Blog

As the latest major hack, code named Petya, gets dissected the picture is getting clearer. Especially when combined with the information in the latest Verizon DBIR report. Link here.

What this means is that if you updated your Microsoft operating system in a timely manner you are safe, as it appears that Petya is exploiting a vulnerability in Windows that was patched months ago and the virus was transmitted via a malicious email attachment¹. Unfortunately many organizations have a ‘patch process’

If the idea of hacking as a career excites you, you’ll benefit greatly from completing this training. You’ll learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them.

"The control of information is something the elite always does … Information, knowledge, is power.”
– Tom Clancy

No longer will money have dominion over our ability to learn. Penetration testing and ethical hacking are skill sets as in-demand as anything else in the Cyber Se

To those of us consider Tom Cruise the movie star of our day or even Grunge as the music we grew up with, looking at millennials, and the way they view life, is fascinating. These “kids” or young adults, many are brilliant. They really do define “disruption”.

However, that doesn’t mean that this tech savvy generation is always right. In fact, a new study shows just the opposite when it comes to internet safety. Though, they can also teach us a few things and are definitely up to speed on the valu

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud

We have provided this simple self-assessment and score card free of charge in hopes that it will cause you to consider the impact that your organizations corporate cyber security culture has on your efforts to address your cyber threats and exposures.

Today the pace of change in malicious cyber events is accelerating. In the past the risks were mainly in someone gaining access to valuable information such as proprietary company information, financial records, customer credit card data, and simila

This post isn’t exactly a “how to” but if your current employment isn’t bringing in the bacon, I’m sure your criminal mind can figure it out. In the biggest digital advertising fraud in the history of the U.S., it was recently found that a group of hackers is bringing in from $3 million to $5 million a day from media companies and brands. That’s some scratch!

White Ops, an online fraud-prevention firm, uncovered this campaign, which they have called “Methbot,” and the firm found that the campaign

Dear Global Risk Community member

Join us at our new webinar https://www.brighttalk.com/webcast/8271/236353     "Cyber Wack-a-mole It is not a game".

Chasing and fixing cyber threats can be depressing, rather like the old 'wack-a-mole' game. No matter how quick you are in knocking down the threat, or mole, new ones appear. We will present a strategy to break the cycle. 

You will still need to fight the cyber threats but you will have a way to become proactive and not be easy prey for the cyber

Cyber risks like data breaches and ransomware are too often shrugged aside. The possibility of a cyberattack is rarely ignored, but it also rarely receives the attention it deserves. There are a few reasons for this:

• Risk-based governance vs technology. Cybersecurity incidents result from internal governance deficiencies as often as from vulnerable technology. 63% of data breaches are caused by weak or infrequently changed internal passwords, according to Verizon’s 2016 Data Breach Investigations

It can be all to easy to get caught in the trap of cyber wack-a-mole, where as soon as you need with one cyber threat several more appear. The link that follows will take you to a short (2 minute) video that outlines the the situation most of us find ourselves in.

www.naganresearchgroup.com/CWAM.mp4.

Take a look. I appreciate your feedback.

Thanks.

Much effort is being expended, rightly so, in addressing cyber risks. However, it is a frustrating exercise since new risks and threat vectors are arising daily, even hourly. If you would like to stop playing cyber wack-a-mole and get on the offensive watch this video. It only takes 5 minutes and will explain why understanding and managing your cyber exposures provides a way to take the offensive.

Hope you enjoy and gain something from it.

Managing Cyber Exposure Video

Ruben Cohen is an operational risk consultant. He has been working in the financial industry for over 17 years, with most of the last 10 in operational risk analytics at Citi.
Prior to that, Ruben spent 10 years on the faculty of Mechanical Engineering & Materials Science at Rice University in Houston, specializing in Fluid Mechanics and Thermodynamics. He holds a Ph.D. in Mechanical Engineering from M.I.T. and has subsequently obtained an M.A. in Economics from McGill University.
Ruben is based

Operational risk management is currently on the end of a major shakeup. Ever since the announcement of Basel III banks have been working within a paradigm that pushes towards either TSA or AMA approaches (standardised and advanced approaches respectively). At the end of 2015, however, the Basel Committee shocked firms by announcing that they were doing away with this, and replacing it with the SMA – a new standardized approach that would be the norm for all banks. This is having huge ramificatio

Many years ago when you were on vacation, before Facebook, Instagram and Twitter were invented (assuming you were an adult then), you had a great time, right? You weren’t “connected,” because there was no social media to be connected with.

If today you can’t imagine being disconnected from social media while on vacation, ask yourself how this can be, if years ago, you never missed what had not yet been invented.

And what about constantly checking e-mail while on vacation? Or constantly perusing va

Criminals often rely on tricking their victims to gain access to their passwords and other account information. This act of tricking is called social engineering, also known as a confidence crime, and it comes in many forms.

• A type of phishing e-mail where the criminal targets someone specific is called spearphishing. The spearphishing e-mail will look very much like the typical company e-mail that the real person uses.
• Example: The thief sends a trick e-mail (phishing) to a company employee he fo

The words “data breach” are often met by a clamor whenever they make headlines. Home Depot, Target, Ashley Madison, Heartland, Citibank, the list goes on and on. These breaches spent time in the limelight because of their magnitude; they affected hundreds of thousands – in some cases millions – of cardholders.

But the reality is data breaches are far more common than large headline events like these would have us believe. According to a report published by the Identity Theft Resource Center, ther

A ransomware attack is when your computer gets locked down or your files become inaccessible, and you are informed that in order to regain use of your computer or to receive a cyber key to unlock your files, you must pay a ransom. Typically, cybercriminals request you pay them in bitcoins.

The attack begins when you’re lured, by a cybercriminal, into clicking a malicious link that downloads malware, such as CDT-Locker. Hackers are skilled at getting potential victims to click on these links, such

An impostor posed as Lorrie Cranor at a mobile phone store (in Ohio, nowhere near Cranor’s home) and obtained her number. She is the Federal Trade Commission’s chief technologist. Her impostor’s con netted two new iPhones (the priciest models—and the charges went to Cranor) with her number.

In a blog post, Cranor writes: “My phones immediately stopped receiving calls.” She was stiffed with “a large bill and the anxiety and fear of financial injury.”

Cranor was a victim of identity theft. She conta

It’s all about code—the building blocks of the Internet. Software code is full of unintentional defects. Governments are paying heavy prices to skilled hackers who can unearth these vulnerabilities, says an article at nytimes.com.

In fact, the FBI director, James B. Comey, recommended that the FBI pay hackers a whopping $1.3 million to figure out how to circumvent Apple’s iPhone security.

So driven is this “bug-and-exploit trade market,” that a bug-and-exploit hacking company, Hacking Team, ended

“Anonymous” is an activist hacking group that has recently boasted that it will engage in 30 days of cyber assaults against “all central banks,” reports an article on cnbc.com.

And their bite is as big as their bark, as this announcement came soon after several major banks around the world were struck—and Anonymous proudly claimed credit. The banks that were apparently breached by Anonymous include:

• Bangladesh Central Bank
• National Bank of Greece
• Qatar National Bank

Anonymous put up their plans on a