Tag: Risk Management

BAI Security Audit

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to the network. Security experts have warned that 2015 will be the year of the particularly malicious hacker. Such attackers will wipe compromised networks after a successful attack in order to destroy forensic evidence. In other cases, as we’ve seen with the various “locker” ransomwares, data is encrypted and held for ransom. If demands aren’t met, the data isn’t released from its encrypted prison. “Defensive Best

Read More »
Cyber Insurance


News about the damage associated with the Sony breach keep coming, and is most likely going to reach new heights over the Christmas break. Meanwhile, criminals keep conducting immensely successful hack attacks against huge brands that should have the financial assets and talent to protect against breaches. Has this risk management gone very wrong — accepting the occasional hack attack as a cost of doing business — or are we fighting a war we can’t win? We know that data/networks can and should be secured more effectively. While no security system will ever be 100% bulletproof, there are glaring bad practice issues in all of the recent high-profile breaches. We’ll look at why this might be happening in a follow-up

Read More »