The ALS Group
January 4, 2017
We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
If you’re anything like me, you will complete most of your holiday shopping from the comfort of your own home, laptop in hand, attempting to avoid the craziness of department stores and mall parking lots. Then, a week or so before the big day, you’ll realize that you neglected to order some key gifts and scramble to pick them up in-store.
The year 2016 is turning out to be a record one for data breaches, and cybercrime won’t be slowing down any time soon. According to global digital security firm Gemalto, nearly five billion private records have been exposed globally since 2013. Data breaches were up 15% in the first half of 2016 compared to the prior six months.
Every organization is faced with risks and needs to practice some form of risk management in order to maintain the health of the entity. Many take a traditional approach, where risk is managed in silos, with each leader of a business unit (sales, operations, finance, HR, etc.) responsible for managing the risks that fall within his or her area of responsibility.
Does the threat of Ransomware crippling your organization’s network and operations keep you up at night? At this point, it kind of should. However, there’s a lot your CISO and IT staff could be doing to mitigate the threat and help you sleep a bit more soundly.
Troubles continue for Millennium Tower, the luxury high-rise building that has been coined “the leaning tower of San Francisco” for tilting two inches at its base and sinking 16 inches. As we predicted in our August 11th blog, a lawsuit ensued and it’s huge: Condo owners filed a $500 million class-action lawsuit against the developers, Millennium Partners, and the Transbay Joint Powers Authority.
Risks pose threats to a broad range of your organization’s resources, such as assets, company reputation or time. These resources are spread throughout a variety of potential risk owners. In turn, each risk owner may have access to only certain capabilities for addressing risk. For example:
An Enterprise Risk Management (ERM) process can yield a valuable communication for your organization: the Risk Appetite Statement. This statement serves an important assurance role for stakeholders in your company, and is an indicator of critical, board or executive-level oversight of risk management. It serves as a tangible product of an effective effort to assess and control risk across the enterprise. It can be referenced as the basis for any communication or disclosure your company may need to make about its risk management policy and efforts.
The massive October 21st distributed denial of service (DDoS) attack on Dyn, a prominent Domain Name Server (DNS) provider, resulted in many US websites going offline. The attack was very sophisticated and precisely targeted. While no customer data was breached in this event, it was still extremely impactful on the effected organizations. When the DNS provider went offline, more than 100 popular websites, such as Reddit, Twitter, Box, Spotify, PayPal, Squarespace and Amazon Web Services (AWS) were unavailable. While most of us could survive without Twitter – though barely – the unavailability of web hosting platforms such as AWS, Box and Squarespace most likely caused interruptions in numerous businesses.
