BMS’ Rupert Alabaster, Director Professional & Financial Services, reviews current cyber risk news and gives you the BMS view:
The FBI have warned that hackers are targeting guests’ data when they log into hotel Wi-Fi. It warned of corrupt software update pop-ups when using hotel Internet connections overseas. When they clicked on the “update,” malicious software was installed on their computer.
Hotel Wi-Fi connections are especially risky because often they are set up without proper security settings. But all free Wi-Fi internet connections accessed when travelling can the likelihood of private personal or corporate data being compromised.
BMS view – It is important that corporate security procedures are kept up to date to ensure that executives are fully aware of the exposures they face when travelling and what they should do to protect themselves and the company. It is also worth checking the cyber insurances to see if there is any exclusion where such procedures have not been followed.
Cyber security for industrial control systems
Joel Langill, Chief Security Officer and Control System Cyber Security Specialist for SCADAHacker, explains how easy it is to hack into most PLCs and provides you with steps to take now to protect your operations. http://www.automationworld.com/security/tac-presentation-cyber-security-industrial-control-systems
BMS view – in this day and age all companies should have a form of cyber insurance in place that will help protect them from such breaches. It should rank up there alongside of buying property and business interruption coverage.
Reuters – Scores of U.S. companies have not disclosed breaches of their computer systems, even though eight months have passed since U.S. securities regulators issued guidelines on disclosing cyber attacks, according to leading security experts.
There have been lots of breaches in every industry that have never been publicized,” said Shawn Henry, the FBI’s former top cyber cop, who joined a new cybersecurity company, CrowdStrike, in April.
Henry said the FBI was working on 2,000 active cyber cases when he retired from the agency in March. “There’s only a handful of cases that anybody has ever heard about.” he said.
U.S. government officials and cybersecurity consultants have been raising alarms about the growing sophistication of attacks on private and government computer networks.
Some companies do not disclose cyber breaches because they feel they were not material, said Dmitri Alperovitch, founder and chief technology officer of CrowdStrike. He said he knew of a publicly traded defense contractor that lost intellectual property (IP) to China because of a cyber intrusion.
“The justification they used for not announcing is that they only do business with the U.S. government and it doesn’t really matter that the Chinese stole all their IP because the U.S. government will never buy from China, so it wasn’t really material to them,” said Alperovitch, who declined to name the company.
Henry and other top U.S. officials have underscored the severity of cyber threats by citing a case in which one publicly traded company lost $1 billion of intellectual property in a single intrusion over a weekend.
A Reuters review last winter of more than 2,000 SEC filings that mentioned cyber risks found that some companies revealed significant new information about hacking incidents, but the vast majority merely described a general risk of cyber incidents. Some defense companies and other firms known to have suffered computer breaches did not mention the incidents in their filings at all.
LinkedIn Corp (LNKD.N), a social network for job seekers and professionals, last week became the latest high-profile company to be hacked. It said it was working with the FBI to investigate the loss of millions of member passwords, but has not submitted any SEC filing on the matter
LinkedIn spokesman Hani Durzy said the company had complied with SEC requirements, and had been giving members and the public “ongoing disclosures” and updates on its corporate blog.
BMS view – not only is the scale of cyber crime phenomenal, but the losses involved are serious. All companies need to seriously look at buying appropriate protection, and the insurance market needs to work together to provide relevant cover and higher limits.
Click here to access the full BMS Intangible Asset Protection website, with expert, in-depth videos and case studies.