01:33 PM
Connect Directly

Epsilon Data Breach Emphasizes Need to Proactively Create Security Awareness

Though it's not clear whether an attack is on the horizon, both bank and customer awareness can mitigate risk.

The Epsilon data breach that saw names and email addresses of millions of Americans become exposed by unauthorized access to the company's system might or might not present a threat financial institutions such as Citigroup, Capital One and JPMorgan Chase, who are clients of the online marketer.

In the near term, if that information is out there and available, it could mean more spam emails and phishing attempts.

"In reality that’s all it is," says Paul Schaus, president of CCG Catalyst consulting group. "So from a bank’s perspective you’re worried about customers getting spam emails or getting phishing emails. Those are the two big issues. It’s not a confidentiality issue."

But if those email addresses and names get out there in lists that can let fraudsters make a correlation between an individual and the place they bank, then it could lead to some well-aimed phishing attacks.

"That’s the big concern," Schaus says. "That’s the area of risk."

However, it takes some work to get there. As Schaus explains, it's two parts: first the customer has to be unaware of the breach and secondly the email has to look so authentic they don't think about it.

"I think from a business perspective, those who are in charge to protect accounts clearly have to do a more vigilant job because they can expect a wave of attack," says Ori Eisen, CEO and founder of fraud prevention and detection provider The 41st Parameter.

Eisen believes that if a bank is doing due diligence to protect from fraud, it'll minimize risk.

"People say the sky is falling," Eisen adds. "However if you do the monitoring day in and day out, regardless of the breach, you should have your risks managed."

Eisen added the Epsilon breach, if it is only names and email addresses, isn't as bad as some of the other recent events, such as the RSA security breach in mid-March. But names and emails correlated with a financial institution could have other, less-direct effects.

"You can do some other things with it as well," he says. "If I know your email, I know a couple of things. In this case I know your name and email and I know you are a customer at a particular bank. I can also try to break into your email."

Shaus qualifies that, with the amount of information readily available, the Epsilon breach -- if it's only names and email addresses that were accessed -- doesn't add much new to the online security scene.

"You’ve got to put this all in perspective," Shaus says. "How many people put their email addresses out there in blogs, or in comments or emails or reviews on Amazon?"

There's a lot of data already on the web.

Eisen warns that the Epsilon breach should, if nothing else, emphasize the importance of proactive account takeover detection.

"You don’t know when an attack will happen," he says. "It could be today, it could be a month from now."

In its email following the breach, Chase made several recommendations to its customers, including:

  • Don't give your Chase Online user ID or password in email
  • Don't respond to emails that require you to enter personal information directly into the email
  • Don't respond to emails threatening to close your account if you do not take the immediate action of providing personal information
  • Don't reply to emails asking you to send personal information
  • Don't use your email address as a login ID or password
  • There's no harm in reminding customers about safe practices online.

    "I see a direct correlation between the frequency of security awareness training and the success rate of these email attacks," says Brendan McGowan, director of Consulting Services for Safe Systems. "The most effective countermeasure to phishing emails is user awareness."

    Comment  | 
    Print  | 
    More Insights
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: This is a secure windows pc.
    Current Issue
    Security Operations and IT Operations: Finding the Path to Collaboration
    A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
    Flash Poll
    New Best Practices for Secure App Development
    New Best Practices for Secure App Development
    The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    Published: 2017-05-09
    NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

    Published: 2017-05-08
    unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

    Published: 2017-05-08
    A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

    Published: 2017-05-08
    Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

    Published: 2017-05-08
    Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

    Dark Reading Radio
    Archived Dark Reading Radio
    In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.