Category Archives: Cyber Crime

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

UK Infrastructure Providers “Accept an Unexpectedly High Level of Risk” of Cyber-Threats, and the National Response Is “Fractured and Incoherent”

Posted on by

Hacker organizations like Anonymous and LulSec are waging a worldwide cyberwar. These new combatants are highly sophisticated and have emerged as a true threat so quickly that it is understandable why many organizations remain vulnerable.

But according to a new report from Chatham House, the UK’s critical infrastructure providers actually do understand the gravity of the threat and are very concerned about what it means for their operations — they just have chosen to do little about it.

“Many of the organizations surveyed in the course of this project have developed an attitude to cyber security that is fundamentally contradictory. In most cases, they declared themselves to be aware of cyber security threats. Yet these same organizations were willing, for a variety of resource and other reasons, to accept an unexpectedly high level of risk in this area. In several cases it was even decided that cyber risk should be managed at arm’s length from the executive authority and responsibility of the board and senior management. Paradoxically, therefore, in these organizations a heightened perception of cyber security risk is being met with diminished resources and interest.”

It gets worse.

While the weak response by critical infrastructure providers is clearly presenting a risk to national security in the United Kingdom, governments aren’t helping. Those who should be leading the charge on raising security aren’t doing enough to help those they serve keep up with the threat, say the providers.

There was a perception among those interviewed (which include 100 larges businesses and banks) for the study that “the national response mechanism is for the most part fractured and incoherent” and that there is  “little sense either of governmental vision and leadership, or of responsibility and engagement” with critical infrastructure providers. Those providers also note that better information sharing could help them considerably in preparing their defenses, but so far the UK government is “more willing to solicit information than to divulge it.”

Of course, the responsibility to mitigate this threat is not solely a public responsibility. These companies must take it upon themselves to safeguard their own operations. As the report notes, however, “this will only be achieved to the extent that board members are themselves more aware of the opportunities and threats presented by cyberspace.”

It must start at the top.

But unbelievably, the report notes that some companies have “deliberately pushed [the threat] below the boardroom level in order to remove a complex and baffling problem from sight.”

To be fair, some organizations are responding better than others. But they are the exception not the rule. “The results were varied,” said study co-author Dave Clemente on a Chatham House podcast. “Some organizations have a fairly nuanced view of cybersecurity — it comes up on their board agendas on a regular basis. And others don’t. Others respond only when something unpleasant happens to them or a competitor, and then they have to do something very quickly. Something must be done. Money is thrown at the problem. And often it produces an over-reation [that’s] not very well thought-through.”

In talking about the risk to infrastructure providers, Clemente highlighted the cyberattack that Anoynmous launched against Sony, shutting down its popular online video game platform, the PlayStation Network, for more than weeks and exposed the personal info of tens of millions of users.

Games Beat explains the details of that attack.

The company was criticized for having outdated security software that did not adequately protect the PSN from hackers when they broke in. Security experts knew Sony was running outdated versions of the Apache Web server software that did not have a firewall installed. The company said hackers were able to breach the PSN and steal sensitive data while the company was fending off denial of service attacks from Anonymous, an online hacker group that typically takes up politically charged causes.

Hackers also hit a number of other high-profile companies like defense contractor Lockheed Martin and Bethesda Softworks, another game publisher. The number of hacking attacks has given network providers like Sony a new set of challenges when building security for company networks.

Clemente says that the hacker intrusion cost Sony $171 million.

That’s a large sum that should help any large company take notice. But he also notes that while these types of cyber threats are “substantial in a monetary sense but there’s also reputational damage as well.”

Incidentally, Tim Schaaff, a top Sony executive, told Games Beat that the attack a “great experience, really good time … Though I wouldn’t like to do it again.”

At first blush, that seems like a ridiculous position. But perhaps we can all learn a little bit from the PlayStation Network breach. Take this quote from  Schaaff that further elaborates on his view.

“A determined hacker will get you, the question is how you build your life so you’re able to cope with those things,” he said.

Of course prevention and fool-proof network security is the ultimate goal. But it is increasingly hard to achieve. As the Chatham study shows, the leap forward in sophistication of today’s hackers means that most companies are now playing catch-up — both technologically and in terms of understanding the nature of the threat.

In the interim, many companies can and will be hit.

Know that. And start game-planning a response. Perhaps going forward, conducting emergency, tabletop drills for cyberdisasters will be as beneficial in preparing for the real thing as emergency drills for natural disasters are today.

Companies that have money and reputations to lose would be silly not to be developing strategies to this threat. And those organizations tasked with providing the nation with critical infrastructure? Well, if they do not improve their defenses soon, “silly” will start looking a lot more like “negligent.”

(For more on cyberthreat whos, whats, whens, wheres, whys and and hows, stay tuned for our upcoming October issue of Risk Management magazine. We have an 8-page feature detailing the nature of the threat — and ways to combat it. )

Guest Post: 5 Shocking Cyber Crime Facts

Posted on by

Crime has changed in a big way over the years thanks to our insatiable appetite for technology. Bigger, faster, more efficient and more all encompassing online access means one thing to cyber criminals: easy pickings.

Not only has technology changed the crimes committed, it has also radically changed the face of the actual criminal. No longer just the shady character in the background, cyber crimes, everything from embezzlement to identity theft and money laundering, are happening at the hands of everyone from the professional in the desk beside you to the quiet neighbor across the street. Because cyber crime lacks the face to face aspect of say a robbery or an assault, the most unlikely people are turning to a life of crime. Anonymity seems to allow behaviors that would have once been abhorrent.

With these factors, cyber crime is definitely on the rise. Think I’m exaggerating? Take a look:

  1. Between 2008 and 2009 cyber crime complaints went up more than 22%
  2. In 2010 the IC3 (internet crime complaint center) logged its two millionth complaint. Given that a large portion of society will not even lodge a complaint due to embarrassment over being “scammed,” this is really only a fraction of the cyber crimes committed.
  3. Referred financial cases received by the IC3 (to local, state or federal law enforcement agencies) totaled more than $550 million in 2009
  4. Enrollment in programs such as a cyber security degree have skyrocketed in line with increased cyber crime.
  5. Cyber criminals are becoming so tech savvy that institutions such as the IC3 have had to implement new methods of categorizing cyber crimes due to their ever widening scope.
    buy hydroxychloroquine online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/hydroxychloroquine.html no prescription pharmacy

As a whole, we have certainly benefited from the internet and the technologies that go along with it, but don’t kid yourselves, so have criminals. We’ve had to change how we view crime and also how we go about securing ourselves from it.

buy prevacid online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/prevacid.html no prescription pharmacy

Banks, government agencies, private business and the general public are all potential targets for cyber criminals, and the increase in those holding a cyber security degree are desperately trying to stay one step ahead and safeguard those most vulnerable. The frightening part is that as technology expands, so do the schemes and scams of cyber criminals.

Are Your Employees Stealing Your Data?

Posted on by

One of the biggest exposures in IT systems is the simple fact that too many people have access to information that they don’t need access to. The military has long kept everyone on a “need to know basis,” but companies in the digital age have been less effective in maintaining levels of data clearance.

Usually, this isn’t a problem. Most employees are honest people who wouldn’t do anything malicious with any corporate data. But as this information becomes increasingly valuable to outsiders, that temptation can be too much to overcome for some workers.

And according to a new survey from SailPoint, the number is troubling — especially in the U.K.

Of nearly 3,500 employees surveyed, a full 10% of U.S. employees (compared to 8% of Australians and 27% of Brits) said they would forward electronic files to a nonemployee. Furthermore, 9% of Americans (compared to 8% of Australians and 24% of Brits) would copy electronic data and files to take with them when they leave a company.

I’m not sure whether U.K. employees are more devious or just more honest, but even the lower totals in the United States and Australia shows the enormity of the risk. That’s just a ton of people who have no qualms about leaking — if not outright thieving — data.

“Organizations should be very concerned about the number of employees that openly admitted to misusing proprietary data,” said SailPoint cofounder Jackie Gilbert. “These results show that insider threats represent a significant risk to the business.

buy zetia online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/zetia.html no prescription pharmacy

Some of the biggest and most costly data breaches have been directly tied to company employees.
Having a written policy is not enough to ensure data security. Organizations need to have automated controls in place to monitor and manage user access controls in order to minimize the risk of insider theft or sabotage.

buy rogaine online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/rogaine.html no prescription pharmacy

What all this means is that while IT directors do need to figure out how to keep the outside hackers from getting into the network — they also must determine how to keep those already within from exposing information to the outside.

As Gilbert says, access controls are a good start.

Cyber Crime: Recent Events and Insuring Against It

Posted on by

It seems like several times per day that I am sent a news alert of yet another data breach.

buy buspar online healthdirectionsinc.com/flash/swf/buspar.html no prescription pharmacy

The frequency with which they occur is frightening to say the least and unfortunately, many businesses are not covered for such an event.

Let’s take a look at data breaches that have occurred over the past week and what, if anything, can be done to prevent (or insure against) them.

  • A report by Wake Forest Baptist Medical Center to the state attorney general’s office explained that 357 people were affected by documents from an 11-year period taken from the medical center due to a security breach, the Winston-Salem Journal is reporting. Wake Forest Baptist issued a statement early last month that it had fired an employee, Linda Bowden Turner, who had taken medical records and documents from 1995 to 2006 from the medical center to her own properties.
  • If you used a credit or debit card at Margarita’s restaurant over the past three months, a virus might have culled your information before it could be encrypted and then sold to underground markets, Huntsville police said. At least 200 people over the past two weeks have reported incidents of stolen bank account information, and authorities said they suspect there are many more cases that have not been reported and many potential victims whose numbers have not yet been used by thieves.
  • Nearly 700 Toshiba customers’ emails and passwords have been stolen from the company’s U.S. servers, the latest company to be hit by hackers, although it doesn’t appear to be the work of the same groups that have infiltrated Arizona law enforcement, Orlando tourism or PBS. TechEYE.net reported that the hacker VOiD targeted Toshiba and claimed “to gain usernames and passwords on 450 of the company’s customers” as well as about 20 re-sellers and 12 administrators on the company’s Electronic Components and Semiconductors and Consumer Products sites.
  • Lady Gaga has called in police after thousands of her fans’ personal details were stolen from her website. Her record label acted after the site was hacked into by US cyber attackers SwagSec. A source said: “She’s upset and hopes police get to the bottom of how this was allowed to happen.” The group struck on June 27 but did not make the information, which included names and email addresses, public until this week.
  • Anonymous, a group of “hacktivist” computer-savvy attackers, has already speared a number of big fish: credit-card companies, the church of Scientology, and Monsanto, a biotechnology firm. And the hackers have flaunted their skills by successfully attacking computer-security expert firms, like HBGary. Its latest victim is Booz Allen Hamilton, a big consulting firm to America’s government, including on cybersecurity, with bigwigs like a former CIA head and a former director of national intelligence on its payroll.

So how do companies work to prevent or mitigate the effects or data breaches? One option is cyber liability insurance. Major insurers like Chartis, ACE and Hiscox have been in the cyber liability insurance game for several years now and smaller insurers are entering the market at a rapid pace. But what types of coverage does a cyber liability policy include? According to Dave Navetta, partner at InfoLawGroup and contributor to Fox News, the following may be included:

  • Breach Notice Costs. Coverage now exists for direct costs incurred by an insured to provide notice to individuals in the event of a security breach, as well as expenses to set up a call center and provide credit monitoring services. These costs involve a multiplier effect. For example, credit monitoring can cost anywhere from $10 to $200 per year, per person impacted by a breach. If one million individuals are at issue, costs could run in the millions of dollars. These costs also include attorney fees and forensic investigation expenses to determine the cause of a breach and whether notice is required under law.
  • Damages and Defense Costs. Provides coverage for information security and privacy breaches and technology professional liability. This element of the insurance plan is specifically designed to provide coverage for damages and defense costs arising out of lawsuits or claims resulting from a data security breach or an act, error or omission in the rendering of professional technology services (like data storage services). Some cyber policies will also protect your business against the cost of regulatory investigations or actions due to a security or privacy breach.
  • Service Provider Breach.With more companies outsourcing their data processing to third parties or the “cloud,” it is important that a cyber policy provides coverage if the security breach happens to one of the insured’s service providers. That will protect your company against many types of expenses. However, these policies are unlikely to provide any coverage for the personnel hours expended internally to address the breach.
  • Crisis Management, Business Interruption and Data Restoration. This insurance can also help cover the costs for getting the network back up and running and restoring lost data. Public relations services may also be included to help restore the company’s reputation.
    buy vilitra online healthdirectionsinc.com/flash/swf/vilitra.html no prescription pharmacy

  • Denial-of-Service Attack. If your company or a service provider, such as a web host, is shut down by a denial-of-service attack or other type of hack, some insurance policies will cover lost income and the costs of repairing the network.
  • Cyber Extortion. In a case where a hacker decides to hijack your website, network or database, and demands money to restore it, a cyber extortion clause in an insurance policy can help to cover the settlement and the cost of hiring a security firm to track down the hacker.

Does your company have cyber liability insurance coverage?

buy isofair online healthdirectionsinc.com/flash/swf/isofair.html no prescription pharmacy