Source: KPNX

Millions affected in federal cyber security breach

As a cyber-security expert and CEO of Lazarus Alliance, Michael Peters’ job is to find gaps in his client’s security and close them off.

It looks as though Uncle Sam could have used his help. “This is extremely valuable reconnaissance information,” said Peters.

Chinese hackers are suspected in the massive data cyber security breach affecting four million former and current federal employees.

In Arizona alone, there are 88,000 workers.

Names, birth dates and social security numbers are all part of the compromised personal information. “Identity theft, that will be part of the package. That will get sold off in darknets,” Peters said.

The real goal many people believe is to use confidential information and clearances to get inside the government.

Senator Ron Wyden, an Intelligence Committee member had this to say, “I continue to feel it is very important that we ramp up our efforts to go after foreign hackers and foreign threats.”

Still, what stuck out to several politicians and cyber experts, including Peters, was the federal government’s lack of cyber protection.

“No encryption, no multi-factor authentication,” said Peters. When asked if he was shocked by the lack of security tools he said, “At this state absolutely.”

Peters says both are common tools used to add extra layers of authentication and security.

He believes had they been in place, the breach could have been protected altogether.

“These are fundamental, you cannot go without, so why we’re talking about this still in the federal space, that’s a real problem.”

Several federal employees told 12 News, while they’re concerned about their information, they’re waiting to hear more from the government.

They all plan to keep an eye on their accounts and credit reports.

Video: https://youtu.be/8eRv4zc9l4M

An actual cyber security breach would put Hard Rock Hotel and Casino at the front of the corporate wreckage A-List and be hard hitting on both the business and careers.

The past twelve (12) months have produced cyber security breaches at Sony, Target, Neiman Marcus, Michaels, Affinity Gaming, P.F. Chang’s, Albertson’s and SuperValu, Home Depot, JP Morgan Chase, Staples and the list goes on. News that the Hard Rock Hotel and Casino may be joining the roster was reported by CNBC on May 4th 2015.

For the first time in history CEOs are losing their jobs because of data breaches. Scrutiny of corporate leadership’s management of cyber security preparedness and incident response will undoubtedly continue to increase in the form of litigation and regulatory action after a major incident. The impact an actual cyber security breach would have on Hard Rock remains to be seen.

The escalating prevalence of widely publicized cyber security breaches has lit the fires for change in the attitudes of business leaders and consumers when it comes to cyber security. Gone are the days when board members and the C-suite ignore the drastic business impact a cyber security breach has on a company.

Within this firestorm, consumers are adding fuel by demanding more transparency, accountability and rapid remediation from businesses after a data breach occurs. The result is that cyber security is one of the highest priorities facing businesses and regulators. All of these high-profile security breaches were avoidable through the diligent application of proactive cyber security assessment, audits and strategy.

Michael Peters, CEO of Lazarus Alliance said “It is undeniable that prevention is the better alternative to incident response. A company can be either proactive or reactive to cyber security and only one approach will keep a company off the breach reports!”

Despite overwhelming evidence, businesses will increase focus more on cyber security breach controls against external hackers and cyber criminals this year, many more will miss the importance of protecting against insider and trusted partner threats. Employees and trusted Third-Parties negligence will continue to be the leading cause of cyber security breach incidents for the foreseeable future.

Between human error and trusted insiders with malicious intent, history has shown that the majority of cyber security breaches originate inside the company’s technological and physical walls. Employees and negligence are the leading cause of cyber security incidents but remain the least reported issue.

The Proactive Cyber Security™ services at Lazarus Alliance is years ahead of this issue by offering IT Audit & Compliance, IT Risk Management and IT Governance & Policy solutions to companies that would rather proactively prevent data breaches than be in the news and in the next industry data breach report. These services include proactive SSAE 16 internal audit services.

Lazarus Alliance assessors have a deep wellspring of cyber security, regulatory and assessment experience to draw from. Continuing to shape the industry with breakthrough proprietary technology such as the IT Audit Machine (ITAM), the Policy Machine and Proactive Cyber Security™ methodology all of which exceed baseline requirements providing superior results to our clients.

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™

New malware program PoSeidon targets retail POS credit card terminals. Lazarus Alliance QSA services protects clients against it.

The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cyber security services.

Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS systems are vulnerable to these attacks, which allow the RAM of an infected terminal to be scanned by the malware. PoSeidon looks for unencrypted credit card data, and then transmits that data out to an exfiltration server controlled by the cyber criminals.

This technique has long been known to security experts. The Proactive Cyber Security™ services at Lazarus Alliance has been years ahead of this issue by offering solutions to companies that utilize POS systems that ensure this memory scraping technique does not compromise a payment process.

William Ochs, GRC Partner of Lazarus Alliance said “Not only has Lazarus Alliance long called for end-to-end encryption technology to be utilized to mitigate the risk posed by POS threats, but Lazarus Alliance also has a proven track record of offering actual solutions to implement end-to-end encryption protecting retailers globally.”

As long as organizations remain reactive instead of proactive in their approach to cyber security, they will continue to fail the constituents they work to protect. The PoSeidon POS malware program is another example in a daunting list of the challenges that face organizations concerned with their PCI DSS stance.

As a PCI DSS audit Qualified Security Assessor (QSA) company, Lazarus Alliance has been approved by the PCI Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS audit standard. Lazarus Alliance specializes in providing our clients with scalable, efficient solutions for meeting the rigorous demands of Payment Card Industry (PCI) compliance. We do this in part because of our breakthrough proprietary technologies called the IT Audit Machine (ITAM) and the Policy Machine.

“It’s incumbent upon security professionals to proactively advocate for best practices in cyber security, risk and compliance; too often, the opposite occurs in the industry,” said Ochs

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!