Remote access apps a weak link in cyber security efforts
Hackers, it turns out, are looking to bring the mayhem with the least amount of work necessary. For many of them, according to a new report from Homeland Security, finding the easy way into a company’s database often includes using apps that grant remote access to employees and vendors.
According to the report, hackers scan for remote access apps, use high-speed programs to determine an individual’s log-in information, and off they go.
"As we start to make more secure software and systems, the weakest link in the information chain is the human that sits on the end — the weak password they type in, the click on the email from the contact they trust," Vincent Berq of FlowTraq, a network security firm, told The New York Times.
According to Verizon’s 2014 Data Breach Investigations Report (DBIR), there were 1,300 confirmed data breaches across all industries in 2013 with 148 incidents of data loss in retail. Chains including Target, Neiman Marcus, Michaels, Schnucks and Raley’s were among those who saw their security breached.
Hackers stole more than 175 million customer records between April and June this year, according to a new SafeNet report. Of those, 145 million were a result of retail industry breaches. Last week, reports surfaced that Goodwill Industries was investigating the theft of customers’ credit card data.
- Banning unauthorized personnel;
- Controlling personnel changes: managing credentials when people are hired, change positions or leave a company;
- Auditing security practices of vendors and partners;
- Reviewing systems to check for unknown or dormant users;
- Eliminating weak passwords and requiring passwords be changed on a periodic basis. (Consider using two-factor authentication.)
- Checking In From Home Leaves Entry for Hackers – The New York Times (tiered sub.)
- 2014 Data Breach Investigations Report – Verizon Enterprise Solutions
- 375 Million Customer Data Records Compromised in 2014 – Retail Industry Hit Hardest – SafeNet, Inc.
- Amid Goodwill’s probe of possible data theft, local branch said no evidence of breach – Pittsburgh Post-Gazette
- Michaels says 3 million customers hit by data breach – The Washington Post
- Retail POS Security: Limiting Risk in a Risky Era – RetailWire
How would you advise retailers to deal with cyber security issues around remote access apps? What other steps other than those offered in the article would you recommend retailers take to deny access to criminals looking to breach their security?