Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
First, let me say that I am happy to see that the issue of spear phishing after the Epsilon breach has become an important part of the breach discussion (and has gone mainstream). I found it encouraging when I was told of at least one organization that sent out a warning to employees about the risks involved with spear phishing attacks and how to react to potential spam email.
Now I want to talk about another issue that has evolved from the Epsilon breach-third-party vendors and security risks. It appears that at least some of the companies involved are trying to claim innocence in the breach, that this was all on Epsilon's side and they (the companies) had nothing to do with it.
What happened at Epsilon could happen anywhere. The bottom line is that when you hire a third-party vendor that has access to information from your company, it is vital to have a solid security plan in place. I've spoken with CSOs who claim their third-party contracts require security measures as strict as the hiring company's-but they also admit that monitoring the third party's security isn't always easy.
[B]anks and merchants should "come clean" about the information they share with outside entities.
No. 1, banks and retailers should come clean, in terms of who they're sharing data with. Banks especially should be mindful of ways they communicate with their customers. Some e-mails from my bank look like phishing e-mails because they are coming from a third party that does not use the same domain.