Tag Archives: Cyber Risk

Immediate Vault Immediate Access

Microsoft Vulnerability A Reminder to Update and Patch

Posted on by

Microsoft recently announced a major vulnerability to Windows XP, Windows 7 and several older Windows server versions. According to Simon Pope, the company’s director of incident response, “[A]ny future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” This announcement reinforces the importance of companies patching security vulnerabilities to mitigate the risk, especially on older machines that still serve essential functions.

This news follows a TechCrunch article reporting that at least a million computers worldwide, mostly in the United States, remain vulnerable to the WannaCry and NotPetya malware because users have not installed the necessary patches. Cybercriminals continue to use this malware, based on hacking tools originally developed by the NSA, to deliver all sorts of malicious software to unsuspecting victims online.

WannaCry is ransomware—malicious software that hijacks a computer and demands payment to regain control—that quickly spreads and has affected businesses, government and individuals in over 150 countries since 2017. Around the same time, a malicious software disguised as ransomware called NotPetya spread worldwide, affecting global business operations, and effectively paralyzing multiple companies in what has been called “the most devastating cyberattack in history.” Both caused massive financial damage worldwide, with WannaCry estimated at $8 billion in damages and NotPetya estimated at $3 billion.

Windows has released patches to protect systems from the newly announced vulnerability, even for Windows XP and Windows Server 2003, despite the company not usually offering support for those older systems.

online pharmacy nolvadex with best prices today in the USA

However, XP users will have to manually download the patches from Microsoft’s update website. According to a 2017 Spiceworks study, businesses worldwide were still running Windows XP on 11% of their laptops and desktops. While that has likely decreased in the past two years, it would still leave a significant number of machines running exposed systems that require manual updates to patch.

Not patching vulnerabilities has led to serious incidents, like the Equifax breach in 2017, which led to the theft of 143 million Americans’ personal information.

online pharmacy buspar with best prices today in the USA

In that case, the US Department of Homeland Security had issued a warning about the vulnerability, a patch for a web application vulnerability had reportedly been available for 2 months before the breach, and Equifax failed to implement the fix. A US House Oversight Committee report blamed the company entirely, saying that Equifax “failed to implement an adequate security program to protect this sensitive data,” and that “such a breach was entirely preventable.”

Companies use numerous different types of software in their daily operations, and software providers issue many patches for their products, which leaves companies overwhelmed. According to an April 2018 Ponemon Institute study, 68% of companies “find it difficult to prioritize what needs to be patched first.” IT staffing limitations and competing priorities within organizations can hinder these efforts, since patching requires heavy time investment and sometimes taking important aspects of the business offline to implement fixes. Companies with third-party partners and supply chains face even more complex risks, since their systems are often integrated or dependent, and companies likely do not have direct control over partners’ systems to ensure patching. Mitigating outside risk by including in contracts stipulations that third-party partners meet certain security requirements can also help.

online pharmacy imodium with best prices today in the USA

Should Companies Ban USBs?

Posted on by

Earlier this month, a Chinese woman was arrested after attempting to enter President Donald Trump’s Mar-a-Lago resort while in possession of a number of suspicious electronic devices, including a USB flash drive. Apparently, the drive contained code that allows malicious software to run immediately after being plugged in, though it is still unclear what kind of malware it was. According to news reports, law enforcement also found nine other USB drives in the woman’s hotel room. If someone was able to connect a USB device to a computer on the resort’s network, attackers might be able to access all sorts of sensitive information and potentially gain control of machines on the network.

Historically, USB use has also aided insider threats, whether in the form of employees inadvertently infecting a corporate device or network with a found USB drive, or purposefully causing an infection or removing sensitive information via USB. In perhaps one the most high-profile of such cases, Edward Snowden reportedly removed NSA documents from a Hawaii facility on a flash drive before fleeing the country and providing those documents to members of the media.

Beyond the headlines, these devices continue to pose everyday risks. People mindlessly plug in flash drives, or carry their business’s most important documents on them that could accidentally be left in a hotel room or at a conference packed with corporate rivals. As companies evaluate their security policies and how to best secure their data, many are moving away from using USB or even banning them outright.

In May 2018, IBM did just that. The company’s global chief information security officer Shamla Naidoo said that IBM “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive),” and that the prohibition would apply to IBM operations worldwide, who will now rely entirely on the company’s cloud-based storage. Naidoo cited the danger of missing storage devices leading to “financial and reputational damage” as the motivation for the prohibition going forward, and acknowledged that the move may be disruptive for some departments and employees.

A 2016 University of Illinois study also showed that the now-proverbial nightmare scenario of an employee inserting a USB they found in a parking lot is actually realistic. After dropping 297 flash drives on a university campus, researchers found that people opened one or more files on 45% of the drives without taking any precautions, and that people moved 98% of the drives from the drop locations. The study’s authors noted that their results suggested that people may have picked up the drives and opened files motivated by altruism (finding the owner) and curiosity. But regardless of intent, simply plugging a flash drive into company computer can unleash any number of viruses, malware, or other cyber maladies on the company’s network.

Of course, doing away with USBs is also not a security panacea. As always, the user is the weakest part of any IT security plan, and even if a business does decide to ban USB storage devices and move their data storage to cloud-based options, employees should still be trained on password protection strategies and other security hygiene best practices. To make employee cyber-awareness training more effective, check out these tips from Risk Management.

Uptick Charted in Telemedicine Cyberrisk

Posted on by

Advances in telemedicine have benefited patients, but, as with any emerging technology, they also create exposure to cybersecurity risk.

buy xenical online thecifhw.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

In addition to patients’ data, monitoring and diagnostic devices that can provide treatment from a distance can be compromised due to a variety of causes—from hackers to employee error.

Because of a drastic increase in internal threats, cyber events have become a prevalent threat—with alarming consequences for employers and patients. While malicious actors are perceived as a major threat, 43% of healthcare cyber events are the result of internal threats, according to The Identity Theft Resource Center’s 2017 Annual Data Breach Year-End Review.

The study found that hacking continues to rank highest in the type of attack, at 59.

buy tenormin online thecifhw.com/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

4 % of breaches—an increase of 3.2% over 2016 figures. Overall, the Review indicates a drastic upturn, with a 44.7% increase over the record high figures reported for 2016.

buy seroquel online thecifhw.com/wp-content/uploads/2023/10/jpg/seroquel.html no prescription pharmacy

Here’s more information on cyber breaches and other potentially damaging threats:

It’s a Great Time to Be a Risk Manager

Posted on by

2017 has so far been a wild ride of change. Companies are navigating through a new U.S. administration, Brexit and cyber risks that are more daunting each day. We are bombarded with uncertainty and unchartered waters. Nevertheless, it’s a great time to be a risk manager.

This kind of disruption is the reason many of us got into the risk and insurance industry.  Addressing disruption is what we do best. According to a recent CNN report, in fact, Risk Management Director is the number-two Best Job in America for 2017. Recognizing the meaningful contributions and rewarding work of a risk manager, the report highlighted the role in “identifying, preventing, and planning for all the risks a company might face, from cybersecurity breaches to a stock market collapse.”

In the midst of a riskier environment, the insurance industry that serves risk managers faces highly competitive market conditions. The result is more choices and better services for the risk management community. Now is the time for the risk manager to take the lead.

As thousands of risk professionals soon head to the RIMS Annual Conference in Philadelphia, it’s a good time to consider the opportunities in this growing profession.

Why the time is right for risk managers:

  1. 2017 brings a new risk profile. Every company, regardless of industry or size, needs to evaluate the new risks from the shift to nationalist policies in the U.S. and abroad. Our new administration’s efforts to increase America’s manufacturing raises a host of new insurance needs—more U.S. production means more U.S. liability. We are also seeing a shift in global supply chain and an increase in the political risks of operating outside our borders. These changes require board-level and C-suite attention. We expect to see risk managers play a more significant role with management in building risk mitigation into their company’s strategic direction.
  2. Rise in specialists. This is your time to be selective about specialists that understand your business and the specific challenges you face. Insurers are differentiating through specialization. Work with an underwriter that knows the risks, regulations, complexities and nuances of your industry. Many industries, such as construction and health care, will experience rapid change this year. Find partners that have been in the same trenches and can help you navigate changes.
  3. Tailored products and solutions. The highly competitive insurance market is also driving product innovation for clients with more tailored solutions. Take the time to learn about less-understood products, such as accounts receivable insurance, which protects companies from non-payment risks and gives them the ability to borrow, receive loans, and as a result, improve their credit quality. In Europe, 70% of companies purchase this coverage, compared to only 8% of U.S. companies. Understand the risks across your supply chain and work with your broker to customize insurance programs and bring innovative solutions.
  4. At the center of technology and innovation. The insurance industry is on the front lines of the cutting-edge technologies: internet of things (IoT), robots and drones. These advances will only grow and thrive with the right risk and insurance programs. For example, the technology surrounding drones or unmanned aerial systems is rapidly evolving. The ability to collect and analyze aerial data has improved efficiencies, enhanced safety and lowered costs within the construction, agriculture, telecommunications, oil & gas and real estate industries. As usage  grows, risk managers will be central to the successful operation of drones by understanding and managing the risks and compliance needs.
  5. Ability to leverage the best in data analytics. Risk managers have the data, tools and skills to anticipate the risks from this tumultuous environment. The insurance industry views these challenges with a different lens, drawing on past catastrophes and predictive analytics to plan for the challenges ahead. Risk professionals who know how to leverage this information can bring a sense of preparedness and control at a time of heightened uncertainty. There is also a role for risk managers to advise senior management on the use of data. But because models are continually amended and updated after losses occur, it is important to avoid an over-dependence on data and false sense of security.
  6. Opportunity to participate in growing your business. Risk managers do not just protect a business, they grow a business. Companies are reevaluating strategies based on new policies. Will they build manufacturing plants? Will they buy a strategic target? Risk professionals have an important role in mergers and acquisitions deals as insurance can be used to help quantify contingent liabilities and allow for accurate pricing models. The most common is representation and warranties insurance, which can help strengthen and facilitate a transaction.
  7. Better risk management services. Insurers realize it is not enough to write a check for a claim. Take advantage of risk mitigation services that are built into your insurance policies. They include education, training, tabletop exercises and risk assessments.
  8. A thriving profession. With more and more universities offering undergraduate risk management majors, we will see a dedicated, high-caliber talent pool focused on careers in risk and insurance. The Spencer Foundation, for example, has completed an eight-month competition between students of 29 universities from around the country, analyzing, developing and presenting the most comprehensive risk management solutions for a case study. The top eight teams will be in Philadelphia to present at RIMS.

The risk and insurance industry is made up of some of the most agile and level-headed professionals. Risk managers have always moved with the changing environment and crisis situations, developing programs to address their entity’s risk profile. Hopefully, we will see more companies include risk management in their strategic planning and leverage the experience and skills of their risk managers.