Member Login | Become a Member
Innovative Payments Association
  • About Us
    • Our Team
    • IPA Board of Directors
    • Our Members
    • Sponsorship
    • Contact
  • News & Events
    • Calendar
    • Newsroom
  • Podcast
  • Blog
  • Membership
    • Member Directory
    • Membership Application
    • Member Login
  • Member Resources
    • FCTF
    • GRWG
    • Government Update
    • State Legislative Tracker
    • Financial Crimes Investigators
    • Glossary & Resources
  • Advocacy
    • CFPB
    • Covid Response
    • Durbin Amendment
    • Earned Wage Access
    • FDIC & OCC
    • Fees
    • Payroll Cards
    • Privacy Legislation
    • Prepaid Rule Litigation
    • Reg E
    • Unclaimed Property
  • IPC 2023
    • Agenda
    • FAQ
    • Sponsorship Opportunities
    • Hotel & Travel
    • 2023 Maher Award
  • About Us
    • Our Team
    • IPA Board of Directors
    • Our Members
    • Sponsorship
    • Contact
  • News & Events
    • Calendar
    • Newsroom
  • Podcast
  • Blog
  • Membership
    • Member Directory
    • Membership Application
    • Member Login
  • Member Resources
    • FCTF
    • GRWG
    • Government Update
    • State Legislative Tracker
    • Financial Crimes Investigators
    • Glossary & Resources
  • Advocacy
    • CFPB
    • Covid Response
    • Durbin Amendment
    • Earned Wage Access
    • FDIC & OCC
    • Fees
    • Payroll Cards
    • Privacy Legislation
    • Prepaid Rule Litigation
    • Reg E
    • Unclaimed Property
  • IPC 2023
    • Agenda
    • FAQ
    • Sponsorship Opportunities
    • Hotel & Travel
    • 2023 Maher Award

Blog

Everyone Gets Hacked, But the Situation is Not Hopeless

4/12/2019

 

Brian Krebs at Power of Prepaid

Cyber security expert and author Brian Krebs had a cold dose of reality for financial services companies at the Power of Prepaid Conference.

“It’s easy to think everything, everyone, everywhere gets hacked – I think that’s a good summation of reality,” Krebs said in his keynote talk on April 10. Accepting this reality, he added, is the first step toward improving both personal and corporate security.

“If you accept the fact that companies get breached on a daily basis, then you can do security [better],” he said.

Throughout his talk, Krebs offered ideas and suggestions for how businesses can cope in such a world. The first step is for them to start working together.

An advantage hackers have over cyber security teams is their collaboration through online forums.

“If you need help in the underground there are lots of people there,” Krebs said.

Companies can combat this by sharing information and letting others know when they have faced attacks. An open dialogue not only helps others ward off attacks but also encourages reciprocity.

Once cyber security teams recognize what is happening out in the wild, they can figure out where their weaknesses lie and work to shore up their defenses, which aren’t purely technical.

“People are the most important and most dangerous assets in organizations,” Krebs said.

People don’t change passwords and click on phishing e-mails, but also secure systems and respond to incidents. Training employees and hiring cybersecurity staff are steps that can reduce a company’s risk. Krebs encouraged companies to implement two-factor authentication for customers and employees, noting that system administrators in particular should be held to high authentication standards.

“You can’t secure what you don’t know you have,’ Krebs explained. Identifying the connections and overlaps between physical and cyber security is essential. Businesses should also map out their servers, domains and IP addresses to understand their own vulnerabilities. Response plans also need to be prepared and drilled.

One area where the prepaid industry can have an advantage is managing third-party risk. Krebs said this was “the biggest elephant in the room” no one wanted to talk about, but if a company has a handle on this, they have a handle on security. Prepaid issuers have had regulatory guidance since 2011 from the Office of the Comptroller of the Currency that includes a provision saying banks’ third-party contracts should include: “procedures in the event of service disruption or security breaches that pose a material risk to the bank.”

Of course, guidance needs to be followed with action. An earlier panel at the conference highlighted managing third-party risk. Liz Nutting, senior vice president of strategic partnerships and network relations at Axos bank, said that banks need to do risk assessments at least yearly and more often if risks are high.

Risks need to be reevaluated when a third-party does something like making a major software change, added Alicia Reid, associate general counsel at FSV Payments Systems.

Perhaps the most surprising advice Krebs offered attendees was to encourage people to “hack their companies.” Finding weaknesses is ultimately the best way to manage them. He said companies can hack themselves by trying things like testing common passwords to break into accounts from the outside.

“If you want to know how vulnerable you are, just start hacking your own people,” he said.

The final advice Krebs offered was for everyone to make sure they did not fall prey to thinking that they know more than they do.

“All of us win – personally and professionally – when we challenge our assumptions about security,” Krebs said.


Comments are closed.

    Author

    Write something about yourself. No need to be fancy, just an overview.

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018

    Categories

    All
    Member Profiles
    Podcast
    Power Of Prepaid
    Prepaid
    Small Business
    Webinar

    RSS Feed

Home
​​About Us
Advocacy
Newsroom​
IPA News & Events
Payments Podcast
Blog​
​Events


Innovative Payments Conference
​Sponsorship Opportunities
FAQ

​Contact Us
© COPYRIGHT 2023 ALL RIGHTS RESERVED.