Mastercard Sets Up its First European Cyber Resilience Center

Information Age | February 17, 2020

  • Mastercard is taking yet another step towards combating cyberattacks by opening the European Cyber Resilience Centre, a state-of-the-art cyber and security center in Europe.

  • The center will act as a cybersecurity hub for the region and will bring together national cybersecurity centers, law enforcement bodies as well as financial institutions.

  • The facility will officially come into existence in 2021 in Waterloo, Belgium.


Operating in over 210 countries and territories, Mastercard is dedicated to protecting itself, its customers and cardholders wherever they may be. With that commitment, Mastercard is taking yet another step through the European Cyber Resilience Centre, a state-of-the-art cyber and security center in Europe.


Yesterday, Mastercard announced that it will set up its European Cyber Resilience Centre to increase collaboration between public, private, and regulatory bodies, as well as combating cyberattacks on the European payments ecosystem. The state-of-the-art center for cyber resilience is also the first establishment of its kind that Mastercard has invested in outside of North America.


The facility will serve as a single cybersecurity hub for the region, bringing together a diverse pool of talent from across Mastercard’s global community.


Mastercard will now be able to work closely with law enforcement, increasing efficiency during global events, natural disasters, service, and security incidents. It will bring together both cyber and physical security experts.


The center will act as a cybersecurity hub for the region and will bring together national cybersecurity centers, law enforcement bodies, industry groups, and central banks. It will include agencies like the Interpol, the Financial Services Information Sharing and Analysis Centre (FS-ISAC), the National Bank of Belgium (NBB), and the UK’s National Crime Agency (NCA) and National Cyber Security Centre (NCSC).


READ MORE: Reeling from Cyberattack, toll now has its customers leaving

Financial services will always be at the top of the target list for attackers due to the vast pool of customer data and credentials under our responsibility. Our European Cyber Resilience Centre improves collaboration amongst key organizations, helping to ensure businesses and individuals feel secure when sharing information online.

- Javier Perez, President Europe, MasterCard


It will shorten the lines of communication internally between Mastercard teams, as well as externally between Mastercard and its customers, reducing the time of response in the process.



The security and privacy of our customers’ data is paramount. Fraudsters and hackers know no borders or nationalities, so threats can strike from every corner of the world. Only a joint effort that involves all parties will be able to place Europe on the frontline of enterprise resilience. This new center will synchronize our global resources and partners to constantly seek and adopt the best practices for us and our customer network

- Javier Perez, President Europe, MasterCard


The launch of the interim center will happen this spring at its headquarters in Waterloo, Belgium, while the facility will officially come into existence in 2021.



READ MORE: After Avast's malefaction, data protection should be high-priority

Spotlight

Swarm Intelligence (SI) is a modern artificial intelligence discipline that is concerned with the design of multi agent systems with applications, e.g., in optimization and in robotics. The concept is employed in work on artificial intelligence. The expression was introduced by the researchers, in the context of cellular robotic systems. SI The design paradigm for these systems is fundamentally different from more traditional approaches. Instead of a sophisticated controller that governs the global behavior of the system, the swarm intelligence principle is based on many unsophisticated entities that cooperate in order to exhibit a desired behavior.


Other News
DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cerberus Sentinel announces acquisition of NLT Secure

Cerberus Sentinel | September 07, 2022

Cerberus Cyber Sentinel Corporation , an industry leader as a managed cybersecurity and compliance provider, based in Scottsdale, Ariz., announced that it has completed the acquisition of NLT Secure, a cybersecurity company with headquarters in Providencia, Chile, and U.S. offices in Tampa, Florida. Under the terms of the agreement, NLT Secure became a wholly owned subsidiary of Cerberus Sentinel. NLT Secure provides a broad range of security solutions and managed services to organizations throughout South America. Lorenzo Espinoza, founder and chairman, NLT Secure, will continue to manage the company's team of professionals and will work closely with the leadership team in Latin America. “NLT Secure accelerates our growth strategy into Latin America and is an excellent cultural fit. “As cybersecurity continues to be a global challenge requiring a breadth of capabilities, NLT has made this its mission to help secure businesses and organizations. NLT Secure has partnered with our Arkavia Networks and CUATROi teams, also based in Chile, for several years and compliments our combined service offerings.” David Jemmett, CEO and founder of Cerberus Sentinel "Our vision has always been to protect and guarantee the continuity of operations for our clients considering the challenging scenario of cyber threats they face every day. I want to deeply thank the incredible team of professionals that make up NLT, because it is thanks to their passion and commitment that we have managed to make this dream come true. I´m so excited to take this step together with the incredible team of Cerberus Sentinel, with whom we share a culture and a vision,” said Espinoza. About Cerberus Sentinel Cerberus Sentinel is an industry leader as a managed cybersecurity and compliance provider. The company is rapidly expanding by acquiring world-class cybersecurity, secured managed services, and compliance companies with top-tier talent that utilize the latest technology to create innovative solutions to protect the most demanding businesses and government organizations against continuing and emerging security threats and compliance obligations.

Read More

DATA SECURITY, ENTERPRISE IDENTITY

Keeper Security's Cybersecurity Census Finds U.S. Businesses are Unprepared for Escalation in Cyberattacks

Keeper Security | September 15, 2022

Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released findings from its second annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses and organizations across the U.S., revealing that most respondents expect the onslaught of cyberattacks to intensify over the next year, yet 32% lack a management platform for IT secrets–posing a significant risk to organizational security. The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually—between three to four each month. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management. IT leaders reveal a lack of preparedness for cyberattacks U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the total number of attacks will increase over the next year, with 39% predicting the number of successful cyberattacks will also rise. Most organizations in the U.S. believe they're prepared to fend off cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale and 28% rating themselves as a 10/10. At the same time, the majority of respondents (57%) say it is taking longer to respond to attacks and only 8% say responses are getting faster. Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools. Nearly one-third of respondents (32%) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials. 84% are concerned about the dangers of hard-coded credentials in source code but 25% don't have software to remove them. More than one-quarter of respondents (26%) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap. This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed. Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information. 18% of organizations experienced theft of money, with the average amounting to more than $75,000, while 37% lost $100,000 or more. 23% experienced the inability to carry out business operations. In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28%) suffered reputational damage due to a successful cyberattack and 19% reported losing business or a contract. "The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties," said Darren Guccione, CEO and co-founder of Keeper Security. "Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical." U.S. businesses must take immediate action against cyber threats Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71%) of respondents have made new hires in cybersecurity over the past year and 58% say they've increased cybersecurity training. A devastating cyberattack is one stolen password away, but despite this threat, fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats or infrastructure secrets management. Only 44% of respondents provide their employees with guidance and best practices governing passwords and access management. 30% of respondents allow employees to set and manage their passwords and admit that employees often share access to passwords. A mere 26% have a highly sophisticated framework for visibility and control of identity security. Many organizations are considering future investments with 73% of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses. Cybersecurity in company culture Employees understand the dangers of both external and internal threats. An overwhelming 79% of IT professionals are concerned about a breach from within their organization and 47% have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments in order to maintain security. In fact, 40% of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39%. IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48%) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization's culture. Keeper's 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals. Methodology The report yielded results from 516 IT leaders and decision-makers in businesses across the U.S. About Keeper Security Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React and jQuery Frameworks

Contrast Security | October 07, 2022

Contrast Security (Contrast), the leader in code security that empowers developers to secure as they code, today announced the expansion of its Secure Code Platform's static application security testing (SAST) capabilities to include JavaScript language support along with support for Angular, React and jQuery frameworks, which will allow developers to quickly find and fix security defects in their client-side code. With this new Contrast Scan addition, application security and development teams leveraging the Contrast Secure Code Platform can scale security across the entire application stack, from client-side to server-side, with industry-leading speed and accuracy. JavaScript is the most popular coding language in the world with modern frameworks such as Angular, React and jQuery being ubiquitous in web development. However, since JavaScript is executed on the user's browser, this exposes sensitive application data on the client-side, leaving JavaScript applications susceptible to vulnerabilities like cross-site scripting (XSS) or Broken Access Control. Contrast prioritizes real, exploitable vulnerabilities in client-side code by performing analysis on vulnerable entry points within the application, allowing developers to rely on accurate scans that take just seconds. Contrast's extended capabilities help DevSecOps organizations achieve the following benefits: Early detection of client-side vulnerabilities. This is achieved through analyzing client-side source code within routine development pipelines, complemented by easy-to-follow remediation guidance directly within the developers' pipeline environment. Full visibility into client-side code risk. Contrast's pipeline-native SAST engine coupled with security rules tailored for JavaScript finds up to 63% more exploitable vulnerabilities than superficial tests run within the IDE. False positive rates as low as 1%. A significant reduction in false positive rates compared to leading commercial SAST tools. Ability to safeguard each layer of the software stack. Contrast Scan works in tandem with Contrast's runtime code security solution to secure front-end code and back-end code within a centrally managed platform "A growing concern for AppSec and Development Managers is how to embed security within the development pipeline. Regardless of whether you specialize in front-end, back-end, or full-stack development, we want to help enable developers to deliver secure code from the start. "Fortunately, with the new expansion of our Secure Code Platform language coverage to include client-side JavaScript with Angular, React and jQuery, AppSec and Development managers and their teams can now find and fix security defects in their client-side code with industry-leading speed and accuracy. This is a testament to Contrast's mission to further invest in tools that allow customers to embed code security testing through each stage of the SDLC [software development lifecycle]." Steven Phillips, Vice President of Product Marketing at Contrast Security Client-side JavaScript support is now available to enterprise customers through existing Contrast Scan subscriptions. Individual developers can also immediately start analyzing code for vulnerabilities with just a few clicks for free with CodeSec. About Contrast Security: Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive code security platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

Spotlight

Swarm Intelligence (SI) is a modern artificial intelligence discipline that is concerned with the design of multi agent systems with applications, e.g., in optimization and in robotics. The concept is employed in work on artificial intelligence. The expression was introduced by the researchers, in the context of cellular robotic systems. SI The design paradigm for these systems is fundamentally different from more traditional approaches. Instead of a sophisticated controller that governs the global behavior of the system, the swarm intelligence principle is based on many unsophisticated entities that cooperate in order to exhibit a desired behavior.

Resources