Mastercard Secure Remote Commerce
Mastercard is leading the way in defining a new streamlined guest checkout experience by balancing intelligent security with password-free convenience and control.
Cyber Readiness Institute
Mastercard established the Cyber Readiness Institute, a collective of business leaders from across sectors and geographic regions who are committed to improving cyber readiness for small- and medium-sized businesses (SMBs).
Cyber readiness is critical for SMBs
A cyberattack affects more than your bottom line; it can affect your organization's reputation as well. A breach of your organization's cybersecurity can harm your customers, partners and employees. That’s why it’s important to prepare, protect and be cyber ready today.
of cyberattacks target SMBs
of SMBs had at least one cyber incident in the past two years
average cost of cyberattacks to SMBs in 2017
Actual cyber incident
At the height of the holiday season, an attack of a major retail outlet by hackers exposed 100 million individuals’ personal data – notably credit and debit card information. Hackers used legitimate credentials to enter the retail outlet’s system, having stolen them from a refrigeration and HVAC supplier in its value chain. The hackers were able to extract data before it was encrypted. The retail outlet was accused of having been slow to act, thus failing to stop the theft of the data – despite being warned an attack was underway. This incident eroded the company's reputation and customer trust. Moreover, profits the following year were down by a reported 50%, and the store faced numerous lawsuits and fines for failure to act promptly and to disclose the breach. The supply chain weakness, characterized by the authentication vulnerability of the retailer’s third-party vendor (the HVAC supplier), was the source of this major event.
Up your password game
Passwords are the gatekeepers to your most important information. Cyber attackers are opportunistic and can easily crack a weak password. TIPS: Add a mix of numbers, characters, and cases. Use a passphrase or series of random words. Don’t use the same passphrase twice.
of data breaches result from weak or stolen passwords
of employee passwords can be cracked in six hours by hackers
of small business employees have shared their password with assistants or co-workers
Actual cyber incident
The attack on a sovereign Central Bank in 2016 was a true 21st-century bank heist. Hackers managed to steal $81 million after breaking into the Bank’s secure system. An investigation revealed that the attackers took advantage of authentication-related vulnerabilities. A password token protecting the SWIFT international transactions network at the Bank was left inserted in the SWIFT server for months before the attack; normally it should have been removed and locked in a secure vault each evening. This token connected the system to the internet, making it vulnerable to a cyber attack. Hackers entered the system, infected it with malware then issued fake transfer orders. The hackers introduced six types of malware, which captured keystrokes and screenshots and also delayed detection of fraudulent transactions. Having cracked the Bank’s authentication system, they attempted to move as much as $1 billion.
Beware the Phishers
They will try to get you to share sensitive information like passwords, or to click on a link or attachment. This can put malicious software on your computer, putting your identity or organization at risk. TIPS: Check the sender. Never share sensitive information. If in doubt, don’t click.
of phishing attacks mimic corporate emails
of organizations reported being the victim of a phishing attack in 2016
of companies that fell for a phishing attack lost customers
Actual cyber incident
On a Friday afternoon, the CFO of a small manufacturer received an email from one of the company’s major customers. The email said that the customer was changing their finance system and needed the CFO to update their banking information so they could send a payment. The CFO clicked on the link, which took him to what he thought was the customer’s website. As instructed, he entered his bank account information and “reset” his password. The following Monday he discovered that US$120,000 had been taken from the company’s bank account. A week later the CFO started receiving calls from customers saying they had received emails from him asking them to transfer money to a new bank account.
Do you know the dangers of USBs?
USBs and other types of removable media are a handy way to share information. But they are often infected with malicious software that can damage your systems, and there’s no way to tell until it’s too late. So be USB smart.
of malware infections for SMBs originated from infected USBs
of employees have lost a USB memory device and not told their employer
of USB sticks found are plugged into a computer within 10 hours of being picked up
Actual cyber incident
An employee at an airport was storing highly confidential information on a USB - against the company policy. None of the files on the USB were password-protected or encrypted. The employee accidentally dropped the USB on a city street. The USB was found and picked up by a member of the public, who looked to see what was on the USB on their personal computer (an aside: this was not a good idea). The person realized the USB contained highly confidential information, including information that would pose a security risk to public officials. The person contacted a prominent newspaper and gave them the USB. The resulting newspaper article caused enormous reputational damage to the airport management company. The government was appalled at the security breach and fined the company approximately US$150,000.
Patch it. Protect it.
Patches are regular updates to your software, systems and applications. Updating your devices may be a little annoying, but these critical security updates protect against hackers looking for cracks to slip through. TIPS: Always update all of your devices as soon as possible.
of attacks in 2017 were “fileless” (vulnerabilities in software already on computers)
of a patch being released, hackers develop malware to exploit software vulnerability
computers were attacked across 150 countries due to patches not having been installed
A US-based credit ratings agency that collects and stores data regarding 800 million people and 88 million businesses worldwide was the subject of a cyber intrusion that affected an estimated 190 million people in the US, UK, and Canada. Hackers were able to access sensitive personal data, as well as credit card numbers stored by the agency. According to an investigation involving external cybersecurity experts, the hackers exploited a software vulnerability that the agency had failed to patch; additionally, there were flaws in its network, inadequate encryption of data, and insufficient cybersecurity surveillance processes. The agency’s shares dropped after the breach was made public, and numerous lawsuits were filed against it. Reportedly this attack was preceded by a smaller-scale test attack two months prior.