Whaling: how to avoid the net…


Whaling is a recent derivative of phishing which can pose a real threat to business survival. Fred Touchette explains what it is and provides a checklist of preventative actions that organizations can take.

Continue reading Whaling: how to avoid the net…

Tags: , , ,

BCI, BSI Horizon Scan 2016: Physical security a growing threat to organizations


Physical security is seen as growing concern for business continuity professionals, according to the fifth annual Horizon Scan Report published by the Business Continuity Institute, in association with BSI. Among the ranks of potential threats that organizations face, acts of terrorism gained six places from 10th in 2015 to 4th this year, while security incidents moved from 6th place to 5th place.

55% of respondents to the global survey expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization, compared to 42% and 48% respectively the previous year. Whether these concerns are justified is another matter, but the incidents in Paris are still fresh in the mind, not to mention the many other events from across the world that constantly fill our news channels.

While security incidents of a physical nature make up the 4th and 5th greatest threats, it is incidents belonging to Horizon Scan Reportthe virtual world that once again make up the top three. For the second year running, cyber attack comes in at number one with 85% of respondents expressing concern (2015: 82%). The attack on BBC over the new year period is a reminder of the danger this kind of threat poses when it suffered what was reputed to be the largest DDoS attack in history at 600 GBps, enough to bring down its website and most of its online services for some considerable time.

Data breach has climbed from 3rd place in 2015 to 2nd place this year with 80% of respondents expressing concern about the prospect of this type of threat materializing (2015: 74%). Not only are data breaches damaging reputationally, they can be expensive in terms of any fines imposed as result.

Unplanned telecoms and IT outage may have dropped from 1st place in 2014 to 2nd place in 2015 and now 3rd place in 2016, but it is still a very real threat with 77% of respondents expressing concern (2015:81%). Offices, shops, factories and warehouses are all heavily reliant on IT infrastructures and when those infrastructures fail it can cause severe disruption.

This year’s global top ten threats to organizations are:

  1. Cyber-attack – static
  2. Data breach – up 1
  3. Unplanned IT and telecoms outages – down 1
  4. Acts of terrorism – up 6
  5. Security incidents – up 1
  6. Interruption to utility supply – down 2
  7. Supply chain disruption – down 2
  8. Adverse weather – up1
  9. Availability of talents/key skills – up 5
  10. Health and safety incident – up 1

David James-Brown FBCI, Chairman of the Business Continuity Institute, commented: “The need perceived by organizations to identify and build resilience to this range of threats reveals the importance of this survey for business continuity professionals, the Horizon Scan’s reputation and reliability make it one of the most popular reports in the industry on a global scale. It is indeed crucial for practitioners to advise organizations on what to prepare for and adjust their recovery plans accordingly.

The industry landscape is rapidly changing, and so should our discipline in order to keep up with both traditional and modern challenges. At the top of the list this year we continue to see threats such as cyber-attack, data breach and unplanned IT outages. More traditional threats such as terrorism continue to be ’front-of-mind’ for organizations. Given the rise of new challenges and the fact that old ones remain, horizon scanning techniques are even more valuable in assisting organizations to be prepared to the best of their potential.

Howard Kerr, Chief Executive at BSI, commented: “2015 saw a number of high profile businesses across the world hit by cyber attacks, so it’s reassuring to see that so many are aware of the threat it poses. Our research finds it to be the top concern in six out of the eight regions surveyed.

However, we remain concerned to see that businesses are still not fully utilizing the information available to them to identify and remedy weaknesses in their organizational resilience.

The report concludes that horizon scanning impacts on overall resilience as it provides an objective basis for assessing near-term threats that lead to disruption. The Horizon Scan Report, as a global study aggregating practitioner input across industry sectors and regions, complements in-house analysis and provides useful input for strategic decisions.

Download your free copy of the Horizon Scan Report Horizon Scan Report (registration required). If you have any questions, or would like to find out more, join the webinar on the 25th February when we will be discussing some of the findings and answering any of your questions.

Tags: , , , , ,

Developing a Cyberbreach Strategy


Throughout the business world, breaches have become a constant reminder of the critical need to assess and take action on cyberrisk. But they can also make addressing the issue seem like an ever more daunting task, leading many to either put off substantive measures or blindly buy the latest insurance or software to “take care” of the problem and move on.

Continue reading Developing a Cyberbreach Strategy

Tags: , ,

ENISA Threat Landscape 2014: Overview of current and emerging cyber-threats


No previous threat landscape document published by ENISA has shown such a wide range of change as the one of the year 2014. They were able to see impressive changes in top threats, increased complexity of attacks, successful internationally coordinated operations of law enforcement and security vendors, but also successful attacks on vital security functions of the internet.

Continue reading ENISA Threat Landscape 2014: Overview of current and emerging cyber-threats

Tags: , , , , ,

You can’t always stop a breach: but you should always be able to spot one


December 15th is the anniversary that Target’s infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?

Continue reading You can’t always stop a breach: but you should always be able to spot one

Tags: , ,

The Risk Manager’s Role in Mitigating Cyberrisk


With cyberrisks becoming more prevalent, organizations in every industry are faced with the increased possibility of legal exposure, reputational harm and business interruption that can wreak havoc on a company’s bottom line.

Continue reading The Risk Manager’s Role in Mitigating Cyberrisk

Tags: ,

Why Someone Else’s Data Breach Affects You


The recent hack attack on JP Morgan Chase and other banks is proof that cyber crime has become one of the most prevalent threats we face today.  Its ramifications, such as stolen data and identity theft, are enormous and will continue to grow as the Information Society develops further, and bolsters its dependence on personal information.

Continue reading Why Someone Else’s Data Breach Affects You

Tags: , , , , ,

Reducing threats from within the organization


Based on all of the diligent work of IT and information security organizations corporations and government agencies are beginning to see real progress on protecting their operations against external threats. However, the bad news is that we are being faced with a more difficult challenge of protecting our information assets from insider threats.

Continue reading Reducing threats from within the organization

Tags: ,

Framework for Improving Critical Infrastructure Cybersecurity


Recognizing that the national and economic security of the United States depends on the resilience of critical infrastructure, President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices – for reducing cybersecurity risks.

Continue reading Framework for Improving Critical Infrastructure Cybersecurity

Tags: , , , , ,

Cyberattack: Possibilities Emergency Managers Need to Consider


Emergency planners routinely think about the outside world: What if that building fell to a natural disaster or man-made attack, or that neighborhood flooded? What if hackers disabled that water plant or took out the power grid? Now turn that same question inward. What if they struck against you?

Continue reading Cyberattack: Possibilities Emergency Managers Need to Consider

Tags: , ,

Malware Can Jump the “Air Gap” Between Computers


The gold standard for protecting computer systems — as everyone from the U.S. military to Osama Bin Laden’s ghost well knows — is disconnecting them from the Internet. But according to a recent paper by researchers at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics, that gap can be bridged by high-frequency audio signals.

Continue reading Malware Can Jump the “Air Gap” Between Computers

Tags: , , ,