Individual users are often referred to as the weakest link in cybersecurity, as human error is a major contributor to security incidents of all kinds. However, employees can also be a significant asset when adequately trained in cybersecurity hygiene and best practices. The dangers of cyber threats in the retail sector are numerous and costly, ranging from the theft of sensitive employee...

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...

As the holiday shopping season kicks in, many are eager to secure early bird discounts and offers, preparing for the festive season. The convenience and speed of mobile devices has led to a growing number of individuals opting for mobile payments, whether conducted online or through contactless systems. The global mobile payment revenue is expected to reach $12.06 trillion by 2027 , and smartphone...

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks , in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by the Government Accountability Office (GAO)...

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors. Deep down, we all know that audits...

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target...

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive information that’s appealing to bad actors — and...

To distinguish the size of merchant companies and appropriately determine the level of testing required, the founding credit card companies created four different brackets ranging from Tier 1 to 4. Each tier is based on the number of transactions processed per year by the merchant and also dictates the testing a merchant must undertake. While transactions are the primary determiner, a merchant can...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers , The Buckle , and Forever 21 , to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact that just 28 percent of IT security...

Despite retailers’ continuous improvement in compliance with the Payment Card Industry (PCI) security standards, four out of five companies are still failing at interim assessments, according to Verizon’s latest report . The report highlights that the overall state of compliance grew significantly in 2014, with 20 percent of organizations achieving full compliance – up from 11 percent in 2013, and...