Tag Archives: IT

Immediate Vault Immediate Access

Companies Continue to Grapple with Cyberrisk, Study Finds

Posted on by

As technology becomes more critical to company success, the number of cyberattacks has climbed.

As a result, cyberrisk has become one of the top risks for companies around the world, according to the Marsh-Microsoft Global Cyber Risk Perception Survey. Almost two-thirds of survey respondents identified cyberrisk as one of their organization’s top-five risk management priorities—almost double the percentage who rated cyber as a top risk in a 2016 study, Marsh said, adding that respondents whose organizations had been successfully attacked were slightly more likely to prioritize cyberrisk than those who had not.

Despite these concerns, however, the study notes that just one in five respondents said they are “highly confident in their organization’s ability to manage and mitigate cyberrisk or respond and recover from an attack.” This was especially the case among corporate directors, who play an important role in protecting their organization from cyber threats. While about 70% of respondents who identified as board members said they ranked cyberrisk as a top-five concern, only 14% said they were “highly confident” in their organization’s ability to respond to an attack.

Board Disconnect
While organizations have traditionally relied on IT staff to manage cyberrisks, the structure of oversight is evolving in many companies as risks accelerate. Stakeholders from across the enterprise are looking beyond prevention to include risk assessment, mitigation and cyber resilience.

Asked about cybersecurity structure, however, 70% of respondents named their IT department as a primary owner and decision-maker of the risk.

This was more often true for smaller companies, as larger organizations tended to spread the responsibility for cyberrisk—from a low of 13% in the smallest organizations (many of which may not have a separate risk management function) to 58% in the largest organizations with more than $5 billion in revenue, the study found.

Ideally, boards should view cyberrisk management as part of their overall perspective on enterprise risk management. In organizations where the board is involved, however, the study found a disconnect:

Corporate directors often appear to either not understand the information on cyberrisk they receive, or to not be receiving it all. For example, 53% of chief information security officers, 47% of chief risk officers, and 38% of chief technology/information officers said they provide reports to board members on cyber investment initiatives. Yet only 18% of board members said they receive such information.

This information gap illustrates a need to develop cyberrisk economic/business models that facilitate shared dialogue including common language among IT, the board, and other corporate departments.

This disconnect also reinforces the need for a cross-functional approach to cyber risk governance, according to the study.

Organizational Complexity Poses Critical Cyberrisk

Posted on by

According to a recent survey on IT security infrastructure, 83% of businesses around the world believe they are most at risk because of organizational complexity.

“Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in their preferred manner,” noted the Ponemon Institute’s “The Need for a New IT Security Architecture: Global Study,” sponsored by Citrix. “It is no surprise that shadow IT is on the rise because employees want easier ways to get their work done.”

Shadow IT, the information technology systems built and used by an organization without explicit approval, has largely cropped up because employees feel official tools are too complex or otherwise difficult and inefficient. As a result, company data is being put on personal devices and official business is conducted on platforms that enterprise security teams can not monitor or secure.

online pharmacy cipro with best prices today in the USA

Nearly three-quarters of respondents said their business needs a new IT security infrastructure to reduce risk.

online pharmacy mobic with best prices today in the USA

With increasing amounts of sensitive data stored, new technology like the internet of things adopted, and new cyberrisk threats constantly emerging, addressing individual security challenges may be impossible, Citrix Chief Security Officer Stan Black told eWEEK. Rather, companies should focus on larger issues like controlling complexity, developing and maintaining strong incident response plans, and rigorously vetting vendors with access to systems or responsibility for storing data.

online pharmacy ventolin with best prices today in the USA

Check out more of the report’s findings in the infographic below:

organizational complexity cyberrisk

Navigating Technology Risks

Posted on by

One of the key questions being asked by audit committees and boards of directors of organizations around the globe is whether their emerging technology risks are being properly identified and managed. To that end, the Global Internal Audit Common Body of Knowledge (CBOK) released “Navigating Technology’s Top 10 Risks,” which identifies the top technology risks and ways that organizations can learn about and address these risks.

Here are the top five out of 10 risks ranked by the study:

1.      Cybersecurity

One of the biggest cybersecurity risks faced by companies is the possibility of theft of confidential data by external perpetrators, and the study found this is the most discussed IT topic among executives, internal auditors, audit committees and the board. One of the biggest cybersecurity risks faced by companies is the possibility of theft of confidential data by external perpetrators.

buy mobic online dentalhacks.com/wp-content/uploads/2023/10/jpg/mobic.html no prescription pharmacy

More than 70% of survey respondents consider the risk of a data breach to be extensive or moderate, while 82% of IT specialists consider this risk to be even higher.

buy singulair online dentalhacks.com/wp-content/uploads/2023/10/jpg/singulair.html no prescription pharmacy

2.     Information Security

With the recent spotlight on data breaches, the current focus is a layered defense of critical information rather than a single layer of protection.

A strong information security program encompasses:

● Robust risk assessment process

● Effective governance and compliance procedures

● Documented and communicated information security policies and standards

● Effective security awareness training program

● Efficient access control procedures

● Tested disaster recovery, business continuity and incident response programs

● Operational asset management, network management, patch management and change management processes

● Tight physical security

3.     IT Systems Development Projects

While organizations need to update their technology systems, success rates are low. The study found that the success of systems development projects was 16.2% for overall success, 52.7% for challenged projects and 31.

buy sinequan online dentalhacks.com/wp-content/uploads/2023/10/jpg/sinequan.html no prescription pharmacy

1% for impaired or canceled projects.

Examples of project objectives not achieved include missed deadlines, cost overruns, efficiencies not delivered as expected, flawed software that was not tested before implementation, reduced integration from the initial plan and less functionality than was identified in the business case when the project was approved.

4.     IT Governance

In many organizations, management questions the amount of money spent on IT and increasingly monitors IT costs. This added emphasis is also due to the widening gap of what IT thinks the business needs and what the business thinks IT can deliver.

A good IT governance program must have these elements:

● Clear alignment to business

● Measurable value delivery to business

● Accountable controls of resources, risk, performance and cost

IT Governance Activity

5. Outsourced IT Services

Because of the increased focus on IT costs, some key IT services have been outsourced. According to the study, this can expose an organization to risks that may remain undiscovered until a failure occurs. An average of six out of 10 internal auditors surveyed said they expect an increase in audits of outsourced IT services over the coming year, according to CBOK, which is administered through the Institute of Internal Auditors. The largest increase is expected in Sub-Saharan Africa and the smallest in Europe.

The Rise of Malvertising

Posted on by

malvertising cyber security

LAS VEGAS—One of the hottest topics in cyberthreat detection right now is the rise of malvertising, online advertising with hidden malware that is distributed through legitimate ad networks and websites. On Monday, Yahoo! acknowledged that one of these attacks had been abusing their ad network since July 28—potentially the biggest single attacks, given the site’s 6.9 billion monthly visits, security software firm Malwarebytes reported.

In the first half of this year the number of malvertisements has jumped 260% compared to the same period in 2014, according a new study released at the Black Hat USA conference here today by enterprise digital footprint security company RiskIQ. The sheer number of unique malvertisements has climbed 60% year over year.

“The major increase we have seen in the number of malvertisements over the past 48 months confirms that digital ads have become the preferred method for distributing malware,” said James Pleger, RiskIQ’s director of research. “There are a number of reasons for this development, including the fact that malvertisements are difficult to detect and take down since they are delivered through ad networks and are not resident on websites. They also allow attackers to exploit the powerful profiling capabilities of these networks to precisely target specific populations of users.”

How does malvertising work—and why is it taking off right now? “The rise of programmatic advertising, which relies on software instead of humans to purchase digital ads, has generated unprecedented growth and introduced sophisticated targeting into digital ad networks,” the company explained. “This machine-to-machine ecosystem has also created opportunities for cyber criminals to exploit display advertising to distribute malware. For example, malicious code can be hidden within an ad, executables can be embedded on a webpage, or bundled within software downloads.”

The study also noted that, in 2014, there was significantly more exploit kit activity (which silently installs malware without end user intervention) than fake software updates that require user consent. In 2015, however, fake software updates have surpassed exploit kits as the most common technique for installing malware. Fake Flash updates have replaced fake antivirus and fake Java updates as the most common method used to lure victims into installing various forms of malware including ransomware, spyware and adware.

buy zyprexa online familyvoicesal.org/resources/images/jpg/zyprexa.html no prescription pharmacy

Last week, enterprise security firm Bromium also released a new study focused on the rising threat of malvertising, finding that these Flash exploits have increased 60% in the past six months and the growth of ransomware families has doubled every year since 2013.

“For the last couple of years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes,” said Rahul Kashyup, senior vice president and chief security architect at Bromium. “Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware—recently ransomware—preying on the most popular websites and commonly used software.”

One of the riskiest aspects of these exploits is that users do not have to be accessing sites that seem remotely suspect to be exposed. According to Bromium’s research, more than 58% of malvertisments were delivered through news websites (32%) and entertainment websites (26%). Notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com, the firm reported.

With that in mind, IT and cybersecurity teams have to adapt to meet these new threats, which are evolving far faster than detection tools, including antivirus, behavioral analysis, network intrusion detection, and the basic safe browsing guidelines issued to employees regarding their use of work devices.

“The key takeaway from this report is that, at large, the Internet is increasingly becoming ‘untrustworthy.’ Attackers are now using popular websites to launch malware via online ads, which makes things difficult for IT security teams,” explained Rahul Kashyup, SVP and chief security architect at Bromium. “This risk should be well understood and factored in for any organization while building a ‘defense-in-depth’ security stack. Regular patching and updates definitely help to limit the exposure to potential attacks, but that might not be feasible for large organizations.

buy prevacid online familyvoicesal.org/resources/images/jpg/prevacid.html no prescription pharmacy

It is advisable to evaluate non-signature based technologies that can thwart such attacks in a reliable way and prevent infections on end-user devices.

buy singulair online familyvoicesal.org/resources/images/jpg/singulair.html no prescription pharmacy

According to Bromium, the websites that most frequently serve as malvertising attack sources are:

malvertising attack sources