Category Archives: Technology Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Along with Hurricanes Come Hackers

Posted on by

Cyber crime
With hurricane season in full swing, supermarkets and electronic stores aren’t the only businesses in danger of looting. When defenses are down and attention is elsewhere during a natural disaster, critical data and intellectual property is just as vulnerable to looting as the shopping center down the street.

Each year, the amount of personal information targeted from data breaches only continues to grow. There was a new record set near the end 2015 when 191 million U.S. voters’ identities were exposed, surpassing the previous record for the largest single data beach. Personally identifiable information, including voters name, date of birth, gender, and addresses were exposed for more than a week before the database was officially shut down. Just imagine the opportunity for hackers during natural disasters when systems are down for a similar time frame.

Take “Superstorm Sandy,” back in 2012. Cyber criminals used confusion in the aftermath of the hurricane as part of a social engineering scheme to steal information. One organization received a call requesting an emergency download of sensitive personnel information needed to assist staff that had been affected by flooding. Lost internet connectivity as a result of the storm meant the help desk could not make a reasonable verification of who was making the request and sent the highly sensitive information to the bogus caller’s “backup site,” which was, as it eventually transpired, a system controlled by hackers. During times of crisis we are more susceptible to cyber criminals willing to prey on our good nature and eagerness to help.

The semi-controlled chaos of an emergency response is rife with opportunities for exposure of sensitive data. Here are five steps enterprises can take to minimize cyber exposure before, during and after a natural disaster.

  1. Security Analytics: According to the 2016 Internet Security Threat Report, the overall total number of identities exposed has jumped 23%, to 429 million. Security analytics tools allow IT managers to have full visibility into all network traffic, they can also help enterprises determine if and when anything happened, what systems and data were affected and if the attack has been contained. Monitoring these tools can also be outsourced to security service providers.
  1. Be Secure in the Cloud: During a natural disaster, buildings may be flooded or damaged and roads may be closed, ‘dedicated’ servers can lack the flexibility and access provided in a cloud environment. Access for continuing operations and first-responders operating from mobile devices can be critical in a disaster. But, it is important that your cloud is protected and monitored; access management is top priority. IT managers can use cloud access security brokerage technologies to restrict workers from creating accounts on services such as Box or DropBox and transferring restricted data. More importantly, the information residing in cloud applications can be encrypted and tokenized.
  1. Plan for Emergency Web Access & Bandwidth Management: Prioritizing access to the network becomes critical during natural disasters. With bandwidth tight, restrict and prioritize web access to only the most critical sites and resources. Set up a more restrictive web access policy prior to an emergency and be ready to deploy it when needed. Do the same for bandwidth management. Be ready to prioritize applications such as VoIP and cache critical information like official communications for viewing from a local cache.
  1. Protect social media and public websites: Customers will be looking for updates via social media and websites during and after emergencies. During these times, it is critical to protect public information resources. Web application firewalls can protect the website from common attacks, control input/output and access as well as detect unfamiliar traffic patterns. Twitter is a critical communication resource, but this can also be used to promote malicious information. Deploy security features such as two-factor authentication and verification codes for social media accounts.
  1. Practice, Practice, Practice. Table top exercises, readiness assessments and “live fire” exercises are essential to good preparation. I’m fond of the quote, usually attributed to the boxer, Mike Tyson: “Everyone has a plan until they get punched in the mouth.” Having led a significant number of crisis teams, every disaster presents unique challenges but successfully surviving a determined cyber criminal’s attempts demands on both preparation and practice.

While we can’t always predict the weather, with the right protocols for security in place, enterprises can ensure that their IT infrastructure is protected 24/7.

Delta Limping Back to Normalcy

Posted on by

After two days of cancellations due to a system-wide outage, leaving thousands of customers stranded, Delta today announced it will return to normal operation by mid-to-late afternoon. It added a caveat, however, that “a chance of scattered thunderstorms expected in the eastern U.S. may have the potential to slow the recovery.”

Delta said that by late morning on Wednesday it had canceled 255 flights whileDelta 1,500 departed. About 800 flights were canceled on Tuesday and there were around 1,000 cancellations on Monday. It also extended its travel waiver and continued to provide hotel vouchers, of which more than 2,300 were issued Tuesday night in Atlanta alone.

“The technology systems that allow airport customer service agents to process check-ins, conduct boarding and dispatch aircraft are functioning normally with the bulk of delays and cancellations coming as a result of flight crews displaced or running up against their maximum allowed duty period following the outage,” Delta said.

The company’s chief operating officer, Gil West, said on Aug. 9:

Monday morning a critical power control module at our Technology Command Center malfunctioned, causing a surge to the transformer and a loss of power. The universal power was stabilized and power was restored quickly.

buy prograf online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/prograf.html no prescription pharmacy

But when this happened, critical systems and network equipment didn’t switch over to backups.

buy strattera online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/strattera.html no prescription pharmacy

Other systems did. And now we’re seeing instability in these systems.

buy cytotec online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

For example we’re seeing slowness in a system that airport customer service agents use to process check-ins, conduct boarding and dispatch aircraft. Delta agents today are using the original interface we designed for this system while we continue with our resetting efforts.

Reuters reported:

Like many large airlines, Delta uses its proprietary computer system for its bookings and operations, and the fact that other airlines appeared unaffected by the outage also pointed to the company’s equipment, said independent industry analyst Robert Mann.

Critical computer systems have backups and are tested to ensure high reliability, he said. It was not clear why those systems had not worked to prevent Delta’s problems, he said.

“That suggests a communications component or network component could have failed,” he said.

The airline has not yet detailed the financial impact of the event.

A Risk-Based Approach to Rating and Correcting Individual Cyberrisk

Posted on by

LAS VEGAS—At this week’s Black Hat conference, some information security professionals turned to a key issue to control enterprise-wide cyberrisk: hacking humans.

buy antabuse online blockdrugstores.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

As phishing continues to be one of the top threats for businesses, hackers and security professionals here continue to try and make sense of why this threat vector is so successful and how to better defend against these attacks.

In a session called “Blunting the Phisher’s Spear: A risk-based approach for defining user training and awarding administrative privileges,” Professor Arun Vishwanath presented some of his research on the “people problem” of cybersecurity, proposing a new model for quantifying the cyberrisk posed by individuals within the enterprise and tailoring training to best mitigate the risk they pose. While many corporate training programs stage fake phishing emails and then lecture those who fail, he said, this model continues to be ineffective, as proven by the increase in these attacks and their efficacy across all industries. People are not the problem, Vishwanath asserted, rather it is in our understanding of people.

Vishwanath and his colleagues have come up with a model to explain how users think, the Suspicion, Cognition, Automaticity Model (SCAM). Faulty ideas about cybersecurity practices, popular myths and other irrational beliefs lead to illogical and unsafe practices. Automatic behaviors also play a significant role in risky behavior, particularly with mobile devices and the ritualistic checking of email – users open messages mindlessly and get so used to clicking links, downloading files or entering credentials that they do not really factor logic into these decisions.

Based on this model of why individuals act in risky ways, he recommends developing a Cyber Risk Index (CRI) based on a short, 40-question survey given to individual employees to evaluate the cyberrisk they specifically pose, which can also be aggregated across divisions, sectors and organizations.

buy prelone online blockdrugstores.com/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

buy silvitra online https://royalcitydrugs.com/silvitra.html no prescription

As the results highlight different areas of weakness that lead to the employee’s risky behaviors, the CRI can dictate the best ways to that individual and mitigate the risk.
phishing risk training What’s more, this quantitative score of individual cyber hygiene can be used to track changes in risk posture over time and to improve current decision processes regarding privileged access to the organization’s systems to better control data at risk.

buy cymbalta online blockdrugstores.com/wp-content/uploads/2023/10/jpg/cymbalta.html no prescription pharmacy

Check out Dr. Vishwanath’s whitepaper for more on this approach.

Information Security Teams Drastically Underfunded, Understaffed

Posted on by

LAS VEGAS—As the information security industry’s hackers, IT professionals, technology developers and even Hillary Clinton’s campaign descend on Las Vegas for this year’s Black Hat conference, Black Hat has released the results of a survey from last year’s convention, offering an insider’s look at the state of cyberrisk. The report offers a failing report card for current investment on cyberrisk and some key feedback for the C-suite about current risk exposure.

The Rising Tide of Cybersecurity Concern is the second annual Black Hat attendee survey. Last year’s results included the alarming findings that 72% of respondents felt it likely that their organizations would have to deal with a major data breach in the year ahead, while approximately two-thirds of respondents said they did not have enough staff, budget, or training to meet those challenges.

Unfortunately, these top security experts have only grown more concerned.

buy vilitra online rxbio.com/images/milestones/jpg/vilitra.html no prescription pharmacy

As cyberrisks proliferate – and attention from the C-suite increases – 15% “have no doubt” they will have to respond to a major security breach in the next year, with another 25% considering it highly likely and 32% calling it somewhat likely.

Yet information security teams are not getting the funding, staffing or training they need to combat this top risk. Only 26% of those polled said they have enough staff to simply defend against current threats.

buy apixaban online rxbio.com/images/milestones/jpg/apixaban.html no prescription pharmacy

Black Hat reports some 63% of security professionals say their departments do not have enough budget to defend their organizations against current threats, with 20% saying they are “severely hampered” by a lack of funding.

The training critical to effectively managing evolving cyberrisks also presents a considerable concern for many security professionals. Two-thirds of respondents said they feel they do not have enough training and skills they need to perform all of the tasks for which they are responsible — up from 64% last year. Ten percent of respondents said they feel “ill-prepared” for many of the threats and tasks they face each day.

Experts considered the top new cyberrisks:

blck hat enterprise security

The weakest links in enterprise security:

When asked why security initiatives fail, some 37% of respondents (a plurality) pointed toward this shortage of qualified people and skills, with a lack of commitment and support from top management the second-most frequently cited response at 22%.

blck hat enterprise security

“Organizational priorities such as compliance and risk measurement consistently reduce the time/budget available for security professionals to resolve issues they consider the most critical,” Black Hat noted. “These pressing issues include targeted attacks, social engineering, and internal application security troubleshooting. Although the 2015 report revealed this trend, rather than a reverse in expenditure behavior, the issue has continued to increase.

buy sinequan online rxbio.com/images/milestones/jpg/sinequan.html no prescription pharmacy

Additional findings from the survey include:

  • 37% see the re-emergence of ransomware as the greatest new threat to appear in the last 12 months
  • The attacker that 36% of security professionals fear most is the one with internal knowledge of the organization
  • While the emergence of the Internet of Things (IoT) has garnered much attention in recent years, only 9% of those surveyed are currently concerned with IoT security. However, 28% believe this will be a concern two years from now. This ranking has not altered since 2015.