1-888-643-2217 Email ABEX
Keeping you updated

Tag Archives: cyber risk

Cyber Risk Heat Map

When speaking to clients about cyber insurance, it’s important to focus on areas that are relevant to the industry in which they operate.

Cyber insurance has a long reputation as a privacy liability product for businesses that hold sensitive data – but privacy exposure isn’t the only risk facing businesses today. In fact, cybercriminals are increasingly targeting traditional industries that hold almost no sensitive data at all, whether through ransomware attacks that halt operations or business email compromise scams that result in wiring payments to fraudulent accounts.

CFC’s cyber risk heat map was built from data relating to 2,500 cyber claims they have dealt with in the last two years as well as trends that their incident response team is witnessing externally. This color-coded graph ranks the severity of different industries’ exposure to business interruption, privacy, and cybercrime and includes a few examples of how these exposures can play out for different types of organizations.

Click here to download the infographic

Source: www.cfc.com

How Hackers Can Control Your Car

CYBER CRIMEFiat Chrysler Automobiles is recalling 1.4 million vehicles—not for a manufacturing flaw or a faulty part, but for a vulnerability to hacking. The company deemed the recall necessary after two software programmers demonstrated how easy it was to remotely tamper with a Jeep Cherokee’s radio, air conditioning, dashboard display, windshield wipers, brakes and transmission.

This hack is an example of what the security industry calls a zero-day exploit—a vulnerability in a piece of software that the vendor is unaware of. In the case of Fiat, hackers, through wireless access gained via the Internet, sent commands through the vehicle’s entertainment system, taking control of any number of vehicle functions. This could, in theory, be performed from a laptop across the country.

But this type of vulnerability isn’t limited to Fiat vehicles, as most auto companies produce models that are susceptible to breaches. Industry leaders like General Motors, Ford and Toyota are atop a long list of auto makers believed to be the most susceptible to hacking.

As vehicles become increasingly connected, the risk of hacking becomes more apparent and no longer limited to select models. By 2022, an estimated 82.5 million automobiles worldwide will be connected to the Internet.

Since the hack, Fiat has taken strides to prevent remote manipulation by distributing USB drives to vehicle owners that they may use to upgrade vehicle software and deter hackers—but that may not be enough. While automakers are aware of cyber risks and are even taking steps to prevent attacks, experts say that the auto industry is far behind when it comes to cyber security and that current solutions aren’t yet strong enough to thwart hackers.



© Zywave, Inc. All rights reserved.

Is a BYOD Policy Right for Your Company?

Executive with laptopMore and more employees—especially the young and technologically savvy—are no longer satisfied with company-issued tools to get the job done. Known as Bring Your Own Device (BYOD), businesses are finding that employees want to swap company equipment in favor of personally owned devices, such as laptops, tablets or smartphones that they are more comfortable using.

BYOD can be a money-saver for companies, reducing the amount spent on hardware and software purchases, maintenance and the cost of training employees to use the equipment. Especially for rapidly expanding companies, allowing personally owned devices could save thousands of dollars in upfront IT hardware costs for new employees. With BYOD, employees buy and maintain their own equipment. Companies can choose to compensate them by subsidizing or reimbursing their purchases, or offering flexible work schedules and the ability to work remotely.

In addition to saving money, BYOD can be effective for recruiting and retaining staff. With the freedom to choose the technology they are more comfortable working with, employees are more productive and satisfied with their jobs.

While BYOD saves some companies money, others could end up spending a lot more. Businesses that require the standardization of their applications, hardware and operating systems—meaning that some equipment must be integrated with others—could actually increase IT management costs if personally owned devices were added to the mix.

Adopting BYOD can expose companies to two major risks: IT security risks and data loss. This alone may be enough to compel a company to ban BYOD altogether. If you are considering adopting a BYOD policy, you should ask yourself whether the benefits are worth the risks. If your answer is yes, then employ risk management to mitigate those risks.


© 2015 Zywave, Inc.

Small Businesses Most Vulnerable to Cyber Attacks

Network security crashAccording to a recent survey, 81 per cent of small business owners think that cyber security is a concern for their small businesses, while 94 per cent either frequently or occasionally think about cyber security issues.

Surprisingly, only 42 per cent of respondents had invested in cyber security protection in the past year, despite the fact that 31 per cent of these businesses had experienced either a successful or attempted cyber attack.

It’s possible that small business owners might simply be spreading themselves too thin. About 83 per cent of small business owners said that they handle cyber security themselves. But given the threat, it was surprising to discover that 95 per cent of small business owners don’t have cyber insurance.


© 2015 Zywave, Inc. All rights reserved.

43% of companies had a data breach in the past year

Cyber CrimeSource: www.cnbc.com

A staggering 43 percent of companies have experienced a data breach in the past year, an annual study on data breach preparedness finds.

The report, released Wednesday, was conducted by the Ponemon Institute, which does independent research on privacy, data protection and information security policy. That’s up 10 percent from the year before.

The absolute size of the breaches is increasing, said Michael Bruemmer, vice president of the credit information company Experian’s data breach resolution group, which sponsored the report.

“Particularly beginning with last quarter in 2013, and now with all the retail breaches this year, the size had gone exponentially up,” Bruemmer said.

He cited one large international breach few Americans have even heard about. In January, 40 percent of South Koreans—a total of 20 million people—had their personal data stolen and credit cards compromised.

The breach was caused by a worker at the Korea Credit Bureau, which provides credit scores to Korean credit card companies.

While shadowy hackers in Eastern Europe often get the blame for these attacks, more than 80 percent of the breaches that Bruemmer’s group works with “had a root cause in employee negligence,” he said.

“It could be from someone giving out their password, someone being spear-phished, it could be a lost USB, it could be somebody mishandling files, it could be leaving the door to the network operations center open so someone can walk in,” he said.

Despite the rise in breaches, 27 percent of companies didn’t have a data breach response plan or team in place, though that’s down from 39 percent who didn’t have them in the previous year’s survey.

Even in companies that have breach plans in place, employees aren’t convinced they will work. Only 30 percent of those responding to the survey said their organization was “effective or very effective” at creating such plans.

One reason might be that few companies seem to take the need seriously. Of the companies surveyed, just 3 percent looked at their plan of action each quarter. Thirty-seven percent hadn’t reviewed or updated their plan since it was first put in place.

The statistics don’t surprise Ted Julian, chief marketing officer with Co3 Systems in Cambridge, Mass. His company does cyber incident response management.

“Most organizations, and I’m only talking the sophisticated ones, have done a little but it’s not enough,” he said.

Breaches are now just a part of life and yet when they happen too often companies pull out “a dusty incident response plan that hasn’t been touched in two years,” Julian said.

The survey was conducted in 2014 and included 567 U.S. executives, most of whom reported to their company’s information security officers.



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn