Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Cost of Cyber Crime Up 19% For U.S. Businesses

Posted on by

In its annual Cost of Cyber Crime study, the Ponemon Institute found that the average annual cost of cyber crime per large company is now $15.4 million in the United States. That figure has increased 19% from last year’s .

buy naprosyn online www.delineation.ca/wp-content/uploads/2023/10/jpg/naprosyn.html no prescription pharmacy

7 million, and presents an 82% jump from the institute’s first such study six years ago. This year, losses ranged from $307,800 to $65,047,302.

Globally, the average annual cost of cybercrime is $7.7 million, an increase of 1.9% from last year. The U.S. sample had the highest total average cost, while the Russian sample reported the lowest, with an average cost of $2.5 million. Germany, Japan, Australia, and Russia experienced a slight decrease in the cost of cyber crime over the past year.

buy nolvadex online www.delineation.ca/wp-content/uploads/2023/10/jpg/nolvadex.html no prescription pharmacy

To try to benchmark the complete cost of cyber crime, the Ponemon Institute examines the total cost of responding to incidents, including detection, recovery, investigation and incident-response management. While it is virtually impossible to quantify all of the losses due to reputation damage or business interruption, the researchers did look at after-the-fact expenses intended to minimize the potential loss of business or customers.

buy propecia online www.delineation.ca/wp-content/uploads/2023/10/jpg/propecia.html no prescription pharmacy

Check out more of the study’s findings in the infographic below:

global cost of cyber crime ponemon institute

Hank Greenberg Shares Concerns for Insurance Industry at RIMS Canada Conference

Posted on by

Hank Greenberg RIMS canada

QUEBEC CITY, CANADA—Currently on the mend from Legionnaires’ disease, Maurice “Hank” Greenberg appeared via live video stream to deliver the keynote address to the 2015 RIMS Canada Conference. The chairman and CEO of the Starr Companies and former chairman and CEO of AIG gave a frank and diverse address highlighting a number of concerns about potential impacts to the insurance industry due to the current climate.

“We’re living in a very troubled time on a global basis,” he said, emphasizing geopolitical instability. While such geopolitical uncertainty demonstrates the need for political insurance, other widespread conditions do not necessarily have such favorable implications for the industry.

“Clearly commercial insurance rates are under pressure,” he said. “The absence of catastrophes has masked that rates have gone down so much, and that has allowed some companies to survive.”

He also noted that investment income is suffering because of interest rates, and expressed concern that many companies are turning to long-tail reserves for income. What’s more, he said, accident year results for many companies are turning negative, and many are finding their reserves inadequate, particularly as expense ratios are frequently increasing rather than remaining steady.

Companies that aren’t very efficient will find it very hard to be competitive and show returns this year, he cautioned.

Further examining the industry, Greenberg criticized insurers for “not doing a very good job of training underwriters,” seeing a stark comparison to the rigorous, diverse experience previously customary in the London market, for example.

“It takes years of experience to train an underwriter—they are not just qualified because of a college degree,” he said. “It takes years of work and a lot of common sense to develop the wisdom to know what can be underwritten and at what price.”

When it comes to this talent concern, he noted, it is not a question of which companies are doing better, but a problem across the board. “I don’t think we have the discipline, as an industry, to do the job properly,” Greenberg said.

Greenberg also shared some of his political opinions, both international and domestic.

Of China, the US-ASEAN Business Council chairman emeritus and vice chairman of the Council on Foreign Relations said he does not share the widespread dubious feelings on China. “They’ve had some missteps. What country hasn’t?” he said.

He spent some of his time addressing the burgeoning 2016 U.S. election. Greenberg noted Donald Trump’s campaign as part of what he views as growing dissatisfaction – and perhaps inadequacy – of the current political system. “People are fed up with the political system as it currently exists.

Why else would somebody like Trump, who has no experience but is speaking about things people care about be doing so well?” he said.

He also told the crowd that Jeb Bush would personally be visiting him Wednesday. Greenberg does not yet endorse any particular candidate, however, and expressed some concern about the Republican party’s position amid acute socioeconomic changes and resulting political demands nationwide.

“You have to give people the opportunity to succeed—that’s the American Dream. That’s why people came here,” he said. “If we’re going to deny that opportunity, the Republican party will have to change its name.”

Risk Managers’ Role in Addressing Climate Change

Posted on by

IMG_4146

QUEBEC CITY, CANADA—Salutations de la ville de Québec! At the first day of this year’s RIMS Canada Conference, climate change quickly emerged as one of the key challenges facing risk managers—and an area with tremendous potential for risk professionals to effect change.

Government clearly has a role to play, but the slower pace and greater number of obstacles they face lessen some of the possible impact. According to Tim East, director of risk management at the Walt Disney Company, that is where businesses come in. Every one of the Dow 30 companies has created environmental and sustainability initiatives, but only 12% of companies have a C-suite or other top-level executive charged with leading action on this front. The clear trend of embracing corporate responsibility stems from a moral obligation businesses all have, and corporations must take initiative in changing how people think, East said.

buy revia online www.cappskids.org/wp-content/uploads/2023/10/jpg/revia.html no prescription pharmacy

Addressing sustainability and other climate change concerns cannot be done in a silo, and efforts must focus on building resilience in all of the assets a business has: facilities, systems and people.

buy augmentin online www.cappskids.org/wp-content/uploads/2023/10/jpg/augmentin.html no prescription pharmacy

Risk managers should be taking a leadership role, using their perspective of corporate objectives and performance to help identify and execute the most impactful change.

Risk professionals can particularly help drive this objective to boost awareness within the organization and in the broader community, while also ensuring the business itself is performing in line with sustainability goals. “Risk managers can help become part of the solution by helping to close the gap between the desires and intentions of our organizations and the performance and impact they have,” East said. “This is part of our moral obligation to reduce our impact on the environment.”

Why should companies act? “Not just because it’s good business—although it is, and not just because it’s profitable—although I think it is, but because it’s the right thing to do in the world and for the communities they serve,” East said.

To maximize the impact of these initiatives, East urges risk managers to set and pursue to reduction targets, otherwise they stand little chance of truly achieving change.

buy zantac online www.cappskids.org/wp-content/uploads/2023/10/jpg/zantac.html no prescription pharmacy

Then, he advises they commit to a process of assessing, identifying opportunities, and measuring impact annually.

On the organizational level, changing mindsets extends beyond having employees recycle or monitoring water use. Business continuity planning is a critical task at Disney, East said, and they were always good at crisis management, addressing urgent problems over the course of a couple of days. Now, however, they are devoting more focus to planning for longer events.

To that end, the company is working to delink events from their consequences—rather than focusing on discrete emergency situations, it is focusing on how the business will be impacted by the conditions that could stem from any of these specific scenarios, he explained.

Getting started and shifting to a long-term focus seem daunting, and the slow rate of observable change often means adaptation and mitigation are not top of mind for businesses, said Lou Gritzo, vice president of research at FM Global. But risk professionals cannot wait for the next disaster or policy change to prompt a more serious evaluation of exposure and strategy.

Getting started on—or further investing in—mitigation efforts may be best focused on one of the main changes we are already seeing: flooding. Existing data shows a clear increase in flooding, and due to sea level risk and increased rainfall and intensity of rainfall, there will only be more, Gritzo said. To manage this growing risk, he recommends risk managers take four key steps:

  1. Know your flood exposure
  2. Be above the water level, and ensure any new construction is as far above it as possible
  3. Have and exercise a plan for flood emergencies
  4. Keep water out – in the wake of Hurricane Sandy, a number of physical protection measures have been certified and made commercial available to guard against up to a meter of water

Understanding Cyberrisks From Insider Threats

Posted on by

insider threat cyber risk

As cyberrisks evolve, enterprises have begun to focus on the insider threat by adding specialized capabilities for behavioral analytics on top of endpoint and network monitoring. In order for these tools to be most successful, there must be a fundamental understanding of the role an insider plays in a breach. Not every employee-caused breach is malicious, but they certainly are numerous. In fact, according to Verizon’s most recent Data Breach Investigation Report, 90% of breaches have a human component, regardless of intent.

Insider threats are a rampant problem exemplified by several recent headline-making incidents: the indictment of six Chinese nationals on suspicion of stealing intellectual property worth millions from two U.S. technology firms; accusations from financial giant Morgan Stanley toward an employee believed to have stolen client information with the intent to sell it; and claims from wearable-maker Jawbone that its competitor Fitbit regularly courted its privileged employees, enticing several of them to switch companies and bring sensitive details on its products. The uncertainty around all of these cases begs a couple of important questions: how can intent be determined, and how can employee privacy be maintained while ensuring business security?

Malicious or Careless?

Many think of insider threats only in terms of deliberate attacks, but the risk includes damage caused by simple carelessness. It is important to note the differences between malicious and careless incidents to ensure you are taking the right steps to mitigate the threat to your organization.

“Malicious incident” means an employee or someone trusted with network access has acted deliberately, either of their own volition or under the influence of others. A rogue malicious employee usually breaches security policy intentionally for personal gain. This type of incident is illustrated by the Jawbone/Fitbit controversy, as well as the case of the accused Chinese nationals mentioned above.

buy levofloxacin online www.gcbhllc.org/scripts/html/levofloxacin.html no prescription pharmacy

Three of those six individuals allegedly leveraged their positions at tech firms to steal research and technology they could replicate and profit from in China.

Conversely, the non-malicious insider threat often stems from employees’ inadvertent mistakes. There is no endgame, just a failure to follow security protocol. This can happen when employees breach policy intentionally but without malicious intent, not recognizing the risk. Sensitive data may be lost due to use of an unauthorized app (“shadow IT”) or manipulation through social engineering attacks, for example. This is easily the most common form of insider threat and can be seen in any case where employee credentials are stolen due to carelessness. To create a truly complete response plan to address insider threats, these incidents must be accounted for as well.

The Most Common Attack Vectors

Through our customer assessments, we have found that most threats stem from two common groups: employees who are planning on leaving the company, and privileged users who are targeted by outside actors.

We’ve come across employees attempting to steal sensitive information before leaving their employers a shocking number of times. In a large portion of investigations launched within three months of working with new customers, we’ve discovered employees attempting to leave with trade secrets that will help them down the road. In recent customer assessments, we found staff using hacking tools not required for their job—like Wireshark and Process Hacker —in two-thirds of cases, and we found staff actively bypassing company security measures 96% of the time.

But the bigger problem we have noticed is outsiders targeting privileged users in order to get into an organization’s networks. Attackers seek out privileged users in order to get quicker and deeper access to sensitive and strategically important information. It’s not as hard as you’d think; 75% of assessments found staff using pirated software, and 93% found sensitive information both in the cloud and on unencrypted USBs.

buy zyprexa online www.gcbhllc.org/scripts/html/zyprexa.html no prescription pharmacy

These risky practices open the door for phishing schemes, watering-hole attacks, and a slew of other approaches aimed at gaining access to user credentials. A growing number of these highly targeted forms of attack are being perpetrated by sophisticated, well-managed criminal organizations.

Don’t Compromise Privacy

Knowing the varying possibilities, organizations are hard-pressed to guarantee awareness of suspicious or dangerous activities without impacting their employees’ rights to privacy. To address this, start by focusing monitoring on rich, context-heavy data that truly describes typical workforce activity—for example, baseline user behavior over a set period of time to identify uncharacteristic access to sensitive data, running new and unusual applications, or downloading files that an employee has never touched before.

But don’t forget the need to protect the privacy of your employees. Conversations with the legal and HR departments are critical to ensure your plan abides by the legal and ethical limits on gaining insight into user activity.

buy vilitra online www.gcbhllc.org/scripts/html/vilitra.html no prescription pharmacy

Be sure the efforts to stamp out an insider threat don’t come at the expense of the rights of the rest of your workforce.

How Does This Affect the Enterprise?

Whether driven by a careless user, a disgruntled employee looking for quick monetary gain or state-backed espionage, insider threats can have a huge and devastating impact on an organization. Enterprises are beginning to realize they need to understand not only their networks and systems but also their employees and their activities. Historically, a majority of businesses ignored the issue. The most recent Vormetric Insider Threat Report shows 89% of organizations feel vulnerable to the risk of insider threats, but organizations taking a proactive approach still remain in the minority.

Your best bet is to adhere to the philosophy of “trust, but verify.” Rather than focus on locking down certain applications and limiting access to many or all users at the network perimeter, organizations must gain broad visibility into behavior across the company to identify the most pressing vulnerabilities. Not until that has become a widespread practice will enterprises have a true handle on the insider threat.