Tag Archives: Microsoft

Immediate Vault

Microsoft Vulnerability A Reminder to Update and Patch

Posted on by

Microsoft recently announced a major vulnerability to Windows XP, Windows 7 and several older Windows server versions. According to Simon Pope, the company’s director of incident response, “[A]ny future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” This announcement reinforces the importance of companies patching security vulnerabilities to mitigate the risk, especially on older machines that still serve essential functions.

This news follows a TechCrunch article reporting that at least a million computers worldwide, mostly in the United States, remain vulnerable to the WannaCry and NotPetya malware because users have not installed the necessary patches. Cybercriminals continue to use this malware, based on hacking tools originally developed by the NSA, to deliver all sorts of malicious software to unsuspecting victims online.

WannaCry is ransomware—malicious software that hijacks a computer and demands payment to regain control—that quickly spreads and has affected businesses, government and individuals in over 150 countries since 2017. Around the same time, a malicious software disguised as ransomware called NotPetya spread worldwide, affecting global business operations, and effectively paralyzing multiple companies in what has been called “the most devastating cyberattack in history.” Both caused massive financial damage worldwide, with WannaCry estimated at $8 billion in damages and NotPetya estimated at $3 billion.

Windows has released patches to protect systems from the newly announced vulnerability, even for Windows XP and Windows Server 2003, despite the company not usually offering support for those older systems.

online pharmacy nolvadex with best prices today in the USA

However, XP users will have to manually download the patches from Microsoft’s update website. According to a 2017 Spiceworks study, businesses worldwide were still running Windows XP on 11% of their laptops and desktops. While that has likely decreased in the past two years, it would still leave a significant number of machines running exposed systems that require manual updates to patch.

Not patching vulnerabilities has led to serious incidents, like the Equifax breach in 2017, which led to the theft of 143 million Americans’ personal information.

online pharmacy buspar with best prices today in the USA

In that case, the US Department of Homeland Security had issued a warning about the vulnerability, a patch for a web application vulnerability had reportedly been available for 2 months before the breach, and Equifax failed to implement the fix. A US House Oversight Committee report blamed the company entirely, saying that Equifax “failed to implement an adequate security program to protect this sensitive data,” and that “such a breach was entirely preventable.”

Companies use numerous different types of software in their daily operations, and software providers issue many patches for their products, which leaves companies overwhelmed. According to an April 2018 Ponemon Institute study, 68% of companies “find it difficult to prioritize what needs to be patched first.” IT staffing limitations and competing priorities within organizations can hinder these efforts, since patching requires heavy time investment and sometimes taking important aspects of the business offline to implement fixes. Companies with third-party partners and supply chains face even more complex risks, since their systems are often integrated or dependent, and companies likely do not have direct control over partners’ systems to ensure patching. Mitigating outside risk by including in contracts stipulations that third-party partners meet certain security requirements can also help.

online pharmacy imodium with best prices today in the USA

RIMS Report: Making Sense of AI

Posted on by

The risk of not adopting some form of artificial intelligence (AI) can be much greater than the potential risks of implementation according to the new RIMS Professional Report: Making Sense of Artificial Intelligence and Its Impact on Risk Management.

Authored by RIMS Strategic and Enterprise Council member and director, Microsoft Enterprise Risk Management Tom Easthope, the report explores forms of AI available to organizations, common implementations scenarios for risk professionals to consider, as well as opportunities for those professionals to advance their careers in light of the emergence of AI technologies.

“While the discussions about the long-term impacts of artificial intelligence on society are important to understand and track, the more pressing issue is to understand the impacts on your industry, your organization and, ultimately, your career,” Easthope said.

buy antabuse online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/antabuse.html no prescription pharmacy

“Risk professionals should find ways to participate in strategic discussions around AI and educate themselves on the world of possibilities it offers them and their organizations.”

The report explores AI’s foundational concepts, such as data and algorithms. It also discusses forms of AI, such as artificial general intelligence, (often referred to as “thinking machines” along the lines of C-3PO from the “Star Wars” films) and artificial narrow intelligence (ANI) which focuses on tasks that have major business impacts, including image recognition, credit card fraud detection and speech recognition. Citing research that AI-derived business value will be worth $3.9 trillion in the next three years, ANI presents risks and opportunities for risk professionals and their companies.

And while the report suggests that changes introduced by AI innovation and automation will impact jobs and tasks in the risk, compliance and insurance industry, it also presents methods to keep professionals less expendable, if they’re willing to embrace the technology.

buy rybelsus online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

“But while change is inevitable, it does not mean that your risk career must end,” the report said. “Essentially, if you understand the organization’s strategy and how it can enhance its operations with ANI or the context around data, then you have something to offer.”

RIMS Strategic and Enterprise Risk Management Council (SERMC) is organized to provide leadership on strategic and enterprise risk management research, practices, topics and issues, in alignment with RIMS’ vision, affiliations and partnerships. SERMC comprises RIMS members, academics, strategists, consultants and other practitioners who are experienced with strategic and enterprise risk management and related issues.

buy robaxin online www.urologicalcare.com/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

The report is currently available exclusively to RIMS members. To download the report, visit RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. For more information about the Society and to learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Digital Book Wars

Posted on by

A piece I wrote for the upcoming May issue of Risk Management:

In 1999, the Department of Justice found that Microsoft had violated the Sherman Antitrust Act. It had essentially created a monopoly in the market for operating systems designed to run on Intel-compatible PCs, claimed the government. In a settlement, Microsoft was ordered to share its programming interfaces with third-party companies, a punishment that only recently expired. United States vs. Microsoft was arguably the most closely watched corporate legal case in recent history. Now, one may eclipse it.

On April 11, the DOJ filed suit against Apple and five large, traditional publishing houses, alleging that they committed antitrust and price-fixing violations in the e-book market. According to the allegations, Apple, HarperCollins, Hachette Book Group, Macmillan, Penguin Group Inc. and Simon & Schuster Inc. conspired to increase digital book prices and force Amazon to abandon its discount sales strategy.

As the first real player on the e-book scene, Amazon was able to dictate pricing to publishers, and it frequently sold digital books below cost to boost sales of its Kindle reader. Though book publishers largely opposed the practice, they didn’t have much choice since there were few other viable options for publishing and selling e-books at the time.

But when Apple came along with its iPad and got wind of publishers’ unhappiness with Amazon, the tech company decided to make a move. Apple introduced an agency pricing model under which the publishers set digitial book prices and Apple received 30% of the sale. For publishers, this was obviously a more attractive option than Amazon’s pricing strategy. And eventually, as more publishers threatened to withhold their titles from Amazon, the retailer adopted the agency pricing model as well.

The new model allowed Apple to gain a toehold in the potentially lucrative e-book market. And just as when it debuted the iPod and iTunes in the same year, the company was now positioned to profit from sales of both iPad hardware and content, rather than just from the hardware alone. “This would be sound commercial logic,” said Frances McLeod, managing partner at Forensic Risk Alliance, “but all commercial
activities must take place within the bounds of the law.”

The DOJ is not the first to question Apple’s influence on e-book pricing. The alleged conspiracy to raise e-book prices was the subject of a class action lawsuit filed against the same parties in a California district court last year. And in December 2011, the European Commission opened a formal antitrust probe for similar reasons.

So what does all of this mean to the parties involved? While publishers are likely pleased with the move away from Amazon’s discount pricing, it is their investors who will be keeping a close eye on the legal proceedings. “The actions of the DOJ will also have been observed by shareholders and by those who feel they have been wronged, raising the possibility that owners and litigants may also act to investigate alleged bad behavior,” said McLeod.

As for the retailers, Amazon has already made a few other enemies in the book publishing industry. Scott Turow, best-selling author and president of the Author’s Guild, has called the retail giant “the Darth Vader of the literary world,” suggesting that the company’s tactics will unfairly undermine brick-and-mortar booksellers and, ultimately, the publishing industry itself.

Apple is not faring much better. For a company that prides itself on its reputation and ability to understand consumers, its customers could turn on the tech giant if they believe that it is Apple’s fault that they are now paying more for digital books. In fact, after the price war began, Amazon was forced in some cases to raise e-book prices as much as 50% from its initial consumer-friendly $9.99 price point.

The DOJ lawsuit has already led to other changes. HarperCollins, Simon & Schuster and Hachette settled with the government, agreeing to grant retailers the ability to reduce prices. Under the agreement, the three publishers will also be forced to create new contracts with Apple and other e-book sellers.

But this story is far from over. The DOJ is vigorously pursuing claims against Apple, Macmillan and Pearson, all of which opted not to settle. States including Texas and Connecticut—and let’s not forget Europe—are also seeking separate litigation against the involved companies.

Ultimately, many players in the market still have unfinished business. It seems one thing is finished for good, however: the agency pricing model.

Managing Strategic Risk: Yahoo’s Crisis

Posted on by

All the major tech sector firms have their issues. Apple just lost its transcendent leader. Google’s sprawl, some fear, may be leading it down the same path that Microsoft took as it lost its crown as king of the tech mountain. Facebook, well, really, doesn’t have many real problems considering that its rumored-to-be-coming-soon IPO is expected to take in $100 billion. But privacy concerns persist — so much so that an FTC investigation led the agency to mandate the social network to undergo 20 years of privacy audits and obtain consent from users before sharing their personal information.

But such issues pale in comparison to the crisis Yahoo faces, something that is enticing some firms to make a bid for the former tech giant.

http://www.bloomberg.com/news/2011-11-30/alibaba-led-group-said-to-prepare-bid-for-yahoo-web-portal-s-shares-jump.html

Primarily, the company is suffering from a lack of diversification of its revenue stream. To remain healthy, it likely needs to find ways to make money that aren’t related to email, as the chart above from Business Insider shows. As the publication notes, “For all of its success, at its core, Yahoo is still an email business. People use Yahoo email and then from there land on its other properties. The rise of smartphones and iPads is a problem for Yahoo. On those devices, email is a native application that doesn’t encourage people to checkout Yahoo’s pages.”

We highlighted this threat — which, at least in part, prompted the company to fire CEO Carol Bertz in September — in our annual “Year in Risk” look-back at previous 12 months.

The CEO of Yahoo, a company that helped define the internet as a revolutionary means of communication, found out the old-fashioned way that she had been fired: over the phone. Carol Bartz’s uninspiring two-year reign atop the firm came to end as the company showed little ability to adapt its business model to thrive in either advertising or content creation after partnering with Microsoft in hopes of preserving its original core business — internet search. Yahoo’s stock has yet to recover after cratering in late 2008, leaving many tech analysts to wonder if the company has a future.

It’s hard to say what the company will do to revamp its long-term strategy.

But it is becoming increasingly clear that the current route may be a path to nowhere.