Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Travelers Stages Live Hack to Examine Realities of Cyberrisk

NEW YORK—Yesterday, Travelers hosted “Hacked: The Implications of a Cyber Breach,” a panel of the insurer’s top experts and outside consultants drilling down into the realities of the cyber threat.

According to Travelers’ brand new 2015 Business Risk Index, cybersecurity rose from the #5 threat in 2014 to the #2 threat perceived by business leaders, with 55% most concerned about malicious and criminal attacks.

In an exercise to show just how valid that concern it is, panelists Kurt Oestreicher, a member of the cyber fraud investigative services team at Travelers, and Chris Hauser, former Silicon Valley FBI agent and current member of the cyber fraud investigative services team at Travelers, successfully carried out a live hack. Using a fake website created for this demonstration, the experts staged an SQL injection attack—the same kind of attack as Heartbleed, these are still responsible for 97% of breaches. Using an open-source penetration testing program that Hauser described as “point and click hacking,” they easily found a way to tunnel into the site’s SQL database. The process of scanning for vulnerabilities and acting on a known exploit—in other words, conducting the actual, successful “hack”—took about two minutes, including the time Hauser spent talking the audience through the process.

The program used to conduct this hack was free, and the number of resources readily available for free or very low cost means that more everyday businesses will become victims as malicious actors face very few obstacles to attempt a hack. “As tools and techniques like this become more common, it becomes far easier to target small- and medium-sized businesses and that exposure increases, especially because there are such low costs up front,” said Oestreicher.

Every day in the United States, 34,529 of these known computer security incidents take place. Yet many go undetected, and a lot are willfully unreported. While larger breaches impact more records, the preponderance of breaches strike Main Street businesses, not Wall Street corporations. In fact, of those that are identified and reported, 62% of breaches impact small and medium-sized businesses, Travelers found. Increased awareness among this group has yet to translate into increased coverage, however. According to a survey by Software Advice, insurance penetration among this group hovers at just over 2%, a trend Mullen has seen in the field as well. “Only about 10% of those who should have that coverage actually do,” he said.

According to data from NetDiligence, those incidents that are covered by insurance break down as follows:

NetDiligence Cyberinsurance Claims by Business Sector

NetDiligence Cyberinsurance Claims by Data Type

With hefty fines, costly investigation and notification requirements, and possible lawsuits and class actions, the true costs rapidly spiral. According to Mark Greisiger, president of data breach crisis services and security practices company NetDiligence, the average cost of a breach is $733,000 for SMBs—before any possible lawsuits or fines. Per record, the cost ranges from 1 cent to $1,000, based on the type of information contained. The average legal settlement after such breaches is currently about $550,000. Yet these numbers primarily reflect incidents where insurance was in place. Without the trusted vendor agreements, for example, the cost of retaining forensic investigation services in the midst of a crisis can be up to three times higher, he reported.

Recovering from these incidents varies wildly by the type of records exposed, and the resources available to aid in the effort. “It’s a wild pain in the butt with insurance,” said breach coach John Mullen, a managing partner of the Philadelphia Regional Office and chair of the U.S. Data Privacy and Network Security Group at Lewis Brisbois Brisgaad & Smith. “Without insurance, it’s a small- and medium-sized business killer. The Main Street story is a $2 million bill and no business.”

In the 2015 Business Risk Index, Travelers also shared a more detailed view of preparedness among specific industries:

Business Risk Index Cyber Preparedness

Guarding Against PoSeidon and Other Point-of-Sale Breaches

According to Cisco’s Security Solutions team, there is a new malware family targeting point-of-sale (PoS) systems, infecting machines to scrape memory for credit card information and send the payment card data to servers for harvesting and, likely, resale. This malware, which the group has nicknamed PoSeidon, works like this:

Unlike other PoS memory scrapers that store captured payment card data locally until attackers log in to download it, PCWorld reported, PoSeidon communicates directly with external servers and can update itself automatically, and also has defenses against reverse engineering.

PoS malware using the “memory scraping” technique also caused the Home Depot and Target data breaches. In the latter, hackers were able to save names, credit card numbers, expiration dates, security codes from the backs of cards and encrypted PINs when at least 40 million customers swiped at in-store registers.

“The new PoSeidon malware has retailers on alert, particularly as the frequency and relative ease with which POS system breaches are occurring is forcing them to take a closer look at their IT infrastructure and reassess how secure it actually is,” said Andrew Avanessian, EVP of consultancy and technology services at security firm Avecto. “It is also prompting many to ask, what will it take to get ahead of these attacks?”

Avanessian believes the answer is clear: a more defense-in-depth approach to security. “While perimeter technologies like firewalls can prevent against certain types of external attack, it cannot block malware that has already found its way onto endpoints within an organization,” he explained.

buy abilify online metabolicleader.com/p7pmm/img/jpg/abilify.html no prescription pharmacy

“With a multi-layered security strategy that incorporates solutions like patching, application whitelisting and privilege management, organizations can more effectively protect against the spread of malware, defending their valuable assets and ultimately their reputation.”

As I wrote in the March 2014 issue of Risk Management, the adoption of EMV chip technology presents one of the most promising ways to increase PoS security. Already common in Europe, EMV technology—named for its founders, Eurocard, MasterCard and Visa—utilizes embedded chips that, unlike magnetic strips, make it nearly impossible to counterfeit cards. In Europe, 81% of cards have EMV chips, and countries that have adopted the technology saw sharp declines in credit card fraud. Meanwhile, the United States accounts for 27% of worldwide credit transactions, but sees 47% of card fraud.

As organizations roll-out chip and pin technology across the country, these breaches may start to decline, Avanessian agrees, but he urges a more holistic approach to fighting PoSeidon and other PoS malware. “EMV (or chip-and-pin) will absolutely help stop card fraud, however, retailers should not become complacent and think this is the silver bullet they have been waiting for,” he said. “Yes it will help stop fraud once the details have been stolen, but it does not stop businesses from being breached. Companies gather a huge amount of data about their patrons, such as names and addresses, and this data is still valuable to fraudsters.

buy lexapro online metabolicleader.com/p7pmm/img/jpg/lexapro.html no prescription pharmacy

Unless retails take a multi-layer defense-in-depth approach to security, they will still get breached.”

To prevent consumers from losing and shopping elsewhere, Avanessian believes it is critical to evolve the means of combatting cyberattack just as the means of hacking has changed. “In our experience, retailers are still relying on antiquated ‘detection’-based technologies to keep the bad guys out. They all spent hundreds of thousands of dollars on detection, yet they still get breached,” he said.

buy arimidex online metabolicleader.com/p7pmm/img/jpg/arimidex.html no prescription pharmacy

“The world has changed, the players have changed, cyberattacks are now a trillion dollar industry—the approach has to change.”

Most Companies Miss Easiest Ways to Boost Workplace Cybersecurity

Despite increasing attention to cybersecurity and a seemingly constant stream of high-profile data breaches, the primary security method used in businesses worldwide remains the simple password. According to a recent study, the average person now has 19 passwords to remember, so it is not surprising that the vast majority of passwords are, from a security perspective, irrefutably bad, including sequential numbers, dictionary words or a pet’s name.

A new report by software firm Software Advice found that 44% of employees are not confident about the strength of their passwords. While many felt their usage was either extremely or very secure, the group reported, “our findings suggest that users either remain unaware of the rules despite the hype, do not believe them to be good advice or simply find them too burdensome, and thus opt for less secure passwords.

online pharmacy advair with best prices today in the USA

Among the biggest password sins employees commit:

Employee Password Worst Practices

But company culture and IT leadership may be partly to blame. “If management is lax about enforcing best practices, then leadership must share the blame when workers take shortcuts—and perhaps even accept the lion’s share of it,” the report reads.

online pharmacy tobradex with best prices today in the USA

Only 54% of businesses require complex passwords, and other shortcomings in best practice enforcement include:

Enforced Workplace Password Best Practices

White House Cybersecurity Coordinator Michael Daniel has previously said that he “would love to kill the password dead as a primary security method,” and 14% of companies are leading the charge, using biometric identification instead. Clearly, however, there is plenty that IT departments can implement now to boost cybersecurity without adopting advanced and costly measures like retina scans or fingerprints.

online pharmacy buspar with best prices today in the USA

New Year Resolutions for Better Enterprise Security

Forecasting what the IT security landscape will look like in the year ahead has become an annual technology tradition, and following 2014 as the Year of the Data Breach, I think anyone could make a fairly accurate guess as to what the major trend of the New Year will be: more data breaches.

Forty-three percent of organizations reported a data breach in the past year, a figure that Forrester predicts will rise up to 60% in 2015. And it’s not just the frequency of breaches that we will see escalate in the year ahead, but also that malware will be increasingly difficult to dismantle. P2P, darknet and tor communications will become more prevalent, and forums selling malware and stolen data will retreat further into hidden corners of the Internet in an attempt to avoid infiltration.

By now, it is no longer a matter of if your business is going to be breached, but when. The last thing any organization needs as we enter another year of risk, is a blind side. The good news, though, is that there are ways to prevent them if we act immediately.

We know that an increase in cyber-attacks by stealthier hackers and more sophisticated malware is a sensible prediction – more important, now, is thinking about our resolutions, and how to prepare against what may be lurking ahead.

Here are my top New Year Resolutions for better enterprise security in 2015:

Layer Proactive Defenses

In 2014, many businesses were bitten by data breaches despite spending millions on state-of-the-art, next-generation solutions. In 2015, organizations will have to think smarter and build security from the ground up, layering defenses rather than relying on next-gen panaceas.

Furthermore, this kind of multi-layered approach should encompass more proactive measures – reactive “detective” tactics no longer cut it. Malware has always been hard to detect, and yet I see company after company relying too closely on detection technologies like antivirus (which, believe it or not, works only 50% of the time at best).

Lock Down Data

Following widespread data losses in 2014, businesses should resolve to lock down access to corporate systems and data. This starts with implementing greater control over user accounts and administrative privileges. Employees should always be logging onto systems as a standard user, and even then, businesses need to continue to control and monitor access to files and databases with active anomaly detection. Regular reviews of user roles and their access requirements should become a standard practice.

Ask More Questions

Heartbleed, Shellshock and recently, SChannel attacks have all shaken our confidence in common protocols that underpin much of the internet. Organizations need to practice greater scrutiny in evaluating what is offered by their selected vendors to ensure patching is swift and targeted. Far more questions should be asked around vendors’ processes for code auditing and testing.

Look to Two-Factor Authentication

Many of the attacks of 2014 could have been prevented by two-factor authentication, from the iCloud breach to the eBay compromise. Organizations should be looking to implement two-factor authentication as a way to prevent stolen or shared credentials being used against them. While this method is not a comprehensive solution to address all the security threats we’ll likely face, it does introduce a much needed layer of security.

Don’t Let Security Get in the Way

Stringent security practices are absolutely essential, but they can become a double-edged sword. Locking down system access for instance, although it significantly boosts the organization’s overall security posture, can strike a serious blow to end user productivity. Security must always be top of mind for IT organizations, but you’d be surprised at how quickly appetite to risk changes when its implementation reduces employees’ freedom and flexibility. Here is where deploying strategies like least privilege and sandboxing can have a significant impact by creating a productive and positive working experience for users, without compromising security.

In 2015, businesses should resolve to think smarter about their approach to security. It’s easy to become enamored by the latest glitzy perimeter solutions and invest heavily in next-gen antivirus and firewalls. But, making the most of those investments means thinking more strategically about how they can be layered with more proactive measures and additional safety nets to create a truly defense-in-depth framework. Most of all, we must strive to act on the greatest good principle. After all, IT isn’t the only business stakeholder, and finding a security solution that allows for a seamless user experience is what will most effectively drive adoption – and greater security success.