Category Archives: Cyber Crime

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Some Banks Held Liable for Cyberattacks Against Small Business Accounts

Posted on by

When a hacker infiltrates your personal checking account to pilfer money, your bank, in most cases, will assume liability and resolve the matter of missing money. When a business account is hacked, however, the business owner is held liable. The reasoning? Banks feel that owners should have proper security measures in place to protect their assets. Basically, as a business owner, it’s your responsibility, not the bank’s.

But that sentiment is slowly swaying in favor of the businesses. Two recent court rulings have found banks to be liable for funds stolen by hackers, many of whom have targeted small businesses for their unsophisticated, or complete lack of, cybersecurity measures.

The Boston-based First Circuit Court of Appeals ruled earlier this month that Ocean Bank in Maine lacked reasonable safeguards against hackers who siphoned nearly $600,000 from an account held by Patco Construction Company Inc., a Maine contractor and builder.

Separately, a federal district judge in Detroit last year ruled that a bank owned by Dallas-based Comerica Inc. was on the hook for $561,399 in funds stolen from accounts held by Experi-Metal Inc., a custom metals shop in Sterling Heights, Mich. Experi-Metal was the victim of a phishing scheme that lured an employee into providing account access information, according to court documents.

online pharmacy wellbutrin with best prices today in the USA

These rulings come at a time when small businesses need them most. The June 2012 Symantec Intelligence Report shows 36% of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. “There appears to be a direct correlation between the rise in attacks against smaller businesses and a drop in attacks against larger ones.

online pharmacy vidalista with best prices today in the USA

It almost seems attackers are diverting their resources directly from the one group to the other,” said Paul Wood, cyber security intelligence manager, Symantec.

online pharmacy apixaban with best prices today in the USA

Will banks’ liability for cyber attacks spread from these few, small business cases mentioned here? It seems like a lofty and unrealistic expectation. But hey, I doubt anyone ever thought legal action would be taken against banks for not protecting the assets of their business clients. The tables may be turning.

Yahoo Users Like Ninjas, Princesses and Sunshine

Posted on by

After a major data breach at Yahoo revealed more than 400,000 of its users passwords to the public, one software designer decided to see what passwords were most common.

buy bactrim online www.handrehab.us/images/patterns/jpg/bactrim.html no prescription pharmacy

 Adam Caudill, a software developer who runs a blog on tech security, conducted an analysis on the revealed Yahoo passwords and found that the following were the top ten most commonly used. (via Business Insider)

  • 123456
  • password
  • welcome
  • ninja
  • abc123
  • 123456789
  • 12345678
  • sunshine
  • princess
  • qwerty

As Business Insider notes, many of these are the same passwords we see in all “worst password” or “most common password” lists. Although Yahoo users seem to enjoy ninjas, sunshine and princesses for some reason, it is troubling that people, in 2012, continue to use passwords that could be cracked by the most rudimentary software.

buy bimatoprost online www.handrehab.us/images/patterns/jpg/bimatoprost.html no prescription pharmacy

Digging deeper into Caudill’s analysis, we see that one-third of the passwords (146,488) use only lowercase letters. Contrast that to the less than 1% of people (3,345) whose passwords contained lowercase and capital letters, number(s) and symbol(s).

buy rybelsus online www.handrehab.us/images/patterns/jpg/rybelsus.html no prescription pharmacy

A Worldwide Need for a Better Cyber Insurance Market

Posted on by

A new report from the European Network and Information Security Agency (ENISA) claims that Europe’s citizens and businesses could benefit from better protection for their computer systems and data if the cyber insurance market can be kick-started.

Though cyber security is an important concern for European and national policy makers, businesses and citizens, there is concern that traditional coverage offered by Europe’s insurance providers may not comprehensively address digital risk, according to the report, “Incentives and Barriers to the Cyber Insurance Market in Europe.”

ENISA has made four recommendations to address this issue:

  • Collect empirical data on cyber insurance in Europe, looking at types of risk insured, premiums paid and levels of payouts to determine future trends. The action could be taken by insurance underwriters, firms or regulatory authorities.
  • Examine incentives for firms to improve their data security as a way for them to reduce their risk and financial liability if they breach data protection regulations. Fact finding with the European Commission would be a first step to understanding this area.
  • Establish agreed frameworks to help firms put a measurable value on their information. The work could be assisted by privacy and information security advisors, underwriters and the European Commission. ENISA could also provide further support.
  • Explore the role of governments as an insurer of last resort, following other models where policy intervention is in evidence when catastrophic risk is involved. This could be investigated by EU Member State governments and the European Commission.

Meanwhile, in the U.S., the topic of cyber liability exposures and coverage was of top concern at the Casualty Actuarial Society’s Seminar on Reinsurance, held earlier this month in Boston. There, it was noted that 72% of large U.S. companies do not have cyber liability insurance, while 33% believe they don’t have significant data exposure, since they believe their internal controls are adequate (according to a study by Towers Watson).

The business of cyber insurance is growing, however. Michael L. McCarthy, a vice president of professional liability treaty reinsurance at Axis Capital, estimated the market at about 0 million in premium per year, most of it in the United States, and growing at 10 to 25% per year.

According to a release from the Casualty Actuarial Society, John Merchant, of Freedom Specialty Insurance Company, divided coverage into five broad categories:

  1. Liability coverage, which covers damages from loss or compromise of sensitive third party data, like patient medical records. It also covers liability arising from damage to a third party’s network because the insured’s network caused a data breach, such as if a virus traceable to the insured’s network infects another network. And it covers e-media issues, like libel or slander or misuse of a company’s trademark.

  2. Expense coverage, which covers the cost to notify every person whose privacy has been breached. Often that includes providing the victim services like credit monitoring, identification theft monitoring or restoration of a stolen identity.
  3. Regulatory coverage, which covers the company’s costs if the breach triggers investigation by state or federal authorities.
  4. Industry group coverage, which handles fines assessed by industry associations for data breaches. For example, Visa, MasterCard and Discover have established a Payment Card Industry-Data Security Standard. If a credit card issuer fails to adhere to the standard, it can be fined. The coverage handles the fine.
  5. First party coverage, which handles loss of revenue from network interruptions caused by a security breach, or the cost of restoring lost data.

However you divide it or analyze it, the fact remains that there is still an inadequate market for cyber insurance, both in the States and abroad. Though recent statistics have shown growth, we must remember that it is an emerging market and with that comes risks, mistakes and lessons.

The State of Risk-Based Security Management

Posted on by

During my time at the Gartner Security & Risk Management Conference last week, I had the chance to sit down with Dwayne Melancon, chief technology officer at Tripwire, an IT security software firm. I was introduced to the term risk-based security management (RBSM) and presented with a report issued by Tripwire with research conducted by the highly regarded Ponemon Institute titled “The State of Risk-Based Security Management.” Here, Melancon answers a few questions regarding the report and the state of security risk management in general.

First of all, what motivated you and your team to dig deeper into this issue and publish this report?

DM: For the past five or six years, a lot of our focus has been on trying to translate security information to compliance auditors. About a year or a year-and-a-half ago, we started to notice an influx of people talking about risk and risk management. So we commissioned the Ponemon Institute to do an independent study to find out what’s going on with risk: Where are the people, what are the challenges, what are the concerns about it? They surveyed a little over 2,000 people worldwide. The idea was to establish sort of a baseline: What’s the current state of practice in thinking and where are there gaps? When you dig into the demographics, it’s a good cross-section not just of companies, but of industries, job titles and so on.

Who is this report geared towards?

DM: I would say it would appeal to a couple of audiences. One are the CIO, CISO-level people who understand their side of technology but need to relate to other business executives outside of their world. And then the other to me is really when you get to the IT mid-management person who has to kind of focus their resources, make sure their staff’s focused on the right thing, but then communicate value up, to either their boss or their boss’ boss. I think those are the two audiences who would probably get the most out of this.

What was the most interesting aspect of the report?

DM: A couple of things. One is that there is a lot talk and not a lot of walk yet. So, somewhere around 77 or 80% of the organizations said that risk management was important, but less than half are actually doing anything about it.

We see that a lot — people saying we need a risk management program and understand its value, but fail to implement it.

DM: Definitely. And another piece that seemed to be related to that was that there was a lot of inconsistency in who really owns the risk management program. So it was all over the map. You would think that, typically, it would be somebody senior in the organization, because most of the time, unless somebody really endorses it, it’s the “tone at the top” thing. Unless somebody at the top says, ‘this is important,’ then it becomes sort of a David and Goliath thing — some superhero in IT who decides they’re going to take this on and they get frustrated.

The term “risk-based security management.” Have you heard it used before or is this a new term in the world of risk management?

DM: We’ve heard it mentioned and when we heard it we decided that it sounds a lot like what we’re focused on. Where this came together, and I think it’s a linkage to our compliance roots, is that when we dealt with a lot of audits, scoping was really important and they always talk about the importance of a top-down risk-based assessment to figure out what’s in scope and what’s not, what’s relevant and what’s not. And one of our audit clients started describing it as risk-based security. And we said, ‘OK, that makes a lot of sense.’ Because if you have a good understanding of where the risks are, then you can align your budget, your resources, and what you report on based on risk and it makes it easier. Especially when you deal with non-technical executives. A lot of them tend to have financial backgrounds. They understand risk and they understand controls. So if you can kind of frame it in that, it’s a better starting point than trying to explain what patching is, for instance.

Was there anything in the report you found shocking?

DM: One other thing I thought was surprising is that when we asked people about data — there seems to be a dearth of metrics, a lot of people are trying a bunch of things to see what works — one thing that bothered me was that so many organizations had cost as their primary measure. I think cost is a good indicator, but it’s not a metric because you can’t drive costs and risk gets better. It just doesn’t work that way. We’ve been trying to help people understand that. It’s kind of a two-way street: What metrics are working for you, here are some things we’ve seen work.

Here is a shocking chart presented in the report: