19 April 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

747Posts 2,138,383Views 62Comments

The State of Information Security Sucks

20 February 2010  |  3238 views  |  0

The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community.

Enterprise networks are becoming hardened and they are still vulnerable. Some are being penetrated directly while others are accessed through 3rd parities such as their clients or end users. Unprotected networks are being sniffed out and data breaches continue.

The organizations that track these breaches are bored, frustrated, hate the industry and offer no good news. Innovation isn’t happening fast enough and new laws and regulations aren’t effective in solving the problems.

PCI and all those who fall under its requirements are chasing their tail. Infighting continues and rumblings of lawsuits against PCI persist.

Law enforcement is getting better at investigating and catching the badguy, but there are far more of them then there are of us.

Between the TJX breach and the Heartland hack there were as many as 224 million credit and debit card numbers hacked. The criminals penetrated the networks “in broad daylight” so to speak, which means they didn’t have much trouble getting in. The hacks may have occurred via unsecured wireless networks, SQL injections or via social engineering though a phishing email with infected links.

While IT security professionals and white-hat hackers are fighting the battle with newer, better, faster, more robust technologies to keep the bad-guy out, the bad guy still gets in via the path of least resistance, which may be human error, laziness or a zero-day attack consisting of  something we’ve never seen before. Often it is the former.

New stories keep coming out depicting small businesses losing hundreds of thousands of dollars via online banking hacks and the banks filing suit so they don’t have to pay it back.

I just spoke to 60 bankers at a conference in Las Vegas. Many of them professed to learning a lot. . No offense here, but I am of the belief that nothing I say should be in any way “new information” to anyone in the banking industry.

As we move closer to mobile banking and a dozen new ways to process credit cards we create new opportunity for the criminals and we haven’t tightened up existing vulnerabilities yet.

We are fragmented and all over the place with an incredible array of interdependent technologies that are set up with convenience in mind and security second.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

2 hours ago  |  741 views  |  0 comments | recomends Recommends 0 TagsSecurity

The Term Identity Theft Protection is Often a Lie

06 April 2018  |  5083 views  |  0 comments | recomends Recommends 0 TagsSecurity

Use a Password Manager Or You WILL Get Hacked

19 March 2018  |  3740 views  |  0 comments | recomends Recommends 0 TagsSecurity

14 Social Media Disasters Ready to Strike

03 March 2018  |  4862 views  |  0 comments | recomends Recommends 0 TagsSecurity

Understanding and Stopping Criminal Identity Theft

23 February 2018  |  6543 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
739 posts62 comments

Who's commenting on Robert's posts