Blog

The recent and rapid growth in cyber-crime is proving something of a double-edged sword for insurance carriers; opportunities for coverage are expanding rapidly, with PWC predicting the cyber market to grow to $7.5 billion by the end of the decade, up from $2.5 billion in 2018. With the sector in its formative years and not all consumers convinced of the need for cyber coverage, most carriers are competing by offering expanding cyber coverage without charging additional premiums, at significant

Can you believe what you see in a video? Most people say ‘yes,’ but the truth is, you no longer can. We all know that photos can be altered, but videos? Thanks to artificial intelligence, these, too, are being altered at a very quick rate.

These videos, known as “deepfakes,” are out there, and they are doing a number on cybersecurity. In fact, leaders in the cybersecurity sector are warning consumers that high tech video alteration is here, and it is very difficult to tell with the naked eye whet

ISACA, a leading nonprofit organization dedicated to the development, adoption, and use of industry-leading information security knowledge and best practices, opened up its 50th anniversary celebration this year with their 2019 North America CACS Conference. I was fortunate enough to be invited to speak to the more than 1,500 cybersecurity professionals in attendance about how to operationalize their cybersecurity programs and turn policy into action.

The North America CACS Conference is the prem

When you think of a cybercriminal, you probably picture someone in a black hoodie in a dark room on the dark web, but most cybercriminals are out there in plain sight, including on Facebook.

Talos, a cybersecurity firm, found that people can easily join Facebook groups, and then participate in cybercrime including buying and selling credit card info, obtaining spamming tools, or even getting account logins and passwords. All in all, these groups have almost 400,000 members.

Though that does sound

Security is the concern that comes across the management of every company and every year companies pay huge amount on their cyber security. As year time is passing by, technologies are getting bigger and better and so the threat to them. Since it’s the world of online technology and where everything is computerized or automated, there cyber security threats are also getting bigger and serious every day. So, the people are specializing is protecting their systems and organizations cyber risk or t

When it comes to background checks, the National Crime Information Center is the gold standard. It is only available to law enforcement agencies and is the most accurate and complete database tracking convictions and arrests in the US. That sounds pretty great, right? Unfortunately, it’s not all as it seems.

The Department of Justice

The Department of Justice recently released a report based on a two-year study of convictions and arrests from 2016. The report shows that a very low percentage of co

Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit fi

Criminals have a reliance on tricking victims to get access to account information, like passwords. This is known as social engineering, and is also called a “confidence crime.” These come in many forms:

Do Not Take the Bait of These Phishermen

• A phishing email that targets a specific person is known as spear-phishing. A spear-phishing email looks like an email that might come from a legitimate company to a specific person. For example, a thief might send a fake email to a company’s employee who h

marcus evans will host the 3^rd Edition Operational Risk Management and Organizational Transformation for Financial Institutions Conference on September 12-13, 2018 in New York, NY. This annual conference has been one of the most anticipated Operational Risk Management meetings in the industry. This year, we bring together Operational Risk Management & Enterprise Risk Management Professionals to discuss key fundamentals for achieving the utmost efficient operational risk culture. As an expert, in

Chief risk officers and heads of operational risk responded to a survey held by Risk.net and identified their top risk concerns. Their number one concern was IT disruption, while their second highest concern was data compromise. Why is cybersecurity risk on everyone’s mind?

For one thing, technology is an inescapable reality of every business. Even the smallest of mom and pop shops have an electronic system to make credit card transactions, while larger corporations rely on immense data centers t

Does your institution need cybersecurity insurance? Is it required? If utilized, are there rules? Cybersecurity insurance can protect against financial loss in the event of a cyber incident, but there are many intricate details.

The Federal Financial Institutions Examination Council (FFIEC) members have provided a joint statement to help financial institutions understand how cyber insurance impacts risk management and what institutions need to do when considering purchasing cyber insurance. The

On Sunday April 1, Retail group Hudson’s Bay disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks Fifth Avenue and Lord & Taylor stores in North America.

As many as 5 million cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year.

Customers, investors, and regulators learned of this breach not through any press release issued by the company itself, but through news of the data a

I have created my first cyber security video tip. The tip involves identifying IoT devices and determining if they are a potential cyber exposure for your organization. If you are interested there is a video page here:
https://mediaexplorers.lpages.co/cyber-security-tip-1-iot/

Hope you find it useful. 

Here is the text version:

Our first tip addresses the Internet of Things, or IoT. Iot cyber security is a complex topic because of its nature. IoT implementations are generally done without the overs

Orbitz said hackers may have accessed 880,000 credit card numbers and possibly the names, dates of birth, phone numbers, and addresses of consumers who booked through the site in 2016 and 2017.

The Orbitz data breach pales in comparison to the Equifax hack of 2017 and has been buried among headlines concerning Facebook. For many, this story barely counts as “news” because it’s just honestly not that “new.”

For me, the humdrum attitude of complacency is what makes the Orbitz data breach blogworthy.

The December 2017 Verizon Data Breach Digest focused on the use of cloud services and is worth a read. The Digest identified key issues that you should be aware of:

• Location of Systems and Data – If you need to access your cloud assets do you know where it is? Know that there are different rules governing cyber facilities in different jurisdictions which may, or may not, be a concern.
• Physical Access – If you need access to your data and services will it be allowed and facilitated?
• Forensic access

The hot water in which Uber has been simmering has just reached new thermal heights. Back in October 2016, hackers stole the personal data of 57 million customers and drivers containing their names, email addresses, phone numbers, and in the drivers’ cases, their driver’s license numbers. They finally disclosed the breach this month.

Now, in comparison to the scope and nature of other breaches such as Equifax and Yahoo, the Uber hack may appear to pale in comparison. However, this company represe

marcus evans will host the 4^th Annual Proactive Operational Risk Management Conference, February 5-7, 2018 in New York, NY. This conference will enable institutions to better evaluate their operational risk programs so as to understand its value and how to improve. Delegates will gain knowledge on how to better identify and manage significant and emerging risks such as conduct risk and fraud, how to clarify responsibilities across departments and 3LOD and they will examine the regulatory environ

Virtually all cyber exposure programs today are directed at addressing the cyber exposures an organization faces from its own resources and activities and from outside sources. This is necessary but not sufficient.

Why? Because most organizations also face secondary cyber exposures that they are neither aware of nor prepared to address. For example, many organizations do not manage, or own their own properties but inhabit facility space managed by someone else. That someone, generally a building