Views





        over a year to discover the damage    identifiable information and payment data, including the automated clearing
        they have done after their departure.  house addresses of their clients. Attending this conference is one way to get up
                                              to date on developments here, and to make useful contacts going forward. The
        Critical need for                     2018 schedule of events is at: http://events.ismgcorp.com/.
        security professionals

        Another concern is the shortage of    Brandes Elitch, Director of Partner Acquisition for CrossCheck Inc., has been a cash management
        trained, experienced cybersecurity    practitioner for several Fortune 500 companies, sold cash management services for major banks
        professionals. The Equifax CISO and   and served as a consultant to bankcard acquirers. A Certified Cash Manager and Accredited ACH
        Security Chief was a music major.     Professional, Brandes has a Master's in Business Administration from New York University and a
        There are 1.4 million unfilled  secu-  Juris Doctor from Santa Clara University. He can be reached at brandese@cross-check.com..
        rity jobs, per LinkedIn. Meanwhile,
        fraudsters are attracting employees
        by offering benefit plans, insurance,
        paid holidays, etc. But the good guys
        are  fighting  back:  last  year  venture
        capital placed $7.6 billion in informa-
        tion security companies.

        Both the FBI and the Department of
        Homeland Security gave presenta-
        tions. The FBI stated that we face a
        global criminal enterprise ecosys-
        tem in the Dark Web that interacts
        with digital currency and operates
        with  100 percent anonymity.  Half
        of the threats come from outside of
        the United States. It is a global prob-
        lem without borders. Attackers want
        credentials to get into your environ-
        ment; 75 percent of the vulnerabil-
        ity comes from social engineering,
        spearfishing  and  poor  patch  man-
        agement.

        Criminals on the Dark Web
        The four types of criminals are na-
        tion-states (Russia, China, Iran, etc.),
        hacktivists (they want to disrupt
        and typically have some kind of so-
        cially motivated agenda), insiders,
        and financially motivated individu-
        als, who are experts in this and are
        focused on ROI. The DHS offers re-
        sources and publications at www.us-
        cert.gov and www.ics-cert.gov.

        While every enterprise is affected by
        activities on the Dark Web, those of
        us in the payments industry are par-
        ticularly sensitive. Criminals are pri-
        marily motivated by the prospect of
        financial gain from getting access to
        credit card and demand deposit ac-
        count data. They need access to pay-
        ment information to monetize data
        and extract funds via bitcoin. Ac-
        quirers and payment processors are
        sitting on a mountain of personally

                                                                                                                29