Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

A Risk-Based Approach to Rating and Correcting Individual Cyberrisk

Posted on by

LAS VEGAS—At this week’s Black Hat conference, some information security professionals turned to a key issue to control enterprise-wide cyberrisk: hacking humans.

buy antabuse online blockdrugstores.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

As phishing continues to be one of the top threats for businesses, hackers and security professionals here continue to try and make sense of why this threat vector is so successful and how to better defend against these attacks.

In a session called “Blunting the Phisher’s Spear: A risk-based approach for defining user training and awarding administrative privileges,” Professor Arun Vishwanath presented some of his research on the “people problem” of cybersecurity, proposing a new model for quantifying the cyberrisk posed by individuals within the enterprise and tailoring training to best mitigate the risk they pose. While many corporate training programs stage fake phishing emails and then lecture those who fail, he said, this model continues to be ineffective, as proven by the increase in these attacks and their efficacy across all industries. People are not the problem, Vishwanath asserted, rather it is in our understanding of people.

Vishwanath and his colleagues have come up with a model to explain how users think, the Suspicion, Cognition, Automaticity Model (SCAM). Faulty ideas about cybersecurity practices, popular myths and other irrational beliefs lead to illogical and unsafe practices. Automatic behaviors also play a significant role in risky behavior, particularly with mobile devices and the ritualistic checking of email – users open messages mindlessly and get so used to clicking links, downloading files or entering credentials that they do not really factor logic into these decisions.

Based on this model of why individuals act in risky ways, he recommends developing a Cyber Risk Index (CRI) based on a short, 40-question survey given to individual employees to evaluate the cyberrisk they specifically pose, which can also be aggregated across divisions, sectors and organizations.

buy prelone online blockdrugstores.com/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

buy silvitra online https://royalcitydrugs.com/silvitra.html no prescription

As the results highlight different areas of weakness that lead to the employee’s risky behaviors, the CRI can dictate the best ways to that individual and mitigate the risk.
phishing risk training What’s more, this quantitative score of individual cyber hygiene can be used to track changes in risk posture over time and to improve current decision processes regarding privileged access to the organization’s systems to better control data at risk.

buy cymbalta online blockdrugstores.com/wp-content/uploads/2023/10/jpg/cymbalta.html no prescription pharmacy

Check out Dr. Vishwanath’s whitepaper for more on this approach.

Information Security Teams Drastically Underfunded, Understaffed

Posted on by

LAS VEGAS—As the information security industry’s hackers, IT professionals, technology developers and even Hillary Clinton’s campaign descend on Las Vegas for this year’s Black Hat conference, Black Hat has released the results of a survey from last year’s convention, offering an insider’s look at the state of cyberrisk. The report offers a failing report card for current investment on cyberrisk and some key feedback for the C-suite about current risk exposure.

The Rising Tide of Cybersecurity Concern is the second annual Black Hat attendee survey. Last year’s results included the alarming findings that 72% of respondents felt it likely that their organizations would have to deal with a major data breach in the year ahead, while approximately two-thirds of respondents said they did not have enough staff, budget, or training to meet those challenges.

Unfortunately, these top security experts have only grown more concerned.

buy vilitra online rxbio.com/images/milestones/jpg/vilitra.html no prescription pharmacy

As cyberrisks proliferate – and attention from the C-suite increases – 15% “have no doubt” they will have to respond to a major security breach in the next year, with another 25% considering it highly likely and 32% calling it somewhat likely.

Yet information security teams are not getting the funding, staffing or training they need to combat this top risk. Only 26% of those polled said they have enough staff to simply defend against current threats.

buy apixaban online rxbio.com/images/milestones/jpg/apixaban.html no prescription pharmacy

Black Hat reports some 63% of security professionals say their departments do not have enough budget to defend their organizations against current threats, with 20% saying they are “severely hampered” by a lack of funding.

The training critical to effectively managing evolving cyberrisks also presents a considerable concern for many security professionals. Two-thirds of respondents said they feel they do not have enough training and skills they need to perform all of the tasks for which they are responsible — up from 64% last year. Ten percent of respondents said they feel “ill-prepared” for many of the threats and tasks they face each day.

Experts considered the top new cyberrisks:

blck hat enterprise security

The weakest links in enterprise security:

When asked why security initiatives fail, some 37% of respondents (a plurality) pointed toward this shortage of qualified people and skills, with a lack of commitment and support from top management the second-most frequently cited response at 22%.

blck hat enterprise security

“Organizational priorities such as compliance and risk measurement consistently reduce the time/budget available for security professionals to resolve issues they consider the most critical,” Black Hat noted. “These pressing issues include targeted attacks, social engineering, and internal application security troubleshooting. Although the 2015 report revealed this trend, rather than a reverse in expenditure behavior, the issue has continued to increase.

buy sinequan online rxbio.com/images/milestones/jpg/sinequan.html no prescription pharmacy

Additional findings from the survey include:

  • 37% see the re-emergence of ransomware as the greatest new threat to appear in the last 12 months
  • The attacker that 36% of security professionals fear most is the one with internal knowledge of the organization
  • While the emergence of the Internet of Things (IoT) has garnered much attention in recent years, only 9% of those surveyed are currently concerned with IoT security. However, 28% believe this will be a concern two years from now. This ranking has not altered since 2015.

Businesses Ignore Significant Cybersecurity Risks to Proprietary Data

Posted on by

Knowledge assets are critical to any business remaining functional and competitive, yet this data is routinely exposed to the risk of theft and overlooked in cybersecurity risk management. According to a new report from the Ponemon Institute and law firm Kilpatrick Townsend & Stockton, the organizations are increasingly ineffective at safeguarding data like trade secrets, product design, development or pricing, and other proprietary information.

As breach notification laws, regulatory requirements, and reputation considerations draw more focus to cybersecurity surrounding personal data of customers or personnel, businesses are leaving more risk on the table regarding their most valuable assets, and that risk has a notable price tag.

In the past year, the average cost of remediating these attacks was about $5.4 million, and half of respondents estimated the maximum cost would range over $250 million, with seven out of ten placing it over $100 million. What’s more, on average, respondents believe only 35% of the losses resulting from knowledge asset theft would be covered by their current insurance policies.

The primary drivers of these costs, respondents said, were (out of 100 points):

knowledge asset theft costs

Why are so many businesses failing to take action against the risks to knowledge assets?

knowledge asset data theft risk

Among the findings, the report noted:

  • Theft is rampant. Seventy-four percent of respondents say it is likely that their company failed to detect a data breach involving the loss or theft of knowledge assets, and 60% state it is likely one or more pieces of their company’s knowledge assets are now in the hands of a competitor.
  • Companies don’t know what they need to protect, or how to protect it. Only 31% of respondents say their company has a classification system that segments information assets based on value or priority to the organization. Merely 28% rate the ability of their companies to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective. The great majority who rate their programs as not effective cite as the primary reasons a lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%).
  • Executives and boards aren’t focused on the issue and its resolution. A data breach involving knowledge assets would impact a company’s ability to continue as a going concern according to 59% of respondents, but 53% replied that senior management is more concerned about a data breach involving credit card information or Social Security numbers than the leakage of knowledge assets. Only 32% of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69% believe that senior management does not make the protection of knowledge assets a priority. The board of directors is often even more in the dark. Merely 23% of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately.
  • Careless employees and unchecked cloud providers are key risk areas. The most likely root cause of a data breach involving knowledge assets is the careless employee, but employee access to knowledge assets is not often adequately controlled. Fifty percent of respondents replied that both privileged and ordinary users have access to the company’s knowledge assets. Likewise, 63% of respondents state that their company stores knowledge assets in the cloud, but only 33% say their companies carefully vet the cloud providers storing those assets.

Thanks in part to the lack of action currently, there is plenty businesses can easily do to improve.

“Companies face a serious challenge in the protection of their knowledge assets. The good news is there are steps to take to reduce the risk,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans. To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high value data.”

Prioritizing Risk Management Strategies in Schools

Posted on by

safety
No matter what precautionary measures schools take, there are many risks and “fires” that need to be put out on a daily basis. To keep staff and students safe and to protect school assets, a proactive approach to mitigating risk in schools is a necessity. The keys to a successful risk management program include careful, strategic planning while taking all relevant and potential factors into consideration, but how can administrators get started?

By identifying potential risks and applying a process to assess them, schools can focus on their objectives more clearly, including top priorities like student and employee wellbeing. Effective risk management reduces the disruption of a student’s education, damage to a school’s reputation, lost time, stress from managing incidents, and the potential risk of legal intervention in an increasingly litigious world. School administrators can explore these strategies as they strive to enhance their risk management initiatives:

Focus on greatest risks and exposures
The concern about lawsuits is ever present, but schools cannot operate under the pretense that litigation is going to happen. They instead must conduct their business for the safety of students and staff. If schools operate under fear, their risk management efforts will simply not be as effective as planned.

Administrators must also consider relevancy. In the private sector, risk management has a large seat at the table, whereas in the public sector that is not always the case. Depending on priorities, some issues that play a vital role within the public sector may not be relevant in the private sector. Identifying the relevance of issues often determines where and how money is spent in a school district, however. District-wide funding can be one of the biggest issues administrators face.

buy ventolin online dentalhacks.com/wp-content/uploads/2023/10/jpg/ventolin.html no prescription pharmacy

Districts encounter daily challenges to come up with the right resources available to train staff—especially when it comes to implementing technology. Administrators must make tough decisions when considering funding realities and the need for as much risk management coverage as possible. They need to maintain a balance when money is at stake, as they are only able to make decisions based on the amount of funds available to them.

Focus on what effective training can offer a school faculty
Safety training for school and district staff should play a huge part in every risk management strategy, as well as ensuring the district is in compliance on a state and federal level. Safety training has a trickle-down effect, and if provided at the appropriate level of training, administrators will see a significant effect in reduction of accidents, damage to buildings and costs overall.

buy symbicort online dentalhacks.com/wp-content/uploads/2023/10/jpg/symbicort.html no prescription pharmacy

There is always work to be done when it comes to improving school safety and collaboration is a big part of a program’s success. Some of the issues schools now face are different than the concerns of decades past, so providing training and resources to staff can make a difference in helping them understand how to handle a number of situations that could arise.

Technology resources can help with this. Online databases, such as SafeSchools Online Staff Training System, for example, allow school districts to distribute quality training to all employees. This is an effective and way to track and share information on safety and compliance issues that could arise in the classroom or school. The digital database also serves as a proactive approach to training.

buy paxil online dentalhacks.com/wp-content/uploads/2023/10/jpg/paxil.html no prescription pharmacy

Having an online database enables staff to train in school or at home, and ensures that everyone has the necessary training to handle a situation before it occurs. In the end, by deploying an online safety training system, the district is saving money and time and will be more proactive in handling issues.

Focus on training early on—and take it seriously
First and foremost is tackling the issue of rallying everyone to take safety and compliance issues seriously. Risk management is not a job for one person. It starts with everyone in the school district, from administrators and the school board to principals, teachers, grounds staff and even students. Everyone needs to think of safety and practice mutual accountability within the school community.

Final Thoughts
Risk management may take a back seat when funding is low, giving the impression that it isn’t important. For the sake of their staff and students, however, district-level administrators need to be on board with risk management and make it a priority. In schools, educating students is the main concern, and risk management is secondary. But just like in a factory where posted signs read “safety first” or “safety is number one,” our goal is to get schools to think of safety and its importance to the school in the same way they think of education.