Risk News

Security Experts Warn of Cyber Threats From Iran

"Cyber experts press for greater efforts on the part of civilian and military agencies to address threats from Iran, warning a joint House subcommittee that the Islamic Republic continues to expand its cyber arsenal."

Annie's take:

In the race to pass cyber legislation, Congress is hearing from a range of experts.

House Votes to Approve Disputed Hacking Bill

"Defying a veto threat from President Obama, the House on Thursday passed a bill that encourages intelligence agencies and businesses to share information about threats to computer systems, including attacks on American Web sites by hackers in China and other countries."

Annie's take:

Enacting a bad piece of legislation does nothing to avert cyberthreats, especially since all information sharing from the private sector is voluntary.

Who is Threatening the Security of Your Network?

"The myriad threats to public, private and U.S. government networks is getting a ton of attention in Washington, D.C., this week as the House gets ready to debate yet another cybersecurity bill."

Annie's take:

Here's a bit of an update on the cybersecurity discussion and debate going on in Congress this week, including a pretty comprehensive list of how companies are targeted.

Source's Cover Blown by SEC

"Federal securities regulators, in a sensitive breach, inadvertently revealed the identity of a whistleblower during a probe of a firm that ran a stock trading platform."

Annie's take:

Though the SEC has worked hard to incentivize whistleblowers, especially because of the complexity of transactional platforms, this gaff will set the program back significantly.

61% of IT Security Professionals Are Concerned About Attacks From Anonymous and Hacktivists

"Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report sponsored by Bit9. The 2012 Cyber Security Survey of nearly 2,000 IT security experts set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night."

Annie's take:

Here's the full survey that over 2,000 information security professionals took, as well as the results of the survey.

Data protection lessons not being learned

"A survey conducted by Varonis has found that 70 percent of organizations storing third party data are not ‘very confident’ that the sensitive data stored within their organization is protected."

Annie's take:

This new study by Varonis is yet another indicator that data is at high risk in many enterprises, not to mention in small and mid-sized businesses.

Two years after BP oil spill, offshore drilling still poses risks

"Two years after a blowout on BP’s Macondo well killed 11 men and triggered the largest oil spill in U.S. history, oil companies are again plying the waters of the Gulf of Mexico."

Annie's take:

Here's where things stand in the Gulf two years later. People, whether workers or regulators, are often still at the center of operational risk failures. There's also a editorial today on this topic in the New York Times worth reading.

Risk Management Makeover

"It's little wonder risk managers are accustomed to remaining behind the scenes. One need only look to Congress grilling Enron's former risk manager about his role -- or lack thereof -- in the company's out-of-control corruption to see that the spotlight can quickly become uncomfortable when it is pointed at risk management."

Annie's take:

The times, they are a changin'. I seem to be one of the few pessimists in this interview.

Consumers Have Concerns About Mobile Banking Security, Survey Finds

"Roughly one of every five Americans used their mobile phone for some sort of banking activity last year, and about the same proportion say they will probably use mobile banking in the future, a recent survey from the Federal Reserve found."

Annie's take:

Are we surprised by the results of this survey?

I must confess that I am, especially since I regularly find myself warning people that there is still risk around mobile platforms like banking.

Iraq Emerges From Isolation as Telecommunications Hub

"Iraq, cut off from decades of technological progress because of dictatorship, sanctions and wars, recently took a big step out of isolation and into the digital world when its telecommunications system was linked to a vast new undersea cable system serving the Gulf countries."

Annie's take:

One hardly knows what to make of this new development, especially since it's been characterized as risk management. Iraq will now be a series player in both the energy and telecommunications sectors.

100 Tornadoes in 24 Hours, but Plenty of Notice

"The tornadoes were unrelenting — more than 100 in 24 hours over a stretch of the Plains states. They tossed vehicles and ripped through homes. They drove families to their basements and whipped debris across small towns throughout the Midwest. In some areas, baseball-size hail rained from the sky."

Annie's take:

Though the property destruction from tornadoes over the weekend was heavy, the number of lives lost were significantly reduced becasuse of the revised alerting system now being tested. I expect to learn a lot more about tornadoes as I prepare to lead discussions in May and October at EPCOR on lessons learned from the 2011 Joplin tornado.

Facebook Offers More Disclosure to Users

"Facebook, seeking to address concerns about the personal information it collects on its users, said Thursday that it would provide any user with more about the data it tracks and stores. "

Annie's take:

As it readies itself to go public, Facebook has been trying to conform to European data privacy laws as well as requests in this country for a greater level of transparency on the data it collects about its users. See the comment in the article that there are 80+ categories that Facebook collects data in, and that it is proposing to share only half of those categories in its new offer.

Crisis Communications 2012: Social Media & Notification Systems

"Continuity Insights’ first in-depth survey for 2012 looks at the growing use of social media as a crisis communication tool. Respondents from over 250 organizations were asked to provide data about their organization’s social media accounts and usage, which was then used to indicate the reach and target audience — key factors when using social media in a crisis."

Annie's take:

The results of this survey are disappointing but not surprising. There is still significant resistance to the use of social media tools around emergency management. For one of the most interesting blogs by those actively using the tools see a site used by roughtly 1700 emergency managers, to be found at http://idisaster.wordpress.com/.

Nerves Are Rattled After Bomb Threats at Pitt

"Dozens of bomb threats at the University of Pittsburgh since mid-February have disrupted classes and dormitory life and prompted some students to find housing off campus just weeks before the semester ends."

Annie's take:

By virtue of its nature, a university campus is wide open. In the last several years, we've seen incidents at Virginia Tech and, more recently in Oakland, where shooters were able to take advantage of that openness. At Pitt, the sheer volume of the bomb threats is enough to disrupt campus life for teachers, students and campus police. The New York City slogan, "If you see something, say something" might be a good tool to use to identify the disruptors.

Pentagon to fast-track cyberweapons acquisition

"The Pentagon is planning to dramatically speed up the development of new cyberweapons, giving it the ability in some cases to field weapons against specific targets in a matter of days, according to a new Pentagon report to Congress."

Annie's take:

This is an interesting new development. It would have been helpful to have an example of what a cyberweapon might be.

Selling You on Facebook

"Many popular Facebook apps are obtaining sensitive information about users—and users' friends—so don't be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places."

Annie's take:

If you wish to keep details of your preferences and your personal life as private as it is possible to do with social media, then don't subscribe to third party applications available with Facebook. And double check your privacy settings at least once a month to be sure that the security choices you have made are still current.

Cyber-Criminals Change Tactics as Network Security Improves

"IBM in its X-Force security report for 2011 said security efforts have cut spam and improved vulnerability patching, but attackers are now targeting mobile devices and the cloud."

Annie's take:

This is a good summary of the IBM report, and highlights the need for information security professionals to establish the protections on their data before they move it to the cloud.

New Bill Lets Gov't Collect All Your Private Cyber Info

"The Cyber Intelligence Sharing and Protection Act (CISPA) is getting a lot of bipartisan support, but in reality it’s a nightmare that makes SOPA look practically benign in comparison. "

Annie's take:

Here's one professional security person's take on a bill pending in Congress, along with links to some additional information you may want to review.

DHS Budget Trends Jeopardize Partnerships and Collaboration

"Jim Mullen likely won’t drown in the emergency management bloodbath that is the U.S. Department of Homeland Security (DHS) budget, but he may have a hard time staying afloat."

Annie's take:

Impacts to Washington State's emergency management program are discussed first in this quite depressing article.

How China Steals Our Secrets

"For the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments."

Annie's take:

Richard Clarke, former presidential adviser, has written several books that cover this important topic. Here he critiques the forms of congressional legislation pending as really not dealing at all with problems like Chinese cyber threats.

In Person: Bubble-spotter Shiller says consumers need more protection

"In the course of his four-decade career, Yale economist Robert Shiller has seen enough financial folly to make anyone cynical. Instead, he thinks the industry can and should be reformed to serve ordinary people, not just the superrich."

Annie's take:

This is a terrific interview with economist Robert Shiller that covers a lot of ground, including current legislation moving into law.