Appsian

The year has been full of cyber attacks that have left sensitive information ranging from bank accounts to social security numbers exposed and vulnerable.

From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.

And it’s a problem that will only grow in severity. The value of cybercrime is expected to exceed $1 trillion by 2020, and the current market for security technology is more than $40 billion, according to Hendrix H. Bodden, chief executive officer of GreyHeller.

“It is more frightening than anybody actually realizes that isn’t in this business,”Bodden said in an interview. “I think that 2014 has seen so many high profile breaches, even JPMorgan Chase has been breached. They were able to index virtually every node, “virtually every terminal, every Web server on the JPMorgan network. JPMorgan’s CEO Jamie Dimon said they’re at least doubling their cyber-security budget, and I do think that companies are taking it more seriously.I think boards of directors, shareholders, and customers are starting to ask, ‘What are you doing to protect your valuable assets?”

There Are a Wide Variety of Cyber Criminals

The make-up of cyber criminals is diverse — representatives of foreign governments, international organized crime rings, individuals working alone, and hacking collectives are all trawling the Web for a window of opportunity. It is estimated that 97 percent of U.S. companies have been hacked or will be hacked. Oftentimes businesses aren’t even aware that they’ve been compromised. “The cybercrime environment is multi-layered, it’s incredibly active, it’s 24-7,” Bodden said. “If you believe that the bad guys are always one step ahead, in this case they really are.” Consumers can protect their information by creating secure passwords and using two-step authentication whenever available. They also should be wary of email-based phishing attacks, which can be protected against with a careful eye. Some signs that an email may be fraudulent include poor grammar and punctuation or bizarre phrasing.

“What happens is I’ll click on a link and that link will actually take me to what appears to be a legitimate site and I’ll enter information,” Bodden said. “Once I’ve entered that information, the bad guy’s site will then forward me on to the legitimate site and you’ll never know that there was that intermediate step in between. A lot of this happens and people don’t even know it. The only time they find out is when somebody has bought their credit card number on the black market and all of a sudden they’re seeing purchases at electronic stores or gift cards, which are two of the most favorite ways that cyber criminals monetize stolen identities.”

Mobile Device Management Increasingly Being Used for Protection

Mobile device management is an up-and-coming area of cybersecurity. For example, some systems allow for remote data wipes when a mobile device is lost or permit the company to download updates. GreyHeller’s ERP Firewall protects users by implementing two-factor authentication at the field level. Data masking, logging and analysis, and location-based security also are rising trends in the industry. GreyHeller will kick off the new year with a series of cybersecurity webinars. The first will debut on Jan. 7 and focus on Oracle PeopleSoft security for higher education. These systems often host the same information banks do, making them an attractive target for cyber criminals.

“Higher education is especially challenged by cyber criminals because they have by definition very open networks,” Bodden said. “They’re not behind a firewall, so higher education institutions have to have all of their web applications out and accessible in the wild and on the internet. The bad guys know this and so higher education is one of the top industries that is actually targeted by cyber criminals.”

January Webinar to Focus on PeopleSoft HR Systems

The Jan. 14 webinar centers on PeopleSoft human resources systems, which also typically contain sensitive information vulnerable and valuable to hackers.

“Before the human resources systems were mobilized, they could pretty well contain them behind the corporate firewall,” Bodden said. “But now that a lot of these systems have been mobilized so you can access your paycheck, you can change your benefits, you can do a lot of employee self-service and manager self-service from your mobile device, that exposes those systems to the internet and the bad guys know that so they’re going after them.”

The third and final webinar on Jan. 21 will be presented alongside Duo and discuss two-factor authentication.

Companies, higher education institutions, healthcare organizations are not only fighting organized cybercrime rings (makes the Mafia look like a cottage industry by comparison) but also nation states with virtually unlimited funding.

Data from the UK government’s recently published cybercrime report shows the bad guys are 24×7 omnipresent:

HMRC (Revenue & Customs) has responded to more than 75,000 phishing reports and taken down more than 4,000 illegal websites
Worst breaches cost between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15m

But this is perhaps the scariest: Both of the two top areas for UK cybersecurity spending are a response to an “ongoing hacking epidemic, much of it with either the explicit backing or tacit approval of a nation state”.

Read the article in ZDNet: Cybersecurity Spending: Where the Money Goes

Really? This has us scratching our heads….no editorializing necessary.

An audit by PriceWaterhouseCoopers over the summer warned Sony – “Security incidents impacting these network or infrastructure devices may not be detected or resolved timely.”

The audit, performed by PricewaterhouseCoopers, found one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure, but rather by the studio’s in-house group, which was tracking activity on logs.

Auditors found that since transitioning from a third-party vendor in September 2013, Sony Pictures had failed to notify the corporate security team to monitor newly added devices, such as web servers and routers. Studio management told the auditors its corporate security team is focused on bolstering devices on the perimeter of Sony’s networks and that it hasn’t applied “the same level of rigor” for other, non-security devices such as routers and web servers.

THIS IS PRICELESS….the irony is that the confidential report was among Sony’s General Counsel Leah Weil’s email correspondence,which hackers released to public file-sharing networks earlier this week. It included recommendations for bolstering security.

Data Masking could have helped prevent recent, high-profile destructive cyber attacks.

How?

By scrambling or removing sensitive data from production and non-production systems, Data Masking can prevent compromised privileged user account information from being used to gain access to sensitive data such as Social Security Numbers.

Greg Wendt, GreyHeller’s Executive Director of Security Solutions and Services, said “I’m consistently amazed that more organizations haven’t implemented Data Masking or Two-Factor Authentication.”

Cyber criminals using compromised privileged user account information to access databases would not be able to actually see the data had it been masked. Further, combining Two-Factor Authentication with Data Masking would impose even tighter security on that sensitive data, ensuring that access only occurs once the Two-Factor Authentication challenge was successfully passed, often with an SMS message or secure ID token.

According to Mr. Wendt, “privileged user access is a huge threat vector that can be properly managed with masking and Two-Factor Authentication.”

Privileged users are often defined as systems and database administrators in the information technology department who maintain systems and databases that contain sensitive information.

GreyHeller’s software product – ERP Firewall – contains powerful Data Masking and Two-Factor Authentication capabilities and is used by major commercial and higher education institutions to protect their sensitive data from cyber attack.

Additional Resources:

About GreyHeller

San Ramon, California-based GreyHeller serves Oracle® PeopleSoft customers globally across all industries, helping them secure and mobilize their PeopleSoft investment. GreyHeller’s software solutions – PeopleMobile®, ERP Firewall and Single Signon – are in production at nearly 100 PeopleSoft customers. PeopleMobile® renders PeopleSoft responsive across any mobile device and desktop. ERP Firewall and Single Signon protect PeopleSoft customers from criminal and inadvertent breach. For more information about GreyHeller, please visit www.greyheller.com.

We’re getting closer to a tipping point where organizations are going to have to prove conclusively to their customers, lenders, investors, shareholders that they are doing everything they can to secure their sensitive systems/data.

A federal judge recently rejected Target’s bid to dismiss lawsuits by financial institutions that claim Target had played a “key role” in allowing its computer systems to be compromised.

Apparently, Target had installed a $1.6 million advance breach detection systems from FireEye but failed to heed the alarms until after debit/credit card info of 40 million customers and personal info of 110 million customers was stolen.

What this means is that banks can go after merchants if they can prove the merchant was negligent in securing its systems.In the past, liability for breaches was governed by a complex series of agreements between merchants, payment processors and credit card companies.

Separately, consumers are pursuing class-action suits against Target.

If these bank and consumer class-action lawsuits are adjudicated for the plaintiffs, any organization that has its customers/employees/vendors sensitive data compromised could be subject to costly legal action.

And certainly the cost of that legal action will be far greater than the implementation and proper monitoring of security technology.

GreyHeller’s Executive Director of Security Solutions, Greg Wendt, leads a demo-intensive session showing how organizations can deploy fluid transactions safely using the following techniques:

Location-based security
Two Factor Authentication
Field level masking
Logging and Analysis
Utilization of Mobile Device Management solutions

2-Part Webinar Series Fluid UI – An Early Look

Join Larry Grey, GreyHeller’s President, and Chris Heller, CIO at GreyHeller, for an early look at Fluid UI with a two-part webinar series on mobility, design and security.

Fluid UI – Under the Covers

Dec. 3rd 11am (PST) In this demo-intensive session, we will use a live HCM 9.2 environment to show techniques for deploying Fluid UI:

The user interface of delivered fluid transactions and landing pages
Co-existence between fluid and non-fluid pages
Techniques for developing fluid pages
Techniques for modifying fluid behavior
Incorporating fluid into a corporation’s branding and corporate identity

Fluid UI – How to Deploy Safely & Securely

Dec. 4th 11am (PST) Fluid UI capabilities allow organizations to provide an unprecedented level of self service functionality to employees across a wide range of browsers and mobile devices. As organizations look to deploy these functions to new locations and on new devices, the question of security becomes critical. In this demo-intensive session, learn how organizations can deploy fluid transactions safely using the following techniques:

Location-based security
Two Factor Authentication
Field level masking
Logging and Analysis
Utilization of Mobile Device Management solutions

We hope to see you there!We encourage you to forward this e-mail to colleagues who may also be interested in attending.Can’t make the webinar? Register above for one or both of the webinars to receive a copy of the recording and to be added to our webinar invite list.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Platforms

Features

Register for an Upcoming Webinar

SAP

PeopleSoft

Appsian360

Review

Webinars

Persona

Register for an Upcoming Webinar

Customers

Video Testimonials

Featured Case Studies

Why Appsian

Management Team

Careers

Press Releases

Partners

Contact Us

Customers

Partners

Home / Blog / OHUG Interview With GreyHeller CEO Hendrix H. Bodden

OHUG Interview With GreyHeller CEO Hendrix H. Bodden

From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.

There Are a Wide Variety of Cyber Criminals

Mobile Device Management Increasingly Being Used for Protection

January Webinar to Focus on PeopleSoft HR Systems

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Scary UK cybercrime data

Scary UK cybercrime data

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Sony Knew About Security Vulnerability Before Breach

Sony Knew About Security Vulnerability Before Breach

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / How Data Masking Helps Prevent Cyber Attacks

How Data Masking Helps Prevent Cyber Attacks

Data Masking could have helped prevent recent, high-profile destructive cyber attacks.

About GreyHeller

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Allocation of risk in a data breach

Allocation of risk in a data breach

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Fluid UI– How to Deploy Safely & Securely– Webinar Recording

Fluid UI– How to Deploy Safely & Securely– Webinar Recording

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / GreyHeller Presents A Two-Part Webinar

GreyHeller Presents A Two-Part Webinar

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Cyber Criminals Targeting University Payroll Systems

Cyber Criminals Targeting University Payroll Systems

About GreyHeller

Related Articles.

Put the Appsian Security Platform to the Test

Home / Blog / Webinar Recording: GreyHeller and Fluid UI

Webinar Recording: GreyHeller and Fluid UI

Related Articles.

Put the Appsian Security Platform to the Test

US Office

India Office

Start your free demo

Register
for an Upcoming
Webinar

Register
for an Upcoming
Webinar