Category Archives: Cyber Crime

Immediate Vault Immediate Access

Organizational Complexity Poses Critical Cyberrisk

Posted on by

According to a recent survey on IT security infrastructure, 83% of businesses around the world believe they are most at risk because of organizational complexity.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” noted the Ponemon Institute’s “The Need for a New IT Security Architecture: Global Study,” sponsored by Citrix. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

Shadow IT, the information technology systems built and used by an organization without explicit approval, has largely cropped up because employees feel official tools are too complex or otherwise difficult and inefficient. As a result, company data is being put on personal devices and official business is conducted on platforms that enterprise security teams can not monitor or secure.

online pharmacy cipro with best prices today in the USA

Nearly three-quarters of respondents said their business needs a new IT security infrastructure to reduce risk.

online pharmacy mobic with best prices today in the USA

With increasing amounts of sensitive data stored, new technology like the internet of things adopted, and new cyberrisk threats constantly emerging, addressing individual security challenges may be impossible, Citrix Chief Security Officer Stan Black told eWEEK. Rather, companies should focus on larger issues like controlling complexity, developing and maintaining strong incident response plans, and rigorously vetting vendors with access to systems or responsibility for storing data.

online pharmacy ventolin with best prices today in the USA

Check out more of the report’s findings in the infographic below:

organizational complexity cyberrisk

Retail Data Security: Preparing for the Top Threat for Holiday Breaches

Posted on by

holiday shopping retail risk

Here’s the question of the season: What is the true cause of the retail breaches we read about year after year? While malware or ransomware may get most of the scary security press, they aren’t in fact the main culprit. The primary cause of most retail breaches is, by far, stolen credentials. These are the usernames and passwords of employees, contractors or partners of a retail firm. Victim firms such as Target Corp., Home Depot, eBay and others have fallen prey to similar attacks in recent years: a trusted insider’s credentials were stolen and hackers used those to access the network. In some cases, the credentialed access led to the installation of malware on card reader systems, while in others, hackers took different paths.

The point is clear, however: the access credentials of trusted insiders are in fact the biggest risk factor for a breach in the retail sector. Verizon’s annual data breach survey, released earlier this year, confirms this, with credential attacks identified as the top source of data breaches as 63% occurred via weak or stolen credentials.

This isn’t a particularly new insight. The Target and Home Depot breaches, both via stolen vendor credentials, happened more than two years ago. And yet, as the Verizon report indicates, large firms are still quite vulnerable to credential attacks. Why is a credential-based attack so hard to detect? The point of the attack is to impersonate a valid user (an employee, contractor or some other insider) going about his or her daily job. When a financial analyst logs into a financial system using her regular ID and password, for example, we do not expect an alarm to sound.

The retail environment has some unique factors that make detection more difficult. For example, retailers employ large numbers of seasonal workers, so knowing whether a particular person should be allowed near a secure server in the back room of a store may be difficult. The general buzz and chaos in retail stores may weaken security checks, and sheer volume of transactions, returns, special orders, and the like can distract employees and open up security gaps.

There are, however, concrete steps that can be taken.

The first is simple: most if not all retailers have two networks, one corporate and one retail (in-store). Human resources, research and development, accounting, and other corporate functions operate on the corporate network. Point of sale systems, cashiers, and store managers operate on the retail network. In theory, these networks are completely walled off from each other, using two-factor authentication and other security systems. A temporary sales clerk should not be able to access the payroll system at corporate headquarters and download employee social security numbers, just as an HR specialist at headquarters should not be able to access the credit card database within a store point-of-sale (POS) server. This is especially sensitive since many retailers haven’t yet rolled out chip-and-pin readers. If a card number is stolen from a POS system, it’s usable in many places.

A basic check would be to ensure that the two-factor authentication system between the corporate and retail networks is working correctly, is updated with patches, and is applied as broadly as possible. However, this is not always the case, and there have been instances where hackers have been able to steal a corporate user’s credentials (using a keylogger or other type of malware) and then bypass the authentication system to connect to hundreds of in-store POS systems. Perhaps the system configuration has “drifted” over time and needs re-certification. This is an easy check on network security risk.

Another step relates to context—in other words, understanding what is normal. As mentioned above, a retailer during the holiday season manages chaos on a daily basis. It is too easy for attacks to slip by without notice during the noise and commotion. Recall the advice given to New Yorkers after 9/11: “If you see something, say something.” While relying on employees to notice unusual behavior is fine, a better approach is to augment humans with smart technology that understands normal behavior and can raise an alarm when behavior is suddenly not normal.

For example, a specialist in IT is accessing hundreds of POS systems in multiple stores via the corporate network. Is that okay? It is hard to say. Perhaps he is doing it as part of a backup process or maybe he is helping restore systems after a failure. Without knowing what is normal for this person, as well as for his peers, it is very difficult to judge the riskiness of his actions. Behavioral analytics systems are built for this problem. They analyze past behavior and build baselines, just as VISA and MasterCard do for every credit card owner. When an employee suddenly starts logging into store POS systems but has never done so before, behavioral baselines can provide the context needed to alert that this user might in fact be a hacker.

Retailers are getting better about security every year, improving risk management processes and rolling out new security technologies. Credential attacks remain the top threat for retail breaches, however, and retail firms must both verify their processes and also look to new solutions, such as behavioral analytics, to close the risk gap.

Charting the Rise of Ransomware

Posted on by

At the beginning of the year, Risk Management put ransomware at the top of the list when surveying the 2016 cyberrisk threat landscape, and these attacks have arguably come to the fore as cyberthreat of the year, whether you measure by buzz or by increase in incidents.

Indeed, ransomware is not just grabbing headlines—these cyberattacks have quadrupled in 2016, according to a recent Beazley Breach Response Services review of client data breaches. Authorities report a similar surge at large, with the Department of Justice estimating that more than 4,000 ransomware attacks have occurred daily since the beginning of the year, representing a 300% increase from 2015.

buy imuran online www.arborvita.com/wp-content/uploads/2023/10/jpg/imuran.html no prescription pharmacy

In July and August alone, 20% more of Beazley’s clients suffered a ransomware attack than in all of 2015. While the ransoms remain low, often in the range of $1,000, the firm points out that the true costs are dramatically higher due to the extensive review of company systems and data required to ensure the malware has been removed and data is clean.

Looking at specific industries, Beazley noted a significant uptick in attacks against financial institutions in the first three quarters of 2016, with hacking and malware accounting for 39% of breaches in the sector, up from 26% in 2015, and in higher education, these attacks increased from 38% last year to 46% in 2016. Hacking and malware account for a relatively steady proportion of just over half of breaches in the retail sector.

buy synthroid online www.arborvita.com/wp-content/uploads/2023/10/jpg/synthroid.html no prescription pharmacy

Among healthcare organizations, however, human error has spiked, with 40% of industry incidents caused by unintended disclosure compared to 28% last year.

“From what we are seeing, it appears that many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web,” said Katherine Keefe, global head of BBR Services. “But, the persistently high levels of hacking and malware attacks of all kinds are a reminder that organizations across industries, and of all sizes, need actionable plans ready to implement when a breach occurs.

buy addyi online www.arborvita.com/wp-content/uploads/2023/10/jpg/addyi.html no prescription pharmacy

Check out the infographic below from security intelligence firm LogRhythm for more background on the rise in ransomware, how these attacks are impacting businesses, and how businesses are responding.

ransomware logrhythm
ransomware logrhythm

Cyberattacks a Growing Threat for Healthcare

Posted on by

Because of the high value of medical records and healthcare databases to criminals, they pose ever more attractive targets.

buy tobrex online rebalancenyc.com/wp-content/uploads/2023/10/jpg/tobrex.html no prescription pharmacy

In fact, a number of reports have shown that cyberattacks are costing the healthcare industry billions of dollars annually, with a median loss of 0,000 per incident.

buy arimidex online rebalancenyc.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

Cybersecurity risks in healthcare have also drawn attention to the vulnerability of hospitals, clinics and other healthcare providers.

buy lariam online rebalancenyc.com/wp-content/uploads/2023/10/jpg/lariam.html no prescription pharmacy

The infographic below, which is part of a series by Advisen and Hiscox, looks at:

  • The frequency of Health Insurance Portability and Accountability Act (HIPAA) violations over the past five years
  • The median loss in healthcare cyberattacks
  • The percentage increase of protected health information (PHI) losses between 2006 and 2011 for printed records, servers, laptops, desktop, website, portable data storage devices, and other sources.

It also examines which revenue groups suffered more PHI losses and the size of breaches that occurred more frequently.
Canadian Pharmacy https://royalcitydrugs.com/ no prescription

cyber-hc1

The majority of losses involve printed records, which have increased to 45% since 2011 compared to 3% by email.
cyber-hc2

While some may think that the majority of breaches are large, in the past five years, almost 50% of breaches have been small, with fewer than 100 records lost.
cyber-hc3