KPMG performed research on the FTSE 350 constituent companies to analyze their cybersecurity vulnerabilities from publicly available information on corporate websites and documents. They found that over 53% of corporate websites were supported by outdated and vulnerable web server software. On average, they identified 3 potential vulnerabilities per company. They also found companies leaked sensitive internal information through metadata in documents, including an average of 41 usernames and 44 email addresses per company. Certain sectors like utilities leaked the most internal usernames. The report concludes that companies should minimize publishing unnecessary information and better protect sensitive employee accounts and roles to reduce cyber risks.
Many of the early adopters of cyber risk transfer were based in the US, (owing to the extremely strict legal requirement to notify all customers affected by a data breach). However recent developments are showing that cyber risks are not just a US problem. The past 18 months Aon has seen a dramatic increase in the number of companies outside the US purchasing cyber risk transfer.
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
Many of the early adopters of cyber risk transfer were based in the US, (owing to the extremely strict legal requirement to notify all customers affected by a data breach). However recent developments are showing that cyber risks are not just a US problem. The past 18 months Aon has seen a dramatic increase in the number of companies outside the US purchasing cyber risk transfer.
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
This Cyber Security Survey carried out by
Entersoft Security is a high level survey of
Hong Kong Fintech businesses as on
2018. The survey was carried out in July
2018 against the top HongKong based
Fintech’s in 2017 and early 2018. It helps
these Fintech organisations understand the
nature and significance of the cyber security
threats that they may face and what they
would need to do improve security.
Cyber Claims: GDPR and business email compromise drive greater frequenciesΔρ. Γιώργος K. Κασάπης
Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA cyber claims, according to the latest cyber claims statistics.
Nearly a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11% in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
Webinar Agenda:
1. What does fraud look like during the COVID-19 crisis.
2. Emerging threats in payments fraud.
3. Best practices to combat payment fraud.
Latin america cyber security market,symantec market share internet security,m...Ashish Chauhan
Get Ken Research Latest report on Brazil Cyber Security Market which covers Cyber Crimes Losses in Brazil,Future Endpoint Security Market,Symantec Market Share Internet Security,Avast Total Security Competition,McAfee Antivirus Market Share,Trustwave Competition Antivirus,Latin America Cyber Security Market,Cybercrime in Brazil
Presentation talking about the ever increasing threat of cyber crime and how social media, mobile devices, cloud computing make an interesting point of attack. Cyber security is only getting more and more important due to the widespread of new platforms, increasingly available and simple to use exploit kits as well as attacks becoming more sophisticated and having specific targets.
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
While retailers keep opening new stores, hackers continue mastering their skills.
What cybersecurity challenges should the retail industry expect in 2020? It is time to reveal trends and prepare to fight upcoming attacks.
Learn the details: https://www.intellias.com/retail-security-challenges-in-2020-in-depth-security-coverage-to-prevent-retail-theft/
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
The revelations of the Heartbleed vulnerability in April and the recent implementation of Australia’s new privacy regime in March have put data breaches firmly back in the limelight. Clare Coulson finds out more...
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
Cyber Claims: GDPR and business email compromise drive greater frequenciesΔρ. Γιώργος K. Κασάπης
Business email compromise (BEC) has overtaken ransomware and data breach by hackers as the main driver of AIG EMEA cyber claims, according to the latest cyber claims statistics.
Nearly a quarter of reported incidents in 2018 were due to business email compromise (BEC), up significantly from 11% in 2017. Ransomware, data breach by hackers and data breach due to employee negligence were the other main breach types in 2018.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
Webinar Agenda:
1. What does fraud look like during the COVID-19 crisis.
2. Emerging threats in payments fraud.
3. Best practices to combat payment fraud.
Latin america cyber security market,symantec market share internet security,m...Ashish Chauhan
Get Ken Research Latest report on Brazil Cyber Security Market which covers Cyber Crimes Losses in Brazil,Future Endpoint Security Market,Symantec Market Share Internet Security,Avast Total Security Competition,McAfee Antivirus Market Share,Trustwave Competition Antivirus,Latin America Cyber Security Market,Cybercrime in Brazil
Presentation talking about the ever increasing threat of cyber crime and how social media, mobile devices, cloud computing make an interesting point of attack. Cyber security is only getting more and more important due to the widespread of new platforms, increasingly available and simple to use exploit kits as well as attacks becoming more sophisticated and having specific targets.
Cybersecurity Challenges in Retail 2020: How to Prevent Retail TheftIntellias
While retailers keep opening new stores, hackers continue mastering their skills.
What cybersecurity challenges should the retail industry expect in 2020? It is time to reveal trends and prepare to fight upcoming attacks.
Learn the details: https://www.intellias.com/retail-security-challenges-in-2020-in-depth-security-coverage-to-prevent-retail-theft/
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
Open source insight into the Samba vulnerability, four risks in connected cars, and how the General Data Protection Regulation (GDPR) may impact you. Plus much more - read on.
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
The revelations of the Heartbleed vulnerability in April and the recent implementation of Australia’s new privacy regime in March have put data breaches firmly back in the limelight. Clare Coulson finds out more...
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
Global Digital Forensics Market is forecasted to hit US$ 13.93 Billion by 2028, according to Renub Research. The modern world has witnessed an increased dependence on the latest digital technology. With the widespread adoption of the internet, smartphones, social media platforms like Facebook, Internet of Things (IoT), GPS, fitness trackers, and even smart cars, it has become increasingly difficult for digital forensics investigators to retrieve digital data.
With cybercrime (like denial of service, malware, phishing, and SQL injection) looming large in our digitized world, penetration testing - and code and application level security testing (SAST and DAST) - are essential for organizations to identify security loopholes in applications and beyond. We provide a guide to the salient standards and techniques for full-spectrum testing to safeguard your data - and reputation.
What makes the next-generation firewall better than the traditional firewalls in protecting your data from hackers? Know more information from Netmagic!
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts.
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Round table discussion of vector databases, unstructured data, ai, big data, real-time, robots and Milvus.
A lively discussion with NJ Gen AI Meetup Lead, Prasad and Procure.FYI's Co-Found
Analysis insight about a Flyball dog competition team's performanceroli9797
Insight of my analysis about a Flyball dog competition team's last year performance. Find more: https://github.com/rolandnagy-ds/flyball_race_analysis/tree/main
Learn SQL from basic queries to Advance queriesmanishkhaire30
Dive into the world of data analysis with our comprehensive guide on mastering SQL! This presentation offers a practical approach to learning SQL, focusing on real-world applications and hands-on practice. Whether you're a beginner or looking to sharpen your skills, this guide provides the tools you need to extract, analyze, and interpret data effectively.
Key Highlights:
Foundations of SQL: Understand the basics of SQL, including data retrieval, filtering, and aggregation.
Advanced Queries: Learn to craft complex queries to uncover deep insights from your data.
Data Trends and Patterns: Discover how to identify and interpret trends and patterns in your datasets.
Practical Examples: Follow step-by-step examples to apply SQL techniques in real-world scenarios.
Actionable Insights: Gain the skills to derive actionable insights that drive informed decision-making.
Join us on this journey to enhance your data analysis capabilities and unlock the full potential of SQL. Perfect for data enthusiasts, analysts, and anyone eager to harness the power of data!
#DataAnalysis #SQL #LearningSQL #DataInsights #DataScience #Analytics
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Unleashing the Power of Data_ Choosing a Trusted Analytics Platform.pdfEnterprise Wired
In this guide, we'll explore the key considerations and features to look for when choosing a Trusted analytics platform that meets your organization's needs and delivers actionable intelligence you can trust.
Adjusting OpenMP PageRank : SHORT REPORT / NOTESSubhajit Sahu
For massive graphs that fit in RAM, but not in GPU memory, it is possible to take
advantage of a shared memory system with multiple CPUs, each with multiple cores, to
accelerate pagerank computation. If the NUMA architecture of the system is properly taken
into account with good vertex partitioning, the speedup can be significant. To take steps in
this direction, experiments are conducted to implement pagerank in OpenMP using two
different approaches, uniform and hybrid. The uniform approach runs all primitives required
for pagerank in OpenMP mode (with multiple threads). On the other hand, the hybrid
approach runs certain primitives in sequential mode (i.e., sumAt, multiply).
1. RISK CONSULTING
An ethical investigation into cyber
security across the FTSE350
UK Cyber
Vulnerability
Index 2013
What does your online
corporate profile reveal?
2. 1 | Cyber Vulnerability Index
of the FTSE 350 have out
of date and potentially
vulnerable web servers.
more than
3. Cyber Vulnerability Index | 2
KPMG performed research across the FTSE 350
constituent companies (over January to June 2013), with
the aim of performing the same initial steps that hackers
and organised criminals would perform when profiling a
target organisation for attack or infiltration.This included
some of the techniques used by threat actors often
referred to as Advanced PersistentThreats, or ‘APTs’.
Our research focused on finding publicly available technical information about the
FTSE350 group’s respective corporate IT.We mapped the structure of relevant corporate
websites to identify potentially sensitive file locations or hidden functionality useful to
cyber attackers.We then reviewed the content and meta-data of publicly accessible
documents.While navigating the sites, we found interesting internal file locations, email
addresses and technical data that would stimulate further investigation by hackers. In
addition to websites, we also reviewed the content published on selected public sharing
websites.
All profiling information was sourced from the public documents located on the FTSE350
corporate websites, document meta-data, search engines and public internet forums, and
no hacking or illegal actions were performed.
How we put together our Index.
The perpetrators of modern cyber attacks – whether
these are social activists, criminals, competitors, or
national governments – make extensive use of publicly
available company information when planning their
activity.Technical IT data, such as the versions of software
used, usernames and email addresses, and technical
details about a firm’s web-facing systems is of particular
interest to perpetrators.
Such data is almost never relevant to the firm’s customers or website visitors, but may
end up online due to negligence, deficient document publishing procedures, or as a
result of earlier security breaches. Even so, it is useful to hackers as it helps profile the
target firm’s IT and employees, and may reveal weaknesses in the firm’s security
defences.
Due to the non-intrusive nature of the discovery process, it leaves minimal to no
footprint and is therefore difficult to detect or protect against.The best course
of action may still be minimising the data unnecessarily published in the first place.
How cyber criminals use organisations’ data against them.
4. 3 | Cyber Vulnerability Index
1
excludes Beverages, Media,Travel & Leisure and Equity Invest Instruments
Corporate websites are supported by a number of web
technologies.When a website is accessed, the web server often
reveals its software version which is typically hidden from a web
browser’s view.The disclosure of these web banner software
versions can prove to be of significant value to an attacker when
profiling a remote target site and server.
Out of the 53 percent vulnerable to attack due to missing security
patches or outdated server software, the sectors with the highest
number of web vulnerabilities1
, were;
- Support Services
- Software and Computer Services
- General Retailers
- Mining
- Oil and Gas producers
- Pharmaceuticals and Biotechnology
- Aerospace and Defence
- Banks
- Telecommunications
- General Industrial
Across the whole FTSE 350 group of companies, we identified an
average of three potential web server vulnerabilities per
company, with a total of 1121 vulnerabilities recorded.The highest
recorded instance of web server vulnerabilities attributed to one
company was 32.
We also noted the large number of development and preproduction
web servers during our analysis. In one particular instance we
discovered a home-use web server, which provides a significantly
lower level of sophistication and security, was in use by a FTSE350
company.
It’s no longer acceptable to patch internal servers and corporate laptops
within four weeks of a patch being released. On a recent piece of client
work we witnessed a patching policy of 48 hours for internal systems,
covering some 2000 servers and 20,000 laptops, which shows what
can be done.
What we found -Vulnerable web servers
We observed that over 53 percent of corporate websites were supported
by out-of-date and potentially vulnerable technologies.
5. “Telecommunications, Aerospace and Defence, Utilities ,Financial
Services, Oil Equipment and Services recorded the highest
average vulnerable software”
130
Support Services
87
Software & Computer Services
23
Chemicals
Nonlife Insurance
82 Travel & Leisure
Mining
54
General Industrials
Technology Hardware & Equipment
27
Electronic & Electrical Equipment
24
Oil & Gas Producers
50
Pharmaceuticals
& Biotechnology
42
Banks
32
Media
Aerospace & Defence
35
73General Retailers
Telecommunications 55
Cyber Vulnerability Index | 4
PPotteenntiiaal wwwweeebb sseeerrrvvvveeerrr
vvulnneraaabbiiliittyyy -- AAAVAVVVVEEEERRRRAAAAAAGGGGEEEE cccoouunnnt
pperr coommmppaaannnyyy ppppeeeerr ssseeecccttttooooorrr[ PPoottenntttiaalll wwwwweeeebbbbb sssseeeeerrvvvvveeeerrr
vvuulneerrraabbbilliiittyyyy ----TTTTTOOOOOTTTAAAAAAALLLLLL
ccoouunt ppeeeerr ssseeeeccctttooooorrr[
Looking at the results by industry group, the highest averages for out-of-date web servers were held by:
7
FinancialServices
6
OilEquipment&
Services
Pharmaceuticals&
Biotechnology
6
HealthCareEquipment&
Services
6
5
GeneralRetailers
5
OilEquipment,Services&
Distribution
5
TechnologyHardware&
Equipment
4
Utilities
4
Aerospace&
Defence
5
Banks
4
SupportServices
4
PersonalGoods
4
Oil&
GasProducers
GeneralIndustrial
7
9 Software&
ComputerServices
Telecommunications
7
6. 5 | Cyber Vulnerability Index
“Utilities rated worst for leaking internal user
names - on average 126 per company”
7. Support Services
217
16792
80
78
55
54
45 45 38
36
29
26
24
19
M
ining
GeneralRetailers
OilEquipment,Services&
Distribution
Pharmaceuticals&
Biotechnology
RealEstateInvestmentTrusts
GeneralFinancial
Oil&
GasProducers
Utilities
IndustrialEngineering
Software&
ComputerServices
Banks
Aerospace&
Defence
LifeInsurance
Telecommunications
Cyber Vulnerability Index | 6
What we found - Sensitive information within meta-data
Meta-data (information stored inside a document about
the document itself) often constitutes an information
leak as it can provide attackers with a view of corporate
network users, their email addresses, the software
versions they use to create documents and internal
network locations where files are stored Information
within document.
As part of our research, we were able to
obtain an average of 41 internal
usernames and 44 email addresses per
company.These may be used to facilitate
targeted phishing email scams. Looking at
the results by industry group, most
internal email address were disclosed by
companies in the Aerospace and Defence
(212 emails per company),Tobacco (100),
Oil Equipment, Services and Distribution
(94) and Pharmaceuticals and
Biotechnology (93).
What we found - Internal network locations
Internal network locations point to internal server names and
assist hackers in gaining an insight into your internet structure2
.
We obtained an average
of 41 internal usernames
and 44 email addresses
per company.
2
An internal file name may look something like compxlonserv1MandAsecretfile1.
3
Excludes Equity investment instruments, Media, Household Goods.
TToottaal rreeccoooorrrdddddeeeeddddd
innttterrnnnaalll fifififilleeee lloooooccccaaaatttttiiooonnss
ppeer sseeecctttoooorr[
We managed to extract an average of five sensitive internal file locations per company,
with the highest recorded instance of 139 internal file locations in one company.
The sectors leaking the most internal network locations3
were:
8. 7 | Cyber Vulnerability Index
What we found - Hacking forums
Hackers will often share information on potential
or already compromised companies as posts on
underground forums, using digital whiteboard
technology to quickly paste information.These
postings often reveal email addresses of individuals
to be targeted in ‘spear-phishing4
’ attacks, passwords
of users on internal and external systems, as well
as details internet facing firewalls andVPN (Virtual
Private Network) hosts.
4
An e-mail spoofing fraud attempt that targets a specific organisation, seeking “unauthorised access to confidential data. Source: http://searchsecurity.techtarget.com/definition/spear-phishing
5
Numbers based on six month collection period (over January to June 2013). Excludes household goods, travel and leisure
Companies within the following sectors are discussed the most in these forums5
:
We found that on average a FTSE 350 company will have 12 postings on these
forums relating to sensitive corporate information.The highest recorded instance of
posts was 748, related to companies in the General Financial sector.The second and
third highest recorded entry related to a company in theTechnology Hardware and
Equipment sector, with 603 and 346 posts respectively.
- Banking
- General Financial
- General Retailers
- Oil and Gas Producers
- Pharmaceuticals and Biotechnology
- Software and Computer Services
- Support Services
- Technology Hardware and Equipment
- Telecommunications
- Tobacco
“Technology Hardware and Equipment
had the greatest amount of posts on hacking
forums with an average of 163 per company”
16
M
ining
18
18
18
20
21
22
OilOilEquipment&
Services
23
SupportServices
23
IndustrialEngineering
25
Software&
ComputerServices
26
Telecommunications
26
GeneralIndustrials
26
Aerospace&
Defence
27
Banks
Utilities
30
LifeInsurance
Oil&
GasProducers
GeneralFinancial
TechnologyHardware&
Equipment
Pharmaceuticals&
Biotechnology
KKPPPMMGGGG
‘HHHiighhhTTThhhhrrreeeeaaattt CCCCCllluuuuuubbbbbb***
’’’
[*
Sectors most likely to be targeted.
Sum of following averages:
- Internal file locations
- Vulnerable Software
- Vulnerable Web Servers
9. Cyber Vulnerability Index | 8
The spotlight is on theAerospace and Defence sector
Aerospace and Defence stand out as a high risk sector.
Using an email designed to dupe the unsuspecting corporate user, hackers will
embed a piece of malware, or a link to a malicious external site.When the user
clicks on the link a piece of malware will be delivered to the user’s computer.
From this point a user’s machine will be controlled by a third party and data
extracted from the corporate network.The hackers will have the same access to
everything as the user.
In June 2013, the FBI warned of an increase in criminals using spear-phishing
attacks to target multiple industry sectors.
(source - http://www.fbi.gov/scams-safety/e-scams)
Did you know?
Used by criminals and foreign intelligence services alike,
phishing is the targeting mechanism of choice when
penetrating an organisation’s network.
“Aerospace and Defence
leaked the most email addresses
with an average of 212 per company”
Many well publicised breaches have occurred in this sector over the years. As a sector,
Aerospace and Defence leaked the most email addresses with an average of 212 per
company. In addition, the Aerospace and Defence sector had 1209 recorded meta-data
email leaks which was the highest recorded across all sectors.The sector also had the
highest number of potentially vulnerable software with a total of 34.
Vulnerablesoftware
Hackingforums
Internalfilelocations
Users
Emails
212
53
16
8
6
Average count:
Vulnerablewebservers
4
10. 9 | Cyber Vulnerability Index
Focus on
the future…
11. Cyber Vulnerability Index | 10
…Companies should look too miniimisse the amount of meta-
data that can be associated back tto ttheir company. Plenty
of tools exist to strip this data from ddocuments before they
are published. People in sennsitivee roles that are likely to be
the target of phishing or simmilar cybeer attacks should have
little online presence and their emmails should be filtered.
Such roles include IT administratoors,, heads of research,
financial directors and otherr execcutivves with control over
vital corporate information oor nettworks. Finally, and critically,
CEOs and non-executive directorss shhould scrutinise and
challenge what they are beinng told byy their teams about cyber
defences, questioning how rrobusst thheir defences are and have
they been actively tested.Thhis reqquirres the people at the very
top of their organisation to hhave in-ddepth understanding of
both the threats and the couuntermmeaasures.