Category Archives: Cyber Crime

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

WikiLeaks’ Next Target? Your Company

Posted on by

By now, I’m sure you’re familiar with WikiLeaks. (If not, read this good, introductory summary.) The whistle-blower company has released hundreds of thousands of documents about the wars in Afghanistan and Iraq and, just this week, it made headlines worldwide by unveiling a new torrent of documents related to U.

buy hydroxychloroquine online metabolicleader.com/p7pmm/img/jpg/hydroxychloroquine.html no prescription pharmacy

S. foreign policy and diplomacy. (Here are the Daily Beast’s “9 Most Shocking WikiLeaks Secrets.”)

Predictably, the company and its founder Julian Assange are not very popular among federal and military officials in Washington, D.C., many of whom see the release of such confidential documents as paramount to a criminal act of espionage against the United States.

Amidst the political firestorm, Assange has said that WikiLeaks’s next target will not be political or military — but corporate.

In a rare interview, Assange tells Forbes that the release of Pentagon and State Department documents are just the beginning.

buy cymbalta online metabolicleader.com/p7pmm/img/jpg/cymbalta.html no prescription pharmacy

His next target: big business.

Early next year, Julian Assange says, a major American bank will suddenly find itself turned inside out.

Tens of thousands of its internal documents will be exposed on Wikileaks.org with no polite requests for executives’ response or other forewarnings. The data dump will lay bare the finance firm’s secrets on the Web for every customer, every competitor, every regulator to examine and pass judgment on.

buy actos online metabolicleader.com/p7pmm/img/jpg/actos.html no prescription pharmacy

Risk managers are always looking for emerging risks. And being able to see the threats that lurk beyond the horizon can be what separates the good from the great. A few years ago, it would be hard for anyone to see this peril looming.

But here we are.

For companies, the threat may be even greater than that posed to the government and the military. Those institutions have time-tested procedures of secrecy and multiple levels of confidentiality to ensure everything remains on a need-to-know basis. Sensitive information is obviously getting released by people who think it should be in the public record, but we can probably be pretty sure that there is plenty of even more restricted information known in the halls of the White House, Pentagon and Congress that has not — and will never be — exposed to the masses

Businesses, too, have protections to keep the perhaps-incriminating or at-least-embarrassing details of their operations from seeing the light of day. But the proliferation of digital information — data that can be accessed by both employees and cyber-savvy outsiders — makes everything harder to protect. Most companies don’t have Apache helicopters and M-16-toting soldiers to protect their servers.

So all it would take is one whistle-blower with access to severely damage the reputation of the company — and perhaps imperil the freedom of its less-than-lawful execs.

For what it’s worth, Assange’s freedom is once again being threatened by those he has angered. Attempts to shut down the site in the past have almost all failed, however.

We’ll see if the latest hornet’s nest he has kicked will lead to any different results, but my guess is that the business risk of exposure at the hands of WikiLeaks — and the other imitators that will inevitably surface — will not be dissipating any time soon.

Ernst & Young’s Global Information Security Survey

Posted on by

Last week, I attended the Ernst & Young media roundtable to hear the results of its 2010 Global Information Security Survey (GISS). The survey includes responses from participants in 1,598 organizations in 56 countries across all major industries.

With the increase in the use of external service providers and the adoption of new technologies such as cloud computing, social networking and Web 2.0, companies are increasingly exposed to data breach threats. In fact, 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. And according to the survey, companies are taking a proactive stance as 46% indicated that their annual investment in information security is increasing. Though IT professionals are trying, not all are succeeding in keeping up with new tech threats.

“I’ve never seen this kind of shift in IT before,” said Jose Granado, the America’s practice leader for information security services within Ernst & Young. “Security professionals are trying to keep up with the pace, but aren’t really doing a great job. The have limited resources and a limited budget.”

A concern for IT professionals is mobile computing. Demands of the mobile workforce are driving changes to the way organizations support and protect the flow of information. In fact, 53% of respondents indicated that increased workforce mobility is a significant or considerable challenge to effectively delivering their information security initiatives. Aside from investing more on data loss prevention technologies, 39% of respondents are making policy adjustments to address the potential new or increased risks.

“You have to implement realistic policies,” said Chip Tsantes, principal within the financial services division of Ernst & Young. “They need to be liveable and workable, or else people will go around them. You can’t simply ban things.”

Another major concern for IT pros is the gaining popularity of cloud computing. Both Granado and Tsantes were shocked to learn that 45% of respondents (primarily those on the non-financial services side) are currently using, evaluating or are planning to use cloud computing services within the next 12 months.

“From the standpoint of a traditional IT security professional, endorsing or supporting a cloud environment is counter-intuitive,” said Granado. “How do I know where my data is and how do I know it is protected?”

So how do companies increase their confidence in cloud computing? According to the survey, 85% say that external certification would increase their trust.

So I asked Granado and Tsantes if they could tell me when they believed there would be a universal set of standards for cloud computing providers. Granado feels there is a two-to-three year timeline in regards to having something solidified. He says businesses are going to drive it; If businesses continue to push, “cloud providers would have to follow.” With more and more sensitive data calling the cloud home, let’s hope Granada is being conservative with his estimate.

cloud computing2

November Issue of Risk Management Now Online

Posted on by

It’s that time again — a new issue of Risk Management magazine is now online. The cover story in our November issue celebrates the 100th anniversary of the modern U.S. workers compensation system and highlights the fact that even though workers comp is only 100 years old, its principles date back a millennium.

Additional features in the newest issue are a first-hand account by Michael Cawley of 25 lessons learned during his 25 years as a risk manager, the pros and cons of cloud computing and seven steps to building a successful workers comp program.

Our columns explore topics such as the rise in workplace suicides, the largest data breach in history, regulatory uncertainty within the insurance industry, the Red Flags Rule, and human clinical trial insurance in South Korea. Also included are monthly staples such as our articles highlighting recent industry reports (Findings) and our book reviews (Shelf Life).

If you enjoy what you seen online, you can subscribe to the print edition to enjoy even more content.

Please let us know what you think in the comments below. And stay tuned to the blog for even more coverage in the future. Lastly, you can follow the magazine on Twitter“like” us on Facebook and join our LinkedIn group.

October: A Busy Month for Data Breaches

Posted on by

Every company, no matter what industry it is aligned with or what country it is based in, is vulnerable to losing sensitive data, either accidentally or by malicious endeavors. The Ponemon Institute has found that the average cost of a data breach in 2009 was an incredible $3.4 million. And, unfortunately, the frequency with which these breaches occurs appears to be increasing. Let’s take a look at some of North America’s more notorious breaches for October 2010:

October 14: In Lake County, Florida, a credit union employee stole customer’s credit information to take out loans — money which was used to help finance the attorney fees of her son, who is on death row for murder. The employee, Nazreen Mohammed, was accused of attempting to take $430,000 from banks such as RBC and Fairwinds Credit Union.

October 14: An employee of Accomac, Virginia had his laptop computer stolen while on vacation in Las Vegas. The computer held the names and Social Security numbers of approximately 35,000 county residents. The employee took the laptop on a personal vacation without permission from his superiors.

October 14: Though the incident occurred in August, it wasn’t recognized until October when the Veterans Benefit Administration Office in Boston realized they sent 6,299 benefit letters to the wrong address. All nine digits of Social Security numbers were on 3,936 of the letters. A Veteran’s Affairs report blamed the incident on programming error.

October 15: On this date, the University of North Florida reported that more than 100,000 people could be affected by a security breach. UNF stated that a file containing personal information on prospective students was possibly accessed by someone outside the United States. The university is working with the FBI “to determine the cause and intent of the breach.”

October 20: The personal information of 280,000 Medicaid members in Pennsylvania was compromised when a portable hard drive belonging to Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan was lost. “The insurers said they have beefed up security practices and will provide free credit-monitoring assistance to the people whose Social Security numbers, either in whole or in part, were on the missing hard drive.”

October 21: The Thames Valley District School Board in Ontario, Canada shut down its online student portal after it realized that the internet passwords of more than 27,000 high school students were compromised. The culprit in this incident posted a link on Facebook that directed users to a site that listed the names and passwords of students.

This, however, is only a partial list. More incidents can be found at DataLossDB.org.

Does your company have a solid cybersecurity strategy? If not, check out the article, The 5 Steps of a Cybersecurity Risk Assessment, by Peyton Engel, a data security expert at CDW.

keyboard