Navigation

CYSPEX Blog

Thursday
Feb282013

Cyber-Crime Protection: Passwords

AuthorCYSPEX Administrator | Posted on DateThursday, February 28, 2013 at 06:18AM

By: Allison Morris from OnlineCollegeCourses

While the convenience of pulling up your bank account balance, setting up plans with friends, or taking advantage of online shopping while on the go are almost second nature at this point, it has become more important than ever to make sure you protect your personal information as well as you can. According to an infographic posted by OnlineCollegeCourses.com, about 75% of Americans have been or will be the victims of some form of cyber crime.

For businesses, it was estimated that 90% were hacked over the last 12 months, and 77% more than once. But it's not just business that are the target for tech-savvy criminals. In 2012, more than 100 colleges and universities were hacked. This included well-known schools such as Harvard, Princeton, Stanford, and Cambridge, to name a few. The large databases schools keep with personal information on students are valuable targets, since this data can then be sold on illegal trading sites or directly to marketers. 

As for social media, approximately 600,000 Facebook accounts are hacked every day. This is equal to about seven accounts every second. Mobile apps were also hacked at an alarmingly high rate. In fact, 92% of the top 100 paid apps for the iOS system had been hacked. This was 100% for the Android system. Hacking apps allows cyber criminals to disable security, make pirated copies, and substitute the original app with a malware-infected version. 

But there are some steps you can take to help protect yourself from hacking. The best line of defense is to choose a strong password. This is usually one that contains a combination of lowercase and upper case letters, numbers, and symbols. Unfortunately, many individuals still use generic passwords like 123456 or qwerty. Even a personal password containing six lowercase letters can usually be guessed by a hacker in about 10 minutes. In addition, be sure to vary your password from account to account. That way, if a hacker does manage to gain access to one of your accounts, it does not create a domino effect. 

Graphic Provided by: http://www.onlinecollegecourses.com/

Hacked Infographic

CommentPost a Comment →
tagged | in
Monday
Feb182013

FTSE 100 Company puts information and customers first by investing in CYSPEX

AuthorCYSPEX Administrator | Posted on DateMonday, February 18, 2013 at 06:25AM

FOR IMMEDIATE RELEASE

18th February 2013
StratexSystems announces that a FTSE 100 Company has invested in their StratexPoint Solution on Sharepoint to manage its cyber risk, support business objectives and provide information assurance to customers and shareholders.

StratexSystems, a provider of integrated strategy execution & risk management solutions, in conjunction with industry experts in cyber security and enterprise risk management, Templar Executives have released a unique and comprehensive cyber security application; designed for a FTSE 100 company to provide their senior executives and board with a holistic view of their organisational cyber security posture. 
The tailored solution is known as CYSPEX (Cyber Strategic Programme Execution) CYSPEX enables organisations to monitor and manage the delivery of their cyber strategy while managing and mitigating the organisation’s cyber risks in line with their risk appetite. Not only does this ensure organisational information is secure and managed through its lifecycle, it also means information is delivered in a timely, relevant and valued manner.
 
StratexSystems CEO and Founder, Andrew Smart said: “With its focus on enabling business objectives, the CYSPEX solution is an innovative collaboration which embeds leading Cyber Security and Risk Management expertise into a template solution that provides a roadmap for any organisation wishing to improve their approach to cyber security whilst remaining focused on delivering its business strategy. We are pleased the organisation recognises the value of this solution and am looking forward to working with them on this project.”
 
For more information please visit www.cyspex.com or follow them on twitter @CYSPEX.
 
Ends
 
Notes to Editor
To interview a spokesperson, please contact andrew.smart@stratexsystems.com
For more information about StratexSystems, please visit: www.stratexsystems.com
 
StratexSystems
91 Waterloo Road
London
SE1 8RT
+44 (0)207 921 0060
 
About StratexSystems
StratexSystems is one of the only software companies in the world to provide an integrated, Risk-based Performance solution powered by Microsoft's SharePoint platform.
Our goal is simple – to help businesses execute strategy while operating within their acceptable level of risk exposure.
Very few organisations are capable of obtaining a single enterprise-wide view of their performance and risk management information. Instead the tendency is to employ multiple tools that operate in silos; rarely communicate with one another; provide conflicting information; and contribute to poor decision-making.
We believe performance and risk are essentially different sides of the same coin.  To effectively manage either, they must be managed as an integrated process with a single, integrated solution. StratexSystems provides that solution. 
 
Some of the acitivities which are supported by our various solutions:
 
  • Defining strategy maps & strategic objectives.
  • Conducting risk and control self-assessments.
  • Defining, managing and monitoring the initiatives and actions which make up the organisational change agenda.
  • Managing and monitoring KPI's, KRI's & KCI's using organisational and personal dashboards.
  • Defining Balanced Scorecards, with KPI's, initiatives and actions.
  • Defining and managing key emerging risks using risk maps.
  • Defining and monitoring Risk Appetite
  • Calculating, managing and monitoring the alignment of risk exposure to appetite.
  • Define and manage operational processes and systems, and monitoring their performance, risk and controls.
 

 

CommentPost a Comment →
tagged , , | in ,
Wednesday
Oct312012

The first steps to managing cyber-risk.

AuthorCYSPEX Administrator | Posted on DateWednesday, October 31, 2012 at 08:03AM

The following is a summary from an article by Dunbar, Thomas. 

Every company is reliant on technology, and data is often a critical asset. Managers and IT personnel must monitor reports via their computers and mobile devices 24/7, but even that seems to be an ineffective way to keep up. According to Financial Times, companies generate 2.5 exabytes of data. This much data means that 90% of the stored data today has been created in the past two years.

With this unprecedented growth, new threats emerge. These risks have been historically been the domain of the IT department, but while cyberrisks are by definition rooted in technology, they are not actually technological risks; they are business risks. Business risks are best addressed through a holistic risk management process that includes quantification, assessment, mitigation and systematic risk identification. 

Data Breach Facts in 2011

* 97% of breaches were avoidable through simple or intermediate controls


* 96% of attacks were not highly difficult


* 96% of victims subject to the Payment Card Industry Data Security Standard (PCI DSS) had not      achieved compliance


* 94% of all data compromised involved servers


* 92% of incidents were discovered by a third party


* 85% of breaches took weeks or more to discover


* 79% of victims were targets of opportunity

The article also suggests 3 steps for risk professionals to better protect their company's most important assests: Data.

Step 1: Assemble a Cyber-Risk Team

Step 2: Identify and Assess the Risks

Step 3: Develop an Incident Response Plan

To read more click here

 

CommentPost a Comment →
tagged , , | in
Monday
Oct292012

10 STEPS TO REDUCE YOUR CYBER RISK

AuthorCYSPEX Administrator | Posted on DateMonday, October 29, 2012 at 07:11AM

The following guide is produced by GCHQ, BIS and CPNI: 

Many players pose a risk to information:

  • Cyber Criminals: making money through fraud
  • Industrial Competitors & Foreign Intelligence Services: gaining an economic advantage for their own company or country
  • Hackers: enjoys the challenge of interfering with computer systems
  • Hacktivists: wish to attack companies for ideological or political motives
  • Employees: those who have legitimate access (by accident or deliberate misuse)

The key to effective enterprise-wide risk management and awareness is being aware of potential threats. Companies need to consider what could threaten their critical information assets and what the impact would be if those assets were compromised. The key is mitigating the majority of risks to critical information assets and being better able to reduce the impact of and recovery from problems as they arise. The 10 steps below can help reduce your Cyber Security Risks. 

 

 

The guide by GCHQ, BIS & CPNI also gives 3 examples of companies across different industries who have experienced some form of cyber security attack. These examples are based on events that had real impact on the companies operations. The guide explains, "Application of the 10 steps provides a comprehensive information risk management framework; however, for each scenario we have suggested those of particular relevance (GCHQ, 2012)..." To read more click here

 

This Guide and the accompanying documents have been produced jointly by GCHQ,

BIS and CPNI. They are not intended to be an exhaustive guide to potential cyber

threats or mitigations, are not tailored to individual needs and are not a replacement for

specialist advice. Companies should ensure that they take appropriate specialist

advice where necessary.

© Crown Copyright 2012

CommentPost a Comment →
tagged , , | in
Thursday
Aug092012

Cyber Vulnerability Index... -Why not Information Exploitation Index?

AuthorCYSPEX Administrator | Posted on DateThursday, August 9, 2012 at 06:49AM

KPMG have recently launched a ‘first of its kind’ cyber vulnerability index that demonstrates that financial services is far and away the worst information-leaking sector.

 

A massive 48% of information leakages from the 10 Forbes 2000 companies that offered cyber attackers the most opportunity came from organisations in the financial services (banking – 30%, diversified financials – 12% and insurance – 6%)1.

 

Once again the risk-based case is made for investing in cyber security.

 

However, this research joins a large body of case studies, publications, and media articles that focus on the risks businesses are running with regard to its information. By now most executives will be aware of the potentially large-scale impacts of poor cyber security. Yet many are still not investing to reduce the risk or change their corporate behaviours around information management. Why?

 

Is the evidence still not strong enough to overcome the ‘it won’t happen to me’ syndrome? Are the impacts being exaggerated and businesses aren’t feeling the pain of information loss? Or is it that in these tight economic times any “spare” money is not being invested in risk reduction initiatives that are traditionally viewed as largely a sunk cost and instead being invested in areas that offer a stronger return on investment?

 

Possibly all 3 but focussing on the latter, implementing cyber security should not be viewed as a sunk cost as the cyber capability you develop can provide a significant return on investment! This important area is rarely discussed in the plethora of media around cyber security with authors preferring to describe the latest juicy scare story.

 

Yes, there are people, organisations, States trying to get hold of your information. That isn’t going to stop. Yes, organisations are on the whole quite bad at looking after their information. That can change but scare stories don’t seem to be having the desired effect on the Board room to invest in cyber security (as desired by Governments ….. and security suppliers, of course!). So whilst I think it is a good piece of research, I am a little disappointed to see yet another report is focussed on the risk; the threat; and who is the worst at protecting their information.

We need more positivity around cyber security to make it more attractive to the Board room.

At the heart of cyber security is information. Whilst companies need to protect information they also need to exploit it. So why don’t more studies focus on who is the best at safely and securely exploiting their information? Why aren’t their more case studies circulating about companies who’ve successfully exploited information for substantial gain? Rather than talking about the negative side of cyber security, we, as an industry, should be talking about which companies are the most secure, the most resilient, and who has developed the most competitive advantage through safely exploiting their information? Companies who can deliver a return on investment from their cyber security and become a safe, sustainable business in this information age is, I believe, what investors and shareholders want to hear!

1 Publish and be Damned - Cyber Vulnerability Index 2012, KPMG

CommentPost a Comment →
tagged ,
Page 1 2 3 4 ... 4 Next 5 Entries »