Category Archives: Security

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Brussels Bombings Highlight New Risk Realities

Posted on by

Belgium map
The deadly terrorist bombings in Brussels this week have elicited an outpouring of support for the victims and for Belgium, along with renewed rage and consternation regarding ISIS. These are predictable reactions.

What these acts also elicited, I’ve noticed, are numerous comments from many outlets that the attacks were not surprising.

The BBC, in fact, said the bombings were “not a surprise” and security experts chimed in with similar assessments. Even Belgians themselves admit that the attack wasn’t shocking—Prime Minister, Charles Michel, lamented that “what we feared, has happened.” Think about how much has changed in less than a generation. Now, when the capital of the EU and NATO becomes a war zone, many react as though this is business as usual.

When it comes to political violence and warfare, we (or at least Western Europe) are living in a brave new world.

In fact, research I’ve conducted in recent weeks for a RIMS Executive Report on political risk confirms how much the paradigm has changed. Political risk experts I interviewed have been emphasizing this point. “I think it is truly a distinctive point in world affairs,” said one. Another confessed, “I’ve been doing this for nearly 20 years, and this is by far the most unstable, tenuous, deteriorating…risk environment I’ve ever seen.”

These sentiments are based on more than ISIS. Recent developments include the Ukraine civil war, the migrant crisis, deterioration of large swaths of the Middle East, tensions in the South China Sea, a weakening Chinese economy and Brazil’s political crisis. All contribute to a consensus that things are changing.

For the risk community, a big change is formerly reliable standards of which parts of the world are stable and which are unstable, such as developed economies versus developing and first-world versus second- and third-world. Now more than ever, risk managers considering the security of global operations need to examine a country’s vital signs rather than rely on conventional wisdom about stability. And if mass-casualty terror attacks are the new normal for Western Europe, a number of risk professionals will need to become better acquainted with the realities of political violence.

To end on a positive note, however, we do not have to believe the sky is falling. While terrorist attacks are brutal and unfortunate, it is consoling to think about the odds of being a victim. As data nerds are happy to point out, a person is much more likely to meet his or her demise from bathtubs, dogs and food poisoning. The Post has reported that you are more likely to be crushed by furniture than snuffed out by ISIS.

Why You Need a Vendor Management Policy Right Now

Posted on by

In recent years, more and more cybersecurity incidents have taken place as a result of insecure third-party vendors, business associates and contractors. For example, the repercussions of the notorious Target breach from a vulnerable HVAC vendor continue to plague the company today. With sensitive data, trade secrets and intellectual property at risk, hackers can easily leverage a third party’s direct access into a company’s network to break in.

While such incidents may cause significant financial and reputational harm to the first-party business, there is hope.

buy addyi online www.dino-dds.com/wp-content/uploads/2023/10/addyi.html no prescription pharmacy

Regulators are instating a growing number of legal requirements that an organization must meet with respect to third-party vendor riskcybersecurity management. As liability and regulations take shape, it is important to assess whether your company currently employs a vendor risk management policy, and, if not, understand how a lack of due diligence poses significant risk on your organization’s overall cybersecurity preparedness.

A vendor management policy is put in place so an organization can tier its vendors based on risk. A policy like this identifies which vendors put the organization most at risk and then expresses which controls the company will implement to lessen this risk. These controls might include rewriting all contracts to ensure vendors meet a certain level of security or implementing an annual inspection.

All this probably sounds pretty good, but you may still be wondering why you really need a vendor management policy—and why it’s urgent.

Here are four explanations to give you a better idea:

  1. Legal Liability

There are a growing number of legal requirements in a variety of sectors—from finance, to retail, to health care, to energy—on how companies should manage their third-party risk. Regulators have recognized that data breaches through third parties can present significant and sometimes catastrophic consequences to an organization. To deal with this risk, they have created various legal requirements in an effort to have organizations manage their third-party cyber risks more carefully. If you are in a regulated industry and do not currently have a vendor management policy, you could be out of compliance (and in a lot of trouble).

buy reglan online www.dino-dds.com/wp-content/uploads/2023/10/reglan.html no prescription pharmacy

  1. Well-Known Risks

An organization should be concerned about third parties that have either access to their most sensitive data or direct access into their corporate network. So if you work with a lot of third parties, you are naturally creating more targets that hackers and criminals can exploit. This is becoming more common, as organizations are outsourcing to vendors more frequently in an effort to either save costs or capitalize on vendor expertise. While that is all well and good, the more vendors you have, the larger risk landscape you create. This is a well-known risk—but all too many companies don’t give it enough thought.

  1. Unknown Risks

Not all risks are easily understandable. Many organizations today have entered into business relationships with third parties, not fully understanding the risk to their data. What’s more, the first party may not have set requirements for how their vendors should secure their data.

buy flagyl online www.dino-dds.com/wp-content/uploads/2023/10/flagyl.html no prescription pharmacy

A number of organizations struggle to even know who has access to their sensitive data, how much access they have, where it resides, and more. These unknowns give plenty of companies a valid reason for concern.

  1. Significant Consequences

To see how very real the consequences of not managing vendor policy are, simply read some of the latest cybersecurity headlines. An example that demonstrates the significant impact of a third-party breach is the recent Experian breach, which exposed the personally identifiable information of over 15 million consumers. In this case, Experian was holding loads of sensitive T-Mobile customer data, which hackers were able to access. The T-Mobile CEO John Legere expressed how furious he was at Experian for being the source of this compromise. Nothing has been stated yet, but we’re certain that this business partnership will be reevaluated after this experience.

The truth is that if you don’t have a vendor management policy in place today, your company is falling behind the times. Unfortunately, not having such a policy in place also means there is a good chance that your organization’s sensitive data is being handled by someone who shouldn’t have access to it. This puts the health of your entire company on the line.

Building Resilience, City by City

Posted on by

Highline park

With escalating risks and uncertainty around the globe, cities are challenged with understanding and circumventing those risks to stay vital. Much as in the business world, municipalities are moving towards resilience—the capability to survive, adapt and grow no matter what types of stresses are experienced.

Recognizing that they have much to offer each other, communities and businesses are often working together to pool their experience and knowledge. Helping to foster this is a project called the 100 Resilient Cities Challenge, funded by the Rockefeller Foundation. The project has selected 100 cities around the world and provided funding for them to hire a chief resilience officer.

“Resilience is a study of complex systems,” said Charles Rath, president and CEO of Resilient Solutons 21.

buy levofloxacin online https://silvermancare.com/wp-content/uploads/2023/10/jpg/levofloxacin.html no prescription pharmacy

He spoke about resilience and his experiences with the 100 Resilient Cities Challenge at the recent forum, “Pathways to Resilience,” hosted by the American Security Project and Lloyd’s in Washington, D.C. “To me, resilience is a mechanism that allows us to look at our cities, communities, governments and businesses almost as living organisms—economic systems that are connected to social systems, that are connected to environmental systems and fiscal systems. One area we need to work on is understanding those connections and how these systems work.

buy proscar online https://silvermancare.com/wp-content/uploads/2023/10/jpg/proscar.html no prescription pharmacy

Green space

Rath said that cities that have successfully implemented innovative resilient solutions have been able to “identify and communicate co-benefits. If you do some research around those jurisdictions that received funding, you’ll see interesting strategies that address their risks, but also have added economic, social and other co-benefits.”

Examples were evident after Hurricane Katrina and Superstorm Sandy. “Those communities that were able to bounce back quickest were those that had strong, socially cohesive societies. We also know that social cohesion drives economic activities in urban areas as well,” he said.

One of the first projects he worked on for the Resilient Cities Challenge was with the city of El Paso. “It is in the southwest and excessive heat is an issue they are dealing with,” he explained. “They have many parts of the city that see significant spikes in temperature, which leads to asthma, increased cooling costs and the list goes on. It’s projected over the next 70 or so years to increase 7 to 10 degrees, so it’s a big problem.”

To address the issue, he researched the issue and met with El Paso’s city manager. “We were able to pinpoint all of the different areas in El Paso where there is heat island effect,” he said. “We could tell what degree it was and roughly what was causing it.”

Causes for the escalating heat proved to be a lack of reflectivity, impermeable surfaces and lack of green space. “But it was at the point where we told him that he was costing the city about $150 million a year in increased cooling costs—because we were able to isolate the building outlines in the downtown area—that he began to pay attention,” he said. “Then we also showed him areas of the city where there was increased heat island effect where there was a significant amount of concrete. There were also a large percentage of children in the area who didn’t have access to parks.”

A solution for both dilemmas could be achieved by “transforming those vacant lots to pocket parks so that kids could have access to playgrounds.” he said, adding, “Those types of solutions with multiple co-benefits are an important element of what we are doing and this encouraged us to explore that.”

Top Obama Administration Officials, Law Enforcement Reach Out at RSA Conference

Posted on by
loretta lynch at RSA

Attorney General Loretta Lynch addresses RSA Conference 2016

SAN FRANCISCO—Many of the Obama administration’s top brass are here in force, addressing some 40,000 practitioners from every part of the technology and information security industry at the annual RSA Conference. Set against the backdrop of the ongoing fight over between Apple and the FBI encryption and backdoors, the tension ebbed and flowed during sessions with Attorney General Loretta Lynch, Secretary of Defense Ashton Carter, and Admiral Mike Rogers, U.S. Navy Commander, U.S. Cyber Command, and director of the NSA. While many speakers will not address the issue directly, the subtext is clear throughout the show, particularly as the public battle brings considerable interest to the privacy and security issues the RSA has centered on for 25 years.

Indeed, in his keynote address, RSA President Amit Yoran called law enforcement’s current stance on encryption “so misguided as to boggle the mind.” Brad Smith, president and chief legal officer of Microsoft, chimed in as well, asserting that we cannot keep people safe in the real world unless we can keep them safe in the virtual world. He lauded Apple and pledged that the tech giant would stand with Apple in its resistance.

Ash Carter at RSA

Secretary of Defense Ashton Carter in Conversation with Ted Schlein of Kleiner Perkins at RSA

While the gravity of the issue and the massive potential impact for many in the sector are boggling many minds here, the administration officials’ sessions also offered more broadly positive comments for businesses outside the tech sector. The conciliatory tone Lynch and Carter often struck centered on the critical need for partnerships between technology and government. They tried to emphasize the ways the administration is reaching out to private entities, both within Silicon Valley and across corporate America at large.

According to Sec. Carter, for example, the United States Cyber Command has three core missions: defending the Department of Defense’s network; helping American companies, the economy and critical infrastructure; and engaging in offensive cyber missions. The second is a key pillar, he said, as the DoD must keep in perspective that the strength of American entities is the strength of the nation. From threat intelligence to the Defense Innovation Unit Experimental he announced yesterday, to be helmed by Google’s Eric Schmidt, Carter believes there is considerable need for industry to engage with government on cyberrisk, and both parties have valuable assets to contribute. “Data security is a necessity, and we must help our companies harden themselves,” Carter said. Indeed, he wants both help for and from the industry. In closing, he said, “We are you. You pay us. We represent you and our job is to protect you, and we’d love to have your help.”

He also noted that the DoD is trying to learn a bit about managing its cyberrisk from the commercial sector’s best practices. “We do grade ourselves and we’re not getting good grades across the enterprise,” Carter told reporters Wednesday, according to Defense News. “I have these meetings where I call everyone in and we have these metrics which tell us how we’re doing [and] if you don’t score well, that is evident to the Secretary of Defense at those meetings.

“We don’t assume for a minute that we’re doing a perfect job at this,” he added. “That’s the whole reason for me to be here and the whole reason for me to be engaging with this community here at this conference.”

Carter also announced that the Department of Defense will be hosting “Hack the Pentagon,” a bug bounty program offering white hat hackers cash for finding and reporting vulnerabilities in the Pentagon’s websites. Many companies have been offering these programs to try to discover their exposure in a controlled setting, without the risk of reputation damage, personal information exposure and business interruption that accompany an unknown hacker finding them instead. Carter called these a “business best practice” to gauge preparedness.

Federal law enforcement also has a notable presence at RSA and is making a pronounced effort to reach out to businesses regarding cyberrisk, threat intelligence, and managing a cyberattack. Indeed, in one session Tuesday, panelists from the Department of Homeland Security, FBI and the White House urged a call to action for businesses to get serious about proactively building bridges with law enforcement and to make use of the many resources the administration is trying to activate to help private industry fortify against cyber threats. The government is working to make it easier for companies to turn to it for help, they said, and attitudes are shifting to more consistently recognize and respect victimized businesses and minimize business interruption.

Some in the audience expressed skepticism, such as one man who seized upon the Q&A portion of a session on government departments’ specific roles in fighting cyber criminals. He asked how the government can be trusted to help industry when it cannot protect itself. But corporate entities should be taking note, particularly of the services available. While many hesitate to share threat intelligence or even successful attacks, Eric Sporre, deputy assistant director of the FBI’s cyber division, stressed that FBI Director James Comey has made it a directive for FBI field offices to develop relationships with local businesses and to treat businesses as crime victims, not perpetrators. In responding to attacks, he noted, the Bureau sometimes even brings in victim services to holistically approach aiding in the investigation and recovery process.

Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, also highlighted the preventative measures his department offers companies, including personal risk assessment services. In some cases, chief information security officers and other executives engaged in cyberrisk management functions have been getting DHS assessments, using them as a tool to drive investment or otherwise sell cyber upwards with the board or C-suite of their organizations.