1-888-643-2217 Email ABEX
Keeping you updated

Monthly Archives: October 2013

Cyber Liability: Managing Password Threats

Online PasswordOrganizations trust passwords to protect valuable assets such as data, systems and networks. Passwords are versatile—they authenticate users of operating systems (OS) and applications such as email, labour recording and remote access, and they guard sensitive information like compressed files, cryptographic keys and encrypted hard drives.

Because passwords protect such valuable data, they are often a prime target of hackers and thieves. Although no method of password protection is 100 per cent effective, it is still important to understand and mitigate threats to password security so you can protect your company and its assets.

Types of Password Threats

Implementing security measures starts with anticipating security threats. There are four main ways that attackers attempt to obtain passwords: capturing passwords, guessing or cracking passwords, replacing passwords and using compromised passwords.

1.     Password Capturing

An attacker can capture a password through password storage, password transmission or user knowledge and behaviour. OS and application passwords are stored on network hosts (a computer connected to a network) and used for identification. If the stored passwords are not secured properly, attackers with physical access to a network host may be able to gain access to the passwords. Never store passwords without additional controls to protect them. Security controls include:

  • Encrypting files that contain passwords
  • Restricting access to files that contain passwords using OS access control features
  • Storing one-way cryptographic hashes for passwords instead of storing the passwords themselves

Hashes are the end result of putting data, like passwords, through an algorithm that changes the form of the original information into something different. For example, the password ‘default’ could be mapped as an integer such as 15. Only the network host knows that 15 stands for the password ‘default’. Read more >>


ABEXAccess.com News: Initial Broker Rollout Will Begin VERY Soon!

Ostrich with open beak In gearing up to our official launch of ABEXAccess.com, we will continue to provide you with information of what your experience will be like with this groundbreaking platform for Real-Time rating and paperless policy issuance.

The wait is almost over!

Over the past few months we have been providing you with information about some of the most exciting features that you will be able to do with ABEXAccess.com.

The entire ABEX team is excited to tell you that your wait to try it out yourself is nearly over! We are currently finalizing our own internal user testing and details of the broker rollout.

How does it work?

As described in a previous newsletter, our staff will enter your existing renewals into ABEXAccess and issue your client’s renewal policies.

An initial group of Brokers will be provided access to the ABEXAccess.com site to view their renewed policy information and enter new business. This group of Brokers will be expanded to all ABEX Brokers in the coming months.

Want to learn more? 

Please click on the links below to learn more about this revolutionary solution for Real-Time rating and paperless policy issuance.

 

ABEXAccess.com will be released in the coming weeks, and those interested in test driving it can contact us at quotes@abexinsurance.com

 

 

2.9 million Adobe customers affected by cyber-attack

security concept  with a lockThe cyber attack on Adobe is just another example in a wave of global attacks targeting personal and business financial data.

Adobe, the software company behind Acrobat, Photoshop and InDesign has experienced a data breach, potentially compromising the data of 2.9 million customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems,” said Brad Arkin, Adobe chief security officer in a Customer Security Announcement on October 3rd.

Adobe has reset passwords on customers’ accounts and recommended that customers change their passwords on any other website where they may have used the same user ID and password. The company has alerted the banks processing customer payments, as well as federal law enforcement.

Adobe also said it would give affected customers the option of enrolling in a one-year complimentary credit monitoring membership where available.

What’s the threat?

According to Brian Krebs, of the KrebsonSecurity blog, the threat is that the Adobe hackers could have hidden zero-day exploit code within a PDF document, or Flash animations, to create weaponised content.  They would then use a spear-phishing email to deliver the weaponised content to the targeted user. “When the user opens the attachment or watches the animation, the exploit code exploits the vulnerability to silently download malware on the user’s machine. The user isn’t aware that this download has happened. But this malware, often a Remote Access Trojan (RAT), enables the attacker to access sensitive data or even gain full control over the user’s machine” explains Krebs.

Lessons Learned

These breaches underscore the importance of organizations continuously monitoring their systems for suspicious changes and unknown programs on their systems, as well as providing their employees with security awareness training.

Once the breach happens, it is imperative that a business continuity plan be executed in a timely manner and that the proper communication be established with the public. 

Please feel free to contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.


Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.



ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook

Connect with us on LinkedIn