Doug Johnson of the ABA and FS-ISAC says banks and commercial customers are improving efforts to catch and thwart incidents of corporate account takeover, a sign that the industry is moving in a positive payments direction.
Many disaster-related attacks are personal and direct, perpetrated through a phone call. But some take traditional routes, such as e-mail, while more are taking emerging routes, like text messages to mobile devices.
"If [employees] aren't being treated right and they don't think leaders at the bank are running the bank correctly, they can rationalize committing fraud," says banking/security expert George Tubin on the risk of insider crimes.
A repentant SparkyBlaze wants to go legit, leaving behind the hacktivism he helped foster as a member of Anonymous and start a career in the U.S. as a ethical hacker. As proof, he's offering advice to protect IT from hackers.
IT systems operated by governments, hospitals, financial institutions and other businesses averted catastrophe, for the most part, as Hurricane and then Tropical Storm Irene stormed through the Eastern seaboard over the weekend.
The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
The bright spot is that 36 percent of the takeover incidents reported in 2010 were stopped before fraudulent funds transfers were approved. That's an improvement from 2009, when only 20 percent were thwarted.
Fraud is a global concern, and an area regulators and financial institutions the world-over are watching closely, says Bill Isaac. Whether a cyberthreat or mortgage fraud, investments in fraud prevention will continue, despite the state of the international economy.
Preliminary results of our inaugural Healthcare Information Security Today survey, which is still open for participation, show that only about half of healthcare organizations have a plan in place to comply with the HITECH Act breach notification rule.