Tag Archives: Cybersecurity

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Cybercrime Costs Global Economy Up to $575 Billion

Posted on by

Cybersecurity

Cybercrime costs the global economy about $445 billion every year, though the damage may be up to $575 billion, according to a new report from the Center for Strategic and International Studies and software company McAfee. Further, the damage to businesses exceeds the $160 billion loss to individuals.

“Cyber crime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors,” said Jim Lewis of CSIS. “For developed countries, cyber crime has serious implications for employment.”

Indeed, the biggest economies have suffered the most – the losses in the United States, China, Japan and Germany totaled at least $200 billion.

Businesses are sitting up and taking notice. A recent survey from Munich Re found that 77% of mid-size to large companies have or will have cyberinsurance in the next year. Yet, of the 23% that do not plan to buy insurance, nine out of 10 said this was because current coverage available does not meet their needs or would not be relevant for their business.

What are companies doing to manage cyber risk? Munich Re found:

Munich Re graph

Reputational damage has emerged as one of the biggest sources of loss from cyberbreach. Respondents said the biggest risk an incident would have pose to their business’s reputation is:

Munich Re reputational risk of cyberbreach

 

Insuring Against Third-Party Cyberrisk

Posted on by

The tremendous growth in cyber insurance is being fueled in part by the desire of companies to cede some of the risk of a cyber breach to insurers.

  In many cases insurers are eager to take on this risk—provided they can objectively quantify and understand the risks they are underwriting.

However, is it enough to only look at the cyber risk of the insured?  Increasingly companies are being attacked through their third-party vendor networks; one study by the Ponemon Institute reported 23% of data breaches are attributable to third party vendors. As companies share critical customer information with vendors, they expose themselves to a breach through these extended networks. Criminals have even started to target small to medium sized companies as a way to access the sensitive information of the larger firms they serve.

One case of this new tactic is documented in a recent New York Times article in which a mischievous attack was perpetrated by inserting malware into a Chinese take-out menu favored by employees of the targeted company. Last December, when Target Corp was breached and hackers stole credit card data for 70 million customers, the attack was traced to malicious code getting into Target’s network through a heating and air conditioning vendor.

For an insurer, these risks are very real and pose a potential blind spot in the risk assessment process.  When a breach occurs through a third-party vendor and involves the loss of sensitive data on behalf of a customer, the financial and reputational damage that ensues falls primarily on the owner of the data—and their insurer. While insurers today are grappling with the task of evaluating the cyber risk of the insured themselves, often there is little thought given to the cyber security of the insured’s third-party vendors.

Some underwriters are asking prospective clients to list their critical vendors in policy applications, but this is primarily to identify areas of risk aggregation—where a large percentage of insureds are all relying on the same set of vendors.

 Identifying risk aggregation is an important part of overall risk assessment, however simply enumerating critical vendors and identifying potential aggregation issues fails to identify whether those vendors are secure.

In order for underwriters to overcome this obstacle, objective cyber risk metrics can be used to both assess the insured AND their critical vendors. Ratings can be a valuable tool in identifying problem areas within an insured party’s internal network and extended ecosystem. Identifying and mitigating these problems before a breach occurs can help both client and insurer avoid costly monetary losses and damage to their reputation.

New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better

Posted on by

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

Verizon Data Breach Investigations Report

Verizon’s report also offers specific information about the patterns and advice on how to respond to them.

Many sources of vulnerability come from within, and there is less variation than you might expect in terms of who the riskiest workers may be.

buy atarax online www.handrehab.us/images/patterns/jpg/atarax.html no prescription pharmacy

A survey by the Pew Research Center found that 18% of adults have had important personal information stolen online, including Social Security number, credit card, or bank account information—an 8% increase from just six months ago. Further, 21% of adults who use the internet have had an email or social networking account compromised. Two groups that make up a large part of the workforce were hit particularly hard during this period: young adults and baby boomers. The percentage of individuals in these groups who had personal information stolen online doubled between July 2013 and January 2014.

buy symbicort online www.handrehab.us/images/patterns/jpg/symbicort.html no prescription pharmacy

stolen personal data by age

But as this chart shows, all age ranges have experienced a significant amount of data theft as of the beginning of the year.

Indeed, according to meetings-software company TeamViewer, 92% of IT administrators have seen troublesome habits among office workers using company computers. These risky behaviors are frequently known to open the work system to viruses or other malware, including:

  • Browsing social media websites (reported by 82% of IT admins)
  • Opening inappropriate email attachments (57%)
  • Downloading games (52%)
  • Plugging in unauthorized USB devices (51%)
  • Plugging in unauthorized personal devices (50%)
  • Illegal downloads, such as pirated movies, music or software (45%)
  • Looking for other jobs (39%)

Further, nine out of 10 IT administrators reported witnessing problems to company equipment because of these actions, including viruses (77%), slow computers (74%), crashed computers (55%), mass popups (48%) and inability to open email (33%). Not only do these behaviors leave corporate infrastructure at risk, but they may endanger the overall HR program, as a vast proportion of IT workers report feeling frustrated, angry and discouraged.

buy xenical online www.handrehab.us/images/patterns/jpg/xenical.html no prescription pharmacy

Up to 12% even said that they were considering quitting over these bad behaviors and increased strain on the IT department.

So what can you do? Administrators agreed that better security software, using remote access to fix problems, installing disk cleanup software, integrating automatic backup solutions, and offering the ability to telecommute would all help mitigate these issues and make their jobs easier.

Counterintelligence Now Riskier Than Terrorism, Intelligence Officials Report

Posted on by

National Security

During a Senate hearing yesterday, top U.S. intelligence officials released a new threat assessment report that outlines the top risks to national security. While cybersecurity remains the greatest threat for a second year, the report said dangers from foreign spies and from leakers have surpassed terrorism as threats.

This revision follows a year that illustrated just how vulnerable the United States is to counterintelligence—both foreign spying and the leaking of information. In May, the Defense Department explicitly accused the Chinese government of launching cyberattacks against the U.S. government computer systems and defense contractors “in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.”

According to Rep. Mike Rogers (R-Mich.), chair of the House Intelligence Committee, the theft of proprietary information and technology by the Chinese constitutes “the largest transfer of wealth illegally in the world’s history” and has cost the U.S. an estimated $2 trillion. “We are in a cyber war today,” Rogers said in July. “Most Americans don’t know it. They go about their lives happily. But we are in a cyber war today.”

Director of National Intelligence James Clapper also pointed to leaks from National Security Agency contractor Edward Snowden to illustrate the danger posed by the exposure of classified information. Terrorists are “going to school” on the information revealed, he claimed, calling Snowden’s act the “most damaging theft of intelligence information in our history.”

According to Clapper’s report, the top five threats from 2013 and for 2014 are:

2013

  1. Cyber-attacks, cyber-espionage
  2. Terrorism and Transnational Organized Crime
  3. WMD Proliferation
  4. Counterintelligence
  5. Counterspace (attacks on satellites, communications)

2014

  1. Cyber-attacks, cyber-espionage
  2. Counterintelligence
  3. Terrorism
  4. WMD Proliferation
  5. Counterspace