The ALS Group Risk Management Articles

Does the threat of Ransomware crippling your organization’s network and operations keep you up at night? At this point, it kind of should. However, there’s a lot your CISO and IT staff could be doing to mitigate the threat and help you sleep a bit more soundly.

The massive October 21st distributed denial of service (DDoS) attack on Dyn, a prominent Domain Name Server (DNS) provider, resulted in many US websites going offline. The attack was very sophisticated and precisely targeted. While no customer data was breached in this event, it was still extremely impactful on the effected organizations. When the DNS provider went offline, more than 100 popular websites, such as Reddit, Twitter, Box, Spotify, PayPal, Squarespace and Amazon Web Services (AWS) were unavailable. While most of us could survive without Twitter – though barely – the unavailability of web hosting platforms such as AWS, Box and Squarespace most likely caused interruptions in numerous businesses.

Enterprise Risk Management (ERM) concepts can help retailers create a competitive advantage out of the business of managing risk. ERM’s “portfolio view” collects all risk and mitigation activity into a single Risk Register. This enables management to coordinate mitigation efforts across functions, rather than leaving risk to be managed in a patchwork fashion among various pockets in the organization. These are the critical areas for retail organizations where embracing an ERM approach adds value and opportunities that would likely otherwise be “missed:”

Organizations that are seeking process efficiency and an edge on their competitors look toward technology to support their business plans. Often, new technology advancements will enhance an organization’s performance but unfortunately, the introduction of new software, systems and processes open them up to (unanticipated) cyber-related risk and exposures.

October is National Cyber Security Awareness Month, an annual campaign to raise awareness about cyber security, with 2016 marking its 13th year. If you’ve been following our posts, then you know that we place a great deal of importance on cyber security and strategic planning to mitigate cyber risk every month of the year. However, given the special occasion, now is the perfect time to rethink and enhance your personal and company security measures.

It doesn’t take a cyber risk expert to realize that the retail industry is a prime target for hackers, and that some of retail’s most iconic brands have made front-page, breaking news when it comes to millions of lost or stolen data records. Primary Cardholder Information (PCI) is extremely valuable amongst those on the “Darknet,” once described by PC Magazine as “the hidden, anonymous underbelly of the searchable Web.” Since larger retailers handle these records in the hundreds of thousands to millions, hackers are looking for any entry point into their networks to extract credit card and customer account data.