Blog

Now that vacation time is over in the Northern Hemisphere. Did you relax? Unwind? Clear your mind?

Well I sure hope so because the cyber predators have been setting new clickable traps, and sending devious emails to greet you on your return. Also, in your absence cyber predators continued to launch millions of attacks daily across the globe. And many involve ransomware.

The emergence of ransomware is simple to explain. It can be obtained free or easily made. It has a high success rate and generate

Kmart recently suffered another cyber breach (the second in the past few years) that echoes events affecting companies including Wendy’s and Target. In this case, a wholly preventable weakness in the company’s POS system let through a malware attack, affecting an undetermined number of Kmart’s 735 domestic sites. Failure to recognize and mitigate the root cause of a security breach is inadequate risk management; it leaves the company vulnerable to future failures.

In response to the breach, Sears

I created these steps, collected from various sources and personal experience, to provide you with guidance on what you should be doing to prevent, detect and respond to ransomware and other malicious software attacks. Hope you find it useful. If you would like more information I suggest you take our course on managing cyber exposures at the Global Risk Academy http://globalriskacademy.com/p/the-definitive-guide-to-cyber-exposure-management

These five steps are a good beginning.

1. Scan your envir

New technologies, increasing digitization and globalization are transforming customer behaviors, operations and business models, presenting huge opportunities for business success, at the same time driving up cyber incidents .As organizations embark on their digital transformation journeys, it is imperative that they also assess possible threats presented by these new technologies.

Traditionally, the focus for risk management has exclusively been on protecting value. However, in today’s digital e

As the latest major hack, code named Petya, gets dissected the picture is getting clearer. Especially when combined with the information in the latest Verizon DBIR report. Link here.

What this means is that if you updated your Microsoft operating system in a timely manner you are safe, as it appears that Petya is exploiting a vulnerability in Windows that was patched months ago and the virus was transmitted via a malicious email attachment¹. Unfortunately many organizations have a ‘patch process’

If the idea of hacking as a career excites you, you’ll benefit greatly from completing this training. You’ll learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them.

"The control of information is something the elite always does … Information, knowledge, is power.”
– Tom Clancy

No longer will money have dominion over our ability to learn. Penetration testing and ethical hacking are skill sets as in-demand as anything else in the Cyber Se

To those of us consider Tom Cruise the movie star of our day or even Grunge as the music we grew up with, looking at millennials, and the way they view life, is fascinating. These “kids” or young adults, many are brilliant. They really do define “disruption”.

However, that doesn’t mean that this tech savvy generation is always right. In fact, a new study shows just the opposite when it comes to internet safety. Though, they can also teach us a few things and are definitely up to speed on the valu

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud

We have provided this simple self-assessment and score card free of charge in hopes that it will cause you to consider the impact that your organizations corporate cyber security culture has on your efforts to address your cyber threats and exposures.

Today the pace of change in malicious cyber events is accelerating. In the past the risks were mainly in someone gaining access to valuable information such as proprietary company information, financial records, customer credit card data, and simila

This post isn’t exactly a “how to” but if your current employment isn’t bringing in the bacon, I’m sure your criminal mind can figure it out. In the biggest digital advertising fraud in the history of the U.S., it was recently found that a group of hackers is bringing in from $3 million to $5 million a day from media companies and brands. That’s some scratch!

White Ops, an online fraud-prevention firm, uncovered this campaign, which they have called “Methbot,” and the firm found that the campaign

Dear Global Risk Community member

Join us at our new webinar https://www.brighttalk.com/webcast/8271/236353     "Cyber Wack-a-mole It is not a game".

Chasing and fixing cyber threats can be depressing, rather like the old 'wack-a-mole' game. No matter how quick you are in knocking down the threat, or mole, new ones appear. We will present a strategy to break the cycle. 

You will still need to fight the cyber threats but you will have a way to become proactive and not be easy prey for the cyber

Cyber risks like data breaches and ransomware are too often shrugged aside. The possibility of a cyberattack is rarely ignored, but it also rarely receives the attention it deserves. There are a few reasons for this:

• Risk-based governance vs technology. Cybersecurity incidents result from internal governance deficiencies as often as from vulnerable technology. 63% of data breaches are caused by weak or infrequently changed internal passwords, according to Verizon’s 2016 Data Breach Investigations

It can be all to easy to get caught in the trap of cyber wack-a-mole, where as soon as you need with one cyber threat several more appear. The link that follows will take you to a short (2 minute) video that outlines the the situation most of us find ourselves in.

www.naganresearchgroup.com/CWAM.mp4.

Take a look. I appreciate your feedback.

Thanks.

Much effort is being expended, rightly so, in addressing cyber risks. However, it is a frustrating exercise since new risks and threat vectors are arising daily, even hourly. If you would like to stop playing cyber wack-a-mole and get on the offensive watch this video. It only takes 5 minutes and will explain why understanding and managing your cyber exposures provides a way to take the offensive.

Hope you enjoy and gain something from it.

Managing Cyber Exposure Video

Ruben Cohen is an operational risk consultant. He has been working in the financial industry for over 17 years, with most of the last 10 in operational risk analytics at Citi.
Prior to that, Ruben spent 10 years on the faculty of Mechanical Engineering & Materials Science at Rice University in Houston, specializing in Fluid Mechanics and Thermodynamics. He holds a Ph.D. in Mechanical Engineering from M.I.T. and has subsequently obtained an M.A. in Economics from McGill University.
Ruben is based

Operational risk management is currently on the end of a major shakeup. Ever since the announcement of Basel III banks have been working within a paradigm that pushes towards either TSA or AMA approaches (standardised and advanced approaches respectively). At the end of 2015, however, the Basel Committee shocked firms by announcing that they were doing away with this, and replacing it with the SMA – a new standardized approach that would be the norm for all banks. This is having huge ramificatio

Many years ago when you were on vacation, before Facebook, Instagram and Twitter were invented (assuming you were an adult then), you had a great time, right? You weren’t “connected,” because there was no social media to be connected with.

If today you can’t imagine being disconnected from social media while on vacation, ask yourself how this can be, if years ago, you never missed what had not yet been invented.

And what about constantly checking e-mail while on vacation? Or constantly perusing va

Criminals often rely on tricking their victims to gain access to their passwords and other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms.

• A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look very much like the typical company e-mail that the real person uses.
• Example: The thief sends a trick e-mail (phishing) to a company employee he fo

The words “data breach” are often met by a clamor whenever they make headlines. Home Depot, Target, Ashley Madison, Heartland, Citibank, the list goes on and on. These breaches spent time in the limelight because of their magnitude; they affected hundreds of thousands – in some cases millions – of cardholders.

But the reality is data breaches are far more common than large headline events like these would have us believe. According to a report published by the Identity Theft Resource Center, ther