News Feed

The Online Trust Alliance’s 2015 Security Report

Wed, Nov 4, 2015

Columbia, Maryland

Many organizations fell prey to notable data breach attacks in 2014, and unfortunately no one anticipates an end in sight. The non-profit organization, Online Trust Alliance (OTA), published their 2015 Security and Privacy Best Practices Report which analyzed over five hundred online security breach attack reports from the first half of 2014 and recommended actions based on their findings. In the report, the OTA highlights the shocking fact that almost 90% of the attacks could have been prevented by implementation of basic information security controls.

An All-Encompassing IT Governance, Risk Management and Compliance (GRC) Solution

From suggested improvements of vulnerability and risk management protocol to recommendations addressing company incident response methods, all of the best practices outlined in the report can be put to action using TraceSecurity’s cloud-based, fully integrated and award-winning IT GRC management software, TraceCSO. For instance, recommendations to implement a vendor management program serve as a reminder that several of the most costly data breaches of recent history could have been avoided through proper vendor management. Enhancements to the TraceCSO vendor management module streamline existing vendor management processes and incorporate risk analysis to empower credit unions to make well-informed, intelligent decisions about their existing and future vendor relationships. An OTA recommendation that is becoming increasingly critical for all credit unions to consider involves establishing and testing incident response plans and procedures. Additions to TraceCSO’s incident response module allow for enhanced collaboration capabilities so that credit unions can address potentially harmful events more effectively and efficiently.

Whether recommendations instruct to develop training and testing materials or policies, TraceCSO provides the platform for policies to be developed and accepted and training courses to be distributed and tested.  Finally, recommendations to adopt stringent vulnerability management practices and to enforce least privilege user access and multi-layered firewall protections may be implemented through TraceCSO’s network scanning functionality, as well as through the variety of information security services that TraceSecurity offers.

Overcome Security Challenges by Leveraging Seasoned Information Security Experts

Of the attacks evaluated, 60% were either the result of insider activity or social engineering attempts. The OTA recommends performing annual risk assessments to identify assets that contain (or allow access to) sensitive member information and create a framework from which the credit union can develop data minimization and least privilege access to these systems. Customers can choose to have TraceSecurity perform any of the various security assessment services offered as well as participate in implementation training that educates the credit union on how to perform risk assessments internally using TraceCSO. Similarly, a social engineering training course is available within TraceCSO, and TraceSecurity provides social engineering engagements designed to test employee response to such attacks – cultivating an institution-wide awareness of social engineering strategies to ensure intrusion attempts are debunked at all levels of the credit union.

Prepare for a Secure and Prosperous 2015 and Beyond

TraceCSO, coupled with TraceSecurity’s extensive information security services, provides an essential combination of resources to develop all components of a successful risk-based information security program. By leveraging TraceSecurity’s services and integrating TraceCSO’s risk, compliance, vendor, and incident response capabilities, credit unions can thoughtfully plan for and greatly diminish the potential of data breach attacks not only in 2015 but also for years to come.