Ransomware is not a new phenomenon, but when two large-scale campaigns – Wannacry and NotPetya – caused widespread disruption in 2017 they seemed at first to presage a new pattern of large-scale attacks.The reality has turned out differently. So far this year, we have seen relatively little ransomware activity, but what there has been is far more targeted and precise. An example of this is the recent use of SamSam ransomware to target 67 organisations in the US, following its deployment against the city of Atlanta earlier in the year.In the latest attacks, SamSam has been employed not just to look up files but also to infiltrate backups, making protection more complicated using conventional security solutions. Its ability to spread has been boosted by criminals hitching it to the leaked EternalBlue US National Security Agency exploit.Ransomware and the methods attackers use to delivery its crippling effects are constantly evolving, and organisations must employ a … [Read more...] about Innovative risk-management will defend us from evolving ransomware
Enterprise security risk management
People love Excel Spreadsheets. They use them to manage their projects, manage their businesses and to get things done when Corporate IT cannot move at the speed required. For all the challenges that the Excel spreadsheet poses to businesses, its use is ubiquitous and is likely to remain this way. It is the number one ‘go to’ tool for complex business calculations, financial analysis and data manipulation. Despite the deployment of enterprise IT systems in organisations, spreadsheets offer businesses the flexibility and agility to adapt and enhance vital business processes, whether it is to manage complex projects, budgets and forecasts, develop business and financial models to support their strategic decision making, or to produce management and stakeholder reports. However, despite their undoubted value, they pose significant risk to the business too, because they are typically used in an uncontrolled way, without the change controls found in other IT … [Read more...] about Is spreadsheet risk management a better fix for excel user woes than AI?
The Australian Securities Exchange (ASX) suffered an "unprecedented" hardware failure in September 2016, resulting in the outage of its equity market. Shortly after, the Australian Securities and Investments Commission (ASIC) identified a number of failings on the part of ASX, and made recommendations followings its initial review. ASIC this week published an update [PDF] on ASX Group's technology governance and operational risk management standards, reporting that while the securities exchange has placed additional focus on risk over the last year, it is expected it will take up to three years to fully implement and embed all the recommendations from the initial review. According to ASIC, ASX's practices were more comparable to those of other exchanges in the global financial market infrastructure industry, but lagged behind better practices in the broader financial services sector. "Given the overwhelming extent to which it relies on technology to deliver its services, robust … [Read more...] about ASX asked to up risk management practices following equity market outage
How have the recent privacy and security violations crowding the daily newsfeeds changed your company’s behaviour? There’s a silver lining to all the doomsday headlines — they should compel stakeholders in your company to pay more attention and provide more buy-in for proactive safeguarding activities against these risks. How are you going to leverage this opportunity? You need a fresh approach, management support, a solid plan, and comprehensive technology to support all the moving parts involved in setting up an integrated security and risk management program.As an experienced governance, risk management, and compliance (GRC) consultant and former auditor, I’ve assessed and supported many companies through the challenges inherent to building a mature, enterprise-wide information security risk management program that aligns with global standards and boosts competitive advantage. One way many organisations are approaching this is through ISO 27001, an … [Read more...] about A better way to work toward improved information security risk management and ISO 27001 compliance
Multicloud deployments are all the rage these days, and for good reason. They provide the ultimate in enterprises flexibility, letting you mix and match cloud services to meet your exact needs. As a result, they increase business agility and operational cost-efficiency. But the trade-offs are clear. Using multicloud means having more complexity. simply because there are more moving cloud parts. Moreover, you’re mixing the cloud services with existing legacy on-premises systems, not to mention systems outside of enterprise such as exchanges.While complexity brings many challenges, such as management and governance, the greatest risk it brings involves security. IT organizations traditionally dealt with security at the application and system levels, so enterprises are managing hundreds of security systems localized for a single system and purpose. That approach worked when things where simple, but now that they are complex we’re finding that traditional approaches just … [Read more...] about Multicloud’s hidden trade-off: Greater security risk