Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7177)

Some IT security attacks start from the most innocent mobile apps and in ways that let cyber-criminals simply pick up confidential communications without having to hack into anything at all.

While it may sound surprising, many mobile apps leak user data to anybody ready to receive it. While some free apps rely on being able to harvest and resell such user data, other paying apps, some of them from highly reputable brands, are simply careless about the user IDs, passwords, user profile information, and other information they ask for via mobile permissions. And even consumer user IDs and passwords can move hackers a step along to getting into business systems. Here’s why.

The danger of leaky mobile apps may be indirect, but it is still very real.

...

http://www.opscentre.com/enterprise-attacks-start-mobile-apps/

The bedrock of the insurance industry is quaking. For decades, large North American insurers got bigger by dominating distribution and methodically mastering information technology.  But the confluence of changing customer demands, hundreds of insuretech startups and non-traditional competitors sniffing around the business of insurance is messing up the long-standing insurance equilibrium.  Insurance carriers--and their agents and brokers--must go digital or go bust.  

During the second half of 2016, my fellow Forrester analyst, Oliwia Berdak and I interviewed digital business strategy executives with traditional insurers and hot startups around the globe to get their take on the role that digital will play in the business of insurance over the coming decade.  What were the big takeaways from our conversations?  Consider that:

...

http://blogs.forrester.com/ellen_carney/17-04-26-the_digital_insurance_imperative_go_digital_or_go_bust

Attention to America’s immigration policies has intensified recently, with politicians and citizens wrangling over whether and how to control the number of foreigners entering the country. Emergency managers, however, largely don’t believe immigration is their issue. Except, in a sense, it is.

“I don’t see why or how [immigration] really relates to emergency management, which is distinct from homeland security,” said hazmat and emergency management logistics lecturer Bob Jaffin. “Why would that even come up … in a situation that is an emergency?” 

That sentiment holds true when evaluating the black-and-white definition of emergency management, but shades of gray exist in a number of areas. Immigration affects emergency managers in roundabout manners; instead of focusing on direct involvement — such as enforcement or policymaking — they attend to indirect effects, such as language barriers and population shifts.

...

http://www.govtech.com/em/disaster/EM-Mag-Immigration-Implications.html

The Business Continuity Institute

Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and education, warns Verizon's latest Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cyber criminals. Nearly 2,000 breaches were analyzed in this year’s report and more than 300 were espionage-related, many of which started life as phishing emails.

In addition, organized criminal groups have escalated their use of ransomware to extort money from victims with this year’s report showing a 50% increase in ransomware attacks compared to last year. Despite this increase and the related media coverage surrounding the use of ransomware, many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.

“Insights provided in the DBIR are leveling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”

Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute's latest Horizon Scan Report. It is for this reason that it was chosen as the theme for Business Continuity Awareness Week 2017 with the intention of improving an organization's overall resilience by enhancing its cyber resilience, and recognising that people are key to achieving this.

“Cyber attacks targeting the human factor are still a major issue,” says Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. “Cyber criminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”

With 81% of hacking-related breaches leveraging either stolen passwords and/or weak or guessable passwords, getting the basics right is as important as ever before. Some recommendations for organizations and individuals alike include:

  1. Stay vigilant - log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defence - train staff to spot the warning signs.
  3. Keep data on a “need to know” basis - only employees that need access to systems to do their jobs should have it.
  4. Patch promptly - this could guard against many attacks.
  5. Encrypt sensitive data - make your data next to useless if it is stolen.
  6. Use two-factor authentication - this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security - not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cyber criminals who will move on to look for an easier target," concludes Sartin.

Wednesday, 26 April 2017 16:25

Business Continuity by Working Backwards

Ever since marketing figured out that companies could do better by asking customers what they wanted, rather than just trying to tell them, businesses have moved massively to the notion of working backwards from the customer.

Indeed, Jeff Bezos, founder of Amazon.com, declared, ‘‘We start with the customer and we work backward.

We learn whatever skills we need to service the customer.’’

It seems like business continuity planners could take a leaf out of the marketing playbook and ask customers what they would like to see in terms of their provider’s business continuity.

But is that enough?

...

http://www.opscentre.com/business-continuity-working-backwards/

A penetration test, when carried out by outside experts, is the best way to establish how vulnerable your network is from a malicious hacker attack.

But while thorough, third-party penetration testing can be expensive and is effectively out of date as soon as you make changes to your infrastructure or as new vulnerabilities that affect it are discovered.

One way to sidestep both of these problems is to carry out your own network penetration tests.

In this article, we'll discuss both how to do your own security testing and conduct internal penetration testing, and how to find the best third-party service should you choose to hire an outside pen tester.

...

http://www.esecurityplanet.com/network-security/penetration-testing.html

Wednesday, 26 April 2017 16:22

Survive And Thrive After Disaster

A successful entrepreneur spends all the time necessary to plan, down to the smallest detail, the workings of his or her business. Staffing, marketing, inventory, equipment, investors, and location and more are all a part of the dynamic. One aspect missing from many business plans is a strategy and system for unexpected problems caused by a disaster that harms the company’s physical plant. Whether resulting from natural forces, mechanical breakdowns, or human error, damage to your place of business halts production and risks the ruin of your hard work and vision. What can ensure your business continues even in the face of tragedy?

Half of the commercial enterprises suffering the effects of water, fire, or other disaster close their doors to deal with the crisis and then never reopen. This shocking statistic is one no business owner dares ignore. Customers and clients need to know the services and products you offer are reliable, available without fail with no room for excuses. Business continuity is crucial to your company’s growth and survival in a competitive economy. If they are forced to look elsewhere to replace the unique product you provided before a mishap many of your leads never return. Even a short break in service can predict the downfall of your company

...

http://nationaldisasterrecovery.org/survive-and-thrive-after-disaster/

The Business Continuity Institute

Over 80% of security professionals identify ‘people’ as the industry’s biggest challenge, as opposed to technology and processes, according to the results of the second annual survey from the Institute of Information Security Professionals (IISP).

The survey also indicates that while 60% of respondents still feel that investment is not keeping pace with threat levels, there was a modest 5% increase in businesses that feel better placed to deal with a breach or incident if it happens. In real terms, spending does appear to be on the rise with 70% of companies seeing an increase in budget, up from 67%, and only 7% reporting a reduction, which is down from 12% last year.

While people have long been seen as the weakest link in IT security through lack of risk awareness and good security practice, the people problem also includes the skills shortage at a technical level as well as the risk from senior business stakeholders making poor critical decisions around strategy and budgets.

Cyber security is a hot topic for business continuity and resilience professionals with cyber attacks and data breaches yet again featuring as their top two concerns according to the Business Continuity Institute's latest Horizon Scan Report. It is with this in mind that cyber security was chosen as the theme for Business Continuity Awareness Week 2017 which has a particular focus on the actions that individuals can take to play their part in an organization's cyber security.

“Many of the figures in this year’s survey show a step in the right direction,” says Piers Wilson, author of the report and Director at the IISP. “The continuing high frequency of cases hitting the headlines and the regulatory pressures, including from GDPR, are leading to a corresponding increase in investment and a drive for increased skill, experience, education and professionalism. However, there is still a lot of work to do and we need to redouble our efforts to meet the challenge of increasingly sophisticated threats.”

The U.S. Justice Department recently announced that 32-year-old Roman Valeryevich Seleznev, known as "Track2," was sentenced to 27 years in prison for a series of cyber attacks that caused over $169 million in damages.

It's the longest prison sentenced ever given to a hacker in the United States.

Seleznev was convicted in August 2016 for hacking into point-of-sale (PoS) systems and installing malware designed to steal millions of credit card numbers from more than 500 U.S. businesses between October 2009 and October 2013. Approximately 3,700 financial instutitions were impacted by the attacks.

The stolen data was then transferred to servers under Seleznev's control in Russia, the Ukraine, and McLean, Virginia, after which Seleznev sold stole the credit card numbers on carding websites.

Among the businesses Seleznev targeted was Seattle, Washington's Broadway Grill, which was forced into bankruptcy following the attack.

...

http://www.esecurityplanet.com/hackers/russian-hacker-sentenced-to-27-years-in-u.s.-prison.html

Today’s threat environment is more complex than ever before, requiring that businesses be prepared to combat attacks from many different directions.

These days,  outages or issues are often the result of non-traditional concerns or events. As you think about each of the items below, remember that your first step will be to determine the potential risk. Once you understand the risk, you can identity the impact of an occurrence, and determine and implement an appropriate mitigation strategy.

Ask yourself the following questions to determine your potential threats and risks.

...

https://www.mha-it.com/2017/04/todays-threat-environment-how-vulnerable-is-your-business/

Page 1 of 35