Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Most Companies Miss Easiest Ways to Boost Workplace Cybersecurity

Posted on by

Despite increasing attention to cybersecurity and a seemingly constant stream of high-profile data breaches, the primary security method used in businesses worldwide remains the simple password. According to a recent study, the average person now has 19 passwords to remember, so it is not surprising that the vast majority of passwords are, from a security perspective, irrefutably bad, including sequential numbers, dictionary words or a pet’s name.

A new report by software firm Software Advice found that 44% of employees are not confident about the strength of their passwords. While many felt their usage was either extremely or very secure, the group reported, “our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords.

online pharmacy advair with best prices today in the USA

Among the biggest password sins employees commit:

Employee Password Worst Practices

But company culture and IT leadership may be partly to blame. “If management is lax about enforcing best practices, then leadership must share the blame when workers take shortcuts—and perhaps even accept the lion’s share of it,” the report reads.

online pharmacy tobradex with best prices today in the USA

Only 54% of businesses require complex passwords, and other shortcomings in best practice enforcement include:

Enforced Workplace Password Best Practices

White House Cybersecurity Coordinator Michael Daniel has previously said that he “would love to kill the password dead as a primary security method,” and 14% of companies are leading the charge, using biometric identification instead. Clearly, however, there is plenty that IT departments can implement now to boost cybersecurity without adopting advanced and costly measures like retina scans or fingerprints.

online pharmacy buspar with best prices today in the USA

Are Critical Infrastructure Issues Finally Being Addressed?

Posted on by

The recent collapse of an Interstate 75 overpass in Cincinnati, killing a worker and injuring a truck driver, is yet another reminder of the plight of America’s infrastructure, which is estimated to require billions of dollars to bring up to 2015 standards.

The bridge that collapsed had been replaced and was being torn down as part of an extended project to increase capacity on a congested, accident-prone section of the interstate, according to the Associated Press.

President Obama, speaking today in Saint Paul, Minnesota, outlined several proposals, including launching a competition for $600 million in competitive transportation funding and investing in America’s infrastructure with a $302 billion, four-year surface transportation reauthorization proposal, according to a press release from the White House. Obama also plans to “put more Americans back to work repairing and modernizing our roads, bridges, railways, and transit systems, and will also work with Congress to act to ensure critical transportation programs continue to be funded and do not expire later this year.”

More and more, states are finding ways to fund infrastructure repair. New York Gov. Andrew Cuomo, for example, in his State of the State address, proposed $3 billion in loans and grants for infrastructure upgrades, including $1.3 billion for the Thruway and the new Tappan Zee Bridge, which is under construction. The money, he said, would come from a a $5.4 billion windfall from bank settlements.

A report by the American Society of Civil Engineers (ASCE), “Failure to Act: The Impact of Current Infrastructure Investment on American’s Economic Future,” found that the cascading impact of putting off repairs affects the entire economy. The report concluded that, between 2013 and 2020, there will be an investment gap of about $846 billion in surface transportation.

At risk are a number of bridges and overpasses. According to Risk Management magazine:

“Right now, 11% of our bridges across the country are rated structurally deficient and another 13% are considered functionally obsolete,” Andrew W. Herrmann, 2012 president of the American Society of Civil Engineers (ASCE) and principal with Hardesty & Hanover LLP, an infrastructure engineering firm. “This means they were designed to an older standard, so they may not have the same lane widths or turning radius or may have been designed to carry lesser loads.”

Deterioration of the nation’s infrastructure jeopardizes public safety, threatens quality of life, and drains the U.S. economy. “If they have to start closing down, restricting or putting mileage postings on bridges, the economy will be affected,” said Herrmann, who served on the advisory council for the 2003, 2005 and 2013 report cards and chaired the council for the 2009 edition.

“Bridges are the most pressing need in the infrastructure overall. You can have all the roads and highways you want, but if you don’t have the bridges to cross the rivers and intersections, it slows everything down.”

He observed that, from a bridge engineer’s perspective, investments need to be made to keep bridges in good repair. The Federal Highway Administration (FHWA) estimates that it needs $20.5 billion annually to eliminate the nation’s backlog of bridge repairs by 2028, but only $12.8 billion has been budgeted. The challenge, then, for federal, state and local governments is to increase investments in bridges by $8 billion annually.

What the 2015 State of the Union Means for Risk Managers

Posted on by

state of the union 2015

Last night, President Obama delivered the annual State of the Union. Unsurprisingly, the speech covered a variety of topics ranging from foreign affairs to civil rights to climate change. While these issues may ultimately have little impact on the insurance industry or risk management, there were two topics raised that could be of significant interest.

The first relates to tax reform:

“As Americans, we don’t mind paying our fair share of taxes, as long as everybody else does, too. But for far too long, lobbyists have rigged the tax code with loopholes that let some corporations pay nothing while others pay full freight. They’ve riddled it with giveaways the superrich don’t need, denying a break to middle class families who do,” Obama said.

buy sinequan online www.delineation.ca/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

For the past few years, the Obama administration’s annual budget proposal has included a measure that would deny a tax deduction for certain reinsurance premiums paid to foreign-based affiliates by domestic insurers. While the administration and some members of Congress deem this deduction a “loophole,” it is actually a commonly used and effective risk management tool.

buy cenforce online www.delineation.ca/wp-content/uploads/2023/10/jpg/cenforce.html no prescription pharmacy

Doing away with this particular “loophole” would force the industry as a whole to reduce the size and scope of its U.S. offerings. A previous economic impact study found that this proposal would reduce the net supply of reinsurance in the United States by 20%, thus increasing prices by to billion annually for the same coverage.

buy zocor online www.delineation.ca/wp-content/uploads/2023/10/jpg/zocor.html no prescription pharmacy

If Congress does take up comprehensive tax reform, this is certainly an initiative that many in the industry will need to keep an eye on.

The other issue is cybersecurity:

“And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyberattacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” the president said.

Cybersecurity and the management of cyberrisks is certainly one of the hottest topics in the industry. While it remains unclear what proposed legislation will look like, we will almost certainly see at least one major piece of cybersecurity legislation introduced in the next few months. Previous efforts have focused on information-sharing. With the number of attacks and damage inflicted only increasing, however, it is quite possible that new legislation may be even broader in scope.

It is also important to note that simply including something in a State of the Union address does not always translate into real action. It is quite possible that tax reform will get tabled again as various factions are unable to agree. It’s also possible that Congress will be unable to come up with a cybersecurity bill that achieves many of its goals without undermining the privacy or personal security of individuals. It is, however, an overview of the administration’s priorities for the coming year, and that does still carry some weight.

New Year Resolutions for Better Enterprise Security

Posted on by

Forecasting what the IT security landscape will look like in the year ahead has become an annual technology tradition, and following 2014 as the Year of the Data Breach, I think anyone could make a fairly accurate guess as to what the major trend of the New Year will be: more data breaches.

Forty-three percent of organizations reported a data breach in the past year, a figure that Forrester predicts will rise up to 60% in 2015. And it’s not just the frequency of breaches that we will see escalate in the year ahead, but also that malware will be increasingly difficult to dismantle. P2P, darknet and tor communications will become more prevalent, and forums selling malware and stolen data will retreat further into hidden corners of the Internet in an attempt to avoid infiltration.

By now, it is no longer a matter of if your business is going to be breached, but when. The last thing any organization needs as we enter another year of risk, is a blind side. The good news, though, is that there are ways to prevent them if we act immediately.

We know that an increase in cyber-attacks by stealthier hackers and more sophisticated malware is a sensible prediction – more important, now, is thinking about our resolutions, and how to prepare against what may be lurking ahead.

Here are my top New Year Resolutions for better enterprise security in 2015:

Layer Proactive Defenses

In 2014, many businesses were bitten by data breaches despite spending millions on state-of-the-art, next-generation solutions. In 2015, organizations will have to think smarter and build security from the ground up, layering defenses rather than relying on next-gen panaceas.

Furthermore, this kind of multi-layered approach should encompass more proactive measures – reactive “detective” tactics no longer cut it. Malware has always been hard to detect, and yet I see company after company relying too closely on detection technologies like antivirus (which, believe it or not, works only 50% of the time at best).

Lock Down Data

Following widespread data losses in 2014, businesses should resolve to lock down access to corporate systems and data. This starts with implementing greater control over user accounts and administrative privileges. Employees should always be logging onto systems as a standard user, and even then, businesses need to continue to control and monitor access to files and databases with active anomaly detection. Regular reviews of user roles and their access requirements should become a standard practice.

Ask More Questions

Heartbleed, Shellshock and recently, SChannel attacks have all shaken our confidence in common protocols that underpin much of the internet. Organizations need to practice greater scrutiny in evaluating what is offered by their selected vendors to ensure patching is swift and targeted. Far more questions should be asked around vendors’ processes for code auditing and testing.

Look to Two-Factor Authentication

Many of the attacks of 2014 could have been prevented by two-factor authentication, from the iCloud breach to the eBay compromise. Organizations should be looking to implement two-factor authentication as a way to prevent stolen or shared credentials being used against them. While this method is not a comprehensive solution to address all the security threats we’ll likely face, it does introduce a much needed layer of security.

Don’t Let Security Get in the Way

Stringent security practices are absolutely essential, but they can become a double-edged sword. Locking down system access for instance, although it significantly boosts the organization’s overall security posture, can strike a serious blow to end user productivity. Security must always be top of mind for IT organizations, but you’d be surprised at how quickly appetite to risk changes when its implementation reduces employees’ freedom and flexibility. Here is where deploying strategies like least privilege and sandboxing can have a significant impact by creating a productive and positive working experience for users, without compromising security.

In 2015, businesses should resolve to think smarter about their approach to security. It’s easy to become enamored by the latest glitzy perimeter solutions and invest heavily in next-gen antivirus and firewalls. But, making the most of those investments means thinking more strategically about how they can be layered with more proactive measures and additional safety nets to create a truly defense-in-depth framework. Most of all, we must strive to act on the greatest good principle. After all, IT isn’t the only business stakeholder, and finding a security solution that allows for a seamless user experience is what will most effectively drive adoption – and greater security success.