Risk

now browsing by tag

 
 

Risk #assessment: The #first step in #improving #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Despite the proliferation of high profile cyber-attacks over the last 18 months, many organisations are still too disorganised in their approach to security. While it is no longer feasible to guarantee 100% protection against a breach, businesses are setting themselves up for a fall by failing to adequately understand and prepare for the risks facing them.

PwC’s 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world, found that more than a quarter (28%) don’t know how many cyber-attacks they have suffered in total, and a third also don’t know how they occurred. While some security incidents are the result of high level attackers using advanced techniques to disguise their activity, the vast majority of cases are caused by common security failings and could be easily prevented with better governance and process control.

Perhaps the most important step an organisation can take to improve its security is to undertake a thorough IT risk assessment. This is crucial to understanding where the biggest vulnerabilities within the organisation are, as well as what potential external threats it may be facing. Any company attempting to create an IT security strategy without this knowledge will simply be throwing money at the problem. This approach will certainly miss the basic mistakes in IT management that enable attacks and lead to accidental breaches.

A comprehensive risk assessment needs to not only take into account the internal processes at the company, but also a variety of third parties including suppliers and contractors, as well as the role of an increasingly mobile workforce. With this in mind, a thorough assessment is no small task, and usually takes a great deal of planning and preparation to execute.

Choosing a risk framework

As a result of the complexity involved, most companies usually turn to one of the various pre-existing risk assessment frameworks that have been developed over the last few decades as the IT industry has matured. While these frameworks are extremely useful resources, companies should not rely on them to entirely shape their strategy. We still see too many organisations taking a premade framework and going through it as a tick-box exercise. No two businesses are the same, so assessment frameworks can only ever be a general guide and starting place.

Instead, companies need to base their assessment around their own unique structure and risk profile, incorporating elements of existing frameworks where they are appropriate. Encouragingly, 53% of respondents in PwC’s survey stated that spending on their information security budget was based exclusively around risk.

Perhaps the most popular choice of risk assessment frameworks are those created by NIST, the National Institute of Standards and Technology. The NIST 800-53 and NIST Cybersecurity Framework (CSF) are regularly used by governmental agencies and educational institutions as well as private enterprises.

Exploring NIST and ISO

The earlier framework NIST 800-53 was designed to support compliance with the U.S. Federal Information Processing Standards (FIPS). This special publication provides organisational officials with evidence about the effectiveness of implemented controls, indications of quality of risk management processes used and information regarding the strengths and weaknesses of information systems.

The CSF was designed to help organisations of all sizes and any degree of cyber security sophistication apply best practice of risk management. The framework is comprised of three components: framework profile, framework core and framework implementation tiers.

NIST’s roots with the US Commerce Department make it fairly US-centric, but the CSF also incorporates globally recognised standards, making it useful for risk assessment around the world. It is also designed to be flexible and can be used alongside other cybersecurity risk management processes, such as the ISO (International Organisation for Standardization) standards.

Indeed, the ISO/IEC 27000-series, jointly published by the ISO and the International Electrotechnical Commission (IEC), is another of the most well-known and widely used frameworks. Like NIST, the ISO frameworks are flexible enough to fit most organisational sizes and structures. The frameworks can be useful in dissuading an organisation from the tick box compliance mindset, as they encourage organisations to assess their own information security risks and implement controls according to their needs. The ISO series also promotes a continuous feedback approach to address changes in the threat landscape or within the company and implement iterative improvements.

Other strong framework choices to consider include OCTAVE, which has a broader, simpler approach that easy to integrate, and COBIT, an operational framework with a focus on uptime that is well-suited to manufacturing firms and others where uptime is important.

Taking risk assessment to the top

Whichever combination of frameworks the company decides to incorporate for its risk assessment, it is essential to relate the process back to the organisation’s unique operational structure and business objectives. One of the most important activities in preparing a comprehensive assessment is to conduct in-depth interviews with senior management, IT administrators and other stakeholders across the organisation. This will help to develop a much more realistic understanding of the organisation’s potential threats, likelihood of compromise and the impact of the loss, as well as relating everything back to its business priorities.

It is also essential that the risk assessment is understood and supported at the highest level of the organisation. PwC’s survey found that only 44% of boards are actively participating in their security strategy. Without buy-in from the board and other senior leaders, a risk assessment is likely to end up being little more than a series of recommendations that are never actually implemented. By aligning popular industry assessment frameworks with their business objectives, organisations can conduct an assessment that not only highlights potential threats, but goes on to implement real changes that improve its security posture.

The post Risk #assessment: The #first step in #improving #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Local small businesses may be at risk for hackers

Source: National Cyber Security – Produced By Gregory Evans

Local small businesses may be at risk for hackers

In the city of Rockford, small business are on every corner. Each one, a potential target for hackers.

“When you consider that 97 percent of all U.S businesses are small businesses the economic impact of hacking can be astronomical” said Director of Rockford Better Business Bureau, Dennis Horton.

The Better Business Bureau is working to bring awareness to the impact one unknown click can take on a small business.

“90 percent of them are through phishing e-mails. And through those phishing emails usually you will find ransom ware or other malicious software” said Horton.

The owners of Rockford Art Deli, say they’re keeping an eye out for these types of e-mails.

“You know you try to do as much as you can and it can still get through but if it did happen, as a cash based business, they can drain your accounts and you know you’re out until that comes back in” said Rockford Art Deli Owner, Jarrod Hennis.

Hennis says he recently got an e-mail from what seemed to be another local business, but after some digging that wasn’t the case.

“It was a random e-mail from a lender in town actually and it just had a link, everything looked legit when you went and clicked on it. But since I knew nothing was coming and I had nothing in the works, I didn’t click on it. So I kinda did some research on it before we opened it and you could tell it was fake” said Hennis.

Horton says one of most unknown facts is, the business owners are held responsible.

“Their business accounts, their bank accounts, were hacked and they suffered a loss that banks are not responsible for that loss” said Horton.

And being out of business, can be detrimental.

“50 percent of them said that after a month they would probably be out of business, if they were not able to recover that data” said Horton.

Source:

The post Local small businesses may be at risk for hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Manager, IT Security Risk Assessment

Source: National Cyber Security – Produced By Gregory Evans

The fastest growing Big Four professional services firm in the U.S., KPMG is known for being a great place to work and build a career. We provide audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients….

The post Manager, IT Security Risk Assessment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT

Source: National Cyber Security – Produced By Gregory Evans

Google researchers found seven severe security flaws in the open-source DNS software package Dnsmasq. The flaws put a huge number of devices at risk of being hacked. Google researchers disclosed seven serious flaws in an open-source DNS software package Dnsmasq, which is is commonly preinstalled on routers, servers, smartphones, IoT…

The post Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Thousands of Australians could have pacemakers being recalled in US over hacking risk

Source: National Cyber Security – Produced By Gregory Evans

Thousands of Australians are believed to have pacemakers that have been recalled in the United States because they are vulnerable to being hacked. The US Food and Drug Administration (FDA) has recalled 465,000 devices from Abbott’s (formerly St Jude Medical) because hackers could remotely cause the batteries to rapidly go…

The post Thousands of Australians could have pacemakers being recalled in US over hacking risk appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit

Source: National Cyber Security – Produced By Gregory Evans

An Illinois federal judge on Monday refused to entirely dismiss a putative class action claiming some Fiat Chrysler Jeeps are susceptible to hacking, saying that the plaintiffs can continue to claim they overpaid for the vehicles. District Court Judge Michael Reagan dismissed remaining claims that possible future car hacking could…

The post Fiat Must Face Some Claims In Drivers’ Hacking Risk Suit appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Free Wi-Fi has driven 88% of Canadians to put their personal info at risk

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans A strong Wi-Fi signal is one major factor that helps Canadians decide where they want to stay when they go away for long weekends, said a risk report released by Norton last month. And while a hefty majority of Canadians believe their information is safe while […] View full post on AmIHackerProof.com | Can You Be Hacked?

14 million US businesses are at risk of a hacker threat

Source: National Cyber Security – Produced By Gregory Evans

Large corporations spend hundreds of thousands, often millions, of dollars oncybersecurity, but when it comes to small businesses, many owners aren’t spending enough. Only 2 percent of the small-business owners surveyed in the CNBC/SurveyMonkey Small Business Survey said they view the threat of a cyberattack as the most critical issue…

The post 14 million US businesses are at risk of a hacker threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

8 Cybersecurity Tips For SMBs That Can Greatly Reduce Risk and Exposure

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Get Protection From Viruses, Ransomware, Malware, Spyware, and Other Malicious Code Ransomware is making the news regularly these days. It’s affecting some of the largest companies in the world. But don’t think it can’t happen to your business. Ensure your organization’s desktops, laptops and servers are […] View full post on AmIHackerProof.com | Can You Be Hacked?

Reducing your risk of identity theft

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans Over 15 million people are victims of identity theft annually, many of whom fall into the less tech savvy 50 and over …

The post Reducing your risk of identity theft appeared first on Become007.com.

View full post on Become007.com