Archive for February, 2017

What is a Cyber Security Definition?

A cyber security definition has some value in terms of giving clarity to a potential problem that is in part understood by people in businesses and organisations, but has historically been to a large extent ignored by many.

This ignoring of cyber security has often been in the same mindset as people ignoring the need for a disaster recovery plan and is in many ways basic human nature.

People always believe that bad things happen to other people rather than themselves, and insurance has grown out of the proof in many ways that this mythology can be very costly.

Cyber security has been around since the growth of the internet, and many people are aware of the nature of threats such as viruses, trojan horses and worms.

Most people and most businesses are likely have some type of anti-virus protection system installed on the network or individual PC.

Whilst these are effective in many ways, the growing threat of cyber security has changed significantly over the last few years, and is likely to become even more dominant in the future.

CYBER SECURITY DEFINITION

Cyber security at the moment is often thought of as being relevant to large organisations and businesses.

The growth of the internet, the accessibility of the internet through mobile devices and the growth of the internet of things is likely to revolutionise the way people and devices communicate with each other.

This is going to raise cyber security issues to a level that is at the moment unthought of.

A cyber security definition could simply be referred to as a data breach.

This is commonly associated with some type of  authorised hacking of information, leading to a ransom demand or freezing or stealing of such information.

Such a data breach and often be brought about through some type of infection of the network, either through viruses as already mentioned, or through people opening email attachments etc.

A cyber security definition is most helpful in many ways when it involves everyone  involved in a business or organisation understanding that cyber threats are very real, and can be very cleverly disguised in normal day-to-day activity.

Also making everyone in the organisation or business aware that the  responsibility for cyber security rests with everyone in that organisation not simply the people responsible for the IT systems.

The Internet of things is going to rapidly increase the number and design of mobile devices that people will have access to both at home and at work.

This will mean that a companies IT systems can effectively be easily reached by individuals using that entices to access company information work-related documents.

The need to manage this carefully will be significant, and will play an increasingly important part in people understanding the nature of  cyber security and cyber risk more generally.

How to develop a Cyber Insurance Plan

A cyber insurance plan is a key element of survival almost, for any individual or organisation who uses the internet as part of their business or personal life.

Such a plan can literally involve cyber insurance, either as a specific cyber insurance policy, or as part of a liability policy such as product liability or e and o policy, or as part of their home insurance.

Most of the focus nowadays is on businesses and organisations and their need some type of cyber insurance, given the huge rise in risk of a data breach and the implications for the organisation,  themselves and any individuals affected by such a breach.

Cyber insurance is both about a specific cyber insurance policy, and about the preventative risk management approach that an individual or a company needs to do.

This is necessary in order both to prevent any data breach in the first place, and be placed to deal with the immediacy of a breach and its implications if it should happen.

For individuals, the growth of the internet and specifically the growth of the internet of things means that over the next two years their lives are going to be wedded to their various devices at home and at work being able to speak to each other.

CYBER INSURANCE PLAN

This means that the risk of a data breach of some sort is greatly magnified, and individuals will need to be aware of their own potential risk and liability scenarios.

Whether these risks are covered under their home insurance or some other type of insurance is unclear at the moment, but it is likely that some type of cyber insurance policy will be needed to mitigate and manage such risks.

For businesses and organisations of whatever size, the risk of a data breach and the cyber risks associated with such a breach are immediate and clear.

There is an overwhelming need for most organisations to have in place a clear plan that reflects both a preventative approach and an incident management approach, along with a specified disaster recovery plan.

The cyber insurance plan needs to focus both on the financial indemnity element of the insurance as would a normal insurance policy, but also very much on the need for an incident management insurance process.

The management of the breach needs to be dealt with in several different ways, and the immediacy of being able to deal with it is of paramount importance.

Some insurance companies offer this incident management process as part of the insurance policy.

If insurers do not, then it’s crucial that the organisation has in place its own management team who can coordinate the various elements of dealing with the breach themselves.

What is an IoT Platform

In order to understand an IOT platform, it is first necessary to understand what IOT means, both literally and in terms of its implications for the future world, both business and personal in the next five or 10 years.

IOT stands quite simply for the Internet of things.

This is a phrase that has been around for a long time, but is rapidly coming to fruition and is likely to dominate the way people, places and things communicate with each other in the future.

The internet of things is quite simply in a way the process of  how devices are wirelessly connected to each other, producing what is quite often referred to as areas such as a smart home or a smart car.

The scenario of a smart home has been around for a while in the realms of science fiction, but is now becoming a reality.

All household devices are being fitted with sensors that will allow them to be wirelessly connected to the Internet.

In addition cities are being fitted with sensors that will allow them to track cars, bicycles and all forms of  transportation.

The clothes that people wear, the food they eat, where they live, where they work, how they get to work, where they do their shopping, where they go on holiday, how they pay for their life etc will soon all be linked together online.

IOT PLATFORM

To many people this seems like a joyful existence, to many others a living nightmare. In either event the networked world will soon become a reality whether people like it or not, driven in large part by businesses and companies .

They will be to make huge savings by effectively automating a number of processes, and by ruthlessly mining  big data, which is essentially the information that will be generated by all these devices talking to each other.

And IOT platform is essentially a platform that will allow this to happen. There are currently estimated to be 3 or 400 IOT platforms, some proprietary, some open source and some big players such as Amazon, Google and Microsoft.

At the moment and IOT platform can mean different things to different people.

The development of these platforms has been compared to the growth of the Internet in its early stages, where Netscape and Microsoft tried to establish dominance of browsers and  Yahoo and Altavista tried to dominate the search market.

At the moment it is most impossible to identify specifically what an IOT platform is for this particular reason. As time goes on and devices develop, the infrastructure will inevitably grow around them.

What is Credit Monitoring?

Credit monitoring is widely associated with the process of credit reports and credit scores, and normally with the process of a loan application for a new car or a mortgage.

It has also been loosely associated with the process of identity theft, not so much as a preventative measure but as a way of helping people deal with any type of identity theft that may have occurred.

Identity theft is already quite well understood by people,  but is one of those areas of life that people very definitely believe happens to other people not to themselves.

There is a real likelihood that this will change significantly over next  few years, and the need for credit monitoring at a significantly improved level may become a major part of  people’s lives.

Identity theft happens when an individual or individuals unknown octane information about someone else that effectively allows them to steal their identity, and take out loans and mortgages in their name which they then  default on and abscond with the money.

The original individual is then left with these debts in their name, and often faces  an uphill struggle to prove that it was not them that took out these loans in the first  place.

The risk of identity theft is likely to increase hugely as the risk of a data breach in many organisations increases significantly.

As data breaches occur, primarily but not exclusively in the healthcare industry, identity theft will increase substantially.

CREDIT MONITORING

This in part is because the information stolen is unique to the individual, such as their date of birth and Social Security number. This information cannot be changed in the way that a credit card number can be.

At the moment there is relatively little protection for the individual if their  identity is stolen. Some home insurance policies offer identity theft protection, but this normally relates to some type of credit monitoring to make the individual aware that this has happened to them.

That is relatively little help by way of helping the individual proof that the theft has happened and that the debts they are now facing  were in fact run up by someone else.

There is a likelihood that credit monitoring will need to be improved significantly different ways in order to act as a much greater first line of defence both for the individual concerned, and for any organisation or business where the data breach led to that information being stolen in the first race.

What are main Cyber Threats?

Cyber threats of various descriptions have been around pretty much since people started using the Internet with any degree of continuity, and most people are aware of the various terms such as viruses, email viruses and Trojan horses.

They may not know exactly what they mean, and they only have experienced them when some frightening scenario happens in front of their very eyes, quite literally.

The cyber threats of 20 years ago are still very much around, what has changed massively is the infrastructure and the growing dependence on the Internet for all walks of life.

The nature of cyber threats has increased significantly, and the impact on a business or organisation can be literally massive.

Virtually all cyber threats can be understood in terms of either a literal data breach, or a scenario where a computer or network of computers of any size becomes infected in some way.

A data breach is more associated with some type of hacking, where an individual or persons unknown gain access to information that they are not entitled to have, and quite literally steal that information.

The information is either then sold,  quite often on the dark web, what is effectively ransomed back to the organisation.

CYBER THREATS

This is increasingly common where effectively a ransom demand is  given to the organisation, and payment demanded for its return.

This is normally referred to as Ransomeware. The other possibility is where the hacker effectively freezes the systems they have breached and again demand payment for releasing them.

The other type of cyber threats or perhaps what thought of as more traditional threats to computer such as viruses etc.

The real threat in many ways is the growth of mobile Internet, the Internet of things and the approach of many staff in an organisation that believes that cyber security is the domain of the IT guys.

Any data breach or infection of a IT system by any way, has huge and conditions for the business or organisation as well as the individuals themselves.

Not only can information be wiped, but once stolen and often never be recovered.

The information stolen can often be used as a basis for widespread identity fraud and theft, which is a nightmare for the individual  or individuals concerned, and leaves the business or company open to potentially damaging lawsuits.

 

BEST INTERNET SECURITY

The best Internet security approach is undoubtedly a combination of three main things, sometimes referred to as the three S’s, staff, structure and systems.

Whatever the size of the organisation or business, whether it is one person with a website or a business with thousands of employees, the threats or cyber risks to the organisation are huge.

With the anticipated growth in the Internet of things, these risks will be multiplied tenfold, not simply for the organisations or businesses themselves but for billions of normal people and their smart phones and smart cars etc.

The best Internet security strategy has at its core a mix of staff structure and systems, and real levels of education and awareness.

Perhaps underpinning all of it is a realisation that everyone involved in the organisation needs to know that Internet security is their responsibility as much as everyone else’s, it does not belong to any level of management or  leadership, or to the IT guys.

Any organisation or business needs to have a dedicated individual as a named point of contact for overseeing cyber security and Internet security. Ideally this individual would be at a board level, or at least as level accountable to senior members of the organisation, and in a position where he is able to challenge them.

BEST INTERNET SECURITY

This individual needs have these overall susceptibility and authority for systems and structures throughout the organisation that relate to cyber security. They need to have a clear understanding of the risks of a data breach, and the numerous ways that that data breach can potentially happen.

The systems and structures need to be in place both at a preventative  level, and at a level to responds to any data breach as quickly as is possible.

As a preventative level, there needs to be guaranteed structures in place to make sure that at all levels, antivirus and anti-malware programs, firewalls etc are in place, are regularly updated, and all is done that can be done to prevent any type of data breach in the first place.

All staff need to be educated on a regular basis about the risks of cyber attacks and how they can occur, and also the indications for them and the business if a data breach does happen.

Education for staff can include  processes for things like changing passwords readily, dangers of accessing certain websites, and the increasing risk of accessing the Internet at work through their own personal devices such as smartphones and tablets.

Whoever is the lead person overseeing best Internet security also needs to have  what are sometimes referred to as an incident management plan, often in conjunction with the cyber risk insurers and underwriters, which can literally be put into place the instant a data breach happens or is notified.

This is in addition to any disaster recovery plan which should also be fully tested and implemented.

INTERNET of THINGS and BYOT

‘According to Gartner, the IoT will be a ‘long tail’ domain, with ‘things’ ranging from automotive subsystems and security cameras to Bluetooth beacons, smart garments, agricultural crop sensors and many more.

In the near term, ‘consumerization’ will play an important role, and all sorts of smart devices will find their way into businesses, causing headaches for IT managers (say hello to ‘Bring Your Own Thing’, or BYOT).

Meanwhile, ‘official’ enterprise IoT deployments will concentrate on a relatively small number of use cases that can deliver demonstrable business value, says Jones.

These include predictive maintenance (of HVAC systems, for example), energy saving in smart buildings, automatic replenishment (of anything from fuel tanks to beer kegs), vehicle fleet management and monitoring of assets and people.’

full story

main site

COMPANYS FEAR GLOBAL CYBER ATTACK

“Cyber-attacks and data breaches continue to cost organizations billions of dollars annually, a sum that is only likely to go up with the increasing integration of new pieces of technology into daily operations,” BCI Executive Director David Thorp said in the foreword to the report.

“Politics too has been a dominant topic this year, certainly more than in the recent past.”

Cyber (in)security: Can insurance solutions keep pace with threats?

The evolution of cyber threats calls for extreme diligence by insurers willing to underwrite the exposures. Here’s a look at…

The study comes as governments and businesses seek to strengthen resilience to cyber attacks.

Companies on both sides of the Atlantic are also grappling with political uncertainty over changes to commerce policies, from taxes to trade tariffs, being planned in the U.S. and the U.K.’

full story

main site

MEDICAL DATA MOST AT RISK

‘Medical insurance identification, medical profiles, and even complete electronic health record (EHR) databases have attracted the eyes of enterprising black hats, who increasingly see EHR-related documents as some of the hottest commodities peddled in the criminal underground.

A new report today shows that complete EHR databases can fetch as much as $500,000 on the Deep Web, and attackers are also making their money off of smaller caches of farmed medical identities, medical insurance ID card information, and personal medical profiles.’

full story

main site

SOCIAL NETWORK FRAUD

‘Fake promoted ads are another trend to watch, he continues.

Impostors create ads prompting users to click through to a malicious site.

This was surprising, he continues, because social platforms typically require a vetting process for promoted ads.

Impersonators can bypass the vetting process by using real brand logos and similar-looking merchandise.

The creation of successful fake accounts takes time and expertise.

Many impersonators set up their accounts long before they attack, garner followers, then change their information before they weaponize the account.

They continue adopting new names over time to avoid getting caught.’

full story

main site