Banking experts say the Retail Industry Leader Association's launch of a cyberthreat information sharing initiative is a good first step toward thwarting breaches, but it should build on the models used by other industries.
Security executives who attended ISMG's Fraud Summit Chicago said they see a growing need for sharing more cyber-intelligence with community banks and credit unions. But how else could smaller institutions improve their fraud-fighting efforts?
Embedding some information security practitioners within business units could help improve IT security awareness in many enterprises, reducing security risk, says Steve Durbin, global vice president of the Information Security Forum.
Because most online banking customers are active social media users, banking institutions should leverage social media in their fraud awareness campaigns, says David Pollino of Bank of the West, who's a featured speaker at the May 14 Fraud Summit Chicago.
Paul Kleinschnitz, general manager of payment processor First Data's cybersecurity solutions team, says there are plenty of technologies to address payment card security, but cyberthreat awareness is still lacking.
The recent Verizon Data Breach Investigation Report notes more than 16,000 incidents in the past year where sensitive information was unintentionally exposed. "Nearly every incident involves some element of human error," the report notes.
The Target breach. Account takeover. Mobile banking. Big data analytics. If these terms mean anything to you, then stop right now and give some thought to attending our Fraud Summit in San Francisco on April 29.
Women in information security are becoming even more of a minority because of poor treatment and stereotypes, says Professor Eugene Spafford. What's the cost to organizations, and how can they break the mold?
With a need for more than 4,000 new specialists over the next two years, the U.S. Cyber Command will look within the military for help, providing training to enlistees to re-invent themselves as cyber pros, Defense Secretary Chuck Hagel says.
The No. 1 reason Congress, after five years of intensive efforts, has yet to enact comprehensive cybersecurity legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information.
Having cyber-responders from various civilian agencies located on the same campus should help foster new ideas to battle threats to critical government and private-sector IT systems, a top administration official says.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.
In light of the critical shortage of information security professionals, organizations must strive to become a "center for security excellence" to successfully recruit the specialists they need, says analyst John Oltsik of Enterprise Strategy Group.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.