The Preparis Blog

Cyber Threats

Posted on November 11, 2015 by

Cyber Extortion on the Rise: What Your Financial Firm Needs to Know

On November 3rd, 2015, the Federal Financial Institutions Examination Council (FFIEC) issued a statement warning financial institutions of the increasing number of cyber-attacks used to extort money and other allowances from victims, a trend that is seen around the world. For example, news came out in September that several large financial organizations in the United Kingdom were being targeted by extortion cybercriminals in the DD4BC group for bitcoins. According to the report, 58% of the extortion ring’s targets…

Continue Reading
Posted on October 22, 2015 by

How to Make the DHS Cybersecurity Initiative Make Sense for Your Business

Cybersecurity is a growing concern for individuals and businesses alike, so much so that federal agencies have taken strides to help make the nation more cyber aware. As part of that effort, the Department of Homeland Security (DHS) has developed a coordinated cybersecurity initiative targeted to various demographics, providing them with educational resources, insights, and tools. For the small to midsize business (SMB) owner, there are three programs worth your while: the Stop.Think.Connect. Campaign, the NIST Cybersecurity Framework,…

Continue Reading
Posted on October 15, 2015 by

Cybersecurity: Our Shared Responsibility

October is known for many things, but for those involved with business continuity, it is celebrated as National Cyber Security Awareness Month (NCSAM). This year’s theme—Our Shared Responsibility—underscores the importance of taking ownership of our actions to increase our cyber awareness and improve practices to mitigate risks. Sponsored by the Department of Homeland Security (DHS) in collaboration with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the National Cyber Security Alliance (NCSA), National Cyber Security Awareness Month…

Continue Reading
Posted on September 30, 2015 by

Cybersecurity Is a Pillar of Your Business Continuity Program

Recently, I was in Washington DC meeting with one of our larger clients when we were asked “what role does cybersecurity play with business continuity?” It’s a question Preparis gets asked more and more frequently, and it’s a really important one. Business resiliency and compliance programs exist within organizations to protect people, operations, revenue, and brand from threats and disruptions. Threats can take many forms, such as natural disasters, unexpected IT failures, pandemics, workplace violence, and cyber-attacks.  While…

Continue Reading
Posted on September 23, 2015 by

OCIE September Risk Alert: Are You Cybersecurity Audit-Ready?

The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently issued an update of their Cybersecurity Examination Initiative–the third one related to this initiative–alerting businesses in the securities industry to the newest areas within cybersecurity practices they will be examining. Each of these six focus areas will assess the extent to which firm procedures and controls have been implemented in order to promote better compliance practices and ultimately improve cybersecurity preparedness: Governance and Risk Assessment Examiners will look…

Continue Reading
Posted on September 9, 2015 by

Third Party Vendor Assessments Are Key to BCP and Cybersecurity for Asset Managers

In an increasingly interconnected business world, on-time delivery of products and services is crucial.   As technology and innovation continue improving the way businesses operate, we all must rely on a web of third party vendors and partners to make it happen.  Revenue, growth, and brand reputation are at risk if a company’s third party vendors are ever disrupted, breached, and unable to deliver their services. For example, credit unions rely on their payment processing partners to always be running…

Continue Reading
Posted on July 29, 2015 by

Avoid “Stagefright” Hack: Protecting Your Android from the Text Message Virus

On July 27th, Android phone users were warned of a newly-discovered vulnerability affecting the media playback tool built into their phones’ operating systems. If manipulated, this tool, called Stagefright, would allow hackers to control phones remotely and steal data, potentially without ever being noticed. Hackers could gain access by sending a video text message packaged with malicious software. Once the message is received—regardless of it being opened by the recipient—the virus is activated as Stagefright automatically scans the…

Continue Reading
Posted on May 13, 2015 by

“Overarching Complacency” in Cybersecurity Leads to Big Data & Big Dollar Loss

Affected consumers outraged over last year’s Home Depot massive data breach filed a class action lawsuit this month claiming company leadership did nothing to mitigate identified security risks, which were ultimately exploited by cyber criminals. This “overarching complacency,” according to the lawsuit, included understaffing IT departments, ignoring SEC filings that admitted risks to consumer privacy and security, and violating their own policies of protecting customers’ personal identification information, among other reasons. If history is any indication, Home Depot…

Continue Reading
Posted on March 3, 2015 by

Keep Cybersecurity at the Top of Your List

Earlier this month, the SEC released a report summarizing its findings from a cybersecurity examination it conducted last year. According to the report, at least 88% of broker dealers and 74% of advisers have been the targets of cyber-attacks. Most of these attacks occurred through fraudulent emails, and in one case an adviser lost more than $75,000. With numbers like these, it is clear that cybersecurity should be at the top of the list when it comes to…

Continue Reading
Posted on February 20, 2015 by

Banks Lose Big Bucks to Multinational Malware Heist

Kaspersky Labs announced this week their discovery of a cybergang who stole upwards of $1 billion from over 100 banks around the globe. In the largest heist of its kind, each victim was robbed of $2.5 million to $10 million spanning a two to four month period. Since August of 2013, money was acquired through several means, depending on the entity and how it operated. These means include remotely dispensing cash from ATMs, processing fraudulent transactions that transferred…

Continue Reading

Business Continuity Resources

Find business continuity resources, including free webinars, whitepapers, checklists, and tabletop exercises. Visit: Preparis Resources