Source: sadlerco.com - Evolving Cyber Liability Risks
Author: Jim Ferguson
Due to the ever-evolving nature of cyber risk, IT risk managers must upgrade risk management strategies to focus on new areas of concern. In the past, primary attention was given to protecting computer infrastructures from losses caused by lapses of physical security, Internet servers, networks, and rogue insiders. Now, attention must be expanded to applications and software used by organizations.
Because risk management controls have improvednetwork security, cyber criminals have turned their attention to less protected vulnerabilities in applications and software. In addition, the purpose of the attacks have morphed from causing denial of service to profiting from the theft of confidential financial and client information.
Cyber attacks focus on the following areas:
- disrupting infrastructure operations
- posting confidential enterprise information online
- theft of intellectual property
- identity theft
- theft of confidential information
- confiscating or compromising online bank accounts
- spreading viruses on other computers
- revenge by malicious insiders
- Internet launched viruses, malware, trojans, phishing, botnets, other malicious code
A company’s risk analysis should include identification from among the risks below. Primary attention should be given to those risks which present the largest loss potential by either their frequency or severity.
- identification of viruses on servers, workstations, and laptops.
- open ports on firewall which assets are currently being attacked
- which assets are most likely future targets
- Payment card industry (PCI) audit if credit cards are used
- HIPAA and HITECH audit for medical information, if applicable
- various state confidentiality and data protection laws
Source: Resources, Winter 2010, Paul W. Burkett, The National Alliance For Insurance Education And Research
Read Full Story: http://www.sadlerco.com/changing-face-of-cyber-liability-risks/
No comments:
Post a Comment