Tag Archives: Cybersecurity

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

DDoS Attacks Cost Businesses $40,000 an Hour

Posted on by

One of the most common weapons in the cybercriminal’s arsenal is the DDoS attack.

buy zoloft online thecifhw.com/wp-content/uploads/2023/10/jpg/zoloft.html no prescription pharmacy

According to the network security experts at Digital Attack Map, “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

buy suhagra online thecifhw.com/wp-content/uploads/2023/10/jpg/suhagra.html no prescription pharmacy

While many have heard of these attacks or suffered from the outages they cause, most people do not understand the true business risks these incidents pose. To get a better picture of the threat, Internet security firm Incapsula surveyed 270 firms across the U.S. and Canada about their experiences with DDoS attacks. On average, they found, 49% of DDoS attacks last between 6 and 24 hours.

buy atarax online thecifhw.com/wp-content/uploads/2023/10/jpg/atarax.html no prescription pharmacy

“This means that, with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000—with some running significantly higher,” the company reported. “Costs are not limited to the IT group; they also have a large impact on units such as security and risk management, customer service, and sales.”

Check out the infographic below for more of Incapsula’s findings on the actual costs of DDoS attacks:

Darkhotel Cyber Attacks Are Targeting Traveling Executives

Posted on by

darkhotel cyber attack

Traveling business executives have been falling prey to cybercriminals acting through hotel Internet networks since at least 2009. In an ongoing, sophisticated “espionage campaign” nicknamed “Darkhotel,” thousands of people traveling through Asia have been targeted and hacked through infected hotel WiFi, cybersecurity company Kapersky Lab reported Monday. About two-thirds of the attacks took place in Japan, while others occurred in Taiwan, China and other Asian countries.

“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab. “This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”

So strategic, in fact, that the hackers appear to know the names, arrival and departure times, and room numbers of the targets. While maintaining an intrusion on hotel networks, the hackers used this information, waiting until the victim checked in and logged on to the hotel Wi-Fi, then submitting their room number and surname to log in. When the hackers saw the victim on the network, they would trick the executive into downloading and installing a “backdoor” with the Darkhorse spying software disguised as an update for legitimate software like Google Toolbar, Adobe Flash or Windows messenger. Once installed, the backdoor can be used to download other spying tools, such as an advanced keylogger and an information-stealing module.

“These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; login credentials for Gmail Notifier, Twitter, Facebook, Yahoo! and Google; and other private information,” Kapersky explained. “Victims lose sensitive information likely to be the intellectual property of the business entities they represent.”

While the company has identified the means of attack and many of the victims, the hackers carrying them out remain active, the company warned. The attackers did leave a footprint in part of the malicious code—two Korean characters—but, while the cryptographic skills suggest there may be a government entity behind it, some elements of the attacks could be performed by the most basic cybercriminals, and no one has been identified.

Kapersky Lab offered tips to guard against Darkhotel and other cybersecurity threats targeting travelers:

When traveling, any network, even semi-private ones in hotels, should be viewed as potentially dangerous. The Darkhotel case illustrates an evolving attack vector: individuals who possess valuable information can easily fall victim to Darkhotel itself, as it is still active, or to something similar to a Darkhotel attack. To prevent this, Kaspersky Lab has the following tips:

  • Choose a Virtual Private Network (VPN) provider—you will get an encrypted communication channel when accessing public or semi-public Wi-Fi
  • When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor
  • Make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection

Engaged Boards Lead to Better Information Security Practices

Posted on by

Board of Directors

According to a new study from Protiviti, engagement by a company’s board of directors is a critical factor in best managing information security risks.

Overall, engagement and understanding of IT risks at the board level has increased, yet one in five boards still have a low level of comprehension. As the report states, this suggests “their organizations are not doing enough to manage these critical risks or engage the board of directors in a regular and meaningful way.” Further, while large companies do exhibit stronger board-level engagement, it is not a dramatic distinction.

Overall engagement data

Of those companies that have implemented all core security policies—an acceptable use policy, record retention and destruction policy, written information security policy (WISP), data encryption policy, and social media policy—78% have boards with a high or medium level of engagement on information security. Even rudimentary security measures appear to vary with board engagement. Three out of four organizations with engaged boards have a password policy, while just 46% of those with medium or low levels of engagement have this basic provision in place.

IT Security Measures

The study did find two particularly alarming trends, both in companies with and without risk-aware boards. There was a significant increase this year in the number of organizations without a formal, documented crisis response plan to address data breach or cyberattack. Further, a surprising number of companies still do not have core information security policies. “One in three companies do not have a written information security policy (WISP). More than 40% lack a data encryption policy. One in four do not have acceptable use or record retention/destruction policies. These are critical gaps in data governance and management, and ones that carry considerable legal implications,” the report states. “On the other hand, organizations with all of these key data policies in place have far more robust IT security environments and capabilities.”

 

The Evolving Cyberrisk Landscape and the Insurance Industry

Posted on by

Cyberrisk

Rapidly developing computer technologies and the unrelenting evolution of cyberrisks present one of the biggest challenges to the (re)insurance sector today. Liabilities from cyberattacks and threats to the data security of cloud computing and social media have become key emerging risks for carriers. The unprecedented rise in cyberattacks, in addition to the threat cyberrisk poses to global supply chains, has seen the cyberinsurance market grow significantly in recent years.

Client demand for cyber coverage has been growing, on average, 30% annually in the United States over the past several years, according to Marsh. While demand varies by industry, the one constant has been that more clients are investigating and analyzing existing traditional insurance coverage and whether they need standalone cyberrisk insurance coverage.

Because cyberrisk is associated with the use of technology and the handling of all data and information, the threat transcends a company’s information technology (IT) department as well as what is confined to the internet. To help overcome some misconceptions that still exist for cyberrisks, some clarity around business exposures is needed to understand the scope of the threat.

Cyberattacks pose a danger to global supply chains

Cyberrisks are not isolated and are usually connected to other risks. Many companies that are exposed to cyberrisks are, for example, also exposed in turn to risks to their supply chain. Due to technological innovation and advances, many parts of a company’s or industry’s supply chain have become interconnected and automated.

Most commercial entities today are exposed to these risks as a growing number of businesses become more interconnected globally. A single cyberattack has the potential to put an entire company’s supply chain at risk. Therefore, cybersecurity and supply chain risk management must be considered in conjunction with one another.

There are a range of risks when it comes to online/computer security. Cyberattacks can result in first party liability, including business interruption, computer security breaches, privacy breaches of confidential information and even third-party liability losses. Technology failures have begun to outpace adverse weather, fire and social unrest as the major force in disrupting a corporate supply chain, according to a recent Guy Carpenter report.

Everyone is at risk – individuals, companies and governments

In 2014, cyber issues have become more of a concern for companies that once felt they had relatively little exposure. In fact, cyberattacks were ranked fifth among the top five global risks in terms of likelihood in this year’s World Economic Forum’s annual Global Risks 2014 report.

Governments consider cyberattacks to be among the most serious economic and national security challenges now facing them. And through the ubiquitous use of the internet, mobile devices and social media, companies of all sizes and in all nations are now finding themselves at risk of falling prey to the full range of cyber perils. Such attacks can run from hackers shutting down a company’s network, gaining access to customers’ and employees’ personal and financial information, to the theft of business trade secrets.

More data laws and regulations in place

High-profile data breaches and other cybersecurity incidents have become more commonplace with increasingly onerous outcomes. Target, one of the largest retailers in the United States, suffered a massive cyberbreach late last year which involved the theft of approximately 40 million credit and debit card account details as well as personal data of nearly 70 million customers. The breach reportedly occurred when hackers used the retailer’s heating and cooling vendor’s system to navigate their way into the retailer’s records. The resulting publicity cost the company a significant amount in lost sales, loss of reputation, class action lawsuits, and may have contributed to the ouster of the chief executive officer. And most recently, a U.S.-based online auction site announced that hackers accessed the company’s 145 million user accounts and urged customers to change their passwords.

More recently, home improvement chain Home Depot became the victim of another credit card data breach and the FBI is reportedly investigating cyberattacks at some of the largest banks in the United States.

As cyber incidents affect both consumers and institutions, governments everywhere are putting more data privacy laws and regulations in place in regard to disclosure and other related safeguards. In the United States, there are laws that require the protection of both personal financial and health information. Last year, the U.S. Securities and Exchange Commission, which oversees publicly-traded companies, adopted a directive requiring certain regulated financial institutions and creditors to adopt and implement identity theft programs in light of the new cyber threats.

Risk mitigation and insurance

With governments considering and enacting new laws in response to the rising number of cyber events, companies, especially those in the United States, are taking a closer look at cyberrisk mitigation, including insurance coverage of breaches and attacks.

Media reports of serious data breaches have prompted more companies to buy cyber coverage of $100 million or more compared to the prior year, Marsh said in its March 2014 report Benchmarking Trends: Interest in Cyber Insurance Continues to Climb.

Traditional insurance products often do not cover risks that cover damages resulting from an incident like a computer breach.

buy neurontin online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/neurontin.html no prescription pharmacy

As such, specific cyber liability insurance may be necessary.

The very process of applying for cyberrisk insurance is a constructive exercise for raising awareness and identifying potential vulnerabilities.

buy zantac online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/zantac.html no prescription pharmacy

By engaging in that process, a company can perform a review of information security protocols with respect to access control, physical security, incident response and business continuity planning.

buy diflucan online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

As a result, businesses and other institutions are finding that cyberinsurance products have been broadened to include coverage that now addresses nearly all aspects of technology-based risk faced by today’s companies. Carriers have been adapting their policies to include a variety of loss prevention and risk mitigation tools, ranging from turnkey breach response teams to pre-emptive risk analytics.

As cyberthreats become more severe, more frequent, and continue to change along with technological advances, the (re)insurance industry will continue to stay one step ahead by creating new forms of cyberrisk coverage to meet the needs of their clients.