What Is Formjacking and Is Your E-Commerce Site at Risk?

May 23, 2019

It happened to British Airways in 2018, when data from 380,000 customers was hijacked for resale online, and it happens to smaller businesses, too. Here’s what you need to know about this threat and how to protect your e-commerce website.

What exactly is formjacking?

Formjacking is a trending type of data breach that showed up on data security investigators’ radar in 2018. One security firm alone blocked 3.7 million formjacking attacks against its clients last year, and an estimated 4,800 online stores get formjacked each month. That’s because formjacking is easy to do, hard to spot and makes money for thieves.

All it takes to hijack an e-commerce checkout form is inserting malicious JavaScript code. That code captures any payment data that customers type into those fields and sends it to the attackers running the scam – all without disrupting the website’s order process. 

The data that’s skimmed gets sold on the dark web. The data formjacked from the British Airways site sold for as much as $50 per record – it included CVVs, expiration dates and customers’ personal data. That information makes it easier for CNP fraudsters to buy things online, because stolen card numbers usually have to be tested to match them with security codes and expiration dates.

What type of websites do formjackers target?

Major e-commerce sites like BA and Ticketmaster have been formjacked. But formjackers seem to prefer small and medium-sized online businesses, because they often have weaker cybersecurity programs than large e-commerce sites. 

In particular, formjackers look for sites with lots of customer traffic, to steal as much data as possible in the shortest amount of time. That means peak shopping seasons can become peak formjacking seasons. And these criminals look for sites that use third-party apps and plugins, like customer …

Read More

How Does a Clean Desk Policy Protect Sensitive Data?

May 8, 2019

But beyond sparking joy, a clean and neat workspace can have security benefits as well. Spring Cleaning is a great opportunity to roll out a Clean Desk Policy at your organization to help protect company and customer sensitive data. Here’s a guide to the why and how of your clean desk policy.

Data security applies to ALL data

Every business handles sensitive data, from employee and customer personal information to intellectual property, business plans, and financials. One quick way to check is to ask yourself, “Would I be OK if this information was posted on a public website for everyone to see?” If the answer is “No,” then consider that information sensitive and treat it with care. As a small business, you know how important it is to protect this data, and that’s why you roll out a comprehensive cybersecurity program to defend against cyber-threats. But we have to remind ourselves that sensitive data is everywhere, not just on-screen. And just the same, protecting data means protecting it everywhere it’s stored – even if that’s on a piece of paper that can be seen, lost, or stolen.

What is a Clean Desk Policy?

A Clean Desk Policy states that at the end of each day, all papers must be cleared from employees’ desks and any sensitive data locked. A clean workspace free of paperwork can have a positive impact on productivity, but the primary rationale behind this is more than tidiness: Clearing desks removes access to confidential information from anyone who walks through the facility:

  • Other employees not authorized to receive the information
  • Invited guests and customers
  • After-hours cleaning, maintenance, or other contractors
  • Burglars or other intruders

Although it’s not the first thing that comes to mind when you think “data breach,” either malicious or unintentional exposure of sensitive …

Read More

Why Small Business Cyberattacks Could Prompt Next Recession

May 6, 2019

Unfortunately, these same small businesses have begun to fall victim to cyberattack at an alarming rate, and whether you know it or not, this reality is putting the entire economy at risk. As large companies spend endless amounts of time and money to fortify their digital assets, cyber criminals, hackers and fraudsters have turned their attention to those that cannot afford such lofty and impenetrable defenses: small and mid-sized businesses.

A recent Ponemon study found that nearly 70% of all small businesses experienced a cyberattack in 2017, while half admitted to having no understanding of how to protect their company against an attack. And that’s a big problem when considering the average recovery costs of a data breach for a small company can top $149,000. Most worrisome, however, is that 60% of all small companies that succumb to a cyberattack go out of business within six months, according to a report by the U.S. National Cyber Security Alliance.

The possibility of a trickle-up recession is real

The risk to individual small businesses is undoubtedly a big concern to small business stakeholders, but perhaps the bigger issue at present is the risk now posed to the national economy as a whole.

To date, there has been little to correlate small business cyberattacks to any indicators of recession.

While there is vast and differing discussion on when and what will truly facilitate the next downturn, most, if not all economists, have failed to identify SMB cybercrime as a factor. That’s likely because recessions are typically driven by events that trickle down throughout society, such as rising interest rates, credit crunches, international conflict or high oil prices, among other geopolitical activities.

While those contributing factors remain unquestioned recession drivers, it is entirely plausible that the next recession is driven from the bottom …

Read More

How Artificial Intelligence and Machine Learning are Changing CyberSecurity

May 1, 2019

Generally, in machine learning, computers learn on their own. Machine learning creates the capability to acquire and absorb knowledge in computers without predetermined and overt program writing.

Machine Learning, a sub-topic of artificial intelligence, is headed for the technological expansion of human knowledge and intelligence. Machine learning permits computers to cope with unfamiliar circumstances, locations, arrangements by the use of analysis, self-training, observation and experience. Machine learning makes uninterrupted progression of computing easy by subjecting computers to a lot of different, contemporary, untried unfamiliar settings, challenges, innovations, versions, etc.

The idea here is to better a computer’s decision-making (while using pattern and trend detection) and streamline its progress toward superior assessment in circumstances (not as similar) later on. For example, the current Facebook News Feed is an epitome of the combined effect of human and machine learning.

The News Feed is automated to reveal client friendly content. So, if a patron regularly tags or jots down on the wall of a friend, then the News Feed also adjusts its actions to present more subject matter from that friend.

Machine Learning has applications for old remedies

Although the masses often couple machine learning with colossal corporations, nowadays it is influencing just about everything and everyone in the digital world. For example, the applications of machine learning in agriculture to give crop yield a shot in the arm. In June 2016, the pilot of a novel sowing app as well as a custom-made village advisory dashboard was unveiled for the groundnut cultivators in the Indian state of Andhra Pradesh; using this app, the average yield per hectare rose by nearly 30%.

The Sowing App was set up to assist farmers bring about best possible harvest conditions via recommendations on the most favourable time to sow (subject to weather conditions), soil and other …

Read More

Is the Cloud Living on the Edge?

April 29, 2019

Back when the cloud was “the next big thing,” skeptics questioned its reliability, its durability and, above all, its security. Over time, each concern has been addressed and largely resolved. The wisdom of off-premises computing is now almost a given. 

But cloud computing isn’t a religious issue. We can believe that moving critical applications and mission-critical data off local gear is strategically smart, safe and cost-effective, and still acknowledge that growing pains have tested, and will continue to test, the model. With the cloud’s maturity comes some degree of ossification and even inefficiency.

The Term Edge Computing

Over the years, I’ve sought to debunk myths and hype around cloud computing’s flavors of the month: public, private, hybrid, fog, etc. They all taste great. They’re all less filling. My point has been that terminology too often masks an intention to fix things that aren’t broken, to repackage and sell things that already exist and work well, and to find alternatives to solutions that have proven themselves eminently capable of enhancing business processes.   

As Upton Sinclair memorably put it, “it is difficult to get a man to understand something, when his salary depends on his not understanding it.” Because the tendency in technology is to tease the Next Next Big Thing, the temptation to apply a bear hug to the latest and greatest can be hard to resist, whether or not we fully know what we’re embracing.  

That’s where we are with edge computing. Before this bit of jargon fully morphs into a way of doing business, IT consumers, IT professionals and IT pundits all need to understand what it is substantively and where it lapses into change-for-change’s-sake.

Recent headlines underscore the point: “Michael Dell: Why edge computing could be the next big thing”; “Edge Computing: The next big thing in networking …

Read More