Dyman & Associates Risk Management Projects

Developing an effectiveRisk Management Plan can help keep small issues from developing into emergencies. Different types of Risk Management Plans can deal with calculating the probability of an event, and how that event might impact you, what the risks are with certain ventures and how to mitigate the problems associated with those risks. Having a plan may help you deal with adverse situations when they arise and, hopefully, head them off before they arise.

With use of smartphones and tablets on the rise and sales of traditional PCs on the decline, attacks on mobile devices are maturing, says IT research and advisory firm Gartner Inc. By 2017, the focus of endpoint breaches will shift to tablets and smartphones. And, according to Gartner, 75 percent of mobile security breaches will be the result of mobile application misconfiguration and misuse. Common examples of misuse are "jailbreaking" on iOS devices and "rooting" on Android devices. These procedures allow users to access certain device resources that are normally unavailable - and remove app-specific protections and the safe "sandbox" provided by the operating system, putting data at risk. Jailbreaking and rooting can also allow malware to be downloaded to the device, enabling malicious exploits that include extraction of enterprise data. These mobile devices also become prone to brute force attacks on passcodes.

In late May, online security firm Trusteer, an IBM company, raised alarms about a new online banking Trojan it calls Zberp. According to Trusteer, more than 450 global banking institutions in the U.S., the United Kingdom and Australia have been targeted by this malware strain, which combines features from Zeus and Carberp, two well-documented banking Trojans. Just days earlier, global cyber-intelligence firm IntelCrawler warned of new point-of-sale malware known as Nemanja, which had reportedly infected retailers in nearly 40 countries. And news about recent evolutions in the mobile malware strain known as Svpeng also has caused concern. In May, Svpeng was found to have evolved from merely a banking Trojan to a malware strain equipped with a dual ransomware feature (see New Ransomware Targets Mobile). But with so many alerts about new and emerging malware strains and attacks, how should banking institutions respond? It's a growing challenge for information and security risk officers because one of the keys to mitigating cyber-risks is differentiating new threats from older ones.

Security officers who view threat intelligence and risk management as the cornerstone of their security programs may have advantages over peers who face constraints when it comes to taking advantage of the available data. CISOs are generally tasked with evaluating security controls and assessing their adequacy relative to potential threats to the organization, and its business objectives. Their role in cybersecurity risk management -- the conscious decisions about what the organization is going to do and what it is not going to do to protect assets beyond compliance -- is still hotly debated. The transition towards risk management is more likely for the 42% enterprises whose security officers report to executives (the board of directors or chief risk officers) outside of the IT organization, according to Gartner. The firm's analysts advise security officers to achieve compliance as a result of a risk-based strategy, but admit that "organizations have not kept pace." Equinix started to build a customized threat intelligence program about five years ago. The International Business Exchange data center provider uses threat intelligence along with risk assessment to do its "homework" before the company invests its resources in information security or agrees to IT requests from departments with different priorities.

Leaders in Software as a Service (SaaS), Mobile Device Management (MDM) & Bring Your Own Device (BYOD) Security Mobile devices have become an intrinsic part of everyday life, for individual consumers and large organizations alike. Consequently, the popularity of smart devices is an increasingly attractive target for cybercriminals with regards the potential value of personal data found on a device. The increasing demand for mobile security software is seeing the emergence of security specialists offering solutions aimed at mobile as well as PC. Established market players in internet security are adapting their services to mobile, while a number of new companies are specializing specifically in smartphone and tablet security. Solutions including software, device management and security as a service are looking to answer this nascent security demand. The complex nature of the mobile ecosystem and the close affinity to the broader cyber security market has made the mobile security sector a relatively fragmented market, with overlaps between the different submarkets. . As a result, vision gain has determined that the top 20 companies in the global mobile security market account for $2.06 billion, or 58.9% of annual market revenue which illustrates a highly competitive and fragmented market.