Blog

Archive for February, 2010

XChange Solution Provider

Wednesday, February 17th, 2010

March 8-11, 2010
Hyatt Regency Century Plaza, Los Angeles
XChange Solution Provider 2K10

Zecurion will be participating in the XChange Solution Provider 2K10 event in Los Angeles, March 8 through 11. Kickoff the year right and be a part of the world’s leading IT channel event! This is where top Vendors and Solution Providers meet, network, train and define the future.

Discover How to Reboot for 2K10 – CTRL/ALT/DELETE

  • Take CTRL of new services, products, solutions and become more focused.
  • Incorporate ALT solutions, technologies, revenue streams, and social media outlets. Solution Providers are looking for alternative, emerging solutions and new vendor partners.
  • DELETE unnecessary business processes, deficient vendor partners, bad habits, and poor product lines.

XChange Solution Provider hand-selects 225 executive level, pre-qualified Solution Providers, together with channel vendor companies to meet, network, build relationships, and ultimately do business with one another.

Stop by and visit with us to learn more about Zecurion and how we can work together to make 2010 a successful year for everyone.

Tags: , , , ,
Posted in Events | No Comments »

Virtual Symposium: Web Application Security

Tuesday, February 16th, 2010

Join Zecurion this Thursday, February 18th at 2pm Eastern for the SC World Congress 24/7 Virtual Symposium: Web Application Security.

Here is an overview of the event from the site:

“Cybercriminals no longer rely on operating system vulnerabilities to raid corporate networks ripe with sensitive information. Today they need only scan websites for there over-abundance of vulnerabilities to launch their attacks. Indeed, most data theft attacks enlist these unplugged holes. But, building what some in the industry call ‘hack-resistant’ applications, takes planning, time, knowledge and myriad resources. But, many experts note, building security in from the ground up is well worth the effort. However, what about those applications that are up and running? We talk to experts about the trials and tribulations of safeguarding web applications, finding out practical steps for protecting this too-often-used entre’ into business networks.”

Stop by and “visit” us at Zecurion’s virtual booth.

Registration is free: http://events.unisfair.com/index.jsp?eid=474&seid=361

Tags: , , , , , ,
Posted in Events | No Comments »

Ceridian Hack Exposes Data on 27,000 Employees

Tuesday, February 9th, 2010

Ceridian, a provider of benefits services for thousands of client companies, had its payroll processing division hacked, exposing names, Social Security numbers, birth dates, and bank accounts of 27,000 employees from 1,900 companies nationwide.

The attack apparently occurred December 22 and/or 23 of 2009, but affected individuals were not notified until late January. When asked why it took so long to let employees know their data was compromised, Ceridian spokesman Keith Peterson said “We took immediate preventive steps to ensure no further incident of this type would occur.”

Peterson added ”While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol.”

27,000 may not be a large number relative to the total number of employees managed by Ceridian payroll, but to call the number “small” and wait more than a month to alert affected individuals seems to be a rather cavalier response. Kudos to Ceridian for being fortunate enough to not have exposed 270,000, or 2.7 million employees’ data, but to the 27,000 who are affected it is a matter of grave concern and utmost urgency.

Its nice that Ceridian took “immediate preventive measures”, but it should also disclose what measures were in place, how they were circumvented, and what additional security controls were implemented to mitigate the attack. Ceridian falls under  a variety of compliance mandates and it would be interesting to know whether the attack breached otherwise compliant security controls, or if Ceridian dropped the ball somewhere in implementing security and protecting data.

Whether Ceridian’s network and servers were compliant with all applicable security mandates at the time of the breach or not, Ceridian could have ensured that the employee data would not be compromised or exposed by implementing an encryption solution that protects all stored data at rest. An attacker may circumvent controls and breach the server, but a server breach does not have to be a data breach if the right protection is in place for the data.

Tags: , , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »