Category Archives: Cyber Crime

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Banks’ Inability to Protect Info “Almost Shocking”

Posted on by

Does the financial industry think it’s invincible? Or is the industry as a whole innocently ignorant as to how to keep up with certain emerging risks?

For example, Citigroup became the victim of a cyber thieves recently when banking giant realized hackers infiltrated their computer system and stole personal information from more than 200,000 credit card holders, making it one of the largest direct attacks on a major bank. As the New York Times points out:

Even more striking is that similar data breaches have been occurring for years — and the financial industry has failed to prevent them. Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers. “They’re not at all on top of it,” said Avivah Litan, a financial security analyst at Gartner Inc. “It’s almost shocking.”

Shocking indeed.

How, in 2011, are some of the world’s largest financial institutions unaware of the omnipresent threat of hackers? Though recent data breaches involving Sony, Amazon and Google have rightfully raised concerns regarding internet “security,” the Citigroup situation raises some serious red flags.

It raises a question as to whether flames of the ongoing cyber-war are leaping to financial banks. If so, prompt actions to combat the cyber-crime must be taken by both governments and private companies.

Writing about the overconfidence that banks exhibit reminds me of my post from yesterday in which I reference the Economist Intelligence Unit’s report that stated one of the many failings within the discipline of risk management is:

2. Finance executives remain unaware of risks

According to the survey, “Compared to colleagues in legal, risk and compliance functions, finance professionals are far more likely to say that their organizations haven’t suffered from significant risk or compliance failures.” This is yet another surprising finding since the financial department is considered one of, if not the, most important department in an organization, considered the oxygen to the life of a company. If they are operating with the mindset that their company is perfect, either they’re not being true to themselves or they honestly cannot see failures. Both scenarios are scary.

Though the above refers to finance executives in any industry and the Citigroup data breach involves one company within the banking industry, the idea remains the same: the severity of data breach risks is not being acknowledged among most companies — most of all, among those companies and executives dealing with money.

Cavalcade of Risk #131: All Things Risk

Posted on by

Welcome to the Cavalcade of Risk blog carnival, an aggregation of some of the best risk management and insurance-related blog posts out there. Before I get to the rundown of posts, thanks go out to David E. Williams at Health Business Blog for his insightful hosting of Cavalcade of Risk #130.

  • Let us begin with Dave Ingram‘s post regarding risk management entertainment systems (RMES), where he states, “The Risk Management Entertainment Systems create a very strong impression that ERM is a talking and paper shuffling activity.  A waste of scarce corporate time, resources and dollars. ERM needs to be about action.  If in the end, ERM does not result in any changes to a firm’s treatment of risks or selection of risks, then there was no real business reason for ERM.”
  • Claire Wilkinson writes about protecting your personal information on Terms + Conditions, the Insurance Information Institute’s blog regarding all things risk and insurance. She states, “the average organizational cost of a data breach increased to $7.2 million in 2010 and cost companies an average of $214 per compromised record up from $204 in 2009.”

And a few more from around the blogoshpere:

The next host is Russell Hutchinson at Chatswood Consulting — he’ll host the 5th anniversary edition of Cavalcade of Risk on June 1st. Don’t miss it!

RIMS Session Highlights Cyber Security Concerns

Posted on by

Cyber security has become an increasingly important topic not only for individuals but for companies as well. I guess that’s why the cyber security session at RIMS 2011 was one of the most popular of the day, with seats filled and attendees lining the walls.

“Cyber Security: Covering Your Assets” featured a panel of industry experts, including Mark Greisiger, president of NetDilligence; Robert Parisi, senior vice president of Marsh; Richard Billson of Zurich North America Commercial and Victoria Telford, director of global insurance and risk management for Hanesbrands.

Billson called for more stringent cyber security actions, noting that “$3 trillion daily moves over network connections.”

Greisiger, referenced a shocking 2010 forensics study from Verizon Security Consultants, which claims:

  • 70% resulting external bad actors (hackers, malware)
  • 48% caused by insiders and a large part of this (90%) deliberate
  • 61% of datat breach discovered by 3rd parties NOT by the company itself
  • 96%of incidents were avoidable with simple controls

As for top perils, Greisiger noted the following:

  • Hacking (SQL injection)
  • Laptop loss
  • Backup tape loss
  • Staff mistakes (“probably 50% of the losses we see” according to Greisiger)
  • DDoS attacks (denial of service)
  • Business partner mishaps and breach

Why the problem of data breaches? Greisiger states:

  1. Most businesses collection more information than necessary and that data is often stored for too long (California laws are trying to do away with retailers asking for zip code – they do reverse indentification and bombard customers with marketing)
  2. Websites are very porous and need constant care
  3. IDS (detection) is very weak (intrusion detection software)

Greisiger concluded with a strong message, stating that with data loss and cyber security threats, “it’s not if but when it happens. It may have already happened to your company.”

Scary thought indeed.