Category Archives: Disaster Preparedness

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Along with Hurricanes Come Hackers

Posted on by

Cyber crime
With hurricane season in full swing, supermarkets and electronic stores aren’t the only businesses in danger of looting. When defenses are down and attention is elsewhere during a natural disaster, critical data and intellectual property is just as vulnerable to looting as the shopping center down the street.

Each year, the amount of personal information targeted from data breaches only continues to grow. There was a new record set near the end 2015 when 191 million U.S. voters’ identities were exposed, surpassing the previous record for the largest single data beach. Personally identifiable information, including voters name, date of birth, gender, and addresses were exposed for more than a week before the database was officially shut down. Just imagine the opportunity for hackers during natural disasters when systems are down for a similar time frame.

Take “Superstorm Sandy,” back in 2012. Cyber criminals used confusion in the aftermath of the hurricane as part of a social engineering scheme to steal information. One organization received a call requesting an emergency download of sensitive personnel information needed to assist staff that had been affected by flooding. Lost internet connectivity as a result of the storm meant the help desk could not make a reasonable verification of who was making the request and sent the highly sensitive information to the bogus caller’s “backup site,” which was, as it eventually transpired, a system controlled by hackers. During times of crisis we are more susceptible to cyber criminals willing to prey on our good nature and eagerness to help.

The semi-controlled chaos of an emergency response is rife with opportunities for exposure of sensitive data. Here are five steps enterprises can take to minimize cyber exposure before, during and after a natural disaster.

  1. Security Analytics: According to the 2016 Internet Security Threat Report, the overall total number of identities exposed has jumped 23%, to 429 million. Security analytics tools allow IT managers to have full visibility into all network traffic, they can also help enterprises determine if and when anything happened, what systems and data were affected and if the attack has been contained. Monitoring these tools can also be outsourced to security service providers.
  1. Be Secure in the Cloud: During a natural disaster, buildings may be flooded or damaged and roads may be closed, ‘dedicated’ servers can lack the flexibility and access provided in a cloud environment. Access for continuing operations and first-responders operating from mobile devices can be critical in a disaster. But, it is important that your cloud is protected and monitored; access management is top priority. IT managers can use cloud access security brokerage technologies to restrict workers from creating accounts on services such as Box or DropBox and transferring restricted data. More importantly, the information residing in cloud applications can be encrypted and tokenized.
  1. Plan for Emergency Web Access & Bandwidth Management: Prioritizing access to the network becomes critical during natural disasters. With bandwidth tight, restrict and prioritize web access to only the most critical sites and resources. Set up a more restrictive web access policy prior to an emergency and be ready to deploy it when needed. Do the same for bandwidth management. Be ready to prioritize applications such as VoIP and cache critical information like official communications for viewing from a local cache.
  1. Protect social media and public websites: Customers will be looking for updates via social media and websites during and after emergencies. During these times, it is critical to protect public information resources. Web application firewalls can protect the website from common attacks, control input/output and access as well as detect unfamiliar traffic patterns. Twitter is a critical communication resource, but this can also be used to promote malicious information. Deploy security features such as two-factor authentication and verification codes for social media accounts.
  1. Practice, Practice, Practice. Table top exercises, readiness assessments and “live fire” exercises are essential to good preparation. I’m fond of the quote, usually attributed to the boxer, Mike Tyson: “Everyone has a plan until they get punched in the mouth.” Having led a significant number of crisis teams, every disaster presents unique challenges but successfully surviving a determined cyber criminal’s attempts demands on both preparation and practice.

While we can’t always predict the weather, with the right protocols for security in place, enterprises can ensure that their IT infrastructure is protected 24/7.

Planning for Extreme Floods

Posted on by

Flooding

Companies in the United States should begin preparing now for climate change, which is predicted to cause extreme weather conditions, according to FM Global’s report, The Impact of Climate Change on Extreme Precipitation and Flooding. As the climate warms, areas that are dry will become drier and moist areas will see higher precipitation. The characteristics of precipitation will also change. “We feel cli­mate change not so much through subtle changes in the mean, but through changes in the extremes,” MIT Prof.

online pharmacy lasix with best prices today in the USA

Kerry Emanuel said in the report.

While the overall amount of precipitation might remain the same, it will become less frequent but more intense.

online pharmacy prograf with best prices today in the USA

A specific region of the country that has historically seen 10 inches of rain each May might see the same volume that month, for example, but those 10 inches may occur in a much shorter period of time, increasing the risk of flooding, according to the study.

By the end of the century, as temperatures rise, it is possible for precipitation to change by 8%, which could exacerbate wildfires in some areas and flooding in others.

online pharmacy tretiva with best prices today in the USA

The danger is that, because these extreme events are infrequent, they lack urgency, so planning can easily be put off. Risk managers are advised to check their facility’s resilience in terms of the building’s ability to withstand flooding, focusing on 500-year flood levels rather than 100-year.

Extreme wet or dry conditions can affect a company’s buildings, machinery, data centers, transportation networks, supply chains, people and sales. Organizations should focus on water management—diverting water from property, optimizing drainage and protecting water supplies, and they should consider new weather extremes when managing supply chains.

Flood hazard mapping is increasingly proving helpful as understanding of water risk is improving, Louis Gritzo, vice president and manager of research with FM Global, wrote in “Mitigating Evolving Water Threats,” from this month’s Risk Management Magazine. Advances in technology have led to improvements in weather satellites, geospatial data acquisition and physical model development, making old models obsolete. Anyone working with information from a flood map that is more than 15 years old should consider an update, he wrote.

Those with a flood map should make sure it includes potential coastal flooding areas as well as river flooding, also taking into account the local topography of coastal locations. “Areas along the coast that are surrounded by hills and mountains will likely experience far more wind-blown water (storm surge), as the local terrain directs more water in spaces between steeper slopes,” Gritzo wrote.

Terrorism Incidents Down, Disruption Up in 2015

Posted on by

A number of high-profile terrorism attacks worldwide have raised people’s fears this year, but the reality is that the number of attacks and deaths from such attacks actually decreased in 2015, according to Marsh’s 2016 Terrorism Risk Insurance Report.
Marsh2

The report summarizes terrorism risk insurance trends, benchmarks terrorism insurance take-up rates and pricing, and offers risk management solutions for terrorism exposures.

The more current attacks, often perpetrated by a single individual or small group, are different from those carried out in the 1990s and 2000s when high profile locations were targeted. Individuals carrying out the more recent attacks may have no direct contact with a known terrorist organization, but could be drawn to them through writings and video, particularly on the internet, Marsh said.

These events can be very disruptive to operations in some companies. In the travel industry, for example:

  • About 10% of American travelers canceled booked trips due to the recent attacks in Egypt, France, Lebanon and Mali, which impacted $8.2 billion in travel spending, according to a survey by YouGov.
  • Booking losses for Air France were estimated to be €50 million ($56 million), the company said in a statement.
  • Airlines, hotel chains and travel websites experienced drops in their stock prices after this year’s airport bombing in Brussels.

In the United States, the Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA) offers businesses a federal backstop against terrorism-related losses. While the overall take-up rate for TRIPRA coverage in the U.S. increased slightly in 2015, it has remained in the 60% range since 2009, Marsh said.

Managing terrorism risk requires a combination of strategies that protect people, property and finances. On the financial side, the choice is whether to retain or transfer the risk with insurance. But the changing pattern of terrorism risk has some companies asking if they are adequately insured for business interruption and related losses. They also wonder how to prepare for potential losses from cyber terrorism and other events.

Other key takeaways from the report include:

  • As small group and “lone wolf” terrorist attacks appear to be the changing face of terrorism, many organizations are assessing their coverage for indirect losses stemming from business interruption risks.
  • Following the 2015 passage of the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), take-up rates in the US edged up for TRIPRA terrorism coverage embedded in property programs.
  • Among industry sectors, media organizations had the highest take-up rate for terrorism insurance in 2015.
  • Workers’ compensation markets for terrorism risks generally stabilized.
  • The number of Marsh-managed captives accessing TRIPRA increased by 17% from 2014 to 2015, but many captives that could offer a terrorism program do not.
    19906-TRIR-Infographic

 

Vendor Risks: Preventing Recalls with ERM

Posted on by

Recall
In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

buy ocuflox online meadfamilydental.com/wp-content/uploads/2023/10/jpg/ocuflox.html no prescription pharmacy

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.
buy tadalafil online https://royalcitydrugs.com/tadalafil.html no prescription

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.

Red flags raised by regulators aren’t always seen by the companies they’re most relevant to, however.

buy cytotec online meadfamilydental.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

The fact that these outbreaks occurred seems to demonstrate that customers’ vendor management practices either failed or simply weren’t robust enough to detect issues. It all comes down to effective enterprise risk management (ERM). ERM provides the tools and framework that allow any organization to standardize processes and effectively mitigate vendor risk.

An ERM approach is characterized by standard criteria, interdepartmental communication, and automatic alerts and notifications. It keeps everyone in the organization on the same page and ensures assessment results are always understandable and accessible. This eliminates redundancy in the risk management process. As a result, you can quickly and easily determine the last time your organization evaluated a supplier. Something as simple as a notification that regulators have published new requirements might save your organization from acquiring infected or defective products.

There are three general stages that apply to any successful risk management effort:

  1. Identify specific risks, followed by assessment and evaluation
  2. Implement tailored mitigation activities to address those risks
  3. Monitor those mitigations to ensure long-term effectiveness

The first step serves as the foundation for steps two and three. Without a proper understanding of what risks your organization faces, it is impossible to prioritize and mitigate them. Especially across multiple business departments or within supply chains—it is quite difficult to identify and account for every variable.

To keep up with vendors’ fluctuating conditions, teams need to systematically identify and assess risks, catching them as they crop up. Preventing assessments from becoming obsolete is the key to keeping a pulse on everything that may affect the business, therefore avoiding unwanted surprises.

Risk assessments also help determine the best way to allocate limited resources. Minimizing vendor-related risks needn’t be burdensome, however. It should be a streamlined process that, by enabling you to avoid harmful incidents, improves operational efficiency. Once your risk assessments reveal the areas of highest priority, you can determine exactly how to mitigate those concerns.

The Freedom of Information Act can be extremely helpful when it comes to your third-party risk management efforts. It grants all companies the right to ask vendors for specific information about plant processes, worker training, sanitation practices, and maintenance. Suppliers are required to be forthcoming with all information (when asked), and teams need to take advantage of this opportunity. It is an important part of the risk management equation and will help you understand your risks before disruptions occur.

Performing vendor risk assessments—in the form of inspections, questionnaires, and service level agreements—generates an enormous amount of data and information. This information is useful for mitigating risk, but only if it is up to date, consistent and distributed to the appropriate individuals. The Freedom of Information Act provides an opportunity to evaluate suppliers with robust risk assessments, and ERM provides the means to capitalize on that opportunity. Ad-hoc assessments of current and prospective vendors, without standardized processes, will only get your team so far.

Steps to Effective ERM

Capitalizing on your vendor assessment rights is only part of the equation. Without an appropriate means of processing, distributing, and making data actionable, you’re back at square one. To make sense of important data, follow these steps:

  1. Create a taxonomy: define relationships between risks, requirements, goals, resources and processes. If each area of the business uses its own system for identifying and classifying risk, the resulting information is subjective and unusable by other departments. There is also significant information overlap—and therefore waste. Use your existing information to create a standard for data collection with minimal work.
  1. Streamline with the standardized risk assessments identified in step one. Risk assessments can be conducted in many different formats and qualities. Use resources already in place and streamline the results using the standard from step one. The most effective way to collect risk data is by identifying the root cause, or why an incident occurred. Honing in on the root cause provides useful information about what triggers loss and your organization’s vulnerabilities.
    buy tretiva online meadfamilydental.com/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

    When you link a specific root cause to a specific business process, designing and implementing mitigations is simpler and more effective.

  1. Connect mitigation activities to each of the key risks in these processes. A risk taxonomy gives you a more holistic understanding of all the moving parts in your organization. This makes it easier to design mitigation activities.
  1. Connect incidents, complaints and metrics (for each business process) to mitigation activities. Typically, companies already dedicate many resources to monitoring business performance, collecting information about incidents, complaints and metrics. These processes are often inefficient and ineffective. Simply connecting them to mitigation activities, however, identifies the reason such incidents happen. You can then take straightforward corrective actions, meeting top priorities and allocating resources with forward-looking measures. Risk management, after all, is not about minimizing fallout after an incident, but preventing such an incident from happening in the first place.

To make this entire process effective, management must work to develop an enterprise-wide risk culture. ERM is not just an executive-level process, but should be pushed all the way to frontline managers, where everyday decisions are made and the risks are known—but resources are often absent.

Approach your vendor risk assessments as you would any other risk assessment—they should be reoccurring and standardized. Perform them regularly and evaluate the results with the same scale and criteria with which you evaluate all other risks. Finally, automate information collection and review so that reporting reveals cross-silo dependencies before these risks turn into scandals. The result will be increased vendor security and the prevention of surprises, at a fraction of the cost.