Category: BAI Security Blog

DATA BREACHES FROM MALWARE ARE INEVITABLE AND COULD COST $500 BILLION IN 2014

The cost of a data breach or malware infection extends well beyond the dollars spent on responding and addressing security issues — productivity takes a big hit as enterprises and consumers spend countless hours dealing with the threats, according to a study from IDC in March, 2014.  That is to say nothing about the financial losses associated with the damage of the breached organization’s reputation. While researchers predicted that enterprises around the globe will spend around $500 billion in 2014 on making fixes and recovering from data breaches and malware, consumers worldwide will likely spend $25 billion as a result of those security threats. While organizations believe that criminals will account for the lion’s share (two-thirds, or $315 billion) of

Read More »
BAI Security May 15, 2014
Repost

MICROSOFT IE ZERO-DAY VULNERABILITY (CVE-2014-1776)

THREAT OVERVIEW:  On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776).  Exploitation of the vulnerability is reportedly being used in limited, targeted attacks.  The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.  There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch. Windows users running vulnerable versions of Internet Explorer are at risk, when visiting compromised websites containing malicious code to exploit this vulnerability. THREAT DETAILS: According to Microsoft, The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in

Read More »
BAI Security April 29, 2014
BAI Security Audit

THE NEXT BIG ADVANCE IN BREACH DETECTION & PREVENTION

Sears Holdings Corp. announced in March of this year (2014), it was investigating a possible security breach after a series of cyberattacks on other retailers have exposed the data of millions of consumers. The security review was still at an early stage as Verizon Communications Inc. (VZ)’s digital forensics unit and the U.S. Secret Service sift through the company’s computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter. Sears, which was already working to reverse 28 straight quarters of declining sales, could be faced with fighting a possible hacking attack with shoppers on edge after a flurry of retail data breaches tarnished the image of merchants including

Read More »
BAI Security April 1, 2014

PROTECTING YOUR INTELLECTUAL PROPERTY – TIPS FROM REAL WORLD AUDITS

Introduction In the course of any given year BAI Security performs hundreds of IT Security Audits for truly security-conscious organizations in highly regulated industries.  Our specialization includes in-depth IT Security Audit and Forensic services primarily to the Banking and Finance, Pharmaceutical, Healthcare, and Insurance sectors. In an effort to bring awareness to growing trends related to security risks leading breaches and confidential data loss, BAI Security routinely publishes warnings based on real-world audit results within these industries we focus on. Background Over the past year, BAI Security has reported on numerous occasions about two common security risks that are very often considered “known issues” or common problems that most organizations are aware of and have addressed.  The two security issues, which are almost

Read More »
BAI Security August 27, 2013
Audit Results

BAI SECURITY – MID-YEAR TOP-4 SECURITY RISKS

First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks.  BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and the utility sector.  While commonalities often exist, the results found here are not necessarily representative of businesses outside of these sectors. Social Engineering Social engineering has long been a serious security concern, but more recently organizations are slipping even further into a much higher level of risk in this area.  Even with most organizations performing annual end-user security awareness training, which usually includes a piece on social

Read More »
BAI Security August 13, 2013
Attack

FBI WARNS OF SPEAR-PHISHING INCREASE

The FBI’s IC3 says spear-phishing attacks are targeting multiple industries, and that the end goal is to steal IP or compromise banking credentials. “Cyber-criminals target victims because of their involvement in an industry or organization they wish to compromise,” the IC3 states. “Recent attacks have convinced victims that software or credentials they use to access specific websites need to be updated. The e-mail contains a link for completing the update.” This threat is nothing new to the IT Security Auditors at BAI Security. Michael Bruck, a founding partner at BAI Security, explained “For many years we’ve seen widespread weaknesses in social engineering with end-users and since their workstations are very often riddled with exploitable vulnerabilities, this combination makes for a

Read More »
BAI Security July 22, 2013
800-53

NEW GUIDANCE RELEASED BY NIST REDEFINES ASSURANCE & TRUSTWORTHINESS FOR FINANCIAL INSTITUTIONS

On April 30th, 2013 the National Institute of Standards and Technology (NIST) issued their latest version of essential guidance: Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations.  Led by Ron Ross, a NIST fellow and the project leader, a team of computer scientists spent the past two years developing this latest 457 page revision. One of the Essential Themes of the New Guidance Mr. Ross indicated that a key theme in the new guidance is the “reintroduction of the notion of assurance, or trustworthiness of information systems.”  The bottom line is that organizations will now be under higher scrutiny in terms of how effective they are at identifying vulnerabilities and security weaknesses in systems, which

Read More »
BAI Security May 2, 2013
Computer Security

2013 INSIDER THREAT TO BANKS AND CREDIT UNIONS – DATA LEAKAGE

The following is an excerpt from an article regarding the “Top IT Security Threats for 2013” “One of the areas we see a dramatic increase of concern is over data leakage,” says Michael Bruck of Chicago-based BAI Security.  “The ease in which an individual can export sensitive information from an internal network is chilling for many institutions.  We often conduct such evaluations during our Security Audit program and demonstrate just how easy and undetectable the process can be in most environments.”  Even with the headlines and various forms of education on this subject, BAI Security recently reported that as many as 40% of institutions responded in a recent survey that they were concerned their organization has been a victim of

Read More »
BAI Security January 24, 2013
Computer Security

LIVE EXPERIMENT DEMONSTRATES DISREGARD FOR BANK SECURITY POLICY

An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine’s Day promotion. In reality, though, the Flash Drive contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to use the Flash Drive. Among those who were duped were employees of a major retail bank and two global insurers. Clear warning Making these results even more ridiculous, the Flash

Read More »
BAI Security November 20, 2012
Assessment

ARE YOUR EMPLOYEES GIVING AWAY CONFIDENTIAL SECURITY INFORMATION?

A man calls the receptionist at a competitors company and asks for the name of the Sales Manager.  The receptionist says the person you are looking for is Bob Jones.  Later, the man calls back to the same company and says he needs to speak with the IT helpdesk.  When the helpdesk operator answers the man says “Hi, my name is Bob Jones and I seem to have forgotten my new password.  I am on my way to an important meeting can you reset it right away?” In an effort to help the user regain access to the system, the helpdesk operator resets the password and tells the man the new password.  The man then accesses the employee area of

Read More »
BAI Security October 23, 2012

Recent Posts

Keywords

No Tags Found !

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact