Debit card breach: Hitachi owns up to systems being compromised in mid-2016

We should have norms for organisations in India to quickly disclose any breach in their network. Other companies can learn from such attacks and they can use this information to protect their network. Awareness of Security will also help end consumers to be more cautious in handling digital transaction. As we move towards digital economy, transparency by organisations will help to improve confidence by a long way. 

Hitachi Payments Services on Thursday accepted its systems were compromised by a sophisticated malware in mid-2016 which led to one of the biggest cyber security breaches in country, with 3.2 million cards being affected, causing a scare over security of card-based transactions.

http://www.business-standard.com/article/finance/debit-card-breach-hitachi-owns-up-to-systems-being-compromised-in-mid-2016-117020900504_1.html

Wishing you a very Happy and Secure New Year

First the good news, you no longer will be forced to pay service charge at restaurants. Some of the well known restaurant would not pass the service charge to the servers and would keep it as profits. Many a times, I had to fight whenever I have been unhappy with the service. Happy that the government has clarified and we can pay the service charge at our will.

For the bad news, cyber attacks will only increase in year 2017. Attackers have shifted their focus to more targeted attacks, which will be difficult to catch using traditional methods. We will need more sophisticated methods to identify such attacks and mitigate them. Context based security is one such method. It helps in identifying breaches and thus protecting users data.

With more and more enterprise application moving to cloud services like Google or Office 365, it becomes important that security devices are able to identify the legitimate use of such applications. Corporates would like to limit access to such applications only for their company use. Firewalls will have to become intelligent to identify such use and prevent data leaks through personal use.

Ensure that you take backups of all your critical data and files. Ransomware will subside, if they realise that their efforts is not bearing them fruits. We too have to play an important role to improve security of our networks and internet as a whole. Wish you once again a very happy and secure new year.

An apple a day keeps the attackers at bay !!!

As we reach the end of this year and look back at the numerous cyber attacks, one question that keeps coming to everyones mind is 'Can we win the war against attackers as we enter the new year?' We can find the answer in the old saying, 'An apple a day, keeps the doctor away'.  As we need to regularly monitor our health,  similarly, we need to monitor the security of our network too. By ignoring it,  it will give in and be compromised.

Let me begin with saying that it is not difficult to keep our network and data safe. Let us not be too overwhelmed and worried with the daily breaches that we hear. Like our physical health, it requires dedication to keep our network fit. If security management is incorporated in our daily routine, it will show wonderful results. Check your application and data, regularly, and see if they are all in a healthy condition.

Routine checkups can help find problems before they start or in their earlier stages where it is relatively easy to resolve. If you are unable to do so, the problem may spread to your complete network and can cause severe damage which may be very difficult to recover from. Ransomware showed how, if not limited, can even end up encrypting files on your file shares and affect not only the user who open the attachment, but everyone in the organisation.

Like your body, your security too requires regular maintenance. If you do not take care of it, you will end up making it easy for attackers to break it. Be in regular touch with experts who will help you in knowing the latest vulnerability and how to fix them. Keep your software updated and take regular backups of your critical data. Simple things, if done daily, can help improve health of your network and bring happiness to you in the new year.

Wish you a very happy and secure new year !!!

Should Small Companies be worried about Cyber Security ?

Many owners of small companies do not wish to invest in security. They feel there is not much to loose and why would anyone hack into their network and for what. This myth has been bursted with ransomware.

Ransomware has attacked all organisations, irrespective of their size. Monetary gain is what drives the attacker. This has affected small organisations more than large ones, as they do not have required process or infrastructure to backup their files on a regular basis. Large organisations can delete and restore their files and ransomware would not causing any harm to them.

Small organisations have few resources and are driven with profitability in mind. More often than not, security is compromised if it causes any hindrance in their business. Also, since people are already over loaded with work, ensuring security in all aspect of work is far fetched.

As we welcome the new year, every organisation should resolve to bring security at the centre of all processes and ensure that they are prepared in case of any attack. If done, the new year will bring less of distribution and more business for small organisations too.

 

Security breach: Debit/ATM card breach - What more can banks do

As per news-paper report (This is how an ATM virus compromised 3.2 million debit cards in India) a virus or malware infection at Hitachi Payments Services led to the compromise of millions of debit cards. Not many details are known on the malware that has caused this havoc. It is unfortunate that even after knowing about the infection, customers were not flagged. RBI has to take a serious note of this and work on disclosure norms so that precautionary measures can be taken in future.

Hitachi Payment system should come out with detailed reason of the malware and how it affected the ATMs. This will be a good learning for other organisations and they too can take pro-active steps in future. As for banks, they need to provide a mechanism for customers to check if their card has been compromised and pro-actively change their pin and notify them accordingly. Interestingly my bank allows me to change the PIN, only at the ATM. There is no way I can change the PIN by logging onto the bank website. This prevents me from changing my PIN regularly. Implementation of two-factor authentication would also go a long way to assure customers on the security of their accounts. Debit/ATM cards too need to move away from magnetic strip cards to EMV based. EMV based cards consists of a microchip that contains data traditionally stored in the card’s magnetic strip. These work with new point-of-sale readers that scan the chip and process payment transactions in a secure manner using encryption.The chip reduces fraud because it contains a cryptographic key that authenticates the card as a legitimate bank card and also generates a one-time code with each transaction. This means thieves can’t simply take account numbers stolen in a breach and emboss them onto the magnetic strip of a random card, or program them onto the chip of a random chip card, to make fraudulent purchases at stores or unauthorized withdrawals at ATMs.

 

Some of the above measures will help in reducing threats to the banking system and bring more assurance to customers that their money is safe.