- LATEST BLOG POST
- echo $post_date ?>
- Cultural Entropy and Risk Management are intertwined. Cultural entropy is defined as the amount of energy in an organization that is…
- Read More
Miners are under a new attack as Cryptominers exploit miners vulnerabilities. Programs that hijack computer resources to mine cryptocurrencies without permission are indeed a new threat in the list.
In summary, the “old list” for miners reportedly encompassed for example:
However, the real-life general list is way longer, as witnessed by a number of our own experience-based blog-posts bearing on:
Having developed a major study for a European Country’s Armed Forces, visible in a Riskope’s blogpost, back in 2015 we published a paper entitled Holistic Physical Risk and Crises Prioritization Approaches to Solve Cyber Defense Conundrums.
How does one develop a tactical and strategic planning for mitigation (roadmap)? How does one know which corporate sub-systems to fix and to what degree?
Quantitative convergent, scalable and updatable Risk assessments provide all the guidance needed, and is loaded with benefits. Indeed, as every risk, vulnerability cannot be mitigated/fixed at once it is paramount to be able to discern among risks and vulnerabilities to perform operational, tactical and strategic planning.
A paper we published in 2016 (Military Grade Risk Application for Mining Defense, Resilience, and Optimization) and a presentation we gave at the Management & Economics Society of CIM, McGill University, Montréal in 2018 illustrate this point.Convergent Quantitative Cyber Risk Assessment to Optimize Enterprise Reliability
Although insurance is the first idea which comes to mind, viability of risk transfer is likely not the best in the cyber world. We have discussed this in terms of “misleading actuarial data” and the complexities and speed at which cyber-threats evolve
Many, including major insurers have stated that cyber costs may soon exceed the benefits. This is in stark contrast with the IoT and digitalization trend of the mining and other industries that seems to “forget the risks” in the excitement of new technological developments. We hardly see anyone going back to typewriters and carrier pigeons. However, we know that some very serious organizations are indeed going back to typewriters for highly classified documents.
In many cases information security guidelines can significantly improve the stance of a client, especially if there is a strong effort to create awareness on social engineering attacks.
The obvious next step is to develop quantitative convergent scalable, drillable and updatable risk assessments. We discussed this idea in the prior sections of this blogpost advising to deploy ORE at corporate level.