Trending Now

Building a Resilient Supply Chain with Advanced Predictive…

New Articles

5 Tips for Keeping Your Business Data Secure

data
Archives, Global Trade Daily, Special Reports

5 Tips for Keeping Your Business Data Secure

Leave a comment

As a business, you can keep track of data for many customers and from some of the work you have done yourself. Whether it is research or surveys or from other locations, this data is integral to helping you get ahead of the competition. 

It can also be personal information from your customers and keeping this secure and safe from hackers who may like to get ahold of the data is so important. But how are you going to keep the data somewhere you can use it while ensuring that it will stay safe?

The good news is that businesses do have options when it comes to keeping their business data as secure as possible. Some of the steps that you can take to keep your business data secure include:

Come Up With Your Strategy

It is never good to have a vague idea of your procedures and policy. You need to have a formally written IT strategy that has all of the details about your plan. This plan needs to lay out how you plan to protect your resources and data along with steps that everyone must take if something goes wrong. 

Writing the plan is just the first step. You will need to keep it updated and nearby at all times. When something changes along with your business, you need to bring out that plan and make some of the necessary problems as well. 

You may need to sit down with a cybersecurity specialist to help you figure out what steps should be in the plan. This will ensure that nothing is left out of the plan and can help you discover some more of the vulnerabilities that may be present in your network. 

Protect Your Network Against Malware

With a plan in place, you are able to take the necessary steps to keep all of the bad stuff out. Come up with a plan that will ward off malware and any other malicious software that could take your data. 

Always assume that a hacker is trying to get to your data and be proactive. Some of the ways that you can do this include:

-Apply a firewall: While this is not enough to do on its own, your router’s firewall is going to provide a good line of defense so keep it turned on. 

-PC protection: This can include anti-malware and anti-virus protection on your system. You may also need some protection to help protect you against identity theft, suspect websites, and more. 

-Clean out the emails: This is often the job of anti-spam software. This can keep the unwanted, unsecured emails out and protects from accidentally hitting one that can cause issues. 

Encrypt the Wireless Network

If you are using a wireless network at all, then you need to have some special precautions in place. Encryption is a good place to start, but if it is not done well, hackers are still able to get around it all and can cause trouble. You need to make sure that your router has the right amount of strength to keep others out. 

One way is to use encryption here. Another is to turn off the broadcasting function on the router. This will help make your network invisible. When a hacker is not able to see your wireless network, it is a lot harder for them to hack right through it. 

Watch the Passwords

Even your password can be strengthened to help safeguard all of the data in your system. This can be a hassle to remember, but the more complexity that you get with the password, the easier it is to protect your data and everything on the system. 

There are a few steps that you can take to help safeguard your password. Make sure that it is a minimum of eight characters long and add non-standard characters and numbers as well. This makes it harder for anyone to figure out what the passwords are. 

You should also consider changing up the passwords on occasion to make it harder to guess. Using different credentials that are not words and passwords that are random letters and numbers and special characters can be a good option as well.

You may find in this situation that a password manager is going to come in handy. This makes it easier to keep track of these random passwords so you do not need to write them down and risk them being stolen. 

For your business, make sure that everyone is on the same page when it comes to passwords. Enforce that these passwords need to be strong to help protect the data by setting up rules that everyone must follow. 

Set Up Software Updates

This should be something that is automatic. When you do not complete some of the necessary updates with your software, it makes it much easier for hackers to find some of the vulnerabilities in the system and do what they want inside. 

Hackers are more than happy to scan a network or a website to see which version of the software is running at that time. They can then take a look at which vulnerabilities are present for them to explore in some of the older versions. 

You should take the time to update your device security settings, any operating system you need, and other software to the newest versions and do any other updates as necessary as you use the system. 

You can also set it up so any patches and improvements that come out are going to update for you automatically in the background. This takes out the guesswork on when it needs to be done while protecting your whole network from any potential threats. 

Keeping Your Data Safe

As a business, it is your responsibility to keep all of the data that you use as safe as possible. There are different ways to do this but with the help of some of the steps above, you can keep hackers off and keep all of that data as safe as possible. 

cybersecurity
Archives, Global Trade Daily, Software, Special Reports

The Evolution of Cybersecurity

Leave a comment

Last year we saw cybercriminals seizing a massive business opportunity.

Our rapid shift to working from home due to COVID-19, plus heightened financial, political, social, and emotional stressors presented a perfect storm:

-The consumer-grade routers and electronics we use at home are inherently less secure than the centrally managed commercial-grade devices at our offices. 

-Many home networks are already compromised. In April 2020, BitSight found that 45% of companies had malware originating from an employee’s home network.      

-Social engineering hacks like phishing, vishing, and smishing thrive when victims are preoccupied or fearful. 

Our organizations became very vulnerable very suddenly, and bad actors did not hesitate to cash in. In March alone scammers ramped up COVID-related phishing scams by 667%. Overall, the FBI’s Internet Cybercrime Complaint Center (IC3) saw a 400% increase in reported cyberattacks in 2020. 

While the events of last year presented a unique scenario for all of us, the swift and aggressive response from bad actors is indicative of a trend that will, unfortunately, persist: cybercriminals have organized themselves into a successful enterprise that continues to innovate and evolve for maximum profit.

And that profit is sizable: According to a March 2020 study by Atlas VPN, cybercriminals bring in over $1.5 trillion per year in revenue—more than Facebook, Walmart, Apple, Tesla, and Microsoft combined.

Why does it matter?

Our only option when it comes to mitigating (not eliminating) the risk of a breach is to match ever-evolving threats with an ever-evolving security strategy.

Cyber defenses cannot be “set and forget” anymore; while antivirus software, firewalls, and active monitoring tools are essential components of that defense, they are no substitute for human vigilance. 

Not only that, but our concept of vigilance must recognize the potential for highly sophisticated cyber breaches that span weeks or even months. Instead of snatching valuable data in discrete intrusions, cybercriminals are siphoning it off via prolonged, methodical interactions with victims. One popular scam works like this: 

-The bad actor identifies who in your organization processes payments.

-They gain access to that person’s email account, generally through a standard phishing email.

-They monitor the email account over a period of time to identify high-dollar vendors.

-They craft a spoofed domain and impersonate that vendor (think accounting@optima1networks.com).

-The target receives an unassuming email from the “vendor” with instructions to remit future payments to a new account (guess whose).

-The target continues paying the fraudster until you or your vendor realizes the mistake.

These targeted exploits cost US victims roughly $1.7 billion in 2019, up 33% from 2018. 

Attacks like this harm your business in two ways: 

-Directly: In addition to funds stolen by a hacker, you may incur ransom payments, downtime while your data is recovered, and steep labor costs for emergency IT support. In the case of ransomware attacks, average downtime is 19 days, and costs to remediate average $730,000 for those who don’t pay the ransom, and $1.45MM for those who do.

-Indirectly: Your reputation takes a hit when news of a breach gets out (every state government requires some form of disclosure). Cybersecurity audits are becoming a popular precursor to business engagements and memberships, and 38% of businesses report losing customers because of real or perceived gaps in their cybersecurity posture.

While there will never be a silver bullet when it comes to cybersecurity, it’s imperative we adapt both our defenses and our mindset to best protect ourselves in this new landscape.

Our recommendations

More cybercriminals are entering the space, and they are more organized, disciplined, and persistent than ever. This means that our cybersecurity strategies must rise to meet this new challenge, and that what we used to view as “advanced” measures must now become our baseline.

At minimum, we recommend you implement the following:

1. Advanced Endpoint Protection on all machines accessing corporate data. Centralized anti-malware only checks for known virus definitions. Add Next Generation protection that uses Artificial Intelligence to flag all “unusual” behavior, and either kill the process or alert a Security Operations Center (SOC) to intervene.

2. Two-Factor Authentication (2FA). Strong passwords are no longer sufficient. Turn on two-factor authentication for any accounts and systems that don’t already have it. Check regularly to make sure all accounts are covered.  2FA makes it much harder for unauthorized users to gain access to your system even if they obtain your password.

3. Backup and recovery for all cloud apps. Most popular applications (like Microsoft 365) have some backup built-in, but in a limited capacity. Do you have sufficient retention policies? Would you be able to restore files encrypted or lost to malware? Protect your Microsoft 365 email, SharePoint, Teams, OneDrive, and other online apps with a supplemental cloud backup service.

4. Firewall with Intrusion Detection. An up-to-date firewall is a start, but we recommend also employing Intrusion Detection to monitor network traffic for potentially malicious behavior.

5. Security Awareness Training. In addition to annual training, continually feed your employees security tips, and continually test with phishing simulations. It is essential that security remains top-of-mind year-round.

There are several security frameworks like NIST, ISO, and CMMC that can provide structure to your security efforts even if you aren’t subject to compliance regulations. These can feel overwhelming to tackle, but the items above will get you well on your way to fulfilling the core requirements.

Beyond this, it’s critical to embrace the mindset that a network is only as secure as its users are vigilant and adaptive. The sophistication and sheer volume of today’s cyber threats demand that:

-Cybersecurity expenditures get their own line item in your annual budget.

-Your cybersecurity posture needs annual review as new threats are emerging all the time. 

Most importantly, you need a resource who is qualified to assess your specific business needs and construct a solution that coordinates the technical and human components of your cyber defense.

________________________________________________

Heinan Landa is the Founder and CEO of Optimal Networks, Inc., a globally ranked IT services firm, the creator of Law Firm Anywhere, a virtual desktop solution that helps attorneys work seamlessly and securely from anywhere, and author of The Modern Law Firm: How to Thrive in an Era of Rapid Technological Change. After earning his B.S. and M.S. in Electrical Engineering and Computer Science from Johns Hopkins University, Heinan went on to receive his MBA from The Wharton School of Business. Featured in Legal Management, Legal Times, Chief Executive, Inc. Magazine, Forbes, CIO, and with regular appearances on ABC7, CBS9, and FOX5 TV, Heinan is a trusted leader in the legal, technology, and business spaces. For more, www.optimalnetworks.com, 240-499-7900, or hlanda@optimalnetworks.com.

data breaches
Archives, Global Trade Daily, Special Reports

The Largest Data Breaches in U.S. History

Leave a comment

COVID-19 has led to major changes to daily life for Americans, including a shift toward remote and at-home work. While these changes have led to more flexible working conditions for employees, they have also increased data security risks. New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.

Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and healthcare sectors, at 644 and 525 total data breaches, respectively. The business sector has become increasingly vulnerable to data security issues, as breaches in this sector increased by nearly 150 percent between 2014 and 2019. In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.

Data breaches often compromise a company’s most sensitive records. The majority of them stem from hacking and intrusion cases and unauthorized access to records, which comprised more than 75 percent of all data breaches in 2019. On the other hand, employee error and negligence accounted for less than 11 percent of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.

To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.

Between 2013 and 2019, companies involved in social networking and media, such as Yahoo and Facebook, were the most vulnerable to data breaches. For these companies, data breaches were most likely to occur through hacking and intrusion or accidental internet exposure. Emails, passwords, and other personal information were the most frequently compromised types of information.

Here are the 10 largest data breaches of U.S. companies in history.

Company
Rank
Number of records exposed
 Type of breach
Industry
Types of information compromised
Yahoo – 2013 1 3,000,000,000 Hacking/intrusion Media Name, email, phone number, date of birth, login information
River City Media – 2017 2 1,370,000,000 Accidental web/internet exposure Marketing Name, IP address, physical address, email
People Data Labs / OxyData.io – 2019 3 1,200,000,000 Accidental web/internet exposure Data Name, email, phone number, social media profiles
First American Corporation – 2019 4 885,000,000 Accidental web/internet exposure Financial Bank account number, bank transactions, drivers license, Social Security number
Facebook / Cultura Colectiva – 2019 5 540,000,000 Accidental web/internet exposure Social network Account name, account ID, Facebook comments and reactions
Yahoo – 2014 6 500,000,000 Hacking/intrusion Media Name, email, phone number, date of birth, login information
Marriott International – 2018 7 500,000,000 Hacking/intrusion Hospitality Name, physical address, phone number, email, passport number, date of birth, gender, reservation information
Facebook – 2019 8 419,000,000 Accidental web/internet exposure Social network Name, account ID, phone number, country
FriendFinder Networks – 2016 9 412,000,000 Hacking/intrusion Social network Account name, email, password, join dates, user’s last visit
MySpace – 2016 10 360,000,000 Hacking/intrusion Social network Email, password

For more information, a detailed methodology, and complete results, you can find the original report on Spanning’s website: https://spanning.com/resources/industry-research/largest-data-breaches-us-history/

data breach
Archives, Global Trade Daily, Software, Special Reports

E-commerce and Data Breaching: The Next Cyberthreat

Leave a comment

E-commerce today makes up a significant portion of total retail activity. In the United States alone, more than $586 billion was spent in 2019 online, representing a 14% increase over the year before. With COVID-19 currently wreaking havoc on the world, there is increased dependency on the internet. Globally, e-commerce business is expected to reach $4.5 trillion by 2021.

While e-commerce certainly fills gaps in the market, companies are susceptible to cyberattacks that may be made against them in order. These attacks sometimes result in large scale data breaches, which may include stealing information from customers or their identities. Here is what you need to know about this latest cyberthreat and how you can protect yourself.

Cybersecurity in E-commerce: Threats and Facts

Cybercriminals launch millions of attacks on e-commerce websites each year. These attacks target e-commerce sites in order to get customer personal and financial information in order to steal identities or make unauthorized transactions with their payment information. Some of the most common attacks perpetrated on e-commerce sites include:

Phishing attacks – Phishing attacks are usually committed by sending a corrupted email to a worker or customer, asking them to provide confidential information.

Credit card fraud – Credit card fraud occurs when a criminal uses another person’s credit information without their authorization, such as making purchases for their own benefit or taking out cash advances.

Botnets – Bots are automated programs that perform specific tasks online. Botnets can be used to behave like real customers and cause damage to a company by committing credit card fraud, account takeover, or price scraping, which is an attack committed by competitors to monitor pricing.

Malware – Malware is software that may be installed on a business or personal computer and infect it with a virus that may collect personal information, take control of the network, or gain access to data on the computer system.

E-skimming – E-skimming involves the theft of personal data and credit card information from payment card process pages on e-commerce sites.

Notable E-commerce Data Breaches

Some of the most high-profile data breaches of e-commerce sites include:

Shopify Data Breach

Two disgruntled employees led to the compromise of data from more than 10 retailers on the Shopify platform.

Barnes & Noble

The notable bookstore company Barnes & Noble sent an email to customers in October 2020 to warn them about a data breach that exposed their personal information to hackers.

eBay Data Breach

E-commerce site eBay had to ask 145 million users to change their passwords after hackers stole the passwords and other personal data from customers during a data breach.

Target Data Breach

A cyberattack on retailer Target resulted in the loss of credit card and personal information from 110 million of its customers in 2013. The CEO resigned the next year.

How to Protect Yourself During Online Shopping

Some tips to help you protect yourself during online shopping include:

-Only do business with reputable companies that have TLS protocol

-Make sure that there is a separate server for payment information

-Enable two-factor authentication for all online accounts

-Do not store your credit card information online

-Disable the autocomplete feature on you browser

How Companies Can Prevent Data Breaches

Companies also have a responsibility to safeguard customers’ data, which they can do by:

-Restricting access to personal information

-Destroying confidential data before disposing of it

-Keeping security software up to date

-Securing all computers

-Training employees on cyberthreats

Responding to Data Breaches

If your business has recently learned of an internal data breach, there are steps that you can take to minimize the fallout, including:

-Investigate the incident and ensure that any security vulnerabilities have been fixed so that no more attacks occur

-Report the crime to law enforcement

-Review your response plan

-Notify your customers and follow the reporting laws for your state

-Work with forensic experts to improve your cybersecurity

-Contact your cybersecurity insurance company

Conclusion

E-commerce sites may be on the tipping point of explosion in the near future. However, it is important that when you take advantage of this opportunity that you also take steps to protect your customers’ information. Following the tips above may help you prevent a data breach and keep your company’s reputation in check.

_______________________________________________________________

David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.

banks
Archives, Banking, Global Trade Daily

OUT WITH THE OLD: WHY BANKS MUST ADOPT FINANCE TECHNOLOGY TO REMAIN RELEVANT

Leave a comment

The term “FinTech” continues to saturate the news and financial institution reporting in recent years. It’s not surprising that streamlining financial services in the age of automation is something traditional banks struggle with adopting as global markets capitalize on technology. The trade sector on a high level is already purging antiquated, traditional processes involving paper, phone calls, Excel spreadsheets and tedious, unreliable methods of tracking and invoicing.

Now that FinTech is part of the bigger financial picture, it only makes sense that more companies in the global trade market are adopting FinTech as the norm rather than an option. This presents its own set of challenges for banks to overcome as much as it presents opportunities in optimization and risk mitigation. FinTech has its own challenges to overcome as well before it can successfully replace the traditional financial processes currently in place.

To understand exactly how FinTech fits into the bigger picture, we must break it down and evaluate all angles. To start, trends in emerging finance technology include variables from governments and dominating players to emerging acquisitions positioning big tech as a disruptor and solution to trade finance. So, what are some of the top emerging trends currently found in the financial technology space? According to experts at Azlo, a no-fee digital banking platform, government regulation will weed out fly-by-night FinTech while ownership of a self-sovereign identity will become more prevalent for risk modeling. Additionally, FAANG companies are currently positioned to become major players in the FinTech space as they continue to raise the bar for consumers and businesses alike.

Azlo also maintains that banks must adopt FinTech and emerging tech to remain a relevant part of the financial industry, warning that if they don’t, European, African and Asian markets, which possess less regulation and oversight, will own the space very soon. Additionally, optics, trust and inevitable obsolescence will ultimately serve as supporting reasons behind the adoption of emerging tech in the banking space in the near future.

From a safety and risk mitigation point of view, cybersecurity requires a sophisticated and advanced system to combat various strategies hackers utilize to disrupt the financial industry. Cybersecurity goes hand-in-hand with the recent surge in FinTech and will present itself as a challenge for financial companies to mitigate. How will this risk impact banks from a cost perspective? Think of it in terms of compliance and regulation. Circling back to Azlo’s expert point that once the government starts implementing harsher regulations, the days of FinTech will take a different stance in the financial industry. An example of this is found in Mexico’s FinTech law that took full effect this year and in the Latin America markets. As noted in a November Nasdaq article: “The goal of the FinTech law was to help bring more people into the formal economy. Additionally, it would help to reduce the amount of cash in circulation, which would cut down on money laundering and corruption as well.”

Nasdaq experts also point out the significant progress FinTech has made within the Mexico and Latin America markets. “In January 2019, Albo raised $7.4 million, sparking a surge in investor interest in Mexican neobanks,” states the article. “In March 2019, Mexican neobank, Fondeadora, announced a $1.5 million round of investment, and in May 2019, Nubank, Brazil’s largest neobank with over 15 million users, announced its plans to expand into Mexico.”

Considering the reputation for cash dependency in Mexico paired with the more than 273 FinTech ventures operating in the country, it’s no surprise that FinTech is disrupting and recreating opportunities for global markets while changing the way cash flow is approached.

FinTech will not necessarily hurt the traditional banking model, as it does offer an automated and sustainable approach for customers while keeping up with what is expected of companies on a cultural scale. To remain relevant, banks should consider what customer generations are emerging while maintaining the changing ecosystem supporting efficiency, sustainability and cost-savings.

Furthermore, FinTech is changing the way investments and lending are assessed. FinTech allows for much larger sets of data, providing a new level of visibility. Possessing the ability to manage multiple information streams that reflect the health of a company is found as an unmatched solution provided by FinTech, according to Azlo. With this information, companies can further evaluate next-step approaches and what actions in place need to be revisited, revamped or completely eliminated. The name of the game is data visibility, folks, and that is exactly what FinTech is doing to redefine how finances are approached.

“FinTechs are relying on different information when underwriting consumers, looking at things traditional banks have never considered and providing more people with access to personal and business capital,” explains Donna Fuscaldo in her blog, “The Rise of Fintech: What You Need to Know & Financial Services Now Offered.”

“Traditional financial institutions may be late to the FinTech party, but they haven’t missed it altogether,” Fuscaldo writes. “Many of them are creating their own services or partnering with established FinTechs to bring services to their clients. It’s happening in every aspect of FinTech from robo advisors with Charles Schwab’s Schwab Intelligent Portfolios to digital payments with Visa’s Visa Pay digital payment service. Even heavy hitters like JPMorgan are turning to FinTech’s data to evaluate applications for loans, and Quicken Loans, the online mortgage lender, launched its Rocket Mortgage app that can churn out mortgage approvals and rejections in minutes. All of this action on the part of the traditional financial services industry make for more choices beyond just the startups.”

With cybersecurity and automation consistently creating new ways for companies to optimize their payments while maximizing data and integration, only time will tell how much regulation global governments will impose and whether that reshapes the FinTech marketplace. One thing is certain: Traditional banking will continue to be challenged to redefine how customers are served, transactions are protected and how the investment and lending sectors approach opportunities throughout the international and domestic markets.

healthcare
Archives, Commentary

5 Ways For Healthcare Providers To Build A Fortress Against Cyber Threats

Leave a comment

The healthcare industry has yet to find a cure for cyberattacks. Housing personal health data, all kinds of providers are vulnerable targets of hackers and patient care can be put at great risk.

News of breaches in healthcare computer systems is a regular occurrence. Over 100,000 medical records were recently leaked as a result of a data breach at a Montana hospital. And research this year showed an upsurge in malware attacks on healthcare providers. Phishing messages, a means of malware delivery via email, have been found to come in the form of alerts from the US Centers for Disease Control and Prevention (CDC).

As cyberattacks become more sophisticated and widespread, the need for adequately securing computer networks at hospitals and all medical facilities has never been greater, says Alex Zlatin, CEO of Maxim Software Systems (alexzlatin.com).

“The costs of cyberattacks for healthcare providers can be enormous,” Zlatin says, “but how hackers can literally stop facilities from functioning and keep patients from getting care and medication should get everyone’s attention. “It’s all about prevention, and for many providers, being secure as possible will involve a retooling and re-thinking of how they approach cybersecurity from the human and technological standpoints.”

Zlatin provides five tips for healthcare providers to better protect against cybersecurity threats:

-Educate employees about phishing attacks. Many breaches start with human error. Employees make the mistake of responding to an email, link or website designed by hackers to access private information. “Email is a popular phishing technique,” Zlatin says. “The best ways to prevent them from doing damage are to educate your employees on what suspicious emails look like and to use strong email spam filters. Also, your software should automatically scan any links or attachments. This prevents new or unrecognizable URLs from sneaking past company safeguards.”

-Beware of ransomware. Ransomware has been a big menace to the healthcare industry, holding data for ransom, paralyzing facilities and putting patients at risk. Zlatin says the first step in dealing with ransomware is backing up your system, ideally with a cloud backup to protect data. “Failure to do backup can cause irreparable damage,” he says. “And while hackers continually find ways to infiltrate, your security software should contain the most updated anti-malware and anti-ransomware protection. When a ransomware attack occurs, the first thing employees should do is contact their IT team — not try to resolve it themselves.”

-Have a top-down security program. There can be a disconnect and gaps in cyber security procedures when a medical facility’s security staff and IT team don’t overlap. “Including cybersecurity duties at a managerial level, perhaps even as an executive position, can ensure that correct initiatives are created, launched, and enforced, and that funding for security initiatives is available,” Zlatin says. “This also helps enforce regular risk assessment, which should be part of any healthcare provider’s cybersecurity threat program.”

-Make sure vendors have protection. The Healthcare Industry Cybersecurity Task Force, which was established by the U.S. Department of Health and Human Services and the Department of Homeland Security, warned providers about areas of security vulnerability in the supply chain. “Vendors should take the proper steps to detect threats,” Zlatin says. “They include all healthcare business partners, such as insurance companies and infrastructure providers, all of whom should have good security records and be able to protect medical information. It’s especially important for organizations that outsource IT personnel from third-party vendors.”

-Update passwords often. “Using the same passwords for most platforms is a big mistake,” Zlatin says. “It increases vulnerabilities. If a criminal discovers one password used for several accounts, it leads to a disastrous theft of data. So, have employees generate new passwords periodically and not get stuck on convenience.”

“Too often, many healthcare facilities aren’t vigilant enough about defending their medical records security,” Zlatin says. “Healthcare providers face a constant threat that requires constant vigilance because they and their patients have too much to lose.”

________________________________________________________________

Alex Zlatin, author of the book Responsible Dental Ownership (alexzlatin.com), had more than 10 years of management experience before he accepted the position of CEO of dental practice management company Maxim Software Systems. He earned his MBA at Edinburgh Business School and a B.Sc. in Technology Management at HIT in Israel.

His company helps struggling dental professionals take control of their practices and reach the next level of success with responsible leadership strategies.

 

 

Archives, Global Trade Daily, Software

GlobeNet Steps Up Cyber Security with Anti-DDoS Gold Mitigation Service

Leave a comment

Following successful implementation of the Silver Anti-DDoS Mitigation Service, GlobeNet announced the launch of the latest version of the offering. The Gold Anti-DDos Mitigation Service will formally address diverse and complex customer demands while combating the significant increase in DDoS attacks – reported to have increased 500 percent since 2017.

The upgraded cyber-security solution’s features include a wide range of capabilities that enable customers to operate with fewer limitations and proactive measures to ensure their success, security, and overall efficiency in protection.

Features such as unlimited clean bandwidth and mitigated attack volume, protection policy flexibility, dynamic detection and neutralization of attacks, early detection of malicious traffic, and more provide clients with the peace of mind knowing the overall risk of downtime is reduced. Ultimately, clients have more options to secure their networks based on their specific needs.

“GlobeNet’s Anti-DDoS Gold and Silver levels provide an effective solution to the growing scale of modern DDoS attacks,” said Eduardo Falzoni, CEO of GlobeNet.

“With this new service, our customers now have the enhanced flexibility to choose the option that will best suit their needs. Both services provide 24/7 network protection without the need for organizations to make costly capital investments in their own anti-DDoS solutions. As a result, we ensure peace of mind for our clients’ mission-critical infrastructure and traffic.”

Archives, Commentary, Global Trade Daily

5 Key Considerations for your Cyber Security Strategy

Leave a comment

Cyber security. Not only do all organizations need it, but most organizations need to improve it. As hackers and all other manner of cyber criminals get increasingly crafty, the average cyber security team is struggling to keep pace. As it turns out, the road to hell is paved with well-intentioned but somewhat unfocused cyber security efforts.


Therefore, developing a cyber security strategy is a good foundational step for obtaining the level of cyber security necessary to protect your business, employees, customers and reputation. And taking attention of these five key considerations is a good foundational step for developing a cyber security strategy.

Set out clear objectives

All organizations need cyber security, but what works for one organization could be a disaster for another. This is not the place to attempt to implement a one size fits all approach. To begin to understand what your cyber security objectives should be, you need a solid understanding of the threat landscape as well as where your organization and critical business operations fit into it. Does your organization need to better protect customer data? Become fully compliant with new regulations? Incorporate a cyber security mindset across all aspects of business operations and functions? Become more resilient to attacks? Before a strategy can begin to take shape, you need to know what you’re working towards.

Identify your assets to establish cyber security priorities

The first part of this step is putting together a comprehensive list of the organization’s most important databases, networks, applications and any other assets. What are they? Where are they? What is currently protecting them? What are they connected to?

The second part of this step involves completing a nerve-wracking exercise, but it’s something that needs to be done over and over again if you’re going to have a solid cyber security strategy: assess your organization from the attacker point of view. Of all those assets in the list, what are most attractive to potential attackers? What could inflict the most damage to your organization if it were compromised? What would interrupt the largest number of business processes? Look at this from every possible angle, from the profit-driven hacker to the attackers hired by underhanded competitors to politically-motivated hacktivists – which of your assets are the biggest targets? These are your cyber security priorities.

Determine where you’re vulnerable

This is where you once again need to get proactive. Hacking simulation, penetration testing and other offensive-minded approaches are necessary to find your organization’s weak spots and vulnerabilities as well as figure out exactly how deep someone could get into your networks, systems and databases if they made it in. This serves to help you:
1) Shore up those vulnerabilities as much as possible and…
2) Put in place monitoring measures that help detect and respond to suspicious activity as quickly as possible – a managed security operation center (SOC) might be the best option for organizations that don’t have a robust in-house SOC. 

Make sure you have the right technology and personnel in place

As much as you might hope differently, it isn’t enough to simply invest in the best cyber security technology. Think of it like having an F-35 in your driveway. It’s a marvel of technology, but what good is it going to do if you don’t have a pilot to operate it? What your organization needs is a combination of the right technology, processes and the people who have the skills to orchestrate it.


To get the right cyber security team in place you need to consider your organization’s objectives as well as priorities and vulnerabilities. The team you need could include security engineers and architects, analysts, incident responders, ethical hackers, pen testers, forensic experts, auditors and a chief information security officer, to name a few possible positions, and all these employees need to be able to operate at a high enough level to deal with the threats your organization is facing. If it isn’t possible to staff an in-house team at the level your organization requires, it may once again be time to consider a managed cyber security solution.


Whether you’ve got an in-house team or a managed solution, you then need to ensure you’re working with the right vendors to arm your team with the technology they need to keep your assets protected, otherwise you’ll have the stealth fighter pilot but no F-35.

Assess the overall organization’s cybersecurity awareness

You can have the right cyber security people combined with the highest rated technology and the ideal offensive-minded approach to cyber security for a top-notch security operation center, but it won’t matter if your overall organization is not educated on cyber security threats.


From malware, spear phishing attacks to weak passwords and mishandled credentials, the current cyber security landscape is rife with attackers who know that organizational cyber security awareness and education is lacking and know exactly how to capitalize. From top to bottom, your employees need to be educated on the threats that exist, trained on what they must do to protect your organization, and the potential consequences to the organization if they don’t.


Getting ahead

No one said developing and following a cyber security strategy would be easy, but when done well, it’s one of the most worthwhile investments of time, effort and money an organization can and should make.
The threats aren’t going to let up and in fact will only grow in size, scale and sophistication. With a proactive cyber security strategy, you can stay one step ahead of even the most talented attackers, and one step ahead is the only place you want your organization to be.

Source: CyberHat

Archives, Commentary, Global Trade Daily

A 5-step guide to managing cyber threats in the supply chain

Leave a comment

When Danish shipping giant A.P. Moller-Maersk was attacked by the NotPetya malware in 2017, access to its electronic booking systems was blocked and ultimately forced a 10-day overhaul of its entire IT infrastructure.

The malicious attack still remains one of the largest disruptions to affect the global shipping industry to date. As a result of lost bookings and terminal downtime, Maersk incurred a massive US$300 million (€264 million) loss.

With the increasing sophistication of cyber threats, companies worldwide have to brace themselves for a new reality where supply chain disruptions are no longer restricted to those of a physical form. Cyber-attacks have the potential to disrupt or, at its worst, cripple the logistics and supply chain operations of an entire business across different geographies.

Instead of adopting a reactive approach to cyber security, companies should actively prevent and manage such cyber risks by devising a response plan with the following five steps.

Identify third-party risks

To successfully thwart future cyber-attacks, companies have to first determine which vendors or third-party entities have access to their firewall and could have the largest impact to the organization in a worst-case scenario.

When selecting possible vendors to work with, it is best to consider the amount of sensitive data that the vendor is handling, such as personally identifiable data, protected health information or financial transactions. With this knowledge, suitable mitigation measures must then be introduced to safeguard the sensitive data.

Monitor the cyber threat environment

As cyber threats are continuously evolving and news reports of a cyber-incident become known, it is a continuous effort to assess and understand events impacting the vendors or third-party entities that your organization works with.

The ability to persistently monitor one’s supply chain and the cyber threat environment will be the best determinant in responding adequately to a cyber-incident.

For instance, a year on from the cyber-attack on Maersk, Chinese state-owned shipping conglomerate COSCO Group managed to contain the damage and limit the length of disruption when its shipping operations in the Americas suffered a ransomware attack.
Though its shipping operations in the Americas came to a momentary standstill, the company’s swift response efforts and preemptive network segmentation prevented the escalation of the attack, allowing regular operations to resume within a week without significant damage.

Assess potential impact

Organizations should possess the capability to gauge the extent of the potential impact a cyber-attack can have on its business operations.

Knowing the nature of each cyber-attack can better equip companies by facilitating understanding, communication and coordination along its supply chain.

Types of cyber attacks

·Data breach: Release of secure information to an untrusted environment, including trade data, schematics, manufacturing systems, shipping data, and other confidential company information
·Ransomware: A form of malware which encrypts a user or end system, rendering all data within inaccessible, and demanding the payment of ransom to decrypt
·Denial of service: A cyber-attack performed by many actors to render a firm’s website or system unavailable to users
·Vulnerability: The discovery of a weakness, known or unknown, which may be exploited by a threat actor to perform unauthorized actions on a system
·Phishing: A fraudulent attempt to obtain security credentials from entry to executive levels for malicious purposes

Conducting a risk assessment on the areas of vulnerability from multiple angles will help companies measure the potential risk and threat of a sudden attack on its supply chain.

Develop risk scenarios and emergency protocols

Without emergency protocols established or adhered to in the event of a cyber-attack, it will likely cause confusion that leads to disruption in the supply chain. Companies need to train its employees on potential threat scenarios and develop corresponding response plans to tackle different situations.

Often, these response processes might involve the use of advanced technology and human intelligence analysis. Having established the protocols and trained employees on their respective emergency response roles, the company will then be well-prepared to implement the appropriate measures to mitigate the potential damage inflicted by a cyber-attack.

Communicate relevant actions to stakeholders

When a threat has been identified, it is imperative to investigate the matter internally and cascade information in a timely manner within the organization before alerting the relevant authorities. Once more details emerge and the nature of the threat is confirmed, organizations should pro-actively inform all stakeholders who have been affected, while activating the emergency response teams to rectify the issue.

With the threat of cyber-attacks looming large, companies need to take control and ready themselves with a proper response plan and top-notch cyber security practices to protect their supply chain.

Shehrina spearheads the supply chain risk monitoring capabilities for Resilience360. Resilience360 offers end-to-end supply chain risk management, alerting customers about supply chain incidents globally and risks to their global supply chain in almost real time. The platform helps companies handle an ever-changing world by assessing the impact of natural disasters, changing regulatory environments, and other supply chain risks. With Resilience360, businesses can visualize their supply chains end-to-end, use machine learning capabilities to detect early warnings of incidents that can disrupt their supply chain and it will allow customers to preemptively respond and minimize business interruption.

This article was originally published on DHL’s Logistics of Things. Read more on how logistics impacts business, builds lasting connections and drives innovation.