Three Steps to Ending Cyber Attacks Now
By Nicholas J. Percoco, Trustwave
Recently, National Security Agency Director Gen. Keith Alexander told Congress that he would be establishing teams for a new cyber command unit. Gen. Alexander said the DoD would use the cyber teams for offensive measures only. This is sure to be the start of a long and interesting hearings on Capitol Hill, but businesses do not, and should not, have to wait before they start to protect themselves from cyber criminals.
The threat to businesses has never been higher. According to Trustwave’s recently released 2013 Global Security Report, for the first time the retail industry is the number one target for cyber attacks, supplanting food and beverage, and hospitality (the primary targets in 2011 and 2010, respectively). As these criminal organizations are clearly gaining momentum and wreaking havoc on the U.S. financial infrastructure through the theft of credit card data, there is still plenty that businesses can do right now to protect themselves.
The Digital Forensics and Incident Response Team at Trustwave have developed three easy steps to help lessen the chance of falling victim to a cyber attack.
1. Prevent Infiltration
Change default passwords – NEVER EVER use the passwords that came with a device or service. Create a unique and complex password containing no less than seven characters, made up of letters, numbers and special characters.
During those times when your IT staff does not need to access your network remotely, have that feature disabled. It is like going to sleep at night while leaving your front door open and a stack of money in the foyer.
Ensure a firewall is in place and has proper incoming traffic filtering in place. Without this there is nothing in place to restrict access to your network, be it the good, the bad, or the ugly.
2. Prevent Propagation
Implement the principle of least privilege. Frequently, systems administrators assign a higher level of privilege than necessary to user IDs or system processes in the name of "getting the job done". If not closely monitored, these IDs and processes can be taken advantage of by attackers.
Have a properly configured intrusion detection/ prevention system (IDS/IPS) and/or antivirus/desktop firewall in place. When these two components are used in conjunction, they can significantly contribute to the overall defense strategy of an organization.
Disable unused accounts. Many organizations have accounts that belong to employees that are no longer with the company or no longer in the role for which the account was initially created. These accounts should be removed to prevent usage by an attacker.
3. Prevent Exfiltration
Implement a data loss prevention (DLP) solution. A DLP solution ensures that specific types of data (credit card information, social security numbers, etc.) do not leave the organization’s network (either intentionally or by accident).
Ensure a firewall is in place and that it has proper outgoing traffic filtering in place. While most firewalls are configured to restrict incoming traffic, very few are configured to restrict outgoing traffic. These firewalls should be configured to ensure that only business critical traffic is able to leave the network.
Nicholas J. Percoco is senior VP at Trustwave (www.trustwave.com). He has more than 14 years of information security experience. In his role at Trustwave, he leads the team that has performed more than 500 computer incident response and forensic investigations globally, as well as thousands of penetration and application security tests for clients ranging from the largest companies in the world to nimble startups. Nicholas acts as the lead security adviser to many of Trustwave’s premier clients by assisting them in making strategic decisions around various security compliance regimes.
Hershey sweet on global growth
BALTIMORE — Hershey is ready to extend its global footprint, and as part of its initiative to drive that growth, the company hosted its first Global Partner Summit, an open innovation forum.
The goal of the summit, which was held in Baltimore, was to unleash the combined resources of Hershey’s internal innovation resources and its broad supply base to create new ideas, new capabilities, more sustainable practices and consumer-focused innovations that will drive industry-leading growth.
“Tapping the deep knowledge and great ideas across our company and our business partners will unlock our combined innovation and productivity capabilities,” said John P. Bilbrey, president and CEO, Hershey. “Together, our shared knowledge, insights and expertise will fuel achievable, consistent, sustainable growth for Hershey and our supply partners.”
Innovation is a key strategy for Hershey’s long-range global growth vision. It will play a fundamental role in the company’s drive to reach $10 billion in net sales by 2017.
More than 70 suppliers assembled in Baltimore to work on a range of innovation opportunities, including new product ideas, improvements to formulations and recipes, innovative packaging and process and technology improvements. The summit will be held annually.
Hershey expects the open innovation program will increase the number and impact of innovations it develops annually and will accelerate the speed to market for new ideas, resulting in a faster realization of value from the integrated innovation program. Open innovation will also support the company’s efforts to grow in new and emerging markets while reducing overall innovation costs.
“Establishing a process to better leverage our suppliers’ tremendous R&D resources and capabilities will open up new possibilities for developing breakthrough ideas,” said William Papa, Vice President of Global Research & Development, The Hershey Company. “We will build better ways of operating by utilizing new technologies that are more efficient and effective. Ultimately, this will enhance our global product portfolio and help maintain our high quality standards, which have been the cornerstone of The Hershey Company since Milton Hershey developed his famous Hershey’s Milk Chocolate bars more than a century ago.”
Exclusive Video: Von Maur’s Jim von Maur talks strategy with Chain Store Age
Davenport, Iowa — Some retailers just keep growing, despite economic headwinds, fickle customers and competitive pressures. The family-operated, 140-year-old Von Maur department store company, based in Davenport, Iowa, is one of those retailers. In an exclusive video interview, Chain Store Age senior editor Katherine Boccaccio spoke with Jim von Maur, president, about the chain’s strategy and how it keeps growing in an uncertain economy.
“At Von Maur, we stick to our core principles, which is great service, great merchandise, and clean facilities that are well managed,” von Maur said. “Whether the economy is strong or is in a recession, customers are going to respond to that.”
The company’s growth is supported and enhanced by a robust distribution arm that continues to add more space and workers, optimized on-site retail operations supported by an Oracle system in place since 2011, strong service initiatives and, more recently, an explosive e-commerce business.
Success both online and in the brick-and-mortar stores makes von Maur optimistic about what lies ahead.
“The future for Von Maur is very bright, mainly because we have a great team and we are very good at what we do,” von Maur said.
For the exclusive video interview with von Maur, and a behind the scenes look at the company’s DC operations, click here.