Monthly Archives: February 2016

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

65% of Businesses Unprepared For Email-Based Cyber Threats

Posted on by

In a recent threat report, cloud email management company Mimecast warned they had seen a 55% increase in whaling attacks over the past three months. As we reported in this month’s Risk Management cover story “The Devil in the Details,” social engineering fraud schemes like whaling (which is phishing that targets higher-profile employees and executives) resulted in a total losses of more than $1.2 billion worldwide between October 2013 to August 2015. According to the Mimecast Business Email Threat Report 2016, released yesterday, IT security professionals clearly recognize the risk, with 64% of respondents in the new saying they see email as a major cybersecurity threat to their business. Yet only 35% feel confident about their level of preparedness against data breaches, while 65% feel ill-equipped or too out of date to reasonably defend against the risk.

buy sinequan online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” said Peter Bauer, chief executive officer of Mimecast. “As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”

Even the most secure companies feel the most at risk of these scams. Of the top 20% of organizations that feel most secure, 250% are more likely to see email as their biggest vulnerability. Those who feel most confident about guarding against the risk are 2.7 times more likely to have a C-suite that is extremely or very engaged in email security. Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security, Mimecast reports. However, of all IT security managers who were polled, only 15% say their C-suite is extremely engaged in email security, while 44% say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.

The firm also had some insight on best budgeting against the risks of phishing. Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security, the firm found, with these IT security managers allocating 50% more of their budgets to email security compared to managers who were less confident in their readiness. Mimecast found 10.4% of the total IT budget toward email security is the ideal intersection between email security confidence and spend.

To reduce the threat of whaling, Mimecast recommends that companies:

  • Educate your senior management, key staff members and finance teams on this specific type of attack. Don’t include whaling in a general spear-phishing awareness campaign—single out this style of attack for special attention to ensure key staff remain vigilant.
    buy biaxin online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

  • Carry out tests within your own business. Build your own whaling attack as an exercise to see how vulnerable your staff are.
  • Use technology where possible. Consider an inbound email stationery that marks and alerts readers of emails that have originated outside of the corporate network.
  • Consider subscribing to domain name registration alerting services so you are alerted when domains are created that closely resemble your corporate domain.
    buy bactrim online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/bactrim.html no prescription pharmacy

    Consider registering all available TLDs for your domain, although with the emergence of generic TLDs (gTLD) this may not be scalable.

  • Review your finance team’s procedures; consider revising how payments to external third parties are authorized. Require more than single sign-off, or perhaps use voice or biometric approval only with the requestor to ensure validity of the request.

Check out the infographic below for more on business email threats:

mimecast business email threats

Is Fear of Terrorism Grounding Your Business Travel?

Posted on by

Paris

The recent acts of terrorism in Paris stunned the world, when 150 were killed and more than 300 were wounded. But the collateral damage went far beyond buildings being ripped apart and one of the most popular cities in the world being virtually shut down.

Business Travel Coalition, a U.S.-based lobby group, recently released a survey of 84 corporate, university and government travel and risk managers from 17 countries on their attitudes of trips to France following the bombings.

online pharmacy lipitor with best prices today in the USA

Twenty-one percent of the respondents said they were very or somewhat likely to cancel travel to France for “some period of time,” and 20% were somewhat likely to cancel travel to and within Europe. A large majority said they’d probably allow employees to decide whether they were prepared to head to France.

online pharmacy singulair with best prices today in the USA

One in five corporate travel managers is likely to cancel trips to Paris “for some period of time.” These are not surprising statistics.

Terrorism has been defined as “The use of violence to instill a state of fear,” and that effect is far-reaching; a bomb explodes in Paris and it’s likely that 5,600 miles away in California some corporate risk manager for a Fortune 500 company is seriously considering cancelling a business trip to Europe—a visceral reaction that could cost his company untold sums of money. Mission accomplished.

But it doesn’t have to be that way.

I fully realize that the fire that fuels business owners is the desire to overcome any obstacles perceived to hinder the bottom-line. But there’s no way a sane person can watch the news today and not wonder, “What is the risk of undertaking a business trip overseas? Will I fall victim to a terrorist act?” I contend that the answer to this question is to put your risk in perspective.

Although it’s a sad state of affairs that there will most likely be another terrorist attack in Europe sometime in 2016, it doesn’t mean that a high degree of risk involved for you, personally. According to the U.S. State Department, the number of U.S. citizens killed overseas by incidents of terrorism from 2001 to 2013 was 350. In other words, your odds are greater to be killed in a car crash (one in 19,000), drown in your bathtub (one in 800,000), or be struck by lightning (one in 5.5 million) than to perish in a terrorist attack (one in 20 million).

It is important that we don’t allow acts of terrorism to knock the wheels off our economy. Business travel is a key element in making us what we are, so it’s imperative that we mitigate that risk whenever possible.

The first thing is to make sure you are not so focused on terrorism that you fall victim to the common risks swirling around us every day. For instance, when traveling overseas don’t be so obsessed with where you think an incident might happen (no matter how statistically unlikely) that you select an alternate route that takes you through the last place on earth where you’d want to get a flat tire in the middle of the night.

Second, minimize the risks you have control over.

online pharmacy cozaar with best prices today in the USA

Stay up-to-date on the State Department’s list of global hot spots, and have your business travel professional plan each step, down to the slightest detail (air, hotels, ground and communication).

Detailed planning is paramount because with any type of business travel in these uncertain and even downright scary times, it is all about controlling the risk. And that can start with the simple act of driving carefully on the way to the airport. That way the most likely risk you’ll ever face on your trip is already behind you before you even board the plane.

Gaining Cyber Confidence With a CISO

Posted on by

Businesses aren’t the only ones struggling to ramp up budget allocations to fortify against cyberrisk.

buy proscar online azimsolutions.com/wp-content/uploads/2023/10/jpg/proscar.html no prescription pharmacy

In his new $4.1 trillion budget proposal, President Obama has asked for billion for cybersecurity efforts, a 35% increase from last year.

buy ivermectin online azimsolutions.com/wp-content/uploads/2023/10/jpg/ivermectin.html no prescription pharmacy

The president directed his administration to “implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” In addition to a cybersecurity awareness campaign targeting both consumers and businesses, the plan calls for government-wide risk assessments, a nation-wide push for a range of better consumer data security measures, and a range of initiatives to attract more and better cybersecurity personnel. Some of these new employees will offer cybersecurity training to more than 1.4 million small businesses, and the Department of Homeland Security is expected to double the number of cybersecurity advisors available to assist private sector organizations with risk assessments and the implementation of best practices.

Obama’s plan also takes a page from the private sector, creating the position of Federal Chief Information Security Officer to drive cybersecurity policy, planning and implementation across the federal government.

Many organizations have begun to see concrete value from adding CISOs to the C-suite. According to a recent study from ThreatTrack Security, companies with a CISO are more confident about the technology they use to combat malware (83% versus 63% at organizations without one). This is particularly notable as only 20% of those surveyed said their defenses against hackers have improved in the past year—about half of those who said the same in 2013.

“Perhaps CISOs have a better handle on what solutions to implement or are better equipped and positioned in the organization to ensure their team has the solutions they need to defend the organization,” the report said.

Organizations with a CISO also feel more confident about their ability to address cyberrisk. When asked if they felt able to personally guarantee the security of customers’ data, 71% of respondents from companies with a CISO said yes, while only 29% could say the same without someone in this role. CISOs are also making a huge impact on breach preparation and incident response. When it comes to having an incident response team or security operations center to identify and respond to cyberattacks, 94% of respondents at organizations with a CISO had these resources in place, compared to just 49% without one. Concerningly, however, the overall number was 80%, 6% lower than in 2013.

buy zestril online azimsolutions.com/wp-content/uploads/2023/10/jpg/zestril.html no prescription pharmacy

When asked how defending their organization against cyberthreats had changed over the last year, 45% of respondents said nothing had changed, while 35% recognized that it has gotten harder to fight cyberrisks.

ThreatTrack Security found CISOs have also boosted corporate compliance with regard to cybercrime, with only 11% of companies failing to report breaches to customers, partners or other stakeholders, compared to 57% in 2013.

NYC Crane Collapse Part of a Troubling Trend

Posted on by

NYC Crane Collapse

Last week’s crane collapse in Lower Manhattan, which killed one person and injured three others, has heightened focus on crane safety, resulting in stricter rules for operators. The 565-foot crane toppled as it was being secured against high winds as a safety precaution.

More than 140 firefighters responded to the disaster in addition to police officers and utility workers who were there in case of gas leaks or other damage caused by the impact.

Mayor Bill de Blasio called for an investigation and instituted new safety policies effective immediately, while ordering that 376 other crawler cranes and 53 larger tower cranes currently operating in the city also be secured. The new rules require crawler cranes to cease operations and go into safety mode when there is a forecast for steady wind speeds of at least 20 miles per hour, or gusts of at least 30 m.p.h. Previously, cranes were allowed to operate until measured wind speeds reached 30 m.p.h. or gusts increased to 40 m.p.h.

“I want people to hear me loud and clear: We’ve had some construction site incidents that are very troubling,” de Blasio said at a news conference. “We have more and more inspectors who are going to get on top of that. We’re going to be very tough on those companies.”

He added, “We’ll send advisories to crane engineers when wind conditions warrant it, and engineers will be required to certify that they will indeed cease operations. If we don’t receive this certification, we will be issuing violations and we will raise the base penalty for failure to safeguard a site from the current $4,800 to $10,000.”

While construction in the city has increased over the past two years, the New York Times reported that the rise in deaths and injuries has exceeded the rate of new construction, that supervision at building sites was often lacking, and that preventative safety steps were not being taken.

Indeed, the list of incidents involving cranes has grown to eight since 2008, according to ABC News and the Associated Press.

— March 2008: A nearly 200-foot-tall crane fell as it was being lengthened in a neighborhood near the U.N. headquarters, demolishing a townhouse and killing six construction workers and a tourist. The crane rigger was tried and acquitted of manslaughter. An inspector accused of falsely saying he had checked the crane days before it toppled was acquitted of charges related to the collapse but convicted of falsifying inspection records related to other cranes.

— May 2008: A tower crane snapped, fell apart and crashed into a Manhattan apartment building, killing the crane operator and a construction worker on the ground. The crane owner was acquitted of manslaughter. A mechanic pleaded guilty to criminally negligent homicide. Together, the 2008 collapses prompted the resignation of the city buildings commissioner and a bribery case in which the city’s chief crane inspector pleaded guilty to taking payoffs to fake inspection and licensing exam results. The collapses also led to new safety measures, including hiring more inspectors and expanding training requirements and inspection checklists.

However, Comptroller Scott Stringer said in a 2014 audit that the city Department of Buildings hadn’t fully implemented safety recommendations on cranes and other issues, and Stringer reiterated his concerns Friday. The Department of Buildings disputed some of the audit’s conclusions, but spokesman Joe Soldevere said the agency had implemented many of the comptroller’s recommendations and “there is more oversight of cranes in place than ever before.”

— October 2012: A crane’s boom nearly snapped off and dangled precariously over a block near Carnegie Hall during Superstorm Sandy, as winds gusted to an estimated 80 to 100 mph. No one was injured, but people in a nearby hotel and other neighboring buildings had to flee in the midst of the storm as engineers scaled 74 stories to make sure the crane wasn’t in danger of falling.

buy zydena online blackmenheal.org/wp-content/uploads/2023/10/jpg/zydena.html no prescription pharmacy

— April 2012: A mobile crane’s boom fell and broke apart while hauling rebar at a subway station construction site, killing a worker. The site was exempt from most city construction safety rules because it belonged to a state transit authority.

buy amaryl online blackmenheal.org/wp-content/uploads/2023/10/jpg/amaryl.html no prescription pharmacy

— January 2013: A crane’s 170-foot-long boom fell and pulled down part of the wooden framework of an apartment tower under construction in Queens, injuring seven workers. Three workers had to be extricated from beneath fallen machinery.

— April 2015: Hydraulics malfunctioned on a small crane mounted on a truck while a worker was inspecting it in Manhattan, causing the boom to collapse and fall on him, killing him. The device wasn’t subject to the same regulations and inspections as larger cranes.

— May 2015: A mobile crane dropped a 13-ton air conditioning unit being placed atop a Manhattan office building. The air conditioning equipment fell 28 stories into the middle of an avenue. Ten people were injured by debris, and part of the building facade was shattered.