Tag Archives: Cyber Risk

LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Make your crypto transactions simpler with a MetaMask Download. It’s an ideal solution for accessing decentralized finance tools without hassle.

DDoS Attacks Cost Businesses $40,000 an Hour

Posted on by

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack.

buy zoloft online thecifhw.com/wp-content/uploads/2023/10/jpg/zoloft.html no prescription pharmacy

According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

buy suhagra online thecifhw.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours.

buy atarax online thecifhw.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

“This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks:

Tom Ridge Tells Cyber Conference Insurance Should Incentivize Risk and Resilience Planning

Posted on by

tom ridge advisen cyber risk conference

More Americans worry about being hacked than they are of mugging, burglary, sexual assault, murder, or physical harm of a child, according to a new Gallup poll. While hacking concerns did increase with household income, they impacted a majority of Americans in every income and age bracket, while no other form of violent crime surpassed 45% of those polled.

A new survey from Advisen and Zurich found that this fear is nearly universal for companies as well. Across industries, 88% of businesses view cyber as at least a moderate risk – up to 93% among larger businesses and 81% among small. Despite this widespread recognition, however, fewer businesses have a breach response in place than just a year ago. In 2014, only 62% have a response place – a 10% decrease from 2013. Yet 66% now use cloud services, presenting a 20% jump from last year.

“Clearly, security concerns are being outweighed by the benefits of technology,” said Erica Davis, Zurich vice president and assistant national manager for E&O, while presenting the findings on Tuesday at Advisen’s Cyber Risk Insights Conference.

Throughout the conference, consensus was clear: the 69% of Americans and 88% of businesses are on the right track, as their fears are well-founded. “There are two types of banks today: those that have been breached, and those that will,” Roc Starks, senior vice president and director of corporate insurance at Citizens Bank, said at one of the day’s panels. “First response is the critical difference in how banks and customers will fare.”

Keynote speaker and former Director of Homeland Security Tom Ridge (now of Ridge Insurance Solutions) shared this outlook on cybersecurity across industries. “There are going to be breaches,” he said. “Resilient companies are the ones that are prepared to respond.”

Yet breach response without risk management and an eye toward mitigation is no longer sufficient. “Those prepared to organize around risk and resilience are those that will withstand and lead,” he added. “By the time we get here next year, the risks will be different – the digital sun will never set.”

The landscape of cyberrisk and hacking schemes is constantly evolving, and changing at a scale and speed unlike anything seen before, Ridge said. For attendees, there was little doubt about this insight, as panelists throughout the day detailed new phishing schemes seen, top areas of emerging vulnerability, and the myriad breaches they or their industry colleagues have navigated. More companies are investigating the most useful forms of coverage for their unique exposures and exploring what management structures and risk owners are most effective to monitor and mitigate cyber. The recognition is there, and so are some of the solutions, but the insurance landscape must still evolve, as must the strategies. “We’ve seen a mind-shift,” Ridge said. “CEOs get it, but they do not know what to do and who the threats come from.”

To that end, there is more the industry can do to help. Ridge lauded the idea of “intelligent insurance,” arguing that, in addition to devoting greater resources to investigating cyber threats, the insurance industry should turn its attention to incentivizing companies to manage cyberrisk more effectively.

Much as in insurance disciplines like kidnap and ransom, some of the greatest benefits of insuring cyberrisk may come from the processes of evaluation and contingency planning. According to Ridge and other conference speakers, finding out how to oversee and incentivize those processes may be the next adaptation for cybersecurity insurers.

Be Proactive in Managing Whale Phishing Risks

Posted on by

Shutterstock, Chris Roe

The rash of incidents involving whale-phishing has created new challenges for risk managers. In these cases, criminals use a combination of emails and phone calls to scam companies out of large sums of money through fraudulent wire transfers.

Perpetrators use emails that appear to come from senior executives to instruct employees that have access to a company’s finances to transfer large sums of money to temporary accounts held by the criminals. By the time the fraud is discovered, accounts typically have been closed and the criminals can’t be traced.

Managing this exposure calls for careful planning and a coordinated effort both within the organization and with external providers and trading partners. For risk managers, navigating this exposure might involve the following steps:

• Assess your vulnerabilities. Form an “anti-whale-phishing” team with executives from your finance/treasury, security, legal, operations, IT and HR departments to identify where your firm might be vulnerable and the individuals most likely to be targeted by outside perpetrators.

buy biaxin online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/biaxin.html no prescription pharmacy

• Establish clear protocols for any fund transfers. Make sure there are multiple internal steps for approval of any financial transactions that exceed defined sums.  Don’t allow any exceptions and make sure all senior leaders of the firm are aware of the protocols, comply fully and consistently reinforce them with staff.

buy avodart online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/avodart.html no prescription pharmacy

• Communicate protocols within your organization. Be sure everyone with access to funds who might be targeted for these types of scams is fully aware of the protocols, the reasons they are being implemented, understands there are absolutely no exceptions, and knows how to report any email,  phone call or other communication that appears suspicious.

• Coordinate with your banking/financial institutions. Establish protocols with your financial institutions with respect to any requests for wire transfers that exceed clearly identified thresholds.

• Check your crime insurance coverage. Meet with your broker to review how your crime policy might respond to any claims related to whale-phishing losses. You may have to arrange a meeting with your insurer to clarify or add policy language that will extend coverage for these types of losses.

• Look for coverage opportunities under cyber policies. Your broker will help you determine how and whether your current cyber insurance policy might address first-party losses, such as those resulting from a whale-phishing attack. As protection under cyber insurance policies continues to expand, see if there is related coverage under newer stand-alone policies.

• Maintain organizational vigilance. Work with your anti-whale-phishing team to continue to monitor risks associated with whale-phishing. Monitor changes in employee responsibilities, promotions, new hires, adjustments in banking relationships, email system updates, and any other developments that may affect your organization’s vulnerability to potential risks.

• Remember, time is not on your side. Plan ahead to know what federal investigative agency is best for you, such as Secret Service or the FBI. Call them while the bad guys are still communicating and before you take actions to scare them off.

As these scams evolve and become more sophisticated, whale-phishing is likely to remain a significant risk for businesses and other employers. By taking steps before a loss occurs, risk managers can put their organizations in position to manage this difficult and potentially costly exposure.

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”