Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Boards Are Failing at Cyber, New Report Finds

Posted on by

SAN FRANCISCO—Information security executives are telling boards what they want to hear, not what they need to hear, and boards are frequently not asking the right questions or understanding the responses, according to a report released today by Bay Dynamics at the RSA Conference.

“The report reveals that both the board and security professionals are not doing their jobs when it comes to security reporting,” said Feris Rifai, co-founder and CEO at Bay Dynamics. “The board isn’t holding IT and security executives accountable for providing accurate, traceable and actionable information and security executives are failing to report information that is accurate, traceable and actionable. Both parties must do better if they want to make the right decisions that minimize their cyberrisk”.

While the majority surveyed say they know what to present to the board, only two in five IT and security executives feel that the information they provide to the board is actionable, and even fewer believe they are getting the help they need from the board to address cyber security threats. This may be in part because of the ongoing struggle to fully understand and measure cyberrisk exposure and the costs of failure.

buy doxycycline online familyvoicesal.org/resources/images/jpg/doxycycline.html no prescription pharmacy

Just over half of boards expressed a strong preference for qualitative information, while 38% have a preference for quantitative data. To truly make appropriate decisions, however, the board must focus more on quantitative information in context, meaning qualitative information must be wrapped around quantitative information, the report explained.

Regardless of what information they provide, only a third of IT and security executives believe the board understands the information they are given about cyber threats. In turn, only 39% think they are getting the support they need from the board to address threats. Some other major issues these executives identified in their reporting included:

cyberrisk information reported to board

While 36% of boards want recommendations for additional spending and 34% want recommendations to reduce cybersecurity spending, boards are getting little data about the specifics of information security investments. The most common type of information reported about cybersecurity issues is known vulnerabilities within the organizational systems, followed by recommendations about cybersecurity program improvements and specific details on data loss incidents, Bay reported, while information about the cost of cybersecurity programs and details about expenditures on specific projects or controls are not as commonly reported.

cyberrisk information reported to board

Reporting is also relatively infrequent for such a rapidly evolving high-risk exposure, with most executives only presenting to the board quarterly, and 18% even less frequently.

reporting frequency

Looking forward, Bay Dynamics had the following suggestions for how both boards and IT and security executives can improve:

Issues the board must address:

  • The board is not doing its job when it comes to effectively managing cyberrisk.
  • Boards of directors must hold IT and security executives accountable for providing accurate, actionable information about their cyberrisk to help the board make effective decisions about their cybersecurity programs.
    buy mobic online familyvoicesal.org/resources/images/jpg/mobic.html no prescription pharmacy

    Boards cannot make decisions about what they consider acceptable risk if they don’t have actionable information.

    buy tenormin online familyvoicesal.org/resources/images/jpg/tenormin.html no prescription pharmacy

  • Boards must demand actionable information from IT and security executives about their cyberrisk since the board is responsible for the company’s risk appetite. Strengthening their cyberrisk program begins with the board.

Issues IT and security executives must address:

  • IT and security executives must communicate to their boards more effectively and more completely using quantitative and qualitative information. They should communicate the value of data at risk using numbers that explain what it is and how to take action to protect it.
  • Given that board members in many organizations are typically less technical than the IT and security executives reporting to them, the latter must contextualize the information in order to make it both understandable and actionable.

Driverless Cars Not a Concern, Allstate Says

Posted on by

Driverless car

Driverless cars are becoming more of a reality, with testing in full swing by Google and others, and software upgrades underway for existing models of Tesla cars. One industry that will be impacted by larger number of safe vehicles on the road is the auto insurance industry. One insurer, Allstate, is carefully following the progress being made, but emphasized safety over possible diminishing profits. In its annual report for 2015, Allstate wrote:

Consider what is happening with autonomous cars. Today, only modest levels of driver-assistance technology are available, and only on a limited set of vehicles. However, the technology for fully autonomous cars is advancing rapidly and the legal and regulatory framework will follow. At some point, the fleet of a quarter-billion vehicles could be smaller and will include technologically sophisticated vehicles that are safer, more effective and efficient. Fewer, safer cars would benefit consumers and the environment, but could affect demand for auto insurance.

buy lexapro online sinusys.com/email/img/jpg/lexapro.html no prescription pharmacy

The financial squeeze that autonomous cars could put on the insurance industry has been expected for years, The Chicago Tribune noted. In 2012, financial technology consulting firm Celent published “A Scenario: The End of Auto Insurance: What Happens When There Are (Almost) No Accidents?

buy cytotec online sinusys.com/email/img/jpg/cytotec.html no prescription pharmacy

While Allstate states that demand for auto insurance could diminish, it points out that this is not a concern. “Some industry participants are waiting to see how this will play out. Allstate is not,” the insurer said, adding:

We are moving forward into uncertainty rather than wait. Throughout our history, Allstate has led from the front on auto safety—for example, as an early proponent of seat belts and air bags. We support the introduction of new driver-assistance technology that makes driving safer, because this is about saving lives and protecting the hopes and dreams of those who depend on us. We are confident Allstate will thrive in whatever new world emerges because of a differentiated strategy, strong brands, passionate agency partners and committed employees. Preparations for a new and different future are well under way.

Lance J. Ewing, hospitality and leisure industry practice group leader with AIG, previously told Risk Management magazine, “With more than five million vehicle accidents in the U.S. resulting in over 30,000 deaths, any enhancement is welcome, but there may be collateral results from the driverless highways.”

Galaxy Quest: Assessing Space Commercialization

Posted on by

Student-space
If a bunch of kids can launch a satellite into space, why can’t you?

As reported by the Washington Post, seventh-graders at St. Thomas More Cathedral School in Arlington, Texas are the first grade school students to send a satellite into orbit. The CubeSat – built by the children – was launched into space and will begin beaming photos from 200 miles above the Earth’s surface to an antenna on the school’s library.

This learning experience is remarkable for the kids, but what does it mean for the future of commercial industries in space? While commercialization of space tourism and satellite technology is already happening, is this emerging risk something that industries can afford to overlook?

The Space Foundation’s 2015 “The Space Report” found that commercial activities in space continue to increase and now make up 76% of the global space economy. The report adds that revenue from commercial space products and services was dominated by direct-to-home television services, making up more than three-quarters of the global commercial space products and services market.

buy anafranil online www.delineation.ca/wp-content/uploads/2023/10/jpg/anafranil.html no prescription pharmacy

Space budgets

Allianz published an article that outlines some of the challenges of space insurance and space risks, from the pre-launch phases to in orbit operations and satellite insurance.

“Losing a spacecraft is by far not the only risk,” the article points out. “Potential interruptions of a satellite’s service in our globalized work are just as problematic for spacecraft users, individual transponders users such as TV channels and Internet providers, but also for banks, car manufacturers and large industries that use telecommunications networks.”

According to the Federal Aviation Administration’s (FAA / AST) Annual Compendium of Commercial Space Transportation: 2016, “The size of the global space industry, which combines satellite services and ground equipment, government space budgets, and global navigation satellite services (GNSS) equipment, is estimated to be about $324 billion. At $95 billion in revenues, or about 29%, satellite television represents the largest segment of activity.”

The report highlights the progress China has made with its space program, noting the number of orbital launches conducted by the country has steadily increased each year since 2010, with a peak of 19 launches in 2012. The findings highlight China’s commitment to commercial space applications, specifically stating that the data “points to a robust future in Chinese spaceflight.”

For many industries, the idea of planning for the risks involved in a space expansion might seem too far off to devote resources. But, with commercial airliners, telecommunications companies, international markets like China and even a bunch of seventh-graders already investing in opportunities in space, it might be time to reconsider the possibilities and the risks.

buy robaxin online www.delineation.ca/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

65% of Businesses Unprepared For Email-Based Cyber Threats

Posted on by

In a recent threat report, cloud email management company Mimecast warned they had seen a 55% increase in whaling attacks over the past three months. As we reported in this month’s Risk Management cover story “The Devil in the Details,” social engineering fraud schemes like whaling (which is phishing that targets higher-profile employees and executives) resulted in a total losses of more than $1.2 billion worldwide between October 2013 to August 2015. According to the Mimecast Business Email Threat Report 2016, released yesterday, IT security professionals clearly recognize the risk, with 64% of respondents in the new saying they see email as a major cybersecurity threat to their business. Yet only 35% feel confident about their level of preparedness against data breaches, while 65% feel ill-equipped or too out of date to reasonably defend against the risk.

buy sinequan online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” said Peter Bauer, chief executive officer of Mimecast. “As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”

Even the most secure companies feel the most at risk of these scams. Of the top 20% of organizations that feel most secure, 250% are more likely to see email as their biggest vulnerability. Those who feel most confident about guarding against the risk are 2.7 times more likely to have a C-suite that is extremely or very engaged in email security. Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security, Mimecast reports. However, of all IT security managers who were polled, only 15% say their C-suite is extremely engaged in email security, while 44% say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.

The firm also had some insight on best budgeting against the risks of phishing. Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security, the firm found, with these IT security managers allocating 50% more of their budgets to email security compared to managers who were less confident in their readiness. Mimecast found 10.4% of the total IT budget toward email security is the ideal intersection between email security confidence and spend.

To reduce the threat of whaling, Mimecast recommends that companies:

  • Educate your senior management, key staff members and finance teams on this specific type of attack. Don’t include whaling in a general spear-phishing awareness campaign—single out this style of attack for special attention to ensure key staff remain vigilant.
    buy biaxin online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

  • Carry out tests within your own business. Build your own whaling attack as an exercise to see how vulnerable your staff are.
  • Use technology where possible. Consider an inbound email stationery that marks and alerts readers of emails that have originated outside of the corporate network.
  • Consider subscribing to domain name registration alerting services so you are alerted when domains are created that closely resemble your corporate domain.
    buy bactrim online youngchiropractic.com.au/wp-content/uploads/2023/10/jpg/bactrim.html no prescription pharmacy

    Consider registering all available TLDs for your domain, although with the emergence of generic TLDs (gTLD) this may not be scalable.

  • Review your finance team’s procedures; consider revising how payments to external third parties are authorized. Require more than single sign-off, or perhaps use voice or biometric approval only with the requestor to ensure validity of the request.

Check out the infographic below for more on business email threats:

mimecast business email threats