Welcome!

Cloud Security Authors: Liz McMillan, Pat Romanski, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

How to Lock Down Sensitive Data By @Motorola | @CloudExpo

For retailers everywhere, it's a challenging new day as security threats are a constant - both inside their four walls and out

How to Lock Down Sensitive Data from Increasingly Clever Hackers

For retailers everywhere, it's a challenging new day. Security threats are a constant - both inside their four walls and out. The big security breaches we hear about on the news; the smaller ones sometimes not. But their impact remains costly to us all. The need for mobility, rapidly evolving technology and meeting growing customer expectations for network user access continues to complicate matters for retail IT - and has set the stage for the increased risk with over the air breaches using rogue Bluetooth® devices.

Bluetooth technology has transformed how we connect - both at home and at work. It is intended for consumer product connectivity and can be misused for gaining entry into enterprise applications. The technology is often used for payment card readers, but is also being misused by hackers as an unsecured way to gain access into retailers' networks. Once inside, they can install malware onto point of sale (POS) devices and plant a rogue Bluetooth transmitter. Then, using their own mobile devices, they can download collected information to their device as they walk by undetected - up to 300 feet away.

With virtually every customer in the store using a myriad of wireless devices to check prices, download coupons, etc., the thief - even on video - would be difficult to identify. The reduced risk involved makes this type of crime even more alluring.

A Rapidly Growing Threat
Credit card data theft is becoming increasingly common. Because of this, it's exploding into a full-blown epidemic from which no retailer is exempt. A sophisticated Russian syndicate recently breached a large retailer's credit card payment system, adding to the millions of credit card numbers it's hacked from retailers over the last seven years.

Other skimmers have targeted bank ATMs and gas stations. Here's a startling snapshot of their impact:

  • In the U.S. alone, credit card theft has increased 50 percent from 2005 to 2010, according to the U.S. Department of Justice.
  • Identity theft cost Americans $24.7 billion in 2012[1]
  • During that same year, an estimated 16.6 million people (approximately 7 percent of all people age 16 or older in the U.S.) experienced at least one incident of identify theft.
  • According to a January 2014 report, the Federal Bureau of Investigation (FBI) warned retailers to prepare for more cyber POS attacks.[2]

For retailers, the costs associated with a credit card breach are substantial. From the direct remediation costs of offering credit card monitoring for any affected customers, to the costs of any lawsuits filed by consumers, it's an expensive proposition. Not to mention, the incalculable brand damage a breach causes in loss of customer trust and loyalty.

Hackers running skimming operations have upped their game, improving their technology to make stealing credit card data even easier by installing a Bluetooth-based skimmer inside the targeted POS machine.

In January of this year, the first arrests were made for Bluetooth Skimming. Thirteen individuals were indicted with running a multi-million dollar fraud ring using gas pump skimmers at stations throughout the southern U.S.[3] The defendants allegedly encoded the stolen card data onto counterfeit cards, and armed with stolen PINs, withdrew funds from victim accounts at ATMs. When all was said and done, they managed to steal more than $2 million from approximately 70 bank accounts.

Why Manual Network Monitoring Is Not the Answer
It's tough for retailers to keep up. Sophisticated criminals are constantly searching for gaps in their security measures and access into their networks. And unlike Wi-Fi or cellular technologies which are encrypted and/or firewalled for consumer use, Bluetooth devices are not and have traditionally not been a concern until recently. However, as stores enable shoppers to use their networks to do more, firewall precautions need to be taken to protect sensitive network data and retain the PCI compliance required to enable secure transactions.

New Effective Options
With all the challenges this new threat brings - along with others no doubt on the horizon - the good news is there are solutions available now to minimize Bluetooth intrusion risks.  When evaluating your security options, make sure:

  • You select a provider with proven experience and a platform that detects suspicious Bluetooth devices and sends an alert when unusual usage patterns or repetitive devices are identified.
  • The solution delivers a single management interface, allowing you to easily define different classes of devices which eliminate false alarms generated by Bluetooth-enabled devices in the hands of your customers, your associates and workers in neighboring businesses.

Retailers have a lot to lose when a data breach occurs, and the associated costs are dramatic as we've seen in multiple cases over the last year. With Bluetooth monitoring in place, retailers can expand their wireless network security to include both the Wi-Fi and Bluetooth spectrum and defend against this new and previously unguarded threat.  Valuable customer data - and your business - depend on it.

References

  1. http://www.bjs.gov/content/pub/press/vit12pr.cfm
  2. http://mobile.reuters.com/article/topNews/idUSBREA0M1UF20140124?irpc=932
  3. http://krebsonsecurity.com/category/all-about-skimmers/

Conference Schedule Announced

Are you ready to put your data in the cloud?

What is the future of security in the cloud?

Does Docker quickly advance the development of an IoT application?

What are the implications of Moore's Law on Hadoop deployments?

Get all these questions and hundreds more like them answered at the 15th Cloud Expo, November 4-6, 2014, at the Santa Clara Convention Center, in Santa Clara, CA. The Cloud Expo / Big Data Expo / @ThingsExpo / DevOps Summit programs are now available for you to inspect and investigate in advance.

Our upcoming November 4-6 event in Santa Clara, California will present a total of 10 simultaneous tracks by an all-star faculty, over three days, plus a two-day "Cloud Computing Bootcamp" presented by Janakiram MSV, an Analyst with the Gigaom Research analyst network, where he covers the Cloud Services landscape.

Cloud and Big Data topics and tracks include: Enterprise Cloud Adoption, APM & Cloud Computing | Hot Topics, Cloud APIs & Business, Cloud Security | Mobility, Big Data | Analytics.

@ThingsExpo content tripled from a single track in New York to three simultaneous tracks: Consumer IoT, Enterprise IoT, IoT Developer | WebRTC Convergence.

DevOps Summit also doubled from a single track in New York to two simultaneous tracks: "Dev" Developer Focus and "Ops" Operations Focus.

Schedule for Cloud Expo / Big Data Expo / @ThingsExpoHere

Schedule for DevOps SummitHere

Now that we have published the full conference schedule, please check back for daily updates as we finalize new session abstracts by working with our distinguished faculty members. For your questions please contact us at events (at) sys-con.com. Last but not least we will announce our keynotes on the hottest subjects to be delivered by world-class speakers!

The largest 'Internet of Things' event in the world has announced "sponsorship opportunities" and "call for papers."

The 1st International Internet of @ThingsExpo was launched this June at the Javits Center in New York City with over 6,000 delegates in attendance. The 2nd International Internet of @ThingsExpo will take place November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, California, with an estimated 7,000 plus delegates attending over three days.

@ThingsExpo is co-located with 15th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading IoT industry players in the world. In 2014, more than 200 companies will be present on the @ThingsExpo show floor, including global players and the hottest new technology pioneers.

Sponsorship and Exhibit Opportunities for @ThingsExpo Silicon Valley and New York Are Now Available
Sponsors and exhibitors of Internet of @ThingsExpo will benefit from unmatched branding, profile building and lead generation opportunities through:

  • Featured on-site presentation and ongoing on-demand webcast exposure to a captive audience of industry decision-makers.
  • Showcase exhibition during our new extended dedicated expo hours
  • Breakout Session Priority scheduling for sponsors that have been guaranteed a 35-minute technical session
  • Online advertising in SYS-CON's i-Technology publications
  • Capitalize on our comprehensive marketing efforts leading up to the show with print mailings, e-newsletters and extensive online media coverage.
  • Unprecedented PR Coverage: Editorial coverage on IoT.sys-con.com, Tweets to our 75,000 plus followers, press releases sent on major wire services to over 500 combined analysts and press members who attended Internet of @ThingsExpo - making it the best-covered "Internet of Things" conference in the world

For more information on sponsorship, exhibit, and keynote opportunities contact Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021. Book both events for additional savings!

@ThingsExpo Silicon Valley (November 4-6, 2014, Santa Clara, CA)
@ThingsExpo New York (June 9-11, 2015, New York, NY)

Secure Your VIP Pass to Attend @ThingsExpo Silicon Valley
Internet of @ThingsExpo announced today a limited time free "Expo Plus" registration option. The onsite registration price of $600 will be set to 'free' for delegates who register during September.

To take advantage of this opportunity, attendees can use the coupon code "IoTSeptember" and secure their "@ThingsExpo Plus" registration to attend all keynotes and general sessions, as well as a limited number of technical sessions each day of the show, in addition to full access to the expo floor and the @ThingsExpo hackathon.

The registration page is located at the @ThingsExpo site here.


@ThingsExpo New York 2015 'Call for Papers' Now Open
The 3rd International Internet of @ThingsExpo, to be held June 9-11, 2015, at the Javits Center in New York City, New York announces that its 'Call for Papers' is now open. The event will feature a world class, all-star faculty with the hottest IoT topics covered in three distinct tracks.

Track 1 - Consumer IoT and Wearables: Smart Appliances, Wearables, Smart Cars, Smartphones 2.0, Smart Travel, Personal Fitness, Health Care, Personalized Marketing, Customized Shopping, Personal Finance, The Digital Divide, Mobile Cash & Markets, Games & the IoT, The Future of Education, Virtual Reality

Track 2 - Enterprise IoT: The Business Case for IoT, Smart Grids, Smart Cities, Smart Transportation, The Smart Home, M2M, Authentication/Security, Wiring the IoT, The Internet of Everything, Digital Transformation of Enterprise IT, Agriculture, Transportation, Manufacturing, Local & State Government, Federal Government

Track 3 - Developer IoT: WebRTC, Eclipse Foundation, Cloud Foundry, Docker & Linux Containers, Node-Red, Open Source Hardware, Leveraging SOA, Multi-Cloud IoT, Evolving Standards, WebSockets, Security & Privacy Protocols, GPS & Proximity Services, Bluetooth/RFID/etc., XMPP, Nest Labs


@ThingsExpo billboard is viewed by more than 1.3 million motorists per week on Highway 101, in the heart of Silicon Valley

Help plant your flag in the fast-expanding business opportunity that is the Internet of Things: Submit your speaking proposal today here!

Download @ThingsExpo Newsletter Today Here

Chris Matthieu Named @ThingsExpo Tech Chair

Internet of @ThingsExpo named Chris Matthieu tech chair of Internet of @ThingsExpo 2014 Silicon Valley.

Chris Matthieu has two decades of telecom and web experience. He launched his Teleku cloud communications-as-a-service platform at eComm in 2010, which was acquired by Voxeo. Next he built an open source Node.JS PaaS called Nodester, which was acquired by AppFog. His latest startups include Twelephone. Leveraging HTML5 and WebRTC, Twelephone's BHAG (Big Hairy Audacious Goal) is to become the next generation telecom company running in the Web browser. Chris is currently co-founder and CTO of Octoblu.

Website: http://www.ThingsExpo.com

Twitter: http://www.Twitter.com/ThingsExpo

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (CloudComputingExpo.com / @CloudExpo), Big Data Expo (BigDataExpo.net / @BigDataExpo), DevOps Summit (DevOpsSummit.sys-con.com / @DevOpsSummit), Internet of @ThingsExpo (ThingsExpo.com / @ThingsExpo) and Cloud Computing Bootcamp (CloudComputingBootcamp.com).

Cloud Expo® and Big Data Expo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

More Stories By Imran Akbar

Imran Akbar is Vice-President and General Manager of the Enterprise Networks and Communications division of Motorola Solutions. Motorola’s Enterprise business recently announced a new AirDefense Bluetooth monitoring solution that is a cost-effective, easy-to-deploy solution and can be up and running in as little as a day, improving payment card security without increasing operational costs.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...