Monthly Archives: June 2012

Immediate Vault Immediate Access

Emerging Risks: There Are More Than Ever, Everybody Knows This but Few Do Anything About Them

Posted on by

CFO just published an excellent article on emerging risks. It starts off talking about the day-to-day work of a CFO, Kevin Gordon, who says risk management is on his mind “every minute of the day.” It goes on to discuss the risk assessment work he did last year about how the European debt crisis could potentially harm his employer.

Most people, however, aren’t like Kevin Gordon.

Most people recognize that emerging risks, like Eurozone default, are out there.

Then they do nothing more.

The article explains.

By their nature, emerging risks are difficult to anticipate.

“An emerging risk is either something we’ve never seen before or something we haven’t seen for a long time,” says Max Rudolph, owner of Rudolph Financial Consulting.

They can do extensive damage. The European debt crisis, the Japanese earthquake and tsunami, the Arab Spring uprisings — these once-emerging risks all had a ripple effect in 2011 on supply chains, commodity costs, and liquidity.

Experts say such risks are growing. “The interconnected nature of the global economy is increasing the speed at which emerging risks arise and cascade, as well as the magnitude of their impact,” says Alex Wittenberg, partner and head of global risk at management consultancy Oliver Wyman Group.

A new report from Oliver Wyman suggests that executives understand the threat. Seventy-eight percent of more than 200 executives surveyed in the report said they want to increase their capabilities when it comes to managing emerging risks. As it stands, the same executives said they devote just 28% of their risk-management efforts, on average, to emerging risks.

I recommend reading the rest of the piece. As for suggestions on how executives can better prepare, the author suggests keeping “close tabs on market trends, global economic developments, and regulatory activities, and be prepared to jump into action quickly.”

Advanced Persistent Response

Posted on by

Yesterday, at the Gartner Security & Risk Management Summit, I sat in on a session on advanced persistent response, presented by Tom Kellermann, vice president for cybersecurity, North America, for Trend Micro. Many of us are familiar with advance persistent threats, and to pay homage to the elite hackers of the world, in a way, the term advanced persistent response was coined.

Let us reflect on history. “There is a lot we can learn from Constantinople,” said Kellermann. “It was never defeated in battle until 1453. It demonstrated the fact that perimeter defenses were inefficient regarding onslaughts. Traditional internet security is insufficient. In fact, Trend Micro evaluations find over 90% of infrastructure is infected by malware.”

Kellermann noted that the cyber kill chain, or a set of sequential events that make up an advanced attack, has significantly evolved. The kills chain goes as follows:


This year, an eighth stage has been added to the chain, known as the maintenance stage. “This eighth stage is due to hackers worrying about other hackers infiltrating the systems they have attacked more so than being woried about you,” said Kellermann. “We’ve noticed they’ve moved command and control into your systems and network. We really have to move beyond the technologies we’ve used for years and achieve advanced persistent response.”

Kellermann also acknowledged some emerging threats on the cyberwarfare landscape, including:

  • professionalization and commoditization of exploit kits
  • modularization
  • increased sophistication with traffic direction systems
  • ransomware
  • new exploitation vectors introduced via html5
  • evolution of mobile threats
  • continued exploitation of social networks
  • metasploit
  • byod aka byom (bring your own malware)

He notes that although street crime is down 20%, that doesn’t mean there are less criminals, they’re just migrating to cyberspace. He points to Android malware and the fact that it “has exploded.” In a frightening example, he explains what cyber criminals are able to do with Androids now. “They can go into your phone and look at your calendar. They say, ‘I see on your calendar that you have a very important meeting on a certian day. During that meeting I’m going to turn on the microphone on your cell phone and at the same time hack into everyone’s phone who’s at that meeting.'”

As for Kellermann’s 2012 predictions, they aren’t pretty:

  • mobile malware will continue to explode
  • app attacks will increase
  • botnet migration
  • cloud attacks
  • web injection attacks

This is serious information that every company must take into consideration. Not every organization will have to deal with advance persistent threats, but every organization should be prepared using the theory of advanced persistent response.

Wildfire Risk in the United States Will Rise Throughout the Next Century

Posted on by

Scientists from the University of California at Berkeley, and Texas Tech University expect more wildfires throughout North America and Europe by the end of the century as temperatures continue to rise across the globe. In summing up the results of their new study, which was conducted by using 16 different climate models (something they called “one of the most comprehensive projections to date of how climate change might affect global fire patterns”), one of the researchers was not necessarily surprised by the fact the threat is increasing. But he was surprised by how quickly it is increasing.

“In the long run, we found what most fear: increasing fire activity across large parts of the planet,” said study lead author Max Moritz.

buy periactin online familyvoicesal.org/resources/images/jpg/periactin.html no prescription pharmacy

“But the speed and extent to which some of these changes may happen is surprising.
buy premarin online https://galenapharm.com/pharmacy/premarin.html no prescription

This obviously means that regions that cities, states and nations that are already struggling to control the wildfires of today (for example, Fort Collins, Colorado, USA) need to figure out new ways to adapt to an even-riskier future. “We need to learn how to coexist with fire,” said Moritz.

And as with seemingly everything regarding climate change, it seems that the world’s poorest, most-vulnerable region’s will have the hardest time adapting.

buy advair online familyvoicesal.org/resources/images/jpg/advair.html no prescription pharmacy

 “In Southeast Asia alone, there are millions of people that depend on forested ecosystems for their livelihoods,” said study co-author David Ganz.

buy spiriva online familyvoicesal.org/resources/images/jpg/spiriva.html no prescription pharmacy

“Knowing how climate and fire interact are important factors that one needs to consider when managing landscapes to maintain these ecosystem goods and services.”

There is some good news, however. Equatorial regions may actually see fewer wildfires. This is due to projected increases in rainfall in those regions as the climate changes.

Other scientists who contributed to support the study include the Natural Sciences and Engineering Research Council of Canada, the U.S. Forest Service, the National Science Foundation and The Nature Conservancy.

Security and Risk Management as a Social Science

Posted on by

Here at the Gartner Security & Risk Management Summit, I sat in on a session regarding human behavior and it’s connection to information security. Tom Scholtz, an analyst with Gartner, started off with a statement many of us know to be true, but often forget.

“The single weakest link in the information security chain still remains the human being,” he said.

In Scholtz’s view we are increasingly coming to the realization that by focusing on individuals’ human behavior and how we can influence it, we can learn how to create a more secure environment. “By 2015, one out of four enterprises will use social and behavioral sciences techniques to drive cultural and behavioral change in their information security programs. Maybe understanding how individuals react differently will give us an understanding in improving our security measures.”

He advises that security professionals should start focusing on human behavior as a root cause rather than a symptom. “We need to understand how individuals react differently to risks and the controls to mitigate risks.”

The key issues regarding behavior and information security:

  1. How is the information security and risk management discipline evolving and what are the consequences?
  2. What are the parallels and overlaps with social and behavioral sciences?
  3. What strategies and tactics should information security and risk leaders adopt to exploit this evolution?

It is vitally important for organizations to consider these questions. But it may be better to seek answers from an outside source, in order to prevent group think. “Group think tends to polarize views,” said Scholtz. “If you have the same group of individuals who sit in the same office eight hours a day, they’re going to have similar attitudes towards things. We need to understand how those working environments pressurize people into beliefs which they might not have if it was a one-on-one basis or under a different work environment.”

So what kind of insights do we get from the social sciences? People react differently. To understand this is to become a pioneer in understanding human behavior and its importance in developing an ever-evolving information security program.