Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Curb Phishing Damage with a New, Human Approach to Bad Habits

Posted on by

phishing
In the first quarter of 2016 alone, more than 40 organizations, including Snapchat, Moneytree and Sprouts Farmers Market, acknowledged they were victims of phishing attacks. The attacks came via emails seemingly sent from CEOs to their own human resources and accounting departments. In reality, these emails were sent by cybercriminals attempting to steal vital personal and financial information from companies and their employees.

The FBI estimates that phishing attacks have cost companies more than $2.3 billion in losses over the past three years, and since January 2015 alone, the agency saw a 270 percent increase in identified victims and exposed losses from CEO scams.

Recipients who “take the bait” by responding to a phishing email often provide scammers with all the necessary information to perpetrate identity theft, including filing a tax return in someone else’s name. Clicking a link or opening an attachment may also launch malware-intrusive software and seriously compromise the system by initiating malicious background programs.

The stakes are high and regardless of your organization’s size, you are always at risk for an attack. In fact, the Anti-Phishing Workgroup discovers more than 40,000 unique phishing sites targeting about 500 brands per month, while the Department of Defense and Pentagon report receiving up to 10 million phishing attacks each day.

The success of attacks varies, with 30% to 60% of incidents resulting in victimization, according to a 2013 Verizon Data Breach Report. A phishing attempt’s success or failure, however, rests beyond a scammer’s ability to infiltrate the cybersecurity infrastructure of an enterprise.

Your organization’s susceptibility really comes down to your people. Even with training, vulnerabilities depend on a combination of employees’ awareness levels and enduring personal habits, according to research by University at Buffalo (UB).

Companies can implement more effective cyber preparedness measures only when they better understand the ways that their employees think and behave. As phishing attacks continue to evolve and become more sophisticated, the most successful employee cyber defense strategies should involve two critical components: 1) a combination of cutting edge training and testing and 2) support programs to alter the unconscious human behaviors that compromise cybersecurity.

Currently, most businesses train employees to recognize phishing attempts by identifying key elements in an email message, such as finding the sender’s address, noticing hyperlinks and recognizing clues like typos or awkward language. But research has shown that those efforts fail to sustain positive results because organizational training focuses on situational reactions while ignoring employees’ existing habits, which are difficult to break.

For example, an employee may successfully identify suspicious emails when prompted in a training session. When it comes to an average Monday morning, however, opening every email to clear their inbox may be a strong habit that training simply does not offset. Phishing is largely successful for this precise reason. Perpetrators take advantage of individuals who are habitual in the way they respond, despite any awareness they may have developed or gained in training, according to UB findings.

Many employers complement this basic training with follow-up penetration testing to evaluate whether employees recognize the warning signs of a cybersecurity threat in practice. Organizations may send a mock email with red flags that indicate a potential phishing attack, such as a compelling subject line like “Your computer is at risk.” Once opened, the recipient sees that the message is from the employer with a warning about how similar future messages could pose risks.

Penetration testing, however, doesn’t work in the long run because it also fails to acknowledge habitual actions and attempts to change a person’s behavior by simply encouraging them to do more of the same behavior.

Organizations can actually address the bad habits by identifying employees who are most susceptible to phishing and exposing them to higher levels of education with an emphasis on creating better tailored interventions that address the underlying “why” that drives people to fall prey to phishing time and again.

Continuously testing employees can be helpful; however, a company’s security training program must also attempt to adjust the daily unconscious behavior of employees that puts networks at risk. Companies need to provide their employees with a relatable (non-security/IT) team member/colleague to demonstrate what responsible cyber behavior looks like day in and day out.

One way to accomplish this is to create an internal cyber ambassador program that identifies employees who have proven themselves to have especially strong cyber awareness.

buy imodium online www.nicaweb.com/images/layout1/gif/imodium.html no prescription pharmacy

These employees should be selected from teams such as accounting, sales, HR and administrative support, that are typically vulnerable to phishing attacks.

Cyber ambassadors are responsible for promoting cyber best practices within their own teams. This type of program creates a platooning effect, where employees subconsciously emulate the behavior of their ambassador/team member, resulting in a safer cyber environment.

While employees can be your greatest weakness, they can also be your strongest asset in thwarting phishing attacks. Training employees to identify a phishing attempt—either before or after falling victim to an attack—is only half the battle.

buy cipro online www.nicaweb.com/images/layout1/gif/cipro.html no prescription pharmacy

By better understanding the mechanisms behind employee susceptibility, companies can anticipate individuals most at risk, create dynamic security and training policies that promote safe cyber behavior patterns, and alter employees’ habits through colleague support programs.

buy lasix online www.nicaweb.com/images/layout1/gif/lasix.html no prescription pharmacy

Active Shooter Preparations Lagging, Study Finds

Posted on by

Between 2014 and 2015, the United States experienced nearly six times as many active shooter incidents as it did between 2000 and 2001, according to the FBI.

online pharmacy flexeril with best prices today in the USA

The report, Active Shooter Preparedness by Everbridge, found that even though U.S. companies are overwhelmingly concerned about violence and violent acts in the workplace, they remain unprepared.

Out of 888 organizations surveyed about their safety plans and ability to manage an active shooter situation, only 21% felt that they were prepared; and 79% said their organizations were at best somewhat prepared for an active shooter incident. Even among those who feel they are prepared, only 7% are “very much prepared,” Everbridge said.
Prepared-1

Preparedness is important, as companies cannot rely solely on police and other government assistance.

online pharmacy sinequan with best prices today in the USA

According to an FBI study of active shooter events between 2000 and 2013, 60% ended before the police arrived. Adequate preparedness requires communication and practice plans to make sure responders know who is at risk and that people know what to do if an event happens.

online pharmacy cozaar with best prices today in the USA

Despite this, close to 40% of respondents said they did not have a communications plan in place for active shooter events.
Plan 2

The survey also found that executives of organizations are much more concerned about employee or student safety than they were two years ago—the overwhelming majority (79%) said they were.
Chart 3

Other Findings:

  • 69% of respondents view an active shooter incident as a potential top threat to their company or organization. Workplace violence was cited as a top threat by 62%.
  • Communicating to people who may be in an impacted building and confirming their safety was seen as the biggest challenge during an active shooter situation (71% of respondents).
  • Safety concerns are growing: 79% of executives/leaders are more concerned about employee or student safety than they were two years ago; 73% said that employees or students are willing to exchange some aspects of privacy for enhanced security.
  • 61% do not run any active shooter preparedness drills at all.

Along with Hurricanes Come Hackers

Posted on by

Cyber crime
With hurricane season in full swing, supermarkets and electronic stores aren’t the only businesses in danger of looting. When defenses are down and attention is elsewhere during a natural disaster, critical data and intellectual property is just as vulnerable to looting as the shopping center down the street.

Each year, the amount of personal information targeted from data breaches only continues to grow. There was a new record set near the end 2015 when 191 million U.S. voters’ identities were exposed, surpassing the previous record for the largest single data beach. Personally identifiable information, including voters name, date of birth, gender, and addresses were exposed for more than a week before the database was officially shut down. Just imagine the opportunity for hackers during natural disasters when systems are down for a similar time frame.

Take “Superstorm Sandy,” back in 2012. Cyber criminals used confusion in the aftermath of the hurricane as part of a social engineering scheme to steal information. One organization received a call requesting an emergency download of sensitive personnel information needed to assist staff that had been affected by flooding. Lost internet connectivity as a result of the storm meant the help desk could not make a reasonable verification of who was making the request and sent the highly sensitive information to the bogus caller’s “backup site,” which was, as it eventually transpired, a system controlled by hackers. During times of crisis we are more susceptible to cyber criminals willing to prey on our good nature and eagerness to help.

The semi-controlled chaos of an emergency response is rife with opportunities for exposure of sensitive data. Here are five steps enterprises can take to minimize cyber exposure before, during and after a natural disaster.

  1. Security Analytics: According to the 2016 Internet Security Threat Report, the overall total number of identities exposed has jumped 23%, to 429 million. Security analytics tools allow IT managers to have full visibility into all network traffic, they can also help enterprises determine if and when anything happened, what systems and data were affected and if the attack has been contained. Monitoring these tools can also be outsourced to security service providers.
  1. Be Secure in the Cloud: During a natural disaster, buildings may be flooded or damaged and roads may be closed, ‘dedicated’ servers can lack the flexibility and access provided in a cloud environment. Access for continuing operations and first-responders operating from mobile devices can be critical in a disaster. But, it is important that your cloud is protected and monitored; access management is top priority. IT managers can use cloud access security brokerage technologies to restrict workers from creating accounts on services such as Box or DropBox and transferring restricted data. More importantly, the information residing in cloud applications can be encrypted and tokenized.
  1. Plan for Emergency Web Access & Bandwidth Management: Prioritizing access to the network becomes critical during natural disasters. With bandwidth tight, restrict and prioritize web access to only the most critical sites and resources. Set up a more restrictive web access policy prior to an emergency and be ready to deploy it when needed. Do the same for bandwidth management. Be ready to prioritize applications such as VoIP and cache critical information like official communications for viewing from a local cache.
  1. Protect social media and public websites: Customers will be looking for updates via social media and websites during and after emergencies. During these times, it is critical to protect public information resources. Web application firewalls can protect the website from common attacks, control input/output and access as well as detect unfamiliar traffic patterns. Twitter is a critical communication resource, but this can also be used to promote malicious information. Deploy security features such as two-factor authentication and verification codes for social media accounts.
  1. Practice, Practice, Practice. Table top exercises, readiness assessments and “live fire” exercises are essential to good preparation. I’m fond of the quote, usually attributed to the boxer, Mike Tyson: “Everyone has a plan until they get punched in the mouth.” Having led a significant number of crisis teams, every disaster presents unique challenges but successfully surviving a determined cyber criminal’s attempts demands on both preparation and practice.

While we can’t always predict the weather, with the right protocols for security in place, enterprises can ensure that their IT infrastructure is protected 24/7.

Terrorism Incidents Down, Disruption Up in 2015

Posted on by

A number of high-profile terrorism attacks worldwide have raised people’s fears this year, but the reality is that the number of attacks and deaths from such attacks actually decreased in 2015, according to Marsh’s 2016 Terrorism Risk Insurance Report.
Marsh2

The report summarizes terrorism risk insurance trends, benchmarks terrorism insurance take-up rates and pricing, and offers risk management solutions for terrorism exposures.

The more current attacks, often perpetrated by a single individual or small group, are different from those carried out in the 1990s and 2000s when high profile locations were targeted. Individuals carrying out the more recent attacks may have no direct contact with a known terrorist organization, but could be drawn to them through writings and video, particularly on the internet, Marsh said.

These events can be very disruptive to operations in some companies. In the travel industry, for example:

  • About 10% of American travelers canceled booked trips due to the recent attacks in Egypt, France, Lebanon and Mali, which impacted $8.2 billion in travel spending, according to a survey by YouGov.
  • Booking losses for Air France were estimated to be €50 million ($56 million), the company said in a statement.
  • Airlines, hotel chains and travel websites experienced drops in their stock prices after this year’s airport bombing in Brussels.

In the United States, the Terrorism Risk Insurance Program Reauthorization Act of 2015 (TRIPRA) offers businesses a federal backstop against terrorism-related losses. While the overall take-up rate for TRIPRA coverage in the U.S. increased slightly in 2015, it has remained in the 60% range since 2009, Marsh said.

Managing terrorism risk requires a combination of strategies that protect people, property and finances. On the financial side, the choice is whether to retain or transfer the risk with insurance. But the changing pattern of terrorism risk has some companies asking if they are adequately insured for business interruption and related losses. They also wonder how to prepare for potential losses from cyber terrorism and other events.

Other key takeaways from the report include:

  • As small group and “lone wolf” terrorist attacks appear to be the changing face of terrorism, many organizations are assessing their coverage for indirect losses stemming from business interruption risks.
  • Following the 2015 passage of the Terrorism Risk Insurance Program Reauthorization Act (TRIPRA), take-up rates in the US edged up for TRIPRA terrorism coverage embedded in property programs.
  • Among industry sectors, media organizations had the highest take-up rate for terrorism insurance in 2015.
  • Workers’ compensation markets for terrorism risks generally stabilized.
  • The number of Marsh-managed captives accessing TRIPRA increased by 17% from 2014 to 2015, but many captives that could offer a terrorism program do not.
    19906-TRIR-Infographic