Infographic: A Brief History of Ethical Hacking

by Kristyan Mjolsnes
December 11, 2013 1:00PM

Ethical hacking may seem like a fairly new-aged notion.  However, it has actually been around for centuries.  Humans may not have always had the technologies as we do now, but there have always been people, places and things that malicious individuals have attempted to get into. In order to best protect those assets, humans have brainstormed the ways in which individuals could gain access in order to fix and minimize those vulnerabilities, therefore reducing the chances of that asset from being accessed.

A prime example of this goes all the way back to 1812 when the concept of war gaming (or Kriegsspiel as it is known in Germany) was created.  The game was used to help train military officers on possible scenarios of war and to help develop them strategically when faced with particular wartime situations.  The game provided officers with exposure to critical situations and a way for them to see how the enemy may react to their various decisions.  This in turn better prepared them to make the right decisions when out of the battlefield.

Check out our Infographic: A Brief History of Ethical Hacking. The infographic shows 15 key ethical hacking events in history and how it has progressed into the ethical hacking we know today.  While it is a fun read, it also provides valuable insight and a fresh look into the development of ethical hacking.

The PCI Roadmap: It Doesn’t Stop – or Start – at the Point-of-Sale

by Kristyan Mjolsnes
November 18, 2013 4:00PM

A successful PCI DSS compliance strategy can be jump-started with an up-to-date, secure point-of-sale (POS) system, but there are many other factors you must consider when working towards PCI compliance. While cardholder data may enter your network through a POS, many businesses fail to realize that the scope of their environment also includes systems that have nothing to do with processing payment card transactions.

Even if you have addressed PCI DSS compliance in the past, you must continually readdress it as technology changes, new threats emerge and requirements change. To ease your approach to PCI compliance, the areas of focus can be divided up into three security categories: Operations, Point-of-Sale and Network.

1.   Operations

Many people pigeonhole PCI as a technology-centric standard, such as, “Hey, let’s have our IT guy take care of this!”  Roughly half of the standard is purely policy- and procedure-focused. Your tasks include:

  • Create an Information Security Policy for employees to follow
  • Create an Incident Response Plan to follow in case of a suspected data breach
  • Define access levels for the computers/internet within your network
  • Hold PCI compliance training on annual basis
  • Use a log to track all visitors who enter the back office
  • Use strong passwords

Study Finds Having an IT Professional Can Reduce Cost of Breach

by Kristyan Mjolsnes
August 22, 2013 4:00PM

Small businesses face challenges when it comes to providing adequate resources in managing network security.  Due to their size, it is not feasible to hire a full-time IT professional and given the findings from a recent study, that puts small businesses at an even greater disadvantage. The Ponemon Institute’s 2013 Cost of a Data Breach Study found that businesses that employ chief information security officers (CISO) or similar personnel endure lower costs if they suffer a data breach.  When a business is able to dedicate one or more resources specifically to their information technology needs they are more likely to have the security parameters in place which will work in their favor in the event of a breach.

According to the study, organizations in the United States save on average $23 for each record breached if they have a CISO or similar personnel appointed.  That is significant given that the average cost per breached record is $188. Even more so, having an experienced technology expert in place to manage your network infrastructure greatly reduces your risk of being breached.

Protecting a network is like trying to change a tire on a moving vehicle.  Countless changing variables can affect the security status of your network.  Updates to security patches or software changes can cause momentary weaknesses in your network that a hacker can take advantage of.  You also need to consider the possibility of human error.  That is why it is so important to have an experienced IT professional implement and manage the right security solution.  (more…)

Trustwave at Security Events in Las Vegas

by Kristyan Mjolsnes
July 26, 2013 9:00AM

Network security and hacking techniques are constantly evolving.  To help you stay on top of major changes Trustwave regularly hosts educational sessions at security events.  There are upcoming sessions scheduled in Las Vegas during Black Hat USA, DEF CON 21 and BSidesLV.

These sessions include:

  • Security risks of using home consumer network devices like remote solutions that allow users to unlock their front door from anywhere
  • How to conduct a data breach investigation
  • Hands-on demonstrations of real life security scenarios
  • How to defend against attacks on point of sale systems

For information on the speaking and training sessions, please visit Trustwave’s website at:

https://www.trustwave.com/trustednews/2013/07/trustwave-highlight-ethical-hacking-new-security-research-upcoming#sthash.HMKanqyf.u5o5X2mF.dpbs

Does Your IT Professional Understand Your Risk?

by Kristyan Mjolsnes
July 22, 2013 10:30AM

Having an experienced information technology professional in charge of securing your business is a security best practice.  However, recent findings have shown that the majority of IT professionals overestimate their ability to detect a data breach.  McAfee released the study, “Needle in a Datastack: The Rise of Big Security Data,” earlier this week.  The major finding from the study was that many organizations are unable to properly identify security threats as they happen.  That finding leads to the realization that many IT professionals have an unrealistic sense of what it takes and how much time it takes to determine a breach has occurred.

The study found that security professionals believe that they can detect a breach on average within 10 hours of it occurring.  Of those, 35 percent said they could detect it within minutes and another 22 percent saying within a day.

Compare that to research conducted on actual breach incidents.  According to the 2013 Trustwave Global Security Report, the average breach in 2012 took 210 days to detect and only 5 percent of all breaches were identified in less than 10 days.  Also consider that just 24 percent of all breaches were self-detected.  The majority of breaches are found by regulatory entities like the major credit card brands, acquiring banks, processors and law enforcement.

What this boils down to is that many IT professionals do not have a realistic grasp on how easily a hacker can gain access to their network undetected.  Many seem to assume that their technology is capable of doing more than it actually can when it comes to detecting (or preventing) a breach.  It is important that IT professionals recognize the threat to their organization’s network based on the nature of the business and the type of data that is stored.  (more…)

Learn More
Case Studies
Packages
PCI Compliance
PCI Questions
SecureConnect Blog
Webinars
Why SecureConnect
SecureConnect Scoop
About Us
Approved Scanning Vendor
Careers
Press Releases
Privacy Policy
Site Map
Terms of Use
Next Steps
Call Direct: 888.949.7328
Email Us
mySecureConnect Login
Receive Communications from us
Request a Free PCI Consultation
Send Informational Packet
Sign Up
Follow SecureConnect
Follow us with RSS feed RSS feed
Follow us on Twitter Follow Us
Follow us on Facebook Like us
Follow us on Facebook Company Photos
Visit our profile on Linkedin Follow us on LinkedIn