Recently Citibank announced that they were hacked, a typical data breach. See the International Business Times article here, http://www.ibtimes.com/articles/160376/20110609/hacking-citibank-citibank-hacked-citi-hacked-citibank-hack-2011-citibank-online.htm. Were they not conducting vulnerability tests on their own system to see if they were vulnerabile? The comes on the heels of Sega, Sony, Lockheed Martin amongst others. So far they only report that 360,000 cards were compromised. We can assume that those customers, if they actually know which accounts were compromised will get 2 years of credit monitoring. But what happens when you actually get false charges? You now have to go spend time to resolve the problems and most likely you might take a hit to your credit score.
Its amazing that this continues to happen and there isn’t a stronger tie between the credit reporting agencies and the hacked banks to help consumer manage their credit and not be responsible to follow up on a data loss. The consumer is the one who has to bear all the burden. And the banks will probably just add another fee to cover their costs to managing the security breach.
These banks should really be more proactive in conducting vulnerability scans daily, conducting website security testing and implement intrusion detection and prevention systems. We do not know if Citibank had a IDS system in ploace but you would think that with a good prevention system in place, this hack should have been immediately identified and stoped before the data breach could occur?
Google has a new feature in their dashboard, “Me on the Web“. The pitch is that it will help your protect your identity. The Huffington Post did a write up of it here, http://www.huffingtonpost.com/2011/06/16/google-me-on-the-web_n_877996.html Google ‘Me On The Web’ Tool Promises To Help You Manage Your Online Identity. “Your online identity is determined not only by what you post, but also by what others post about you — whether a mention in a blog post, a photo tag or a reply to a public status update,” Google explained in a blog post. But what is it really all about?
At first glance it seems to be just an interface to Google Alerts (www.google.com/alerts). I use google alerts for all kinds of key word searches, (my name included). In this screen shot you can see what the interface looks like for Me on the Web
Nothing terrible exciting here. The advice they give you about managing your online reputation is particularly bland. “If you find content online–say, your telephone number or an embarrassing photo of you–that you don’t want to appear online, first determine whether you or someone else controls the content. For example, if the photo you want to hide is part of your Picasa account, you can simply change your photo visibility settings. If, however, the unwanted content resides on a site or page you don’t control, you can follow our tips on removing personal information from the web and removing a page from Google’s search results. ”
There really isnt anything proactive or defensive about this “new tool”. But setting up appropriate alerts is definitely a must in the online world.
For some really intersting tracking of online activity, check out SocialMention.com
CEO KRAA Security
New book coming soon “Securing the Clicks: Network Security in the age of Social Media” http://www.amazon.com/Securing-Clicks-Network-Security-Social/dp/0071769056/ref=sr_1_1?ie=UTF8&s=books&qid=1308343778&sr=8-1
In this time of global financial insecurity, large scale companies are stretching further and further across the planet in order to reduce costs and remain competitive. But this strategy brings with it risks. The pressure on a global company’s supply chain is simply immense, with operations stretching across whole continents and handfuls of countries, variables are introduced that can be incredibly hard to track. A company need a global supply chain risk management process.
With supply chain infrastructures running the length of the planet, how is it possible for a company to know what is happening at any given time and at any given point within its chain? A supply chain is only as strong as its weakest link, and in this fragile economic state, global operations rely on their supply chain management to bring together all the disparate elements into a smooth churning synergy. But how does a company’s supply chain cope with all the challenges that these variables produce?
Global companies face challenges on all fronts regarding the pressures of supply chain on an international scale. With head offices say in New York, and a production arm in China or Pakistan, the most obvious challenge faced by a global company is one of distance. But what specific challenges does this kind of distance throw up?
Like a fog, distance can cloud vision, and block out or at the least delay information – and to a supply chain, information is money. A global company, with its head offices in the West, is going to be unaware, at least for a time, of the state of its supply chain in the event of localised flooding or civil unrest. The supply chain may not even be aware that the issue even exists until severe damage has been caused. Even if the factory was untouched by such a disaster, what about the infrastructure – roads, airports and harbours? Large scale emergencies create questions and uncertainty for those on the ground, never mind those in large corner offices in Manhattan.
The problem is not just limited to natural disasters or weather systems. Civil and political unrest can cause chaos to even a healthy supply chain. Then there are epidemics and pandemics, such as the H1N1 flu, which have the potential to grind a whole economy to a sudden and shuddering halt. These situations can cause utter chaos to those present, but the real danger to a global companies supply chain is more subtle than this chaos… it is ignorance.
Ignorance to a crisis is the arch enemy to a supply chain. It may be a cliché but it is true – knowledge is power, or in this case, money – and even the most solid supply chain can crumble through nothing more than a little ignorance. Even if contingency plans were made, the delay in being aware enough of the crisis to implement the contingency can cause severe flow problems.
To an extent, these challenges can all be overcome or circumvented by good planning and a world class supply chain management system but only if they are aware of the crisis. It is this knowledge gap – between the event happening, and feedback working its way all the way across the planet to head office, that can make or break a company’s financial position. It is not the event itself, cataclysmic as it may be, but it is ignorance to the event that is the killer for supply chain. How can you overcome a challenge that you are blind to?
The secondary challenge faced by a global operations supply chain management is one of local knowledge and experience. Civil and political unrest, for example, can seem to strike as suddenly and as unexpectedly as forked lightening to the outsider. Yet to those who live on the inside of that country, the sense of radical change or shift in power can almost be sensed. There is something about being on the inside that gives one the ability to more accurately predict, and therefore to prepare for this kind of change.
It is this preparation that is key to the success of any supply chain. Sensing and predicting the event or crisis, allows for contingency plans to be drawn up and/or implemented. These are essential for the reduction of downtime, and for shipping dates to be met. Contingency plans, if acted upon swiftly enough, can really protect the integrity of the supply chain. The key to this swift acting, once again, is information. Factories in neighbouring countries can be actively tooling up as the sense of political unrest grows in another, with one factory primed to take over as soon as trouble rears its ugly head.
Of course, not everything can be predicted, and some events, such as the recent volcanic ash cloud over Europe, can catch everyone by surprise. But the majority of incidents, problems and challenges faced by the supply chain of any global company can be pre-empted, predicted and planned for. But a contingency plan is only as strong and useful as the information that brings about its implementation. It is this information that will determine the success of a supply chain management system when disaster strikes, as it surely will, given enough time.