The electric utility industry is built on a foundation that requires an ultimate level of security to operate effectively. As hackers multiply and their level of sophistication increases rapidly, the electric utility industry must also evolve its cybersecurity defense capabilities. A recent survey of 140 North American electric utilities found that 88% of respondents expect cyberattacks to increase within the next 2 to 3 years. That figure is meteoric and most likely slightly distressing for those bulk power system (BPS) operators that haven’t gotten up to speed on patching their software vulnerabilities quite yet.
Blog
-
How to Achieve NERC CIP Compliance
Access to a stable power source is a central component of our daily lives in the modern United States. Power generation, transmission, and delivery has been designated critical infrastructure in the United States, and as such is subject to heightened regulatory scrutiny and security requirements.
One of the most important regulatory bodies ensuring the security of our critical power infrastructure is the North American Electric Reliability Corporation (NERC). NERC is a not-for-profit corporation that has been granted regulatory authority over the bulk power delivery system in the United States. Maintaining compliance with NERC regulatory standards is an ongoing requirement for entities that fall within the scope of the bulk power system. In this article, we’ll break down what NERC is, what NERC does, and outline how entities within the bulk power system can achieve Nerc compliance through a Nerc compliance program.
-
Are CryptoCurrency Traders At a Greater Risk Of Being Hacked?
Cryptocurrency trading has taken off in recent years. Apps, wallets, and online platforms have made trading Bitcoin and other cryptocurrencies accessible. But hackers and cybercriminals and targeting cryptocurrency traders and exchanges more than ever.
-
How Do Cryptocurrency Exchange Providers Stay Protected Against Hackers?
Cryptocurrencies have been rocking the news headlines for the past few years due to their unprecedented rise in value that has seen people become millionaires from making small investments in them. Although there has been news of people making loads of money from these investments, there have also been a plethora of stories pertaining to cryptocurrency exchange providers being breached by hackers.
The anonymous nature of transactions that some exchanges and cryptocurrency use have led hackers to hone in on these websites and steal billions of dollars in cryptocurrencies from miners and customers alike over the years. Many of these hacks have led to the short and swift demise of these cryptocurrency exchange providers due to the sheer quantity of breached accounts and value of cryptocurrency that were been stolen.
-
Top 5 Security Breaches of Cryptocurrency Exchange Providers
Cryptocurrency is a constant source of media attention. It’s new-ish, digital, and an insanely lucrative endeavor to get into. This perfect storm of positives is the main reason why many people are making a ton of money from mining and selling off their cryptocurrencies. But even with all the positives that investors can receive from their cryptocurrency efforts, hackers still pose a considerable threat to their sizable profits.
-
Understanding the CryptoCurrency Security Standard (CCSS)
Cryptocurrency has become wildly popular in the past few years. Bitcoin was the predominant hot-button topic on every news channel and online publication in 2017 due to its meteoric climb to the point where a single Bitcoin fetched more than $10,000. Current market figures for Bitcoin have since fallen to around $6,000/Bitcoin due to global market volatility, but the increased industry competition means that cryptocurrency isn’t going away anytime soon. This means that companies such as Overstock, Expedia, Subway, PayPal, Shopify, and Microsoft that currently accept cryptocurrencies as a viable payment method must understand the cryptocurrency security standards (CCSS).
With over 1,800 cryptocurrency specifications currently in existence as of March 2018, it would be best if you were to understand the ins and outs of CCSS. Thankfully, we have compiled a complete overview of Cryptocurrencies, Blockchain, and CCSS that will keep your investment portfolio in the green for the foreseeable future.
-
How Often Do you need an EI3PA Audit?
Third-party vendors are becoming more involved in business operations as time progresses. One survey notes that 75% of businesses saw third-party access grow over the past two years. With this increase in reliance on third party vendors to streamline business processes comes an increase in risks that might lead to a data breach if the consumer information is mismanaged and exploited by opportunistic hackers. When the organization is handling consumer credit information, there is a need to take extra precautions to ensure that the data does not fall into the wrong hands. This can be a difficult task to accomplish for a single organization, but when accounting for a third-party vendor, it can be nearly impossible to do unless security protocols are initiated to reinforce the consumer credit data.
-
How to Acquire Level 1 EI3PA Certification
In March of 2008, 134 million credit cards and the underlying data were stolen by spyware installed on the Heartland data systems via an SQL injection. Prior to the security breach, Heartland was processing over 100,000,000 card transactions a month for nearly 200,000 small to mid-sized retailers. This breach remained undiscovered until over six months later in January of 2009 when MasterCard and Visa alerted Heartland of suspicious activity and transactions. It was soon discovered that Heartland was out of compliance with the Payment Card Industry Data Security Standard (PCI DDS). As a result, they were not allowed to process card payments until they were found in compliance, which took six months, were required to pay over $145,000,000 in compensation for fraudulent payments, and lost thousands of customers due to their negligence. Now, Heartland is a company capable of weathering such a storm, but if you are a smaller online business, such a breach could wreck your company, and being found out of compliance can carry hefty fines.
-
What Are the Differences Between PCI DSS and EI3PA Requirements?
In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.
-
What is the Experian Independent 3rd Party Assessment (EI3PA)?
For a variety of financial service companies, dealing with the credit history of customers is part and parcel of doing business. Whether its issuing a credit card or financing a small business, banks, lenders, and other service providers and institutions routinely utilize credit data from companies like Experian to make the most appropriate business decisions. But theres just one catch – financial institutions need to be careful (and compliant) in the way they handle private credit history information thats shared with them from Experian data.