Category Archives: Cyber Crime

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

The Financial Industry: Cyber Security Laggards

Posted on by

We have seen it all around us lately — the financial industry’s inability to guard against major data breaches.

Just last month, Citibank, the third largest bank holding company in the U.
buy flagyl online https://royalcitydrugs.com/flagyl.html no prescription

S., experienced a data breach when hackers obtained information on more than 360,000 credit card accounts of North American customers. And just last week, Morgan Stanley announced that data of 34,000 clients was lost or stolen.

According to two letters sent to clients, and obtained by Credit.com, the information [of Morgan Stanley customers] includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers. The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted. The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, Wiggins said.

The Citibank breach has been referred to as the largest direct attack on a major U.S. financial institution. Since the attack, the Federal Deposit Insurance Corporation has been preparing new measures on data security, which proves to be much needed.

The financial industry has become somewhat of a laggard when it comes to data security initiatives and the risks of data theft are rising.

online pharmacy tadalista with best prices today in the USA

According to a June report by IDC Financial Insights, “As financial institutions expose more capabilities to their clients through their digital channels, they must introduce more sophisticated mitigation and control techniques at a similar pace.” The report points to mobile applications as the next new target of cyberattacks.

online pharmacy revia with best prices today in the USA

(Check out the next issue of Risk Management for more on this topic — online August 1st).

To approach these inevitable risks, there needs to be a change in the role and focus of enterprise risk functions, according to the IDC Financial Insights report. “Cyber risk is an enterprise risk issue, not an IT issue, and as such needs to be addressed from a strategic, cross line-of-business, and economic perspective. The CFO, not the CIO or CTO, is the most logical person to set strategies and lead the efforts required to address the cyber risk challenge.”

The following is a chart that shows that cyber risk is an operational risk component, according to IDC Financial Insights.


Do you agree with these findings? If not, how do you think the management of cyber risks fits within the realm of business’s risk management plan?

online pharmacy lariam with best prices today in the USA

The Perils of Email

Posted on by

In the business world, we send a lot of emails. More than 40,000 a year, according to a study by the Radicati Group. But as Felicia Harris Kyle of Sutherland Asbill & Brennan LLP points out in an online exclusive article in Risk Management, this reliance on email is not without its risks, particularly when it comes to the legal threats it creates.

As email and text-messaging increasingly become the primary forms of communication, the continued widespread use of email and texting in the corporate setting creates a whole host of interesting issues for companies and their lawyers. In litigation, for example, emails are an important component of discovery and often contain the proverbial “smoking gun.” The best defense is a good offense, which starts with a thoughtful analysis of the threats, backed by sound policies and practices that may ensure the proper use, retention and handling of emails and other electronically stored information.

Among the topics she discusses are information retention policies, the effect of litigation hold notices, how to avoid sanctions and the usefulness of forensic reviews. So don’t miss this informative article, only on RMmagazine.com.

Richard Clarke: U.S. Under-Prepared for Cyberthreats

Posted on by

Cybersecurity and cyberwarfare are major threats that neither companies nor the public sector are prepared for, said Richard A. Clarke in his morning keynote address to the World Conference on Disaster Management in Toronto. All too often, governmental IT officials have not properly discussed their systems with emergency managers and the fallout of any major shutdown could be catastrophic.

Clarke fears the results of any extended electrical or network outage. Many municipalities and organizations have generators that may provide a temporary solution, but what happens on day four? Day 7? Day 10? Operations may not return until the systems come back online and chaos could ensue.

Some have accused Clarke, and others who often express great concern over cyberwarface, of exaggerating the threat. Clarke acknowledged his critics, but believes he is by no means over-hyping the concerns that an unprepared nation should have.

buy clomiphene online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/clomiphene.html no prescription pharmacy

“I like being wrong when I predict disasters,” he said, “but I think I’m right on this one.”

He added that in addition to discussing the realities of cyberattacks and cyberwar the world must begin promoting “cyberpeace” by developing some international accords and norms to follow as this increasingly becomes a more critical issue to the world.

As we have seen during the Russia/Georgia conflict and the Stuxnet attack that someone (*cough* Israel and the United States *cough*) carried out on Iran’s nuclear industry, this is a reality that all nations and companies will have to contend with in the future. So it would seem that it is past time for international bodies to set some clearer standards.

For those who haven’t been following the news in recent years, Richard Clarke has become a polarizing figure in Washington due to his harsh criticism of the Bush administration’s stance on counter-terrorism and decision to go to war with Iraq. He spent 30 years working under both Republican and Democratic commander in chiefs, but his no-holds-barred words — and those he received from the Bush White House — forever altered the way he is seen by many outsiders no matter their political leanings.

Regardless there is no questioning the man’s expertise and credentials on both terrorism and cybersecurity. He is a foremost expert about both and has increasingly been focused on the latter of late. And he more than proved that today while talking to an audience that, even with its expertise in emergency management, remains novice in its understanding of security.

buy lariam online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/lariam.html no prescription pharmacy

Because he was so compelling — and some of the scenarios he described so frightening — I found myself listening more than taking notes and reporting. But below are some of the comments I posted to Twitter during the discussion, listed in reverse-chronological order.

buy bactroban online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/bactroban.html no prescription pharmacy

UPDATE: I just came across this excellent breakdown of Clarke’s speech by Ken Simpson. Here he succinctly encapsulates Clarke’s four areas of cybersecurity threats.

Clark described 4 general areas of Cyber attack, suggesting that we could visualise these in terms of overlapping circles;

  • Cyber Crime
    • Suggested that this was ignored, and perhaps encouraged by certain Eastern European states
      • I assume this is something they learned from the situation with the Mafia in Batista’s Cuba.
    • Apparently these organised cyber crime cartels are generating revenues similar to drug cartels
  • Cyber Espionage
    • This is undertaken for profit at times, cyber industrial espionage.
    • Also by sovereign states to steal national security secrets.
  • Hacktivists
    • In this case the hackers are aiming to prove that the target has weak security
    • Also to promote their own political cause
  • Cyber War
    • This is the new phenomenon, and seems to be proliferating – the equivalent of a cyber arms race.

Clark described the US Cyber Command, headed up by a 4-star General, and including the US Navy’s 10th Fleet. This fleet does not have any ships, just a flotilla of attack software.

The disturbing part is that the aim of this cyber warfare is not just to damage the other guys computers – but by doing that to cause significant impacts in the real world.

You can follow me @RiskMgmt for more live updates from the WCDM over the next two days.

Citigroup Data Breach Worse Than Initially Reported; CIA Website Also Hacked

Posted on by

It turns out that the Citigroup data breach that we reported about last Friday may actually have been almost twice as large as originally reported. Last week, Citigroup had said the breach involved 200,000 cardholders, or 1% of its 21 million North American cardholders. Now they are reporting that the breach may have exposed the private financial data of more than 360,000 customers.

While the bank has been criticized for waiting a month before notifying customers about the breach (the incident was discovered on May 10 but not revealed until June 9), it is to their credit that Citigroup has been up-front about what they have done to mitigate the threat.

Upon discovery, internal fraud alerts and enhanced monitoring were placed on all accounts deemed at risk. Simultaneously, rigorous analysis began to determine the precise accounts and type of information accessed. The majority of accounts impacted were identified within seven days of discovery. By May 24, we confirmed the full extent of information accessed on 360,069 accounts. An additional 14 accounts were confirmed subsequently. To determine the cardholder impact required analysis of millions of pieces of data.

The customers’ account information (such as name, account number and contact information, including email address) was viewed. However, data that is critical to commit fraud was not compromised: the customers’ social security number, date of birth, card expiration date and card security code (CVV).

While the investigation was underway, preparations began to notify customers and, as appropriate, replace affected customers’ credit cards.

buy stendra online blockdrugstores.com/wp-content/uploads/2023/10/jpg/stendra.html no prescription pharmacy

As of May 24, we began the process of developing notification packages including customer letters and manufacturing replacement cards, as well as preparing our customer service teams. Notification letters were sent beginning June 3, the majority of which included reissued credit cards.

buy spiriva inhaler online blockdrugstores.com/wp-content/uploads/2023/10/jpg/spiriva-inhaler.html no prescription pharmacy

Citigroup also indicated that they have implemented “enhanced procedures” to prevent another incident and said the customers would not be liable for any fraudulent charges on their accounts and could contact the bank to set up free identity theft protection.

Unfortunately this is not the only high-profile cybersecurity incident to make headlines in the last couple of days. A group of hackers calling themselves LulzSec hacked the CIA’s website and took it offline Wednesday night. The group claims to have been responsible for recent attacks on the U.S. Senate, Sony and PBS. According to experts, their motivation has been simply for “grins and giggles.” Evidently it’s the hacker equivalent of the old mountain climbing justification, “Because it’s there.”

The larger question, however, is what do these incidents say about the preparedness of the United States to fight cybercrime. According to a interesting Reuters report, the gap between criminals and those tasked with stopping them is widening.

“We’re much better off (technologically) than we were a few years ago, but we have not kept pace with opponents,” said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. “The network is so deeply flawed that it can’t be secured.

buy amoxicillin online blockdrugstores.com/wp-content/uploads/2023/10/jpg/amoxicillin.html no prescription pharmacy

While the government is working to improve security, it seems unlikely that anyone will ever be able to get ahead of the threat. For many organizations, the only strategy may be to minimize the damage and chalk up cybersecurity as another cost of doing business. Hopefully that cost doesn’t get too high.