Category Archives: Emerging Risk

Want to scan your crypto wallet for risks? Check: AML check BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money. You may not be aware of a risky transaction and at any moment, even can increase your AML rating into the red zone.

Closing the Vendor Security Gap

Posted on by

What do organizations really know about their relationships with their vendors?

buy vilitra online familyvoicesal.org/resources/images/jpg/vilitra.html no prescription pharmacy

It’s a question that most companies can’t answer, and for many, that lack of knowledge could represent increased risk of a security breach. This year, Bomgar conducted research into vendor security on a global scale, and the findings underscore that much work remains to be done to shore up third-party security.

The 2016 Vendor Vulnerability Index report produced eye-opening results that should be a wake-up call for business leaders, CIOs and senior IT managers. The survey of more than 600 IT and security professionals explores the visibility, control, and management that organizations in the U.S. and Europe have over external parties accessing their IT networks. Some of the most surprising statistics are summarized below:

  • An average of 89 vendors are accessing a company’s network every week.
  • 92% of respondents reported they trusted their vendors completely or most of the time.
  • 69% said they definitely or possibly suffered a security breach resulting from vendor access in the past year.
  • In the U.S., just 46% of companies said they know the number of log-ins that could be attributed to vendors.
  • Only 51% enforce policies around third-party access.

It’s evident from these findings that third-party access is pervasive throughout most organizations. What’s more, this practice is likely to grow—75% of the respondents stated that more vendors access their systems today than did two years ago. An additional 71% believe this number will continue to increase for another two years.

Two-thirds of those polled admit they have a tendency to trust vendors too much—confidence that should be questioned based on the results of this report. The data revealed that, while most organizations place a high level of trust in their vendors, they still have a low level of visibility into how vendors are accessing their systems.

This contradiction is not something organizations should take lightly. As noted above, 69% of respondents admitted they had either definitely or possibly suffered a security breach resulting from vendor access. An additional 77% believe their company will experience a security issue within the next two years as a result of vendor activity on their networks.

As an organization’s network of vendors grows, so too does the risk of a potential breach. For most companies, it is essential that third-parties have access to sensitive systems as a course of doing business—the question centers on how to grant this access securely.

Historically, companies have used VPNs to provide network access to third-parties.

buy synthroid online familyvoicesal.org/resources/images/jpg/synthroid.html no prescription pharmacy

While appropriate for the intended end-user—remote and/or traveling employees—issues arise when the scope of VPN is trusted to manage connections from external groups. If a system connected via VPN is exploited and used as a point of persistence for leap-frogging into the broader network, hackers can persist for days or months and move stealthily about the network. Companies have also seen malicious (or well-intentioned) insiders choosing to abuse their access to steal or leak sensitive information, as this is all made fairly trivial when leveraging open-ended VPN connectivity.

To balance the dual demands of access and security, companies need a solution that allows them to control, monitor and manage how external parties are accessing their systems. Rather than providing “the keys to the kingdom,” a modern secure access solution enables organizations to grant vendors and other third-parties access only to the specific systems and applications needed to do their jobs.

To ensure security, organizations should also select a secure access solution that provides video and text logs of all session activity. This allows companies to monitor how remote access is being used and, perhaps more importantly, by whom. With this technology, any suspicious activity can be immediately flagged for further investigation. In addition, these session forensics can help companies meet internal and external compliance requirements.

Another secure access best practice is to employ a password/credential vaulting solution. This enables organizations to mitigate the risk of credentials shared between privileged users, which are often the target of a threat actor. It also reduces the risk of what system administrators often think of as “the stickynote nightmare,” where a sensitive credential is written on a stickynote and stuck on someone’s monitor for all who walk by to see. Password vaulting technologies also help with the dangers posed by embedded system service accounts that have administrative privileges and are rarely rotated for fear of bringing critical business services down. A small, yet strong initiative to protect network security would include requiring every privileged user to access credentials required for elevated work via checking out of a password vault. This removes most of the challenges associated with sharing credentials as, once they are checked back in, those credentials can be immediately rotated and thus become unknown to the employee or the bad actor who may have stolen them. Incorporating multi-factor technology in order to access the password vault and other sensitive systems takes it a step further.

In today’s heightened environment, following these steps should be essential security best practices for any company allowing vendors or other third-parties to access their network.

The Vendor Vulnerability Index report suggests that companies are aware of the threats posed by ineffective management and poor visibility into vendor access. Yet, as the data shows, just slightly over half of the respondents are enforcing any policies around third-party access. In light of these findings, companies should also ensure that they are properly screening any third-parties with whom they share network access. For example, does the vendor provide security awareness training as part of their employee on-boarding process?

buy ivermectin online familyvoicesal.org/resources/images/jpg/ivermectin.html no prescription pharmacy

Asking this and similar questions will give companies a clearer picture of the vendor’s security ethos, and help them to determine if the partnership is a good fit to begin with.

In order to combat this growing vulnerability, organizations need granular control over external access. Only with such a solution in place can companies feel confident that their vendors won’t unintentionally become their weakest security link.

Organizational Complexity Poses Critical Cyberrisk

Posted on by

According to a recent survey on IT security infrastructure, 83% of businesses around the world believe they are most at risk because of organizational complexity.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” noted the Ponemon Institute’s “The Need for a New IT Security Architecture: Global Study,” sponsored by Citrix. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

Shadow IT, the information technology systems built and used by an organization without explicit approval, has largely cropped up because employees feel official tools are too complex or otherwise difficult and inefficient. As a result, company data is being put on personal devices and official business is conducted on platforms that enterprise security teams can not monitor or secure.

online pharmacy cipro with best prices today in the USA

Nearly three-quarters of respondents said their business needs a new IT security infrastructure to reduce risk.

online pharmacy mobic with best prices today in the USA

With increasing amounts of sensitive data stored, new technology like the internet of things adopted, and new cyberrisk threats constantly emerging, addressing individual security challenges may be impossible, Citrix Chief Security Officer Stan Black told eWEEK. Rather, companies should focus on larger issues like controlling complexity, developing and maintaining strong incident response plans, and rigorously vetting vendors with access to systems or responsibility for storing data.

online pharmacy ventolin with best prices today in the USA

Check out more of the report’s findings in the infographic below:

organizational complexity cyberrisk

Business Interruption Seen as Top Risk Globally

Posted on by

A survey of more than 1,200 risk managers and corporate insurance experts in over 50 countries identified business interruption as the top concern for 2017. According to the sixth annual Allianz Risk Barometer of top business risks, this is the fifth successive year that business interruption has been seen as the biggest risk.
top-10-risks

“Companies worldwide are bracing for a year of uncertainty,” Chris Fischer Hirs, CEO of AGCS said in a statement. “They are concerned about rather unpredictable changes in the legal, geopolitical and market environment around the world. A range of new risks are emerging beyond the perennial perils of fire and natural catastrophes and require re-thinking of current monitoring and risk management tools.”

While natural disasters and fires are what businesses fear most, non-damage events such as a cyber incident, terrorism or political violence resulting in denial of access are moving higher up on the scale, according to the report. These types of incidents can cause large loss of income to companies, without actual physical loss.

The second concern, market developments, could result from stagnant markets or M&As, or from digitalization and use of new technologies.

Cyberrisk, third on the list of perils, has jumped up from 15th place in just four years. Cyber was identified as the second concern in the United States and Europe.

According to Allianz:

The results indicate that cyber risk occupies a significant portion of a company’s exposure map. The risk now goes far and beyond the issue of privacy and data breaches. A single incident, be it a technical glitch, human error or an attack, can lead to severe business interruption, loss of market share and cause reputational damage. Of the top 10 global risks in the 2017 Allianz Risk Barometer, a cyber incident could be a potential root cause or trigger for 50% of them. In addition, the toughening of data protection regulation regimes around the world is also contributing to this risk being at the forefront of risk managers’ minds, as penalties for non-compliance are increasingly severe.

Fourth on the list, natural catastrophes added up to $150 billion in total economic losses in 2016—with insured losses accounting for $42 billion of those losses—up from $28 billion in 2015, according to the report. Businesses also are more concerned about the impact of climate change and increasing weather volatility year-on-year.

Trump outlook for 2017

“Opportunities and challenges,” says Ludovic Subran, head of Euler Hermes Economic Research and deputy chief economist of Allianz research. “Companies which are domestic, either a regional multinational or national, will benefit. However, the business environment for large multi-national corporations who do have global, strongly regionally diversified business models will be more challenging. Stronger regional interests will make the lives of companies more complicated as there will be increasing protectionist regulation.”

Plan Now for the Political and Risk Landscape Ahead

Posted on by

With a new president in office in 2017, there are sure to be changes ahead for businesses in the United States. Yet of risk professionals surveyed, fewer than half are actively preparing. Organizations are expected to see impact in areas including regulation and enforcement strategies, a new national trade policy, and a potential rollback of Affordable Care Act (ACA) provisions, according to Marsh.

Speakers on Marsh’s webcast, The New Reality of Risk, noted that the new administration appears to favor deregulation across several industries including financial services, although a complete repeal of the Dodd-Frank Wall Street Reform and Consumer Protection Act is unlikely, said Arthur Long, a partner at Gibson, Dunn & Crutcher LLP. The Trump administration is also expected to reduce regulation in the energy industry and others.

Areas to watch, according to the webcast:

  • Regulation and Taxes
    Less regulation and lower taxes are the most significant changes that are expected next year, both of which are expected to benefit businesses, said Michael Poulos, president of Marsh Risk Consulting. A stronger dollar could also help larger companies with extensive operations overseas, while others could benefit from changes in credit and monetary policies.
  • Trade Policy
    Changes in trade policy — including a move away from free-trade agreements — could alter the trade credit market, said Michael Kornblau, Marsh’s US Trade Credit Practice leader. These changes could lead to balance-sheet pressures — including reductions in sales and working capital — on companies with more than half of their revenues outside of the US.
  • Health Care
    Meanwhile, the future of the ACA (commonly referred to as Obamacare) remains uncertain for health care organizations and employers, said Mark Karlson, Marsh’s US HealthCare Practice leader, as transition officials have made sometimes conflicting statements about whether they will pursue repeal, replacement, or amendment of the existing law. If any changes are made to the law, it may be some time before they take effect.
  • Cyber Risk
    The election also highlighted cyber risks for businesses, including the potential threat of hackers and the need to encrypt corporate emails, said Tom Fuhrman, Cybersecurity Consulting and Advisory Services Practice leader at Marsh Risk Consulting. Generally, cyber regulations are expected to focus more on ensuring effective risk management for businesses rather than the existence of specific controls.

Although uncertainty remains about many specific policy changes to be made under the new administration, businesses should be thinking about the potential effects of new policies on their operations. Among other steps, businesses should:

  • Stay up-to-date on policy and regulatory proposals from transition and administration officials and develop a post-election game plan that includes actions and strategies that can be taken in preparation for regulatory changes.
  • Assess how reliant they are on global economic models that could become further strained.
  • Plan to reassess their risk more frequently than they have in recent years, according to Marsh.
  • marsh-polling-questions-12-2016