President Donald Trump recently signed an executive order to improve the country’s cyber security and protect key infrastructure from cyber attacks. The order also emphasized the importance of strengthening the cyber security of federal agencies. According to a survey from Thales Group, a cyber security company, 34 percent of federal agencies experienced a data breach in the last year, and 95 percent of agencies consider themselves vulnerable to cyber attacks.
The executive order did not create any ongoing cyber security requirements, but instead laid out goals to assess the current state of cyber defenses and develop deterrence strategies. Here are some of the requirements of the executive order:
• Federal agencies must draft reports on their ability to defend themselves against cyber threats.
• The departments of Energy and Homeland Security must assess potential vulnerabilities to the country’s electrical grids. The executive order specifically mentions that prolonged power outages could pose a threat to national security or damage the economy.
• Various federal agencies must review the cyber defense plans of U.S. allies in order to cooperate during international cyber attacks.
According to a recent report from Radware, a leading cyber security provider, nearly half of all surveyed businesses experienced a ransomware attack in 2016. Ransomware is a type of attack where an organization is “locked out” of its computer network until a financial ransom is paid, usually with the anonymous and digital bitcoin currency.
The report also showed that cyber criminals frequently used the threat of a distributed denial of service (DDoS) attack to elicit a bitcoin ransom. These attacks slow down a target server until it is rendered useless, often leading to prolonged business interruptions.
What’s worse is that these types of attacks are relatively easy for criminals to perform, and are often automated by using malware or bots. Additionally, Radware found that 40 percent of respondents don’t have a cyber incident response plan in place to counteract ransomware and DDoS attacks.
The report also made a number of predictions for cyber attacks in 2017, which included the creation of new types of DDoS attacks, more targeted ransomware attacks and the increased prevalence of politically-motivated cyber attacks.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 3:00 pm February 15, 2017
According to a recent report
, 88 percent of employees lack the understanding necessary to prevent common cyber incidents.
That report is based on the results of a survey given to more than 1,000 employees across the Unites States, and was designed to test the level of knowledge and awareness of cyber security among employees by asking them to name proper behaviors in given circumstances. The survey covered eight risk domains and assigned three risk profiles—Risk, Novice and Hero—to indicate an employee’s privacy and security awareness IQ.
Key findings from the report include the following:
• Only 12 percent of respondents earned a “Hero” profile, while 72 percent were given a “Novice” profile and 16 percent were given a “Risk” profile.
• Almost 40 percent of respondents disposed of a password hint using unsecure means.
• About 25 percent of respondents failed to recognize a sample phishing email, even though it came from a questionable sender and included an attachment. (more…)
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 11:07 pm November 16, 2016
Despite diligent preparation, it would appear that Olympic Broadcasting Services (OBS)—the host broadcasters responsible for delivering the audio and video to those who purchased rights to broadcast the Olympic games around the world—suffered a data breach during the Olympics in Rio last month. The effect of the data breach could be huge, since OBS is the single largest employer involved in the Olympic games, with more than 7,100 workers from 69 countries on its payroll.
The attack appears to have been the work of a group of Brazilian hacktivists. That group used social media to publish proof of the hack, including OBS employees’ and freelancers’ names, email addresses, job titles, and mobile and landline phone numbers. Some analysts also suspect that the hacktivists may have been responsible for the collapse of an OBS video camera on Aug. 15 that injured some spectators.
Still, the data breach appears to have been relatively limited, thanks to heightened security measures. OBS officials detected the breach quickly, shut down the particular avenue of attack in order to install extra security measures, and sent out an email informing its employees of the breach and reemphasizing the importance of being suspicious of phishing emails.
For more information on how to reduce your vulnerability to a cyber attack or how to respond when one is discovered, contact your partners at Warren G. Bender Co. today.
As risk management experts and security forecasters look ahead to 2016, cyber attacks appear to be a growing threat. In fact, a report from McAfee Labs suggests that increasing numbers of users and devices and growing network traffic means that the threat is poised to continue escalating for the foreseeable future.
Industry experts recommend these four important strategies to strengthen your defenses against a cyber attack:
• Identify Your Digital Assets: Many companies have sensitive customer data; others might consider their control systems their most essential asset.
• Establish a Plan of Action: Defend the assets you’ve identified by considering the vectors of attack. This includes internal cyber-security practices as well as those of upstream and downstream supply chain vendors.
• Develop Partnerships: Consider consulting with a company that specializes in preventing or responding to data breaches.
• Train Employees: Employees remain the single largest internal threat to a company; make sure your employees are well-trained.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 8:35 pm January 27, 2016