Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

How to Lock Down Sensitive Data By @Motorola | @CloudExpo

For retailers everywhere, it's a challenging new day as security threats are a constant - both inside their four walls and out

How to Lock Down Sensitive Data from Increasingly Clever Hackers

For retailers everywhere, it's a challenging new day. Security threats are a constant - both inside their four walls and out. The big security breaches we hear about on the news; the smaller ones sometimes not. But their impact remains costly to us all. The need for mobility, rapidly evolving technology and meeting growing customer expectations for network user access continues to complicate matters for retail IT - and has set the stage for the increased risk with over the air breaches using rogue Bluetooth® devices.

Bluetooth technology has transformed how we connect - both at home and at work. It is intended for consumer product connectivity and can be misused for gaining entry into enterprise applications. The technology is often used for payment card readers, but is also being misused by hackers as an unsecured way to gain access into retailers' networks. Once inside, they can install malware onto point of sale (POS) devices and plant a rogue Bluetooth transmitter. Then, using their own mobile devices, they can download collected information to their device as they walk by undetected - up to 300 feet away.

With virtually every customer in the store using a myriad of wireless devices to check prices, download coupons, etc., the thief - even on video - would be difficult to identify. The reduced risk involved makes this type of crime even more alluring.

A Rapidly Growing Threat
Credit card data theft is becoming increasingly common. Because of this, it's exploding into a full-blown epidemic from which no retailer is exempt. A sophisticated Russian syndicate recently breached a large retailer's credit card payment system, adding to the millions of credit card numbers it's hacked from retailers over the last seven years.

Other skimmers have targeted bank ATMs and gas stations. Here's a startling snapshot of their impact:

  • In the U.S. alone, credit card theft has increased 50 percent from 2005 to 2010, according to the U.S. Department of Justice.
  • Identity theft cost Americans $24.7 billion in 2012[1]
  • During that same year, an estimated 16.6 million people (approximately 7 percent of all people age 16 or older in the U.S.) experienced at least one incident of identify theft.
  • According to a January 2014 report, the Federal Bureau of Investigation (FBI) warned retailers to prepare for more cyber POS attacks.[2]

For retailers, the costs associated with a credit card breach are substantial. From the direct remediation costs of offering credit card monitoring for any affected customers, to the costs of any lawsuits filed by consumers, it's an expensive proposition. Not to mention, the incalculable brand damage a breach causes in loss of customer trust and loyalty.

Hackers running skimming operations have upped their game, improving their technology to make stealing credit card data even easier by installing a Bluetooth-based skimmer inside the targeted POS machine.

In January of this year, the first arrests were made for Bluetooth Skimming. Thirteen individuals were indicted with running a multi-million dollar fraud ring using gas pump skimmers at stations throughout the southern U.S.[3] The defendants allegedly encoded the stolen card data onto counterfeit cards, and armed with stolen PINs, withdrew funds from victim accounts at ATMs. When all was said and done, they managed to steal more than $2 million from approximately 70 bank accounts.

Why Manual Network Monitoring Is Not the Answer
It's tough for retailers to keep up. Sophisticated criminals are constantly searching for gaps in their security measures and access into their networks. And unlike Wi-Fi or cellular technologies which are encrypted and/or firewalled for consumer use, Bluetooth devices are not and have traditionally not been a concern until recently. However, as stores enable shoppers to use their networks to do more, firewall precautions need to be taken to protect sensitive network data and retain the PCI compliance required to enable secure transactions.

New Effective Options
With all the challenges this new threat brings - along with others no doubt on the horizon - the good news is there are solutions available now to minimize Bluetooth intrusion risks.  When evaluating your security options, make sure:

  • You select a provider with proven experience and a platform that detects suspicious Bluetooth devices and sends an alert when unusual usage patterns or repetitive devices are identified.
  • The solution delivers a single management interface, allowing you to easily define different classes of devices which eliminate false alarms generated by Bluetooth-enabled devices in the hands of your customers, your associates and workers in neighboring businesses.

Retailers have a lot to lose when a data breach occurs, and the associated costs are dramatic as we've seen in multiple cases over the last year. With Bluetooth monitoring in place, retailers can expand their wireless network security to include both the Wi-Fi and Bluetooth spectrum and defend against this new and previously unguarded threat.  Valuable customer data - and your business - depend on it.

References

  1. http://www.bjs.gov/content/pub/press/vit12pr.cfm
  2. http://mobile.reuters.com/article/topNews/idUSBREA0M1UF20140124?irpc=932
  3. http://krebsonsecurity.com/category/all-about-skimmers/

Conference Schedule Announced

Are you ready to put your data in the cloud?

What is the future of security in the cloud?

Does Docker quickly advance the development of an IoT application?

What are the implications of Moore's Law on Hadoop deployments?

Get all these questions and hundreds more like them answered at the 15th Cloud Expo, November 4-6, 2014, at the Santa Clara Convention Center, in Santa Clara, CA. The Cloud Expo / Big Data Expo / @ThingsExpo / DevOps Summit programs are now available for you to inspect and investigate in advance.

Our upcoming November 4-6 event in Santa Clara, California will present a total of 10 simultaneous tracks by an all-star faculty, over three days, plus a two-day "Cloud Computing Bootcamp" presented by Janakiram MSV, an Analyst with the Gigaom Research analyst network, where he covers the Cloud Services landscape.

Cloud and Big Data topics and tracks include: Enterprise Cloud Adoption, APM & Cloud Computing | Hot Topics, Cloud APIs & Business, Cloud Security | Mobility, Big Data | Analytics.

@ThingsExpo content tripled from a single track in New York to three simultaneous tracks: Consumer IoT, Enterprise IoT, IoT Developer | WebRTC Convergence.

DevOps Summit also doubled from a single track in New York to two simultaneous tracks: "Dev" Developer Focus and "Ops" Operations Focus.

Schedule for Cloud Expo / Big Data Expo / @ThingsExpoHere

Schedule for DevOps SummitHere

Now that we have published the full conference schedule, please check back for daily updates as we finalize new session abstracts by working with our distinguished faculty members. For your questions please contact us at events (at) sys-con.com. Last but not least we will announce our keynotes on the hottest subjects to be delivered by world-class speakers!

The largest 'Internet of Things' event in the world has announced "sponsorship opportunities" and "call for papers."

The 1st International Internet of @ThingsExpo was launched this June at the Javits Center in New York City with over 6,000 delegates in attendance. The 2nd International Internet of @ThingsExpo will take place November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, California, with an estimated 7,000 plus delegates attending over three days.

@ThingsExpo is co-located with 15th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world. In 2014, more than 200 companies will be present on the @ThingsExpo show floor, including global players and the hottest new technology pioneers.

Sponsorship and Exhibit Opportunities for @ThingsExpo Silicon Valley and New York Are Now Available
Sponsors and exhibitors of Internet of @ThingsExpo will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for sponsors that have been guaranteed a 35-minute technical session
  • Online advertising in SYS-CON's i-Technology publications
  • Capitalize on our comprehensive marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Editorial coverage on IoT.sys-con.com, Tweets to our 75,000 plus followers, press releases sent on major wire services to over 500 combined analysts and press members who attended Internet of @ThingsExpo - making it the best-covered "Internet of Things" conference in the world

For more information on sponsorship, exhibit, and keynote opportunities contact Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021. Book both events for additional savings!

@ThingsExpo Silicon Valley (November 4-6, 2014, Santa Clara, CA)
@ThingsExpo New York (June 9-11, 2015, New York, NY)

Secure Your VIP Pass to Attend @ThingsExpo Silicon Valley
Internet of @ThingsExpo announced today a limited time free "Expo Plus" registration option. The onsite registration price of $600 will be set to 'free' for delegates who register during September.

To take advantage of this opportunity, attendees can use the coupon code "IoTSeptember" and secure their "@ThingsExpo Plus" registration to attend all keynotes and general sessions, as well as a limited number of technical sessions each day of the show, in addition to full access to the expo floor and the @ThingsExpo hackathon.

The registration page is located at the @ThingsExpo site here.


@ThingsExpo New York 2015 'Call for Papers' Now Open
The 3rd International Internet of @ThingsExpo, to be held June 9-11, 2015, at the Javits Center in New York City, New York announces that its 'Call for Papers' is now open. The event will feature a world class, all-star faculty with the hottest IoT topics covered in three distinct tracks.

Track 1 - Consumer IoT and Wearables: Smart Appliances, Wearables, Smart Cars, Smartphones 2.0, Smart Travel, Personal Fitness, Health Care, Personalized Marketing, Customized Shopping, Personal Finance, The Digital Divide, Mobile Cash & Markets, Games & the IoT, The Future of Education, Virtual Reality

Track 2 - Enterprise IoT: The Business Case for IoT, Smart Grids, Smart Cities, Smart Transportation, The Smart Home, M2M, Authentication/Security, Wiring the IoT, The Internet of Everything, Digital Transformation of Enterprise IT, Agriculture, Transportation, Manufacturing, Local & State Government, Federal Government

Track 3 - Developer IoT: WebRTC, Eclipse Foundation, Cloud Foundry, Docker & Linux Containers, Node-Red, Open Source Hardware, Leveraging SOA, Multi-Cloud IoT, Evolving Standards, WebSockets, Security & Privacy Protocols, GPS & Proximity Services, Bluetooth/RFID/etc., XMPP, Nest Labs


@ThingsExpo billboard is viewed by more than 1.3 million motorists per week on Highway 101, in the heart of Silicon Valley

Help plant your flag in the fast-expanding business opportunity that is the Internet of Things: Submit your speaking proposal today here!

Download @ThingsExpo Newsletter Today Here

Chris Matthieu Named @ThingsExpo Tech Chair

Internet of @ThingsExpo named Chris Matthieu tech chair of Internet of @ThingsExpo 2014 Silicon Valley.

Chris Matthieu has two decades of telecom and web experience. He launched his Teleku cloud communications-as-a-service platform at eComm in 2010, which was acquired by Voxeo. Next he built an open source Node.JS PaaS called Nodester, which was acquired by AppFog. His latest startups include Twelephone. Leveraging HTML5 and WebRTC, Twelephone's BHAG (Big Hairy Audacious Goal) is to become the next generation telecom company running in the Web browser. Chris is currently co-founder and CTO of Octoblu.

Website: http://www.ThingsExpo.com

Twitter: http://www.Twitter.com/ThingsExpo

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (CloudComputingExpo.com / @CloudExpo), Big Data Expo (BigDataExpo.net / @BigDataExpo), DevOps Summit (DevOpsSummit.sys-con.com / @DevOpsSummit), Internet of @ThingsExpo (ThingsExpo.com / @ThingsExpo) and Cloud Computing Bootcamp (CloudComputingBootcamp.com).

Cloud Expo® and Big Data Expo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

More Stories By Imran Akbar

Imran Akbar is Vice-President and General Manager of the Enterprise Networks and Communications division of Motorola Solutions. Motorola’s Enterprise business recently announced a new AirDefense Bluetooth monitoring solution that is a cost-effective, easy-to-deploy solution and can be up and running in as little as a day, improving payment card security without increasing operational costs.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pick from all 200 sessions in all 10 tracks, plus 22 Keynotes & General Sessions! Lunch is served two days. EXPIRES AUGUST 31, 2018. Ticket prices: ($1,295-Aug 31) ($1,495-Oct 31) ($1,995-Nov 12) ($2,500-Walk-in)
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...