Tag Archives: cyberrisk

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Risk Management, Board Collaboration Can Bolster Cyber Defense

Posted on by

Risk management executives are charged with preparing companies for, and protecting them from, a broad array of emerging risks. Today, there is perhaps no threat that poses more danger than a cyberattack, which could result in a data breach or compromising sensitive information. Given the rapid increase in frequency and severity of high-profile cyberattacks in recent months, organizations must confront cybersecurity issues with greater focus, specificity and commitment.

Of note, an astounding 43% of U.S. companies experienced a data breach in the past year, according to the Ponemon Institute’s 2014 annual study on data breach preparedness, a 10% increase from 2013. These alarming trends are compelling companies to create programs centered on cyber risk awareness, education and preparedness. These programs are vital to the company’s performance and growth; the 2014 Cost of Data Breach Study by IBM and the Ponemon Institute reveals that the average cost to a company from a data breach was about $3.5 million per breach in 2014 – a 15% increase since last year. A company’s intellectual property and customer data may also be compromised in a cyberattack, expanding potential casualties beyond financial losses.

Risk management executives cannot confront this issue alone. Because the responsibilities of management and boards of directors are not limited to having a thorough understanding of cybersecurity issues, they must also be aligned on a clear-cut strategy for both preventing and responding to cyberattacks. This strategy includes efforts to improve education, implement preparation measures before an attack strikes and continued adherence to best practices in all board-related activities.

Awareness and Education

At the most fundamental level, boardrooms must increase the company’s resiliency in the face of cybersecurity threats by increasing awareness of the topic and the associated risks. Unfortunately, boardrooms are struggling to properly educate directors on the topic: a 2012 Carnegie Mellon poll of how U.S. boards are managing cyber risks found that 71% rarely or never review privacy and security budgets, 80% rarely or never review roles and responsibilities, and nearly two-thirds rarely or never review top-level policies. Additionally, more than half of directors surveyed rarely review security program assessments. Every director should make cybersecurity a topic on the board’s agenda and ask questions if there is any confusion or doubt.

Preparation

Directors who are properly aware and educated on the topic of cybersecurity are therefore more prepared and versed in the case of a crisis, not only as individuals but as a collective management team. Given the potential economic consequences of these attacks, it is essential that boardrooms are aligned on the company’s response strategy. It is critical that there be a clear understanding among all levels of a management team about who is responsible for managing this issue. Directors who are familiar with their company’s IT department are better able to determine if the team is equipped to effectively address cybersecurity. Cyber policies must remain updated and understood by all in order to decrease chances for exposure.

Best Practices

A critical part of boardroom preparedness is ensuring that directors are pursuing best practices to decrease changes for exposure and there increase resiliency. There are several practices companies can adopt to ensure this level of preparation:

  • Education and preparation: Board members must be educated on cybersecurity and its risks so that they are prepared to manage any situation or crisis. Oftentimes, companies increase their vulnerability by failing to provide directors with the proper tools and information.
  • Secure communication: Companies must provide board members with a secure way to share and communicate about critically sensitive information. In order to prevent careless oversharing, this information should never be sent via email. Board members must have a thorough understanding of cloud services. Although these solutions provide an easy way to upload and download files, many have been successfully hacked, compromising private files and email addresses.
  • Collaborate and strategize: When directors have a clear understanding of cyber security and the associated risks, they are more equipped to collaborate and strategize around managing any issues related to cybersecurity. With increased board-level conversation about cybersecurity, directors are able to determine if managing cybersecurity is the purview of the audit committee, a separate committee, the company’s IT department or CIO.

Education, awareness and preparedness are critical components to help mitigate vulnerability and risks of cyberattacks. Boardrooms must be open to embracing new strategies and technologies in order to ensure their communication capabilities are secure while remaining fast and accessible. Organizations need to prioritize cybersecurity training to ensure that boardrooms are acting in the company’s best interest and are confident in its cyber crisis response strategy. Although risk has been an evolving factor impacting businesses of all types and sizes throughout history, cybersecurity presents a new challenge—and it is one that can be confronted successfully with the correct management strategy and tools.

Lessons from MBIA: When Breaches Go Viral

Posted on by

data breach

We can add another breached company to the ever-growing list: the Municipal Bond Insurance Association (MBIA). While not necessarily unique from other breaches we’ve seen lately, the MBIA incident brought another aspect of breach fallout into the public eye, and that’s the potential for data exposures to go viral. These viral breaches generate tendrils of compromised information that reach far and wide, creating a nightmare for containment—and public relations.

Known as the largest bond insurer in the country, MBIA services accounts for many government investment pools. In late September, the company was alerted by an ethical hacker that hundreds of pages of customer data were showing up online for all to see. We’ve since learned that one of the company’s database servers had been improperly configured, resulting in the exposure of highly sensitive data. Account numbers were compromised along with customers’ names, account balances and other confidential information. But the damage didn’t stop there. Not only was MBIA’s customer data floating around the Internet for all to see, it also had been indexed by several search engines. Information that should have been heavily protected was now on the Web in multiple locations, far outside the control of MBIA.

The release of customer data wasn’t the only problem. High-level security keys were also exposed and indexed, including administrative credentials and instructions for creating new deposit accounts. Not only were cybercriminals given a nearly perfect tutorial to dig into additional data held by MBIA that hadn’t been compromised in the first go-round, the instructions also provided a way for thieves to quietly pull funds out of the compromised accounts. The integrity of MBIA’s systems had been damaged far beyond a simple data breach.

Piling on to the organization’s woes were two failures of their own making. One is that their Oracle server is commonly known to need careful configuration to avoid a potential security gap.

buy atarax online meadfamilydental.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

Oracle has even provided documentation to help administrators configure it correctly and ensure the servers are secure. The other was that MBIA was actually notified of the exposure more than a week before the company finally cut off access to the compromised server.

buy diflucan online meadfamilydental.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

Not only was the company behind the curve in configuring its critical infrastructure correctly, it then delayed in fixing a problem that was brought to its attention.

In many respects, MBIA’s breach wasn’t all that different from other breaches. Network vulnerabilities are common avenues for hackers, and security warnings have been known to be overlooked. Target’s massive 2013 breach and similar recent exposures back this up.

buy estrace online meadfamilydental.com/wp-content/uploads/2023/10/jpg/estrace.html no prescription pharmacy

Unfortunately for MBIA, these factors all came together in a perfect storm that resulted in a truly viral breach. Sensitive customer data was compromised and unspeakably valuable credentials and account creation instructions were also exposed. The indexing of that information on more than one major search engine spread the leaked data far and wide. Containment and mitigation became exponentially more difficult.

There is some reasonably good news in all of this. At this time, it doesn’t appear any of MBIA’s clients were defrauded as a result of the breach—yet. There are also important lessons we can learn from MBIA’s mistakes. Network assets must be carefully administered, as their security is one of the first lines of defense against criminals. In addition, security warnings—whether they’re provided by ethical hackers, concerned customers or automated intrusion detection systems—must be immediately checked out.

We have the tools to thwart thieves.
buy temovate online https://royalcitydrugs.com/temovate.html no prescription

Now is the time to use them.

DDoS Attacks Cost Businesses $40,000 an Hour

Posted on by

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack.

buy zoloft online thecifhw.com/wp-content/uploads/2023/10/jpg/zoloft.html no prescription pharmacy

According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

buy suhagra online thecifhw.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours.

buy atarax online thecifhw.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

“This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks:

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”