Industry Topics

Cyber Security

WHAT'S CURRENT?

November is Critical Infrastructure Security and Resilience Month, which recognizes the important role critical infrastructure plays in our nation’s way of life and why it is important to expand and reinforce critical infrastructure security and resilience. 

Critical Infrastructure Security and Resilience Month will focus on building awareness and understanding of the importance of critical infrastructure to America’s national security and economic prosperity as well as reaffirming the commitment to keep our critical infrastructure and our communities safe and secure.  This requires a nationwide effort, with partners working together toward a common goal. 

How You Can Get Involved

  • Read the presidential proclamation.
  • Share with your customers, constituents, partners, residents and employees stories and information about your   efforts in support of infrastructure security and resilience through newsletters, websites, emails, blog posts, and tweets.
  • Reinforce the role your organization/office plays in infrastructure security and resilience by incorporating references to Critical Infrastructure Security and Resilience month in speaking engagements and events.
  • Follow @DHSgov, and post infrastructure security and resilience efforts, tips, news, and resources on social media sites.
  • Request a Critical Infrastructure Security and Resilience month toolkit to help spread the word by mailing infrastructure@hq.dhs.gov
  • Check back for a presidential proclamation and to learn more about the national effort to make critical infrastructure secure and resilient, and about training and events that will take place in November. 

This October marked the 10th anniversary of National Cyber Security Awareness Month. The ultimate goal is to protect the country from cyber incidents and respond to them effectively if they do occur.

For more information about National Cyber Security Awareness Month, the FBI’s cyber programs, and other cyber-related matters including how to report cyber crimes and scams, visit the links below:

If you have any questions, please contact either Rhett Asher (rasher@fmi.org) or Meredith Bombella (mbombella@fmi.org).

WHAT'S CURRENT?

Cyber Security Information

The retail industry has become a top target for Cyber Criminals due to the large amount of payment cards used in the industry.  The majority of the data targeted by these criminals comes from customer records, such as, payment card data, personal identifiable information and email addresses.  

Please click on this link for more information.

October marks the 10th anniversary of National Cyber Security Awareness Month. Established by presidential directive in 2004, the initiative—administered by the Department of Homeland Security—raises cyber security awareness across the nation by engaging and educating public and private sector partners through a variety of events and programs. The ultimate goal is to protect the country from cyber incidents and respond to them effectively if they do occur.

For more information about National Cyber Security Awareness Month, the FBI’s cyber programs, and other cyber-related matters including how to report cyber crimes and scams, visit the links below:

 

 

If you have any questions, please contact either Rhett Asher (rasher@fmi.org) or Meredith Bombella (mbombella@fmi.org).

WHAT'S CURRENT?

Cyber Security Information

The retail industry has become a top target for Cyber Criminals due to the large amount of payment cards used in the industry.  The majority of the data targeted by these criminals comes from customer records, such as, payment card data, personal identifiable information and email addresses.  

Please click on this link for more information.

October marks the 10th anniversary of National Cyber Security Awareness Month. Established by presidential directive in 2004, the initiative—administered by the Department of Homeland Security—raises cyber security awareness across the nation by engaging and educating public and private sector partners through a variety of events and programs. The ultimate goal is to protect the country from cyber incidents and respond to them effectively if they do occur.

For more information about National Cyber Security Awareness Month, the FBI’s cyber programs, and other cyber-related matters including how to report cyber crimes and scams, visit the links below:

 

 

If you have any questions, please contact either Rhett Asher (rasher@fmi.org) or Meredith Bombella (mbombella@fmi.org).

The retail industry is the top target of cyber criminals due to the lure of the large number of customer records, with 96% of the data targeted coming from payment card data, personal identifiable info (PII), email addresses and a well-established underground market place for this stolen information [Source: Trustwave's 2013 Global Security Report].

                            

                   
     [Source: Fortalice, Cyber Security Experts]

Now What? 

Since many breaches could have been avoided through reasonable security controls, members are encouraged to follow the below recommended steps:

  • Identify your top one, two or three most critical types of information and the systems which use them
  • Plan how you will operate if that information is lost, corrupted or the systems rendered inoperable
  • Train and communicate strategy to all company employees
  • Have a third party assess your information environment at least once a year and conduct penetration tests of both your logical and physical controls as part of the assessment
Other good practices include:

  • Develop and routinely review security policies and procedures that impact your critical information environment
  • Facilitate an internal simulation of a data breach or cyber disaster
  • Perform regular audits of your security polices and procedures.  Address security practices holistically, not just as "physical"or just as "computer"
  • Monitor your information for intrusion, corruption and loss
  • Identify recovery assets in case of a cyber breach
  • Develop relationship with industry experts, crisis PR firm and legal counsel with cyber experience


General Resources:

  • 2013 Global Security Report – a valuable resource for businesses, free download from Trustwave
  • Common Sense Guide to Mitigating Insider Threats - This guide describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed 
    to do so.
  •  2013 Data Breach Investigations Report - This year’s DBIR combines the expertise of 19 organizations from around the globe. Download the report to discover stats that might surprise you—from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach. By knowing today’s threats, you can better protect your organization tomorrow.
  • Guide to better Passwords - It is important to remember why passwords are important: passwords are often the first (and possibly only) defense against intrusion
  • 2013 Security Predictions - predictions to help prepare your network defenses for a safe and secure 2013
  • Security Breach Notification Chart - Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification.  The chart is for informational purposes only and is intended as an aid in understanding each state's sometimes unique security breach notification requirements.  Lawyers, compliance professionals, and business owners have told us that the chart has been helpful when preparing for and responding to data breaches. 

Federal Resources:

  •  US-CERT- Check out these Tips that describe and offer advice about common security issues for non-technical computer users.
  • US-CERT Posters and Brochures - provide guidance on physical and cyber security and how to report suspicious behavior, activity, and cyber incidents.
  • US-CERT mailing lists and feeds -  for a variety of products including the National Cyber Awareness System and Current Activity updates. The National Cyber Awareness System was created to ensure that you have access to timely information about security topics and threats.
  • Cyber Security Evaluation Tool - tools to assess company's control system and information technology network security practices against recognized industry standards.
  • NIST Glossary of Key Information Security Terms - This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications.