CGI and Aon partner to provide cyber insurance risk assessment services for Finnish companies

HELSINKI, FINLAND, As of Sep 03, 2014 (Marketwired via COMTEX) — CGI GIB, + 1.76% (GIB.A) announced that it is joining forces with insurance expert Aon to provide cyber insurance risk assessment services across Finland.

Cyber insurance enables organizations to insure their valuable intellectual capital and helps to protect themselves better against business and reputational risks. The insured asset is typically a mission-critical control system that, if crippled, may result in significant business damage. Cyber insurance also covers loss or damage in the case of industrial espionage, which happens when an outsider gains unauthorized access to confidential business plans or research results.

“Cyber insurance is becoming increasingly common in Finland because today’s digital world involves new types of threats that are not covered by traditional insurance,” said Jukka Jaakkola, a cyber insurance specialist at Aon. “In today’s business environment, there are significant risks that threaten companies’ information systems and the operations that depend on them. These can be protected by taking out a separate cyber insurance policy.”

Cyber insurance prices and deductibles are partly determined on the basis of a risk assessment. In partnering with Aon, CGI will first perform a technical cyber security analysis for each client, which Aon will use to evaluate the client’s business risks for insurance planning and tendering purposes. On the basis of this analysis, the client may decide to reduce its risks-and thus its insurance premiums-before the insurance tendering process by bridging its security gaps or improving control.

“Investing in security usually pays itself back in reduced insurance costs,” noted Jan Mickos, director of cybersecurity for CGI in Finland. “From the insurance company’s viewpoint, a client company can reduce its risks by, for example, using a cybersecurity operations center that leverages the latest in technology and science to monitor the online security of multiple companies, improving their response readiness to exceptional situations. We have both commercial and government clients around the world, using this kind of service. We look forward to helping companies in Finland gain the same business advantages.”

About CGI

Founded in 1976, CGI Group Inc. is the fifth largest independent information technology and business process services firm in the world. Approximately 68,000 professionals serve thousands of global clients from offices and delivery centers across the Americas, Europe and Asia Pacific, leveraging a comprehensive portfolio of services including high-end business and IT consulting, systems integration, application development and maintenance, infrastructure management as well as a wide range of proprietary solutions. With annual revenue in excess of C$10 billion and an order backlog of approximately C$19 billion, CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Website: www.cgi.com.

About Aon

Aon plc AON, +0.33% is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world’s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visitwww.aon.com or aon.fi for more information.

www.cgi.com/en/media-room

Contacts:
Investors and media
Lorne Gorber
Senior Vice-President, Global Communications
and Investor Relations, CGI
+1 514-841-3355
lorne.gorber@cgi.com

Local Media
Esa Luoto
Manager, Marketing and Communications, CGI
+358 50 380 5601
esa.luoto@cgi.com

Market information
Jan Mickos
Director, Cyber Security, CGI
+358 40 8478740
jan.mickos@cgi.com

Jukka Jaakkola
Chief Commercial Officer, Aon
+358 201 266 277
jukka.jaakkola@aon.fi



SOURCE: CGI Group Inc.

15 Tips to Prepare for Security Threats Big and Small

A human can easily kill a gnat. So how is it that just one gnat can drive you crazy, even though you can kill it in an instant? You are bigger and mightier, yet one gnat can get the best of you. That’s because you’re too big for the gnat, as it buzzes around your eyes, nose and in your hair.

This is just like when businesses implement giant measures to enhance security and protect themselves against big threats like hacking, or a tornado. The business feels mighty with its extensive video surveillance, steel bolt doors and armed security guards. Yet, it’s unable to foresee or handle the small stuff that can have dire consequences.

Some businesses make the mistake of focusing on only a handful of tactics. As a result, other threats slip in undetected or, if detected, they’re not detected early enough to be mitigated. Instead, all the business leaders can do is swat haphazardly, hoping to get a hit.

When businesses zoom in on only a few specific tactics, this results in a rigid plan that can’t adapt, and is useful only if the anticipated threat is precisely how it was envisioned in the first place. Concentrating on just a few selected risks means not seeing the bigger picture—missing greater risks that can come along.

You can’t anticipate every possible threat but preparing for just a few isn’t smart, either. Follow this list to prepare smarter.

1. Make sure all security and continuity plans are adaptable.

2. Consider the human component, and work it in to the plan. Can IT’s brilliant plan be sustained by a person? Are facilities manned by one person or a team? .

3. Cover all basics and implement regular updates.

4. Don’t get sucker punched. Consider a variety of threats (from cyber sources to natural sources), not just a few, and the various ways your organization can respond and resolve.

5. Be aware. Figure out backup locations for your business to function should you be forced to displace.

6. Prepare staff. Designate a core team and keep their contact information handy so anyone can reach them anywhere.

7. Communicate. Design an emergency communications protocol for employees, vendors and customers, etc., for the days post-disaster. Confirm emergency response plans with your vendors and suppliers. Prepare to use alternate vendors.

8. Keep your data backup tools in excellent condition.

9. Keep your inventory of assets up to date.

10. Safely and efficiently store documents. Duplicates of all crucial documents should be kept off-site.

11. Routinely make data backups, ideally both locally and with a cloud service.

12. Determine succession of management in case key players can no longer function.

13. Know the signs of a dying computer. A blue screen can mean a hardware problem or driver conflict. If things are taking way too long, there may be too much softwar or a failing hard drive. Strange noises during startup, for instance, can also mean a hardware failure. Consider it your warning.

14. Set up your backups. You can set up backup protocols with a program like Belarc Advisor, which is free and lets you know what to install and when it’s time to replace a computer.

15. Consider replacing your computer every two or three years to avoid being stiffed by a computer that’s suddenly gone stiff. Nothing’s more alarming than suddenly losing all your data, and there’s no backup computer that you can just turn on and pick up where you left off.

Excerpted article written by Robert Siciliano, Entrepreneur

 

Hackers locking iPhones, demanding ransoms

(CNN) — A large number of people, mostly located in Australia, are reporting they have come under an unexplained attack that holds their iPhones and iPads hostage and demands they pay a $100 ransom.

The attack appears to work by compromising iCloud accounts associated with the disabled devices, according to an Apple support forum discussion that started Sunday morning and quickly accumulated several hundred posts.

Commandeered devices typically emit a loud tone that’s associated with a feature that helps users locate lost or stolen devices. iPhones and iPads also display the message: “Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:lock404@hotmail.com for unlock.”

In some cases—specifically, when a user hasn’t assigned a strong passcode to a locked device—it can only be unlocked by performing a factory reset, which completely wipes all previously stored data and apps.

The mass compromise is a variation on so-called ransomware scams, which initially targeted Windows PC users and earlier this month were found targeting smartphone users running Google’s Android OS.

The forum accounts provide strong evidence that victims’ Apple IDs and passwords have been compromised so that attackers can remotely lock connected devices using Apple’s Find My iPhone service.

But so far it remains unclear exactly how the attackers are compromising the iCloud accounts.

While it’s possible the hijackers used phishing attacks or hacked password databases to obtain the credentials, those explanations are undermined by the observation that the vast majority of victims were located in Australia and reported using a variety of e-mail providers. Typically, phishing campaigns and database compromises involving multiple providers affect users from more geographic regions.

DNS poisoning?

One participant in the online discussion theorized the mass compromise may have been the result of hacking domain name system (DNS) servers used by Australian service providers to translate human readable addresses such as Apple.com into the IP addresses Internet routers rely on.

Such an attack, which has yet to be confirmed in this case, works by “poisoning” the lookup tables of DNS servers so they secretly direct people to impostor sites. Assuming this technique was at play in the iPhone and iPad locking, affected users who entered a password on what appeared to be Apple’s site could have unknowingly provided it to the people behind the attack.

Apple officials have yet to comment on the report. There is no indication the hijackings are the result of any compromise on Apple servers, so that leaves end users to figure out for themselves how to secure their own devices.

Readers are once again advised to use long, randomly generated passwords that are unique to their iCloud account. They should also enable two-factor authentication and assign a separate, randomly generated passcode to each iPhone and iPad they own.

Readers are reminded they can be permanently locked out of their Apple ID accounts, and possibly their iPhone or iPad when running iOS 7 with Find My iPhone turned on, if they are compromised before two-factor authentication is enabled. Two-factor authentication won’t automatically prevent an attacker from compromising an iCloud account, but it will prevent the attacker from changing security questions and other crucial settings in the event of a breach.

The identities of the people behind the attack are unknown. There’s no indication they have any connection to anyone named Oleg Pliss.

People with a locked device should immediately try changing the credentials for their Apple ID and ensure two-factor authentication is set up. In the event their locked device didn’t have a passcode associated with it, they can perform a factory reset by using a cable to plug the device into their computer while iTunes is open.

More instructions are here.

Stay tuned to the latest in Insurance news by subscribing to ILStv’s daily or weekly newsletters.

Follow ILSTV on Twitter @ ilstv 

Stop using Microsoft’s IE browser until bug is fixed, US & UK warn

It’s not often that the US or UK governments weigh in on the browser wars, but a new Internet Explorer vulnerability — one that affects all major versions of the browser from the past decade — has forced them to raise an alarm: Stop using IE.

The zero-day exploit — the term given to a previously unknown, unpatched flaw — allows attackers to install malware on your computer without your permission. That malware could be used to steal personal data, track online behavior, or gain control of the computer. Security firm FireEye, which discovered the bug, said that the flaw is being used with a known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Microsoft’s Windows Vista, Windows 7, and Windows 8, although the exploit is present in Internet Explorer 6 and above.

While the Computer Emergency Readiness Team in England and the US regularly issue browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a particular browser. Specifically, the advisory says administrators and users should “review Microsoft Security Advisory 2963983 for mitigation actions and workarounds” and that people who can’t implement those stopgap measures, Windows XP users among them, “may consider employing an alternate browser.”

FireEye recommends that if you can’t switch browsers, then disable Internet Explorer’s Flash plug-in. You also can use IE with Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) security app, but that will not be as secure as simply switching browsers.

In a statement, Microsoft told CNET, “On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time we are aware of limited, targeted attacks. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.”

The company advises Internet Explorer users that the Enhanced Protected Mode, on by default in IE 10 and IE 11, used with EMET, “will help protect against this potential risk.”

The company did not address what people who use IE 9 or older should do. It’s not expected that IE 6 will ever see an update, as Microsoft has stopped issuing security updates for the 12-year-old browser that still makes up 4.65 percent of the browser market.

The US Department of Homeland Security did not immediately respond to requests for comment.

Statistics vary as to how many people actually use Internet Explorer. NetMarketShare puts the total around 55 percent of the desktop browser market, while competitor StatCounter says that 22.58 percent of people use IE. While the disparity is large, in either case the flaw affects a huge number of browsers being actively used.

Source: CNET

Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed

Microsoft is scrambling to fix a major bug which allows hackers to exploit flaws in Internet Explorer 6, 7, 8, 9, 10 and 11, responsible for 55% of the PC browser market. The company has also confirmed it will not issue a fix for web browsers running on Windows XP after it formally ended support for the 13 year old operating system on 8 April. XP still accounts for 25% of the world’s PCs.

The vulnerability was discovered by cyber security software maker FireEye Inc. which stated the flaw is a ‘zero-day’ threat. This means the first attacks were made on the vulnerability before Microsoft was aware of it. FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed  ‘Operation Clandestine Fox’, which targets US military and financial institutions.

FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: “It’s unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering.”

For its part Microsoft has confirmed the existence of the flaw in an official post. It gave limited information on the bug, but admitted “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

A Temporary Fix
While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .

1. Use another web browser other than Internet Explorer
2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”

No Hope For Windows XP
While informed users should therefore be able to avoid attack until Microsoft issues a fix, Windows XP users have no light on the horizon.

Microsoft has confirmed that no fix will be rolled out for Windows XP because support has officially ended and there are no plans to make an exception. It states:

“An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”

The company’s advice to Windows XP users has remained the same for some time: upgrade to Windows 7 or 8 or buy a new PC. It has also repeatedly sent a pop-up dialog box to reachable Windows XP machines with the following end of support notification.

EOS

For users unsure whether their existing PCs can support Windows 8, Microsoft offers a software tool called ‘Windows Upgrade Assistant’ which can be downloaded here.

Given the seriousness of the exploit and close proximity to Windows XP’s support cut-off date, critics will say Microsoft should issue one last fix. Defenders will point to the age of Windows XP and every OS has a lifespan while users have received sufficient warnings.

Either way the stark reality of still running Windows XP just struck home for owners of one-in-four PCs worldwide .

Source: Forbes

Stay tuned to the latest in Insurance news by subscribing to ILStv’s daily or weekly newsletters.

U.S. advises avoiding Microsoft’s Internet Explorer until bug fixed

The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft Corp’s Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.

The bug is the first high-profile security flaw to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.

The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to “the complete compromise” of an affected system.

“We are currently unaware of a practical solution to this problem,” Carnegie Mellon’s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.

Versions 6 to 11 of Internet Explorer dominate desktop browsing, accounting for 55 per cent of the PC browser market, according to tech research firm NetMarketShare. Google Inc’s Chrome and Mozilla’s Firefox account for the majority of the rest of the traffic.

News of the vulnerability surfaced over the weekend as Microsoft said its programmers were rushing to fix the problem as quickly as possible. Cybersecurity software maker FireEye Inc warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.”

FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.

“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” said FireEye spokesman Vitor De Souza on Sunday. “It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”

In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks. Security experts say EMET is helpful in staving off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.

By Jim Finkle, BOSTON — Reuters

Source: The Globe and Mail

Page 10 of 13« First...89101112...Last »

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest