Aware that consumer data is compromised in massive data breaches in what seems like every other week, Mr. Bradley explores what companies should expect and how they can prevent data breaches. Using Wave’s branded infographic dubbed, “Four Authentication Definitions Every IT Security Pro Should Know,” he is able to further highlight the importance of two-factor authentication, showcasing it with the graphic’s four educational panels: “Something You Know,” “Something You Have,” “Something You Are,” and “Two-Factor Authentication.”

Reporter Valorie Sands sat down with Wave CEO Bill Solms for a candid Q&A session about his first year as CEO, current IT security issues plaguing the industry, Wave’s core product solutions, identifying key markets, and look into the headwinds and challenges ahead.

Read Full Article

Greg Kazmierczak weighs in on the latest mega retail breach on FierceITSecurity.com. Greg is noted saying, “As with Target, attackers found an initial entry point and then leveraged access to install malware in POS terminals. This is not surprising by itself, but after all the publicity surrounding POS terminal attacks, one would expect improved control over changes to POS software.”

Several industry experts weighted in on the latest JP Morgan breach. “The Russians performed a zero-day attack to gain initial access to the network. By definition, this means they leveraged a vulnerability, or flaw, that was previously unknown. There is no such thing as fool-proof security; especially when the attacker is a well-funded, highly-skilled, and highly motivated nation-state." Commented Greg Kazmierczak, Wave CTO.

The attackers, presumably located in Russia, are said to have stolen large amounts of sensitive data from the systems of the targeted organizations. The level of sophisticationindicates that the cyberattacks could be the work of a foreign government, and the FBI is reportedly trying to determine if the incidents are a form of retaliation for the sanctions against Russia over its support of rebels in Ukraine.

In the light of several high-profile breaches of financial institutions, Wave’s Greg Kazmierczak takes time to weigh in recently with Inforsecurity Magazine, saying “There is no such thing as fool-proof security; especially when the attacker is a well-funded, highly-skilled and highly motivated.” In other words, without significant change in strategy, ultimate resistance to high-level attacks is, well, futile.

A nice Q&A session with the editor in chief of All About Security, touching on questions about everything from Wave CEO Bill Solms’ background and his vision for the future of Wave, to Bill’s take on tackling the ever-challenging cybersecurity culture and even dabbling in the media-soaked controversy surrounding the Snowden effect.

Smart cards have been around a long time. In fact, the EMV cards described several pages back are smart cards. They were long pushed as a second authentication factor for computing access, but they are only used as such in high-value scenarios. Just as OTP security tokens can be run in software, so can smart cards. A virtual smart card is a program running on a specific computer made unique, as is a physical smart card, through the TPM (Trusted Platform Module) which is now standard in business-grade computers.

SED means that instead of relying on the host processor and software for full-disk encryption (FDE), the encryption is done purely by the drive itself using Trusted Computing Group's (TCG) Opal standard. The Opal standard offers two major benefits over software based disk encryption: performance and security.

IT organisations are increasingly asked to do more with less by reducing operational costs in a variety of ways. While budgets are shrinking, security requirements necessary to meet various government regulations and standards (ICO, EU Data Protection Directive, PCI-DSS, Sarbanes-Oxley) are rapidly mounting. In an attempt to stay vigilant against the ever-changing and challenging threat landscape, most organisations have or are likely to have a variant of two-factor authentication in place in the form of an OTP token, PKI token or smart card.

California is poised to enact a consumer-friendly law requiring smartphone manufacturers to install "kill switches" -- that is, antitheft technology that would be activated by the carrier when a consumer alerts it that a device has been stolen or lost. The technology not only wipes the device of personal data but also renders it inoperable. There are some legitimate security concerns over the kill switch mandate. Though security experts tend to support the bill in theory, they fear the devil could show up in the details.

The new solution of Wave emulates the functionality of physical smartcards or tokens, but offer smore comfort to the users, causing lower total cost and lover risk of unauthorized use. Companies that use the Wave Virtual Smart Card 2.0, according to the manufacturer, benefit from the security of a smart card authentication without physical tokens, which can be lost or stolen. This decrease the cost and the number of help desk operations.

Cyber gangs have begun using the digital equivalent of invisible ink to disguise the malicious coding that helps them take control of your computer and put it to criminal use. Steganography—the craft of hiding something seemingly out in the open—is an old secret agent trick. Now cybercriminals have adapted the technique to help them carry out drive-by download infections, according to research findings disclosed at the Black Hat conference.

Wave Virtual Smart Card Company 2.0 will offer more security at a lower cost, compared with conventional methods for two-factor authentication. The solution combines the individual user identity with the unique device identity, the TPM chip. First-time users get discounts to the end of September.

Security vendor Wave Systems has partnerned chip lifecycle management solutions company Bell ID, to offer a joint solution aimed at reducing online payment fraud. The solution will be marketed primarily to card issuing banks, as well as online merchants, governments, and enterprises worldwide.

The solution will be marketed primarily to card issuing banks, as well as online merchants, governments, and enterprises worldwide.