }, { "id": "https://www.pymnts.com/?p=2054780", "url": "https://www.pymnts.com/cybersecurity/2024/mastercard-executive-urges-companies-to-embed-security-in-their-business-dna/", "title": "Mastercard Executive Urges Companies to Embed Security in Their Business DNA", "content_html": "

In today\u2019s operating landscape, cybersafety and business success tend to go hand in hand.

\n

While understanding the tactics, techniques and procedures (TTPs) employed by a rising cohort of cybercriminals is crucial for businesses aiming to fortify their defenses against such threats, so too is fostering a culture where employees feel empowered to act when they identify potential risks.

\n

\u201cIn our technology environment, leaders and individuals need to feel empowered to take ownership if they see something that\u2019s not right,\u201d Ron Green, cybersecurity fellow and former chief security officer at Mastercard, told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d

\n

Green stressed that creating an environment where team members can \u201cpress the red button\u201d when they see something wrong is important.

\n

This approach ensures that small issues are addressed before they can escalate into larger crises.

\n

At the same time, Green explained that it\u2019s not enough to focus on creating new products and services; businesses must ensure that their existing systems are resilient and their teams are prepared to address any emerging threats.

\n

In today\u2019s interconnected world, disruptions can come from various sources \u2014 not just cyberthreats but also physical events like natural disasters or media crises.

\n

All-Hazards Planning: Preparing for Any Eventuality

\n

Cybercriminals employ a variety of tactics to infiltrate systems. But beyond fraudsters, disruptions can happen of their own accord. Businesses, particularly those operating in security-critical sectors, must invest in advanced threat detection and response solutions, implement robust backup and recovery processes, and conduct regular security training for employees to reduce the risk of phishing attacks.

\n

\u201cAt Mastercard, we have a crisis team \u2014 not a cyber crisis team, not a weather crisis team, just a crisis team that handles any bad event,\u201d Green said, highlighting the importance of an all-hazards approach to business continuity planning.

\n

This holistic approach to crisis management allows organizations to respond effectively regardless of the nature of the disruption, he added. Moreover, real-life testing of these plans, including exercises that involve external partners such as government agencies and even customers, is vital to ensure preparedness.

\n

Green shared that Mastercard regularly conducts over 30 tests with different scenarios and business units, often involving external entities like the FBI, Secret Service and Cybersecurity and Infrastructure Security Agency (CISA).

\n

Regular testing, both within the organization and with external partners, ensures that when a real incident occurs, the response is swift and effective.

\n

These exercises help ensure that on the \u201cbad day,\u201d everyone knows how to work together efficiently, Green said.

\n

Strengthening Cybersecurity Through Tech, Education and Exercise

\n

In terms of cybersecurity, Green highlighted the importance of adopting a multifaceted approach that includes advanced technology, continuous education and rigorous exercise.

\n

On the technology front, the adoption of a zero-trust framework is critical.

\n

\u201cLook at those technologies that can ensure people are doing what they need to do, only what they need to do, when they need to do it, and how they need to do it,\u201d Green advised.

\n

This principle minimizes unnecessary access and ensures that only authorized actions are taken, reducing the risk of breaches.

\n

Education is another pillar of a strong cybersecurity posture.

\n

\u201cIf you feel like you know everything in security, you don\u2019t,\u201d Green warned.

\n

Continuous learning is essential not just for security professionals but for everyone in the organization, and by educating all employees, companies can reduce the risk of human error leading to breaches.

\n

One of the common challenges in many organizations is the perception that security measures slow down business processes. Green argued that when security is integrated from the beginning, it enhances agility.

\n

\u201cOften, the business team develops the technology and wants to move fast, but then they realize they need to get security involved,\u201d Green said.

\n

By embedding security officers within business units from the start, companies can streamline the process, avoiding delays and ensuring that security is an integral part of development rather than an afterthought.

\n

Green also touched on the risks associated with rapidly adopting new technologies without considering their long-term management. Using the analogy of adopting puppies, he warned that bringing in too many new technologies without a plan for their care and maintenance can lead to chaos.

\n

\u201cYou don\u2019t want every animal in the zoo that you have to take care of,\u201d he noted.

\n

Instead, businesses should strive for standardization, which allows for more efficient management and reduces the complexity of the technological environment. While standardization is key, Green also stressed the importance of thorough testing to ensure that systems are resilient and secure.

\n

Ultimately, he concluded, a well-rounded and proactive approach to cybersecurity and business continuity fosters trust among customers. When businesses are known for their rigorous security practices and their ability to handle crises effectively, they build a reputation for reliability and safety.

\n

\u201cDoing everything right and being known for doing that … develops trust,\u201d Green explained.

\n

Trust, in turn, strengthens customer relationships and enhances the overall resilience of the business.

\n

The post Mastercard Executive Urges Companies to Embed Security in Their Business DNA appeared first on PYMNTS.com.

\n", "content_text": "In today\u2019s operating landscape, cybersafety and business success tend to go hand in hand.\nWhile understanding the tactics, techniques and procedures (TTPs) employed by a rising cohort of cybercriminals is crucial for businesses aiming to fortify their defenses against such threats, so too is fostering a culture where employees feel empowered to act when they identify potential risks.\n\u201cIn our technology environment, leaders and individuals need to feel empowered to take ownership if they see something that\u2019s not right,\u201d Ron Green, cybersecurity fellow and former chief security officer at Mastercard, told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d\nGreen stressed that creating an environment where team members can \u201cpress the red button\u201d when they see something wrong is important.\nThis approach ensures that small issues are addressed before they can escalate into larger crises.\nAt the same time, Green explained that it\u2019s not enough to focus on creating new products and services; businesses must ensure that their existing systems are resilient and their teams are prepared to address any emerging threats.\nIn today\u2019s interconnected world, disruptions can come from various sources \u2014 not just cyberthreats but also physical events like natural disasters or media crises.\nAll-Hazards Planning: Preparing for Any Eventuality\nCybercriminals employ a variety of tactics to infiltrate systems. But beyond fraudsters, disruptions can happen of their own accord. Businesses, particularly those operating in security-critical sectors, must invest in advanced threat detection and response solutions, implement robust backup and recovery processes, and conduct regular security training for employees to reduce the risk of phishing attacks.\n\u201cAt Mastercard, we have a crisis team \u2014 not a cyber crisis team, not a weather crisis team, just a crisis team that handles any bad event,\u201d Green said, highlighting the importance of an all-hazards approach to business continuity planning.\nThis holistic approach to crisis management allows organizations to respond effectively regardless of the nature of the disruption, he added. Moreover, real-life testing of these plans, including exercises that involve external partners such as government agencies and even customers, is vital to ensure preparedness.\nGreen shared that Mastercard regularly conducts over 30 tests with different scenarios and business units, often involving external entities like the FBI, Secret Service and Cybersecurity and Infrastructure Security Agency (CISA).\nRegular testing, both within the organization and with external partners, ensures that when a real incident occurs, the response is swift and effective.\nThese exercises help ensure that on the \u201cbad day,\u201d everyone knows how to work together efficiently, Green said.\nStrengthening Cybersecurity Through Tech, Education and Exercise\nIn terms of cybersecurity, Green highlighted the importance of adopting a multifaceted approach that includes advanced technology, continuous education and rigorous exercise.\nOn the technology front, the adoption of a zero-trust framework is critical.\n\u201cLook at those technologies that can ensure people are doing what they need to do, only what they need to do, when they need to do it, and how they need to do it,\u201d Green advised.\nThis principle minimizes unnecessary access and ensures that only authorized actions are taken, reducing the risk of breaches.\nEducation is another pillar of a strong cybersecurity posture.\n\u201cIf you feel like you know everything in security, you don\u2019t,\u201d Green warned.\nContinuous learning is essential not just for security professionals but for everyone in the organization, and by educating all employees, companies can reduce the risk of human error leading to breaches.\nOne of the common challenges in many organizations is the perception that security measures slow down business processes. Green argued that when security is integrated from the beginning, it enhances agility.\n\u201cOften, the business team develops the technology and wants to move fast, but then they realize they need to get security involved,\u201d Green said.\nBy embedding security officers within business units from the start, companies can streamline the process, avoiding delays and ensuring that security is an integral part of development rather than an afterthought.\nGreen also touched on the risks associated with rapidly adopting new technologies without considering their long-term management. Using the analogy of adopting puppies, he warned that bringing in too many new technologies without a plan for their care and maintenance can lead to chaos.\n\u201cYou don\u2019t want every animal in the zoo that you have to take care of,\u201d he noted.\nInstead, businesses should strive for standardization, which allows for more efficient management and reduces the complexity of the technological environment. While standardization is key, Green also stressed the importance of thorough testing to ensure that systems are resilient and secure.\nUltimately, he concluded, a well-rounded and proactive approach to cybersecurity and business continuity fosters trust among customers. When businesses are known for their rigorous security practices and their ability to handle crises effectively, they build a reputation for reliability and safety.\n\u201cDoing everything right and being known for doing that … develops trust,\u201d Green explained.\nTrust, in turn, strengthens customer relationships and enhances the overall resilience of the business.\nThe post Mastercard Executive Urges Companies to Embed Security in Their Business DNA appeared first on PYMNTS.com.", "date_published": "2024-08-20T04:01:16-04:00", "date_modified": "2024-08-19T22:38:42-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/Mastercard-overlay.jpg", "tags": [ "Cybersecurity", "Data Breaches", "Featured News", "fraud", "MasterCard", "News", "PYMNTS News", "pymnts tv", "Ron Green", "scams", "Security", "Technology", "video", "WhatsNextInPaymentsSeries", "What\u2019s Next In Payments: Protecting The Perimeter 2024" ] }, { "id": "https://www.pymnts.com/?p=2053499", "url": "https://www.pymnts.com/cybersecurity/2024/death-taxes-cyberthreats-why-proactive-security-is-inevitable-businesses/", "title": "Cyberattack Surge Demands Culture of Proactive Security", "content_html": "

Death and taxes have long been life\u2019s unavoidable realities. Now, add to that list the rising prevalence of cyberattacks \u2014 and the growing imperative for businesses to defend against them, especially in B2B payments.

\n

\u201cYou\u2019re only as secure as your weakest link,\u201d Chris Wyatt, chief strategy officer at Finexio, told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d \u201cAnd we move money, so we can\u2019t have the bad guys finding an easy way in.\u201d

\n

In today\u2019s hyper-connected world, where the lines between digital and physical operations are blurring, safeguarding against cyberthreats has become a cornerstone of business strategy. The stakes are higher, especially for organizations dealing with sensitive financial data and payments, where a breach can lead to financial and reputational damage.

\n

The threat landscape demands that business leaders not only react to cyber incidents but also anticipate and prevent them, particularly when it comes to payment processing.

\n

\u201cThe goal, really, is to mandate proactive risk management,\u201d Wyatt said, emphasizing that a forward-looking stance is critical in an industry where even a minor security lapse can have catastrophic consequences. This aligns with Finexio\u2019s practice of embedding security into every layer of its platform to eliminate vulnerabilities in payment processing.

\n

How Businesses Can Stay Ahead of Cyberthreats

\n

As Wyatt added, Finexio spent the last 12 to 18 months focusing on strengthening its cybersecurity measures. This effort wasn\u2019t just about protecting the company\u2019s own operations but also ensuring its partners and customers benefitted from the highest standards of security.

\n

\u201cThere was a big education component we\u2019ve had to do with our customers,\u201d he said, highlighting the interconnected nature of modern business operations. The focus isn\u2019t just on reacting to incidents but on creating an environment where risks are identified and mitigated before they escalate into crises.

\n

One of the key areas Finexio has addressed is vendor management, often a weak spot that cybercriminals exploit. Working closely with customers, Finexio has helped them shift the burden of managing sensitive information, such as automated clearing house (ACH) data, onto the company itself. This not only reduces the risk for customers but also ensures that the data is handled with the highest level of security.

\n

Building resilience and continuity planning into business operations is also becoming table stakes for today\u2019s cyber landscape. Redundancy and resilience are key themes businesses are embracing as they aim to ensure that operations can continue seamlessly, even in the face of unexpected disruptions. This includes building multibank and multipay partner capabilities, as well as replicating environments across different cloud providers to avoid single points of failure.

\n

\u201cUnfortunately, things do go down at times,\u201d Wyatt said, referencing real-world examples like the CrowdStrike incident that disrupted multiple organizations, including major airlines like Delta.

\n

These events serve as reminders that even the most well-prepared companies can fall victim to cyber incidents. The key, Wyatt said, is to have a comprehensive contingency plan in place, one that includes not just technical solutions but also well-documented procedures for dealing with incidents as they arise.

\n

Fighting Fire With Fire

\n

Part of the urgency around the cyberthreat landscape is the fact that the threats are growing increasingly sophisticated, scalable and even industrialized as new technologies like artificial intelligence become more accessible.

\n

Wyatt said the democratization of technology has made complex tools now available to virtually anyone, making it easier for cybercriminals to carry out attacks.

\n

That\u2019s why the potential of AI and large language models to transform how companies manage their cybersecurity efforts is becoming so crucial, he said.

\n

One of the most promising applications of AI lies in simplifying the often overwhelming task of navigating internal documentation. By using language models, businesses can create a system where employees can quickly find answers to complex questions without sifting through countless documents. This not only saves time but also ensures that employees are following the correct procedures, reducing the risk of human error.

\n

As AI and other technologies continue to advance, Wyatt said he believes that businesses will be able to further narrow the \u201cthreat window\u201d \u2014 the period during which a system is vulnerable to attack. The key is to use these technologies in a way that simplifies operations rather than adding to the complexity.

\n

Wyatt said he sees both cultural and technical changes as essential for staying ahead of the cybersecurity threats. Leadership will continue to play a role, but the involvement of every employee is equally important in scaling the necessary shift from viewing cybersecurity training as a checkbox exercise to making it a core component of the company\u2019s operations.

\n

The post Cyberattack Surge Demands Culture of Proactive Security appeared first on PYMNTS.com.

\n", "content_text": "Death and taxes have long been life\u2019s unavoidable realities. Now, add to that list the rising prevalence of cyberattacks \u2014 and the growing imperative for businesses to defend against them, especially in B2B payments.\n\u201cYou\u2019re only as secure as your weakest link,\u201d Chris Wyatt, chief strategy officer at Finexio, told PYMNTS for the series \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d \u201cAnd we move money, so we can\u2019t have the bad guys finding an easy way in.\u201d\nIn today\u2019s hyper-connected world, where the lines between digital and physical operations are blurring, safeguarding against cyberthreats has become a cornerstone of business strategy. The stakes are higher, especially for organizations dealing with sensitive financial data and payments, where a breach can lead to financial and reputational damage.\nThe threat landscape demands that business leaders not only react to cyber incidents but also anticipate and prevent them, particularly when it comes to payment processing.\n\u201cThe goal, really, is to mandate proactive risk management,\u201d Wyatt said, emphasizing that a forward-looking stance is critical in an industry where even a minor security lapse can have catastrophic consequences. This aligns with Finexio\u2019s practice of embedding security into every layer of its platform to eliminate vulnerabilities in payment processing.\nHow Businesses Can Stay Ahead of Cyberthreats\nAs Wyatt added, Finexio spent the last 12 to 18 months focusing on strengthening its cybersecurity measures. This effort wasn\u2019t just about protecting the company\u2019s own operations but also ensuring its partners and customers benefitted from the highest standards of security.\n\u201cThere was a big education component we\u2019ve had to do with our customers,\u201d he said, highlighting the interconnected nature of modern business operations. The focus isn\u2019t just on reacting to incidents but on creating an environment where risks are identified and mitigated before they escalate into crises.\nOne of the key areas Finexio has addressed is vendor management, often a weak spot that cybercriminals exploit. Working closely with customers, Finexio has helped them shift the burden of managing sensitive information, such as automated clearing house (ACH) data, onto the company itself. This not only reduces the risk for customers but also ensures that the data is handled with the highest level of security.\nBuilding resilience and continuity planning into business operations is also becoming table stakes for today\u2019s cyber landscape. Redundancy and resilience are key themes businesses are embracing as they aim to ensure that operations can continue seamlessly, even in the face of unexpected disruptions. This includes building multibank and multipay partner capabilities, as well as replicating environments across different cloud providers to avoid single points of failure.\n\u201cUnfortunately, things do go down at times,\u201d Wyatt said, referencing real-world examples like the CrowdStrike incident that disrupted multiple organizations, including major airlines like Delta.\nThese events serve as reminders that even the most well-prepared companies can fall victim to cyber incidents. The key, Wyatt said, is to have a comprehensive contingency plan in place, one that includes not just technical solutions but also well-documented procedures for dealing with incidents as they arise.\nFighting Fire With Fire\nPart of the urgency around the cyberthreat landscape is the fact that the threats are growing increasingly sophisticated, scalable and even industrialized as new technologies like artificial intelligence become more accessible.\nWyatt said the democratization of technology has made complex tools now available to virtually anyone, making it easier for cybercriminals to carry out attacks.\nThat\u2019s why the potential of AI and large language models to transform how companies manage their cybersecurity efforts is becoming so crucial, he said.\nOne of the most promising applications of AI lies in simplifying the often overwhelming task of navigating internal documentation. By using language models, businesses can create a system where employees can quickly find answers to complex questions without sifting through countless documents. This not only saves time but also ensures that employees are following the correct procedures, reducing the risk of human error.\nAs AI and other technologies continue to advance, Wyatt said he believes that businesses will be able to further narrow the \u201cthreat window\u201d \u2014 the period during which a system is vulnerable to attack. The key is to use these technologies in a way that simplifies operations rather than adding to the complexity.\nWyatt said he sees both cultural and technical changes as essential for staying ahead of the cybersecurity threats. Leadership will continue to play a role, but the involvement of every employee is equally important in scaling the necessary shift from viewing cybersecurity training as a checkbox exercise to making it a core component of the company\u2019s operations.\nThe post Cyberattack Surge Demands Culture of Proactive Security appeared first on PYMNTS.com.", "date_published": "2024-08-19T04:02:06-04:00", "date_modified": "2024-08-18T20:55:15-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/Finexio-cyberthreat.jpg", "tags": [ "artificial intelligence", "B2B", "B2B Payments", "Chris Wyatt", "commercial payments", "Cybersecurity", "data", "Featured News", "Finexio", "fraud", "Innovation", "News", "PYMNTS News", "pymnts tv", "Security", "Technology", "video", "WhatsNextInPaymentsSeries", "What\u2019s Next In Payments: Protecting The Perimeter 2024" ] }, { "id": "https://www.pymnts.com/?p=2053464", "url": "https://www.pymnts.com/cybersecurity/2024/the-clearing-house-ciso-says-multilayered-defense-key-to-operational-resilience/", "title": "The Clearing House CISO Says Multilayered Defense Key to Operational Resilience", "content_html": "

In today\u2019s hyper-connected operating environment, the question is not if a business will face a cyberthreat, but when.

\n

\u201cSecurity events and security alerts are something we deal with every single minute of every day,\u201d David Drossman, chief information security officer at The Clearing House (TCH), told PYMNTS for the series, \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d

\n

\u201cThe key for us is to make sure that none of those events or alerts become incidents or major crises,\u201d Drossman said.

\n

The imperative for organizations to secure their digital assets has never been greater, with cyberattacks becoming increasingly sophisticated and relentless. This requires planning, preparedness and a clear understanding of how to respond when an alert arises.

\n

\u201cFirst things first, you need to have your incident response planning right,\u201d Drossman said, stressing the importance of employing an overarching incident response plan, supplemented by detailed procedures specific to information security. This dual approach ensures that when alerts occur, the organization can respond swiftly and effectively.

\n

Still, embracing a zero-day threat behavior frequently requires standing up proactive measures and may require a cultural shift within organizations.

\n

The plan should be supported by up-to-date threat intelligence, which can help organizations stay ahead of potential threats.

\n

\u201cEnsuring that your systems are getting the data they need to respond and detect threats is crucial,\u201d Drossman said, noting that both automated and manual data feeds are necessary.

\n

Defense in Depth: Building a Multilayered Security Framework

\n

A key concept in modern cybersecurity is \u201cdefense in depth,\u201d and it is emerging as one of the foundational elements of a robust cybersecurity strategy.

\n

As Drossman highlighted, embracing a \u201cdefense in depth\u201d strategy involves creating multiple layers of defense to protect an organization\u2019s most valuable assets, often referred to as \u201ccrown jewels.\u201d He described it as building a \u201clabyrinth of control\u201d that can mitigate damage even if one layer fails. Segmentation is critical here, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.

\n

\u201cIt\u2019s not just having the cyber event, it is how you respond to it \u2026 the truth is, everyone wants a perfect record when it comes to not having cyber incidents, but the most important thing is that when they happen, make sure you are prepared,\u201d Drossman said. \u201cThat is the key to everything.\u201d

\n

As technology evolves, so too do the methods and tools used by cybercriminals. Drossman noted that the expansion of cloud services and third-party integrations has altered the security landscape.

\n

Emerging technologies like artificial intelligence present both opportunities and challenges. While AI can enhance cybersecurity defenses by automating threat detection and response, it also introduces new risks that must be managed.

\n

\u201cWe have to be aware of how AI is used within our organization and ensure it doesn\u2019t introduce vulnerabilities,\u201d Drossman advised, noting that organizations must continuously adapt their security strategies to account for changes, ensuring that new technologies are integrated safely and securely.

\n

Building a Security-Conscious Culture

\n

While technical measures are vital, cultivating a culture of awareness and responsibility among employees is equally important.

\n

Gone are the days when information security was the sole domain of a secluded IT team. Drossman advocated for a collaborative approach, integrating cybersecurity efforts across all departments, including business technology, HR and legal. This ensures a cohesive strategy that aligns with the organization\u2019s broader goals while maintaining robust security controls.

\n

Ensuring that every employee understands that risk management is part of their responsibility is essential. Drossman pointed out that phishing remains a threat, often targeting individuals\u2019 emotions or current events.

\n

\u201cAll it takes is one person to compromise the security of an entire organization,\u201d he warned, stressing the role of company culture in standing up a defense capable of detecting and mitigating risks before they can cause harm.

\n

Additionally, implementing measures like multifactor authentication (MFA) helps safeguard against unauthorized access, even if credentials are compromised.

\n

Ultimately, in an era where the cybersecurity perimeter is increasingly blurred, and threats are constantly evolving, staying ahead of potential risks is more crucial than ever, Drossman said. By fostering a culture of security awareness, using advanced technologies, and maintaining a flexible, adaptive strategy, organizations can safeguard their most valuable assets and ensure long-term resilience in the face of cyberthreats.

\n

The post The Clearing House CISO Says Multilayered Defense Key to Operational Resilience appeared first on PYMNTS.com.

\n", "content_text": "In today\u2019s hyper-connected operating environment, the question is not if a business will face a cyberthreat, but when.\n\u201cSecurity events and security alerts are something we deal with every single minute of every day,\u201d David Drossman, chief information security officer at The Clearing House (TCH), told PYMNTS for the series, \u201cWhat\u2019s Next in Payments: Protecting the Perimeter.\u201d\n\u201cThe key for us is to make sure that none of those events or alerts become incidents or major crises,\u201d Drossman said.\nThe imperative for organizations to secure their digital assets has never been greater, with cyberattacks becoming increasingly sophisticated and relentless. This requires planning, preparedness and a clear understanding of how to respond when an alert arises.\n\u201cFirst things first, you need to have your incident response planning right,\u201d Drossman said, stressing the importance of employing an overarching incident response plan, supplemented by detailed procedures specific to information security. This dual approach ensures that when alerts occur, the organization can respond swiftly and effectively.\nStill, embracing a zero-day threat behavior frequently requires standing up proactive measures and may require a cultural shift within organizations.\nThe plan should be supported by up-to-date threat intelligence, which can help organizations stay ahead of potential threats.\n\u201cEnsuring that your systems are getting the data they need to respond and detect threats is crucial,\u201d Drossman said, noting that both automated and manual data feeds are necessary.\nDefense in Depth: Building a Multilayered Security Framework\nA key concept in modern cybersecurity is \u201cdefense in depth,\u201d and it is emerging as one of the foundational elements of a robust cybersecurity strategy.\nAs Drossman highlighted, embracing a \u201cdefense in depth\u201d strategy involves creating multiple layers of defense to protect an organization\u2019s most valuable assets, often referred to as \u201ccrown jewels.\u201d He described it as building a \u201clabyrinth of control\u201d that can mitigate damage even if one layer fails. Segmentation is critical here, especially in separating employee networks from sensitive areas to minimize the risk of internal breaches.\n\u201cIt\u2019s not just having the cyber event, it is how you respond to it \u2026 the truth is, everyone wants a perfect record when it comes to not having cyber incidents, but the most important thing is that when they happen, make sure you are prepared,\u201d Drossman said. \u201cThat is the key to everything.\u201d\nAs technology evolves, so too do the methods and tools used by cybercriminals. Drossman noted that the expansion of cloud services and third-party integrations has altered the security landscape.\nEmerging technologies like artificial intelligence present both opportunities and challenges. While AI can enhance cybersecurity defenses by automating threat detection and response, it also introduces new risks that must be managed.\n\u201cWe have to be aware of how AI is used within our organization and ensure it doesn\u2019t introduce vulnerabilities,\u201d Drossman advised, noting that organizations must continuously adapt their security strategies to account for changes, ensuring that new technologies are integrated safely and securely.\nBuilding a Security-Conscious Culture\nWhile technical measures are vital, cultivating a culture of awareness and responsibility among employees is equally important.\nGone are the days when information security was the sole domain of a secluded IT team. Drossman advocated for a collaborative approach, integrating cybersecurity efforts across all departments, including business technology, HR and legal. This ensures a cohesive strategy that aligns with the organization\u2019s broader goals while maintaining robust security controls.\nEnsuring that every employee understands that risk management is part of their responsibility is essential. Drossman pointed out that phishing remains a threat, often targeting individuals\u2019 emotions or current events.\n\u201cAll it takes is one person to compromise the security of an entire organization,\u201d he warned, stressing the role of company culture in standing up a defense capable of detecting and mitigating risks before they can cause harm.\nAdditionally, implementing measures like multifactor authentication (MFA) helps safeguard against unauthorized access, even if credentials are compromised.\nUltimately, in an era where the cybersecurity perimeter is increasingly blurred, and threats are constantly evolving, staying ahead of potential risks is more crucial than ever, Drossman said. By fostering a culture of security awareness, using advanced technologies, and maintaining a flexible, adaptive strategy, organizations can safeguard their most valuable assets and ensure long-term resilience in the face of cyberthreats.\nThe post The Clearing House CISO Says Multilayered Defense Key to Operational Resilience appeared first on PYMNTS.com.", "date_published": "2024-08-19T04:01:00-04:00", "date_modified": "2024-08-18T20:59:18-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/TCH-security-WNIP.jpg", "tags": [ "artificial intelligence", "authentication", "automation", "Cybersecurity", "data", "David Drossman", "Featured News", "fraud", "Innovation", "News", "PYMNTS News", "pymnts tv", "Security", "Technology", "The Clearing House", "video", "WhatsNextInPaymentsSeries", "What\u2019s Next In Payments: Protecting The Perimeter 2024" ] }, { "id": "https://www.pymnts.com/?p=2053690", "url": "https://www.pymnts.com/cybersecurity/2024/nists-post-quantum-cybersecurity-standards-ready-for-enterprise-use/", "title": "NIST\u2019s Post-Quantum Cybersecurity Standards Ready for Enterprise Use", "content_html": "

As information has become electronic, the encryption of that information has become imperative.

\n

And with the news Tuesday (Aug. 13) that, after an eight-year-long process, the\u00a0U.S. Department of Commerce\u2019s National Institute of Standards and Technology (NIST)\u00a0has\u00a0finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer, businesses dealing with an emergent and sophisticated breed of cybercriminals can breathe a small sigh of relief.

\n

While observers may be wondering what the big deal is about post-quantum (PQ) cryptography \u2014 particularly when nobody has actually seen or used a real quantum computer, and their commercial viability remains perpetually 10 years away \u2014 the big deal, so to speak, is actually a simple one: post-quantum security standards are by definition safer, more resilient, and more flexible than existing classical measures.

\n

The advent of PQ protocols raises the bar for security solutions more broadly, and their standardization will have almost as large an impact on payments, commerce and the financial sector as quantum computing itself is one day slated to.

\n

\u201cThe advancement of quantum computing plays an essential role in reaffirming America\u2019s status as a global technological powerhouse and driving the future of our economic security,\u201d said Deputy Secretary of Commerce Don Graves in a statement.

\n

\u201cNIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce\u2019s legacy of leadership in this vital space,\u201d the deputy secretary added.

\n

Of the three NIST standards, one is intended for general encryption, which protects data as it moves across public networks, while the other two are meant to secure digital signatures, which are used to authenticate online identity \u2014 all crucial elements of the future connected economy.

\n

Cybersecurity experts are now encouraged to incorporate these new algorithms into their systems, the agency said.

\n

Read also:\u00a0Quantum Computing Could Change Everything

\n

Post-Quantum Cryptography and Payments

\n

While the advent of the quantum internet creates nearly infinite opportunities for payments and commerce, it also creates many pitfalls and challenges for enterprises.

\n

As\u00a0Michael Jabbara, global head of fraud services at\u00a0Visa, told PYMNTS last March, bad actors have started to\u00a0steal and hold onto encrypted data\u00a0in preparation for quantum computing tools to enter the market and allow them to decrypt the information.

\n

This kind of threat is known as harvest now, decrypt later (HNDL).

\n

Already, in a move to\u00a0improve the security of its iMessage app,\u00a0Apple announced in February that it is upgrading its encryption system to fend off potential quantum computing attacks, while in September, encrypted messaging app\u00a0Signal boosted its own encryption by\u00a0adding support for the post-quantum cryptographic PQXDH protocol.

\n

And most recently in May, Zoom announced that it was making post-quantum end-to-end encryption (E2EE)\u00a0globally available across its Zoom Workplace platform.

\n

\u201cQuantum computing technology could become a force for solving many of society\u2019s most intractable problems, and the new standards represent NIST\u2019s commitment to ensuring it will not simultaneously disrupt our security,\u201d said\u00a0Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio in a statement on Tuesday announcing the NIST\u2019s standards. \u201cThese finalized standards are the capstone of NIST\u2019s efforts to safeguard our confidential electronic information.\u201d

\n

Read more:\u00a0Quantum Breakthrough From Microsoft Could Shorten Technology\u2019s Go-to-Market Timeline

\n

The three algorithms that the NIST has standardized are based on different math problems that would stymie both conventional and quantum computers, and they stand as strong proof points that we are at an inflection point in modern cybersecurity.

\n

\u201cThese finalized standards include instructions for incorporating them into products and encryption systems,\u201d said NIST mathematician Dustin Moody, who heads\u00a0the PQC standardization project in a statement. \u201cWe encourage system administrators to start integrating them into their systems immediately, because full integration will take time. \u2026 There is no need to wait for future standards, go ahead and start using these three. We need to be prepared in case of an attack.\u201d

\n

As PYMNTS Intelligence has found, a central challenge the financial services and banking industry now faces is the need both to leverage new technologies and to master the art of securing them.

\n

As next-generation financial services roll out, the ability to secure them effectively will likely be a key differentiator for banks and financial institutions \u2014 a litmus test for attracting and retaining customers in a digital-first economy.

\n

The post NIST\u2019s Post-Quantum Cybersecurity Standards Ready for Enterprise Use appeared first on PYMNTS.com.

\n", "content_text": "As information has become electronic, the encryption of that information has become imperative. \nAnd with the news Tuesday (Aug. 13) that, after an eight-year-long process, the\u00a0U.S. Department of Commerce\u2019s National Institute of Standards and Technology (NIST)\u00a0has\u00a0finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer, businesses dealing with an emergent and sophisticated breed of cybercriminals can breathe a small sigh of relief. \nWhile observers may be wondering what the big deal is about post-quantum (PQ) cryptography \u2014 particularly when nobody has actually seen or used a real quantum computer, and their commercial viability remains perpetually 10 years away \u2014 the big deal, so to speak, is actually a simple one: post-quantum security standards are by definition safer, more resilient, and more flexible than existing classical measures. \nThe advent of PQ protocols raises the bar for security solutions more broadly, and their standardization will have almost as large an impact on payments, commerce and the financial sector as quantum computing itself is one day slated to. \n\u201cThe advancement of quantum computing plays an essential role in reaffirming America\u2019s status as a global technological powerhouse and driving the future of our economic security,\u201d said Deputy Secretary of Commerce Don Graves in a statement. \n\u201cNIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce\u2019s legacy of leadership in this vital space,\u201d the deputy secretary added.\nOf the three NIST standards, one is intended for general encryption, which protects data as it moves across public networks, while the other two are meant to secure digital signatures, which are used to authenticate online identity \u2014 all crucial elements of the future connected economy. \nCybersecurity experts are now encouraged to incorporate these new algorithms into their systems, the agency said. \nRead also:\u00a0Quantum Computing Could Change Everything\nPost-Quantum Cryptography and Payments\nWhile the advent of the quantum internet creates nearly infinite opportunities for payments and commerce, it also creates many pitfalls and challenges for enterprises. \nAs\u00a0Michael Jabbara, global head of fraud services at\u00a0Visa, told PYMNTS last March, bad actors have started to\u00a0steal and hold onto encrypted data\u00a0in preparation for quantum computing tools to enter the market and allow them to decrypt the information.\nThis kind of threat is known as harvest now, decrypt later (HNDL).\nAlready, in a move to\u00a0improve the security of its iMessage app,\u00a0Apple announced in February that it is upgrading its encryption system to fend off potential quantum computing attacks, while in September, encrypted messaging app\u00a0Signal boosted its own encryption by\u00a0adding support for the post-quantum cryptographic PQXDH protocol.\nAnd most recently in May, Zoom announced that it was making post-quantum end-to-end encryption (E2EE)\u00a0globally available across its Zoom Workplace platform.\n\u201cQuantum computing technology could become a force for solving many of society\u2019s most intractable problems, and the new standards represent NIST\u2019s commitment to ensuring it will not simultaneously disrupt our security,\u201d said\u00a0Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio in a statement on Tuesday announcing the NIST\u2019s standards. \u201cThese finalized standards are the capstone of NIST\u2019s efforts to safeguard our confidential electronic information.\u201d\nRead more:\u00a0Quantum Breakthrough From Microsoft Could Shorten Technology\u2019s Go-to-Market Timeline\nThe three algorithms that the NIST has standardized are based on different math problems that would stymie both conventional and quantum computers, and they stand as strong proof points that we are at an inflection point in modern cybersecurity. \n\u201cThese finalized standards include instructions for incorporating them into products and encryption systems,\u201d said NIST mathematician Dustin Moody, who heads\u00a0the PQC standardization project in a statement. \u201cWe encourage system administrators to start integrating them into their systems immediately, because full integration will take time. \u2026 There is no need to wait for future standards, go ahead and start using these three. We need to be prepared in case of an attack.\u201d\nAs PYMNTS Intelligence has found, a central challenge the financial services and banking industry now faces is the need both to leverage new technologies and to master the art of securing them. \nAs next-generation financial services roll out, the ability to secure them effectively will likely be a key differentiator for banks and financial institutions \u2014 a litmus test for attracting and retaining customers in a digital-first economy.\nThe post NIST\u2019s Post-Quantum Cybersecurity Standards Ready for Enterprise Use appeared first on PYMNTS.com.", "date_published": "2024-08-15T19:16:51-04:00", "date_modified": "2024-08-15T19:16:51-04:00", "authors": [ { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" } ], "author": { "name": "PYMNTS", "url": "https://www.pymnts.com/author/pymnts/", "avatar": "https://secure.gravatar.com/avatar/f05cc0fdcc9e387e4f3570c17158c503?s=512&d=blank&r=g" }, "image": "https://www.pymnts.com/wp-content/uploads/2024/08/NIST-post-quantum-cryptography.jpg", "tags": [ "Cybersecurity", "Don Graves", "encryption", "harvest now decrypt later", "Laurie E. Locascio", "Michael Jabbara", "National Institute of Standards and Technology", "News", "NIST", "post-quantum cryptography", "PYMNTS News", "Visa" ] } ] }