Navigation

CYSPEX Blog

Entries in cyber security (13)

Thursday
Feb282013

Cyber-Crime Protection: Passwords

AuthorCYSPEX Administrator | Posted on DateThursday, February 28, 2013 at 06:18AM

By: Allison Morris from OnlineCollegeCourses

While the convenience of pulling up your bank account balance, setting up plans with friends, or taking advantage of online shopping while on the go are almost second nature at this point, it has become more important than ever to make sure you protect your personal information as well as you can. According to an infographic posted by OnlineCollegeCourses.com, about 75% of Americans have been or will be the victims of some form of cyber crime.

For businesses, it was estimated that 90% were hacked over the last 12 months, and 77% more than once. But it's not just business that are the target for tech-savvy criminals. In 2012, more than 100 colleges and universities were hacked. This included well-known schools such as Harvard, Princeton, Stanford, and Cambridge, to name a few. The large databases schools keep with personal information on students are valuable targets, since this data can then be sold on illegal trading sites or directly to marketers. 

As for social media, approximately 600,000 Facebook accounts are hacked every day. This is equal to about seven accounts every second. Mobile apps were also hacked at an alarmingly high rate. In fact, 92% of the top 100 paid apps for the iOS system had been hacked. This was 100% for the Android system. Hacking apps allows cyber criminals to disable security, make pirated copies, and substitute the original app with a malware-infected version. 

But there are some steps you can take to help protect yourself from hacking. The best line of defense is to choose a strong password. This is usually one that contains a combination of lowercase and upper case letters, numbers, and symbols. Unfortunately, many individuals still use generic passwords like 123456 or qwerty. Even a personal password containing six lowercase letters can usually be guessed by a hacker in about 10 minutes. In addition, be sure to vary your password from account to account. That way, if a hacker does manage to gain access to one of your accounts, it does not create a domino effect. 

Graphic Provided by: http://www.onlinecollegecourses.com/

Hacked Infographic

CommentPost a Comment →
tagged | in
Monday
Feb182013

FTSE 100 Company puts information and customers first by investing in CYSPEX

AuthorCYSPEX Administrator | Posted on DateMonday, February 18, 2013 at 06:25AM

FOR IMMEDIATE RELEASE

18th February 2013
StratexSystems announces that a FTSE 100 Company has invested in their StratexPoint Solution on Sharepoint to manage its cyber risk, support business objectives and provide information assurance to customers and shareholders.

StratexSystems, a provider of integrated strategy execution & risk management solutions, in conjunction with industry experts in cyber security and enterprise risk management, Templar Executives have released a unique and comprehensive cyber security application; designed for a FTSE 100 company to provide their senior executives and board with a holistic view of their organisational cyber security posture. 
The tailored solution is known as CYSPEX (Cyber Strategic Programme Execution) CYSPEX enables organisations to monitor and manage the delivery of their cyber strategy while managing and mitigating the organisation’s cyber risks in line with their risk appetite. Not only does this ensure organisational information is secure and managed through its lifecycle, it also means information is delivered in a timely, relevant and valued manner.
 
StratexSystems CEO and Founder, Andrew Smart said: “With its focus on enabling business objectives, the CYSPEX solution is an innovative collaboration which embeds leading Cyber Security and Risk Management expertise into a template solution that provides a roadmap for any organisation wishing to improve their approach to cyber security whilst remaining focused on delivering its business strategy. We are pleased the organisation recognises the value of this solution and am looking forward to working with them on this project.”
 
For more information please visit www.cyspex.com or follow them on twitter @CYSPEX.
 
Ends
 
Notes to Editor
To interview a spokesperson, please contact andrew.smart@stratexsystems.com
For more information about StratexSystems, please visit: www.stratexsystems.com
 
StratexSystems
91 Waterloo Road
London
SE1 8RT
+44 (0)207 921 0060
 
About StratexSystems
StratexSystems is one of the only software companies in the world to provide an integrated, Risk-based Performance solution powered by Microsoft's SharePoint platform.
Our goal is simple – to help businesses execute strategy while operating within their acceptable level of risk exposure.
Very few organisations are capable of obtaining a single enterprise-wide view of their performance and risk management information. Instead the tendency is to employ multiple tools that operate in silos; rarely communicate with one another; provide conflicting information; and contribute to poor decision-making.
We believe performance and risk are essentially different sides of the same coin.  To effectively manage either, they must be managed as an integrated process with a single, integrated solution. StratexSystems provides that solution. 
 
Some of the acitivities which are supported by our various solutions:
 
  • Defining strategy maps & strategic objectives.
  • Conducting risk and control self-assessments.
  • Defining, managing and monitoring the initiatives and actions which make up the organisational change agenda.
  • Managing and monitoring KPI's, KRI's & KCI's using organisational and personal dashboards.
  • Defining Balanced Scorecards, with KPI's, initiatives and actions.
  • Defining and managing key emerging risks using risk maps.
  • Defining and monitoring Risk Appetite
  • Calculating, managing and monitoring the alignment of risk exposure to appetite.
  • Define and manage operational processes and systems, and monitoring their performance, risk and controls.
 

 

CommentPost a Comment →
tagged , , | in ,
Wednesday
Oct312012

The first steps to managing cyber-risk.

AuthorCYSPEX Administrator | Posted on DateWednesday, October 31, 2012 at 08:03AM

The following is a summary from an article by Dunbar, Thomas. 

Every company is reliant on technology, and data is often a critical asset. Managers and IT personnel must monitor reports via their computers and mobile devices 24/7, but even that seems to be an ineffective way to keep up. According to Financial Times, companies generate 2.5 exabytes of data. This much data means that 90% of the stored data today has been created in the past two years.

With this unprecedented growth, new threats emerge. These risks have been historically been the domain of the IT department, but while cyberrisks are by definition rooted in technology, they are not actually technological risks; they are business risks. Business risks are best addressed through a holistic risk management process that includes quantification, assessment, mitigation and systematic risk identification. 

Data Breach Facts in 2011

* 97% of breaches were avoidable through simple or intermediate controls


* 96% of attacks were not highly difficult


* 96% of victims subject to the Payment Card Industry Data Security Standard (PCI DSS) had not      achieved compliance


* 94% of all data compromised involved servers


* 92% of incidents were discovered by a third party


* 85% of breaches took weeks or more to discover


* 79% of victims were targets of opportunity

The article also suggests 3 steps for risk professionals to better protect their company's most important assests: Data.

Step 1: Assemble a Cyber-Risk Team

Step 2: Identify and Assess the Risks

Step 3: Develop an Incident Response Plan

To read more click here

 

CommentPost a Comment →
tagged , , | in
Tuesday
Aug072012

Cyber Security = Knowledge Management for the 21st Century!

AuthorCYSPEX Administrator | Posted on DateTuesday, August 7, 2012 at 06:33AM

‘Knowledge Management’ was one of the most exciting buzz words of the 1990’s, fuelled by the rapid globalisation of economies and businesses. As globalisation became business as usual, so the knowledge management trend diminished to become more routine business. However, at its height, it was exciting. It was viewed as a positive thing; as being essential to keep your business competitive. Most businesses therefore implemented a knowledge management initiative of some sort as it was seen as essential to manage your valuable information to maximise business performance.

 

Skip forward a decade or two and today cyber, or more specifically, cyber security, is one of the latest buzz words. A new buzz word but a different story is emerging …..

 

Arguably an evolution of the well-established IT Security market, cyber security, if done well implements holistic capability to protect your information – governance, skills, culture, policy, processes, as well as physical, personnel and IT security. By putting in place the right measures to protect your information you are actually setting up the infrastructure required to effectively and safely manage and exploit it.

 

So bar the addition of the word ‘safely’ in the previous sentence and the security dimensions to the capability description, I could have been talking about knowledge management. So why has cyber security not got the momentum knowledge management had in the 90’s?  Why is there not the excitement and positivity about it in the Boardroom?

 

In my opinion it is all down to the power of the words most commonly used in this field. Cyber Security proudly carries that word ‘security’. Many in cyber security talk about protecting information from threats or managing your information risk. Unfortunately ‘security’, ‘risk’, ‘threat’ all carry a negative stigma and investment by businesses in initiatives around these areas is as little as possible to comply with what legislation exists or to meet the rather minimal expectations of stakeholders. 

 

But what we are talking about is actually putting in place the capability to safely exploit your information. Exploiting information means better decisions; more timely, relevant and valued delivery. Being seen as able to exploit information safely should lead to competitive advantage. All very positive. Ergo, there is nothing negative about cyber security.

 

So let’s stop focussing on securing our information for its protection and start talking about safely exploiting our information to take advantage of the information economy in which we live! A business that is cyber-enabled can leverage digital opportunities, maximise profitability and gain all important competitive advantage! 

CommentPost a Comment →
tagged ,
Monday
Mar052012

CYSPEX Cyber Security Breakfast: From Threat to Solution

AuthorCYSPEX Administrator | Posted on DateMonday, March 5, 2012 at 04:43AM

Is your organisation leveraging the competitive advantage of a positive cyber security culture? What is your organisation doing to promote cyber security and support the Government in making the UK the world's leading market place? It’s a fine line between protection and enablement –   how is your organisation dealing with the cultural and behavioural impacts?  

These questions and more were raised at the CYSPEX Cyber Security Breakfast held at the Houses of Parliament on the 1st March 2012.  It was a full house with attendees from the government, private sector and academia providing insights and responses to some of the challenges facing the UK in Cyber Security. 

The event was sponsored by Templar Executives and StratexSystems. Andrew Fitzmaurice, CEO, Templar Executives, introduced the speakers and set the scene explaining, “Today’s briefing is designed to promote the holistic approach required for effective cyber security and to hear from those in the public and private sectors who understand this and are actively contributing to the National Cyber Security Strategy".

Key note speakers included; Andrew Miller MP and Chair of the Science and Technology Select Committee, Adrian Leppard, Commissioner of Police for the City of London, John Cook, Head of Defence Security and Assurance Services, Ministry of Defence, Simon Parker, Chief Information Officer, Babcock International Group PLC and Rena Lalgie, Deputy Director of Cyber Security, Department for Business Innovation and Skills. Both Baroness Paul Neville-Jones (Special Representative to Business on Cyber Security) and Lord Errol supported the event and participated in the lively audience debate that followed. All of these attendees are prominent in the actions they are taking to develop the UK’s Cyber Security maturity response. 

Andrew Miller MP opened the session by highlighting it is imperative for government and business to work together to tackle the cyber threat which is growing and “increasingly complex and dynamic”.  Commissioner Leppard re-enforced this by stating that last year alone, fraud cost the UK economy £38.6billion. 

Commissioner Leppard outlined the plans of the Economic Crime Unit and National Fraud Intelligence Agency and the steps they are taking to centralise the capture of fraud intelligence. The Commissioner concluded by saying; “the threat of internet crime is increasing exponentially and whilst both the government and the private sector have responded positively to this challenge we have got to keep the pace going” a view that was echoed by all speakers.

John Cook from the MoD and Simon Parker, CIO of Babcock shared the approach that their respective organisations are taking to increase their Cyber Maturity capability. Simon Parker explained that technology was only part of the picture; to be effective the culture of the organisation needed to be changed by carrying out training, at all levels, to raise awareness. Both the speakers concurred that organisations need to do more to articulate their information risk appetite and manage risk in accordance with that appetite.

John and Simon also emphasised the need for the board to endorse a Cyber Security strategy and drive change from the top. Implementing effective cyber security requires everyone within an organisation to be accountable and take responsibility for understanding the threats and vulnerabilities they face and how they can prevent them. Addressing the supplier  market, John Cook said suppliers need to “take action to ensure and demonstrate they have sufficient cyber security measures in place in what is a dynamic challenge that none of us can afford to ignore.” It was noted that those suppliers who did take action were not only contributing to the overall aim of the National Cyber Security Strategy – making UK Plc the place to do business – but also gaining a competitive advantage.

Rena Lalgie called for a shift in emphasis so that cyber security is seen as an enabler for economic prosperity and that there needs to be a focus on galvanising and partnering with the private sector to deliver the change necessary in this area. Cyber security should be an integral part of how companies manage their corporate risk.  

In his closing remarks Andrew Miller MP commented on the next generation of the UK workforce and observed “the missing link is in education; technical and practical skills and behavioural change need to be taught and embedded in the education process.  We need to shift the dynamics so young people grow up knowing how to protect their own work and are used to working in that way.”

CommentPost a Comment →
tagged , , , | in
Page 1 2 3 Next 5 Entries »