Tag Archives: RIMS 2012 Philadelphia

Immediate Vault Immediate Access

DDoS Attacks “Have Never Been Easier to Launch”

Posted on by

As was heard throughout the speeches, sessions and networking chatter at the recent RIMS 2012 Annual Conference & Exhibition in Philadelphia, the biggest worry to business owners, CEOs and managers is that of cyber threats. And rightly so. It seems like each day we are inundated with reports of a new way hackers can gain control of company information and/or take down systems. Today is no exception.

This morning, Prolexic Technologies released a threat advisory on the use of booter shells, which allow hackers to readily launch DDoS attacks without the need for vast networks of infected zombie computers.

“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Neal Quinn, chief operating officer at Prolexic. “For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We’ve entered the age of DDoS-as-a-Service.” The increased use of dynamic web content technologies, and the rapid deployment of insecure web applications, has created new vulnerabilities — and opportunities — for hackers to use infected web servers (instead of client machines) to conduct DDoS attacks. Traditional DDoS attacks make use of workstations infected with malware, typically infected through spam campaigns, worms or browser-based exploits. With these traditional tactics, hackers needed multitudes of infected machines, to mount successful DDoS attacks.

Where boot scripts differ is in the fact that they are standalone files, meaning DDoS attacks can be launched more readily and can cause more damage, with hackers using far fewer machines. Even more alarming, people don’t need as much skill to launch such attacks. A DDoS booter shell script can be easily deployed by anyone who purchases hosted server resources or makes use of simple web application vulnerabilities (i.e., RFI, LFI, SQLi and WebDAV exploits). This, in essence, puts attacks within reach of even novice hackers. Companies should take note, especially financial firms.

According Prolexic’s quarterly global DDoS attack report released a few weeks ago, there was an almost threefold increase in the number of attacks against its financial services clients during Q1 compared to Q4 2011. “This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients,” said Neal Quinn, Prolexic’s vice president of Operations. “We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses.”

So what should companies do to protect their information and IT infrastructure? Though organizations can never be 100% protected from an attack, they can help by continuously testing proprietary web applications, as well as constantly testing known vulnerabilities in commercial apps.

 

RIMS 2012 in Infographic Form

Posted on by

Last week, thousands of risk management and insurance industry professionals gather in Philadelphia for the RIMS 2012 Annual Conference & Exhibition. We covered many of the largest events and most fascinating discussions. Of course, given that it is the largest event in the industry, there was no way we could be there for everything.

Fortunately, the Toronto risk management information system firm Rismans has helped get a feel for what a few others of those in attendance got out of the event. The below infographic shows the results of the company’s informal poll of RIMS 2012 exhibitors in Philadelphia. (Click for larger version.)

Why Risk Management Should Collaborate With Internal Audit

Posted on by

Risk management and internal audit should work together. That’s according to a joint report between RIMS and the Institue of Internal Auditors released last week. “The two disciplines are more effective working together than separately, especially when there is a common understanding of each other’s roles,” said Carol Fox, director of RIMS’ strategic and enterprise risk practice. She noted that internal audit’s role helps inform top executives about the companies’ strategic risks while risk management function helps leadership use the proper techniques and methods to assess all the possible outcomes of different strategic paths.

In short, internal audit sees everything that is going on within a company. And risk management can take that knowledge and ensure that all contingencies can be properly understood.

During a panel session at RIMS 2012 Conference & Exhibition on enhancing the value of risk management, Diane Askwyth a risk manager at Harrah’s Entertainment, echoed these sentiments and expanded on how risk managers can partner with their colleagues in internal audit. “You have to look at internal audit as another pair of eyes for you,” said Askwyth. “It’s a very powerful resource if you can get that in your corner.”

In fact, more than just serving as an additional resource, that partnership can greatly enhance your standing in a company. Because if risk management isn’t using the knowledge that audit has, audit will be. And that will mean that the risk management department’s standing will be lowered by comparison.

“The group that knows the most about what’s going on in the entire organization on a very granular level is internal audit,” said Askwyth. “And from that perspective, they have a big advantage over us. So they can either be your enemy or they can be your best friend. It’s your job to make them your best friend — or else they’ll slit your throat.”

Kristina Narvaez of ERM Strategies, LLC  has some advice. She says there are three “Cs” that should govern risk management’s relationship with internal audit. “You can complement and collaborate but you don’t compete against each other,” she said.

Walter Isaacson Talks Innovation and Creativity

Posted on by

Walter Isaacson is a man of many stories. He has written biographies of Benjamin Franklin, Albert Einstein and, most recently, Steve Jobs. His latest is a riveting story of the roller-coaster life and intense personality of Apple’s creative entrepreneur. Isaacson brings a combination of wit, history, drama and humanity to the stories of Jobs, Einstein and Franklin, and their contributions to the world.

When Isaacson was working for Time is when he first met Jobs. “I remember siting with Steve and watching him and thinking about what a passion he has for making great products,” said Issacson to RIMS attendees. “But I also saw the other side of Steve Jobs. He’s impatient, petulant, sometimes can be rude, unkind, pushy. But I came away from that meeting still liking him.”

It was that passion, brains and curiosity that attracted so many to Jobs, regardless of his personality flaws. But how does Steve Jobs relate to risk management?

“For me, the first lesson that Steve can teach in terms of risk management is to pay attention — even to the parts unseen,” said Issacson. “Pay attention even to the things that other people aren’t going to see. And you know that that is the key to making a great product and it also plays out in the world of risk.”

Jobs vehemently believed that paying attention to the parts that no one sees is what  makes products perfect. For risk managers, this is a part of their daily job.

Risk managers also possess an ability to have complete focus on the risks at hand. Jobs mastered this skill with his products. “He had a great ability to focus, to filter out distractions,” said Issacson. “I think it came from his time in India — the zen focus.”

Perhaps most importantly in terms of Apple’s success, Jobs knew what people thought were high-risk products or initiatives, and he knew he could eventually get these people to embrace the risk. “He knew how to bend reality at times,” said Isaacson. “That’s why he had a reputation for driving people crazy. But he could also drive people to do things they thought were impossible. He knew how to know what people thought were high risk, but he knew it could work and got these people to believe and achieve the impossible.”

He would’ve made a great risk manager.

Walter Isaacson signs copies of his recently released Steve Jobs biography at the RIMS 2012 Conference & Exhibition.