Hi, I'm Mike.
I do web things like:
If you need help with sales/marketing contact me on LinkedIn.
Once upon a time, there was a theory that Macau would be playing host to fewer VIP billionaires and become a hub for meetings, incentives, conferences, and exhibitions (MICE). This was part of Macau’s overall strategy for diversification, a goal pushed by Beijing and shared by the local populace. These business tourists would augment the new middle class families coming for entertainment as much as baccarat. I bought into this theory for a few reasons.
Unfortunately, as the chart shows, visitors to exhibitions fell along with VIP revenue from 2014 to 2016. The Macau government database hasn’t been updated with any 2017 data yet, but we know that VIP revenue has finally posted a quarter of growth. It will be interesting to see whether the number of Macau exhibition visitors will grow as well.
How to Anticipate Cyber Surprises "Technology necessary for a robust cybersecurity program already exists in most organizations. The missing piece — strong governance — is the key to putting internal policies into practice and maximizing the effectiveness of existing technology." "The first step is to make sure off-site backups are kept up to date. Automatic notifications should alert the security team at preset intervals, reminding them to verify that data is fully backed up at an off-site location. It’s critical to use a risk-based approach to prioritize which data needs monitoring and testing."" "Business continuity and disaster recovery (BC/DR) plans, much like data backups, must be tested (and optimized) at regular intervals.""
SEC Picks Up the Pace of Cyber Attacks Enforcement "Citing an interview with the U.S. Securities and Exchange Commission (SEC), Steven Peikin, along with Stephanie Avakian, were appointed new co-directors of enforcement. Reuters reported the two are very concerned with cyberattacks on brokerage firms. “The greatest threat to our markets right now is the cyber threat,” said Peikin in the exclusive interview. “That crosses not just this building, but all over the country.”""SWIFT's profit declines more than 30% following cyber attacks on banks "SWIFT's 2016 profit before tax and rebates to its owner-customers fell by 31 per cent to 47 million euros ($53 million), following additional investments in security, the co-operative said in its annual report published on Friday." AIG: Systematic Cyber Attacks Likely in 2017 "More than half of survey respondents say a simultaneous attack on five to 10 companies is highly likely in the next year. More than one-third estimate the likelihood of a simultaneous attack on as many as 50 companies at greater than 50 percent."
AI Takes a Seat in the Boardroom as Execs Turn to Automated Cyber Defences "Four in five (81%) executives report implementing automated security solutions" "in Radware’s security industry survey, 98% of security professionals globally reported experiencing at least one attack in 2016." Executives identified negative customer experience (39%) as the biggest impact of a cyber-attack, with brand reputation loss (36%) and revenue loss (34%) close behind. Furthermore, 56% of European executives estimate that cyber-attacks cost their businesses between £500,000 and £10m (compared to 40% in the US). the amount of UK executives who reported experiencing a ransom attack almost doubled from 12% last year to 23% in 2017.
SOMEONE FAILED TO CONTAIN WANNACRY The theory is that the North Korean agency responsible for Wannacry was just testing it and then it started to spread. Security experts believe that, had it been an intentional attack, it would have been more sophisticated.
Stephanie Snyder, U.S. cyber sales lead, Aon, said more than 70 carriers now offer cyber coverage, but there are few consistencies among them regarding coverage triggers, definitions, exclusions . . .Wow, 70 carriers. That's a lot of options. I wonder if they have geographic restrictions on the companies they will offer to.
Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server This blunder was caused by Deep Root Analytics (DRA), a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server. Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA.
Web Hosting Provider Pays $1 Million to Ransomware Attackers South Korean web hosting company Nayana agreed to pay $1 million in Bitcoin after a ransomware attack hit 153 Linux servers. The attack took place June 10 and resulted in over 3,400 business websites the company hosts being encrypted. According to the Nayana’s initial announcement, the attacker demanded 550 Bitcoins (over $1.6 million) to decrypt the infected files. Following negotiations, they lowered the ransom demand to 397.6 Bitcoins (around $1.01 million). The company’s website also uses Apache version 1.3.36 and PHP version 5.1.4, both released in 2006 and known to include vulnerabilities. Most likely, the vulnerable Linux installation was used as an entry point to run the Erebus ransomware on Nayana’s systems. The Apache version that Nayana uses runs as a user of nobody(uid=99) and “a local exploit may have also been used in the attack,” the researchers say. the malware was built specifically to target and encrypt web servers and data stored in them
Nigerian Hackers Lift Reams of Info from Global Industrial Targets There have been more than 500 attacked companies in more than 50 countries so far—and most are industrial enterprises and large transportation and logistics corporations. The emails used in such attacks are made to look as legitimate as possible so that the employees who receive them open the accompanying malicious attachments without giving them much thought. The emails were sent on behalf of various companies that did business with potential victims: suppliers, customers, commercial organizations and delivery services. The emails asked recipients to check information in an invoice as soon as possible, clarify product pricing or receive goods specified in the delivery note attached. “It is worth noting that a complete set of malware for carrying out this type of attack usually costs no more than $200.” The most common pathology for the attack results in criminals redirecting legitimate business transfers of money or payments into their own accounts. they intercept the email with the seller’s invoice and forward it to the buyer after replacing the seller’s account details with the details of an account belonging to the attackers.” the company making a purchase not only loses money but also fails to receive the goods they need on time.
Minnesota Updates on Intrastate Crowdfunding In Minnesota, by meeting the requirements of the MNvest rules, companies may raise capital within Minnesota state borders after making a notice filing, paying a $300 fee, and waiting ten days before creating an offering. Both non-accredited and accredited investors may participate with non-accreds capped at $10,000 per offering. Accreds have no such limit. Issuers may raise up to $2 million with reviewed financial statements. If you keep it under $1 million you have to prepare financial statements internally thus avoiding an additional cost. All offerings must be sold through a registered portal and it is only available to Minnesota residents. Companies must generate 80% of gross revenue in the state to qualify. According to MNvest, this is the status of crowdfunding in the state after 6 months: Three registered funding portals 7 campaigns with 3 successfully funded Over $300,000 raised for Minnesota based companies. MNvest says there is more on the way.
These New Cyber-Weapons Could Topple Power Grids
Cybereason Gets $100M to Fend Off Cyber Attacks : and Competitors
" Cybereason’s approach stands out for its “offensive mindset,” as Div says, and its emphasis on understanding hackers’ intent and trying to “hunt them” inside a computer system. (The underlying technology includes statistical models of organizations and sophisticated efforts to detect and stop anomalous behavior by users or intruders.)
“Our promise is that we know how to… evolve faster than the hackers,” Div says."
Selling Your Data? Here’s What You Need To Know
"There are some limitations to what you can sell, however, particularly with GDPR going into effect next year and other regulatory constraints. “Privacy is a concern, and you might think twice about selling it if you’ve promised not to,” she says. “WhatsApp’s flipflop on customer data left users feeling betrayed."
There are multiple ways to sell the data. “If you’re selling data you might sell through a data broker, a curated marketplace or a self-service marketplace,” Belissent says. “Companies like Exapik brings brokers data deals, and Quandl helps prepare the data and provide a marketplace. But selling data requires a data- and development-savvy target market and that means slower time to value.”
Does Machine Learning Have a Future Role in Cyber Security?
Former Symantec CTO Amit Mital has claimed that cybersecurity is “basically broken” and machine learning is one of the few ‘beacons of hope.’
“In recent months some major companies have acquired machine learning capabilities. For example, Sophos acquired Invincia, Radware bought Seculert and Hewlett Packard bought Niara. This may be a sign that at least some major organisations see ML and big data capability as an important asset for the future.”
“Some recent developments and improvements in cyber security machine learning include a joint effort by MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and a ML startup called PatternEx. The result of this effort is AI2, a system that delivers a detection rate of 85%, with a five fold decrease in false positives.”
Security Awareness Programs Need Full-Time Staff
The number of full-time employees devoted to security awareness programs and their ability to effectively communicate to and engage with employees are two main reasons why security awareness programs either thrive or fail, says a new report
Digital organizations face a huge cybersecurity skills gap
the trickle of security students emerging from post-secondary schools may not be fully prepared to tackle complicated security issues
Second, certain companies may not know what to look for in a professional.
Third, when skilled professionals are hired, they can often be overworked to the point where they don’t have the time to keep up with the latest developments in the field — and even in their own security tools.
according to the Information Audit and Control Association (IACA), about a quarter of all cybersecurity positions are left unfilled for about six months.
Canada’ CSE warns of cyber attacks against next 2019 Election
The hackers targeted candidates and spread disinformation and propaganda in order to influence the vote. According to the CSE, the “low sophistication” attacks “did not impact the outcome of the election.”
Cybereason Gets $100M to Fend Off Cyber Attacks : and Competitors " Cybereason’s approach stands out for its “offensive mindset,” as Div says, and its emphasis on understanding hackers’ intent and trying to “hunt them” inside a computer system. (The underlying technology includes statistical models of organizations and sophisticated efforts to detect and stop anomalous behavior by users or intruders.) “Our promise is that we know how to… evolve faster than the hackers,” Div says."
Selling Your Data? Here’s What You Need To Know "There are some limitations to what you can sell, however, particularly with GDPR going into effect next year and other regulatory constraints. “Privacy is a concern, and you might think twice about selling it if you’ve promised not to,” she says. “WhatsApp’s flipflop on customer data left users feeling betrayed." There are multiple ways to sell the data. “If you’re selling data you might sell through a data broker, a curated marketplace or a self-service marketplace,” Belissent says. “Companies like Exapik brings brokers data deals, and Quandl helps prepare the data and provide a marketplace. But selling data requires a data- and development-savvy target market and that means slower time to value.”
Does Machine Learning Have a Future Role in Cyber Security? Former Symantec CTO Amit Mital has claimed that cybersecurity is “basically broken” and machine learning is one of the few ‘beacons of hope.’ “In recent months some major companies have acquired machine learning capabilities. For example, Sophos acquired Invincia, Radware bought Seculert and Hewlett Packard bought Niara. This may be a sign that at least some major organisations see ML and big data capability as an important asset for the future.” “Some recent developments and improvements in cyber security machine learning include a joint effort by MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and a ML startup called PatternEx. The result of this effort is AI2, a system that delivers a detection rate of 85%, with a five fold decrease in false positives.”
Security Awareness Programs Need Full-Time Staff The number of full-time employees devoted to security awareness programs and their ability to effectively communicate to and engage with employees are two main reasons why security awareness programs either thrive or fail, says a new report
Digital organizations face a huge cybersecurity skills gap the trickle of security students emerging from post-secondary schools may not be fully prepared to tackle complicated security issues Second, certain companies may not know what to look for in a professional. Third, when skilled professionals are hired, they can often be overworked to the point where they don’t have the time to keep up with the latest developments in the field — and even in their own security tools. according to the Information Audit and Control Association (IACA), about a quarter of all cybersecurity positions are left unfilled for about six months.
Canada’ CSE warns of cyber attacks against next 2019 Election The hackers targeted candidates and spread disinformation and propaganda in order to influence the vote. According to the CSE, the “low sophistication” attacks “did not impact the outcome of the election.”
U.S. Firms Issue Principles for Cyber Risk Ratings Used by Insurers "Large corporations often use the ratings, the cyber equivalent of a FICO credit score, to assess how prepared the companies they work with are to withstand cyber attacks. Insurers also look at the ratings when they make underwriting decisions on cyber liability." "The move comes in response to the emergence of such startups as BitSight Technologies, RiskRecon and SecurityScorecard that collect and analyze large swaths of data to rate companies on cyber security."
South Korea:Govt to promote cyber insurance "the Ministry is planning to link insurers with information security service providers and provide incentives to policyholders. Discounts on insurance premiums for those participating in an information security management system are being mentioned although it is a matter to be determined by each insurance company."
Cyber Insurance Premium Volume Grew 35% to $1.3 Billion in 2016 "The largest cyber insurance writers are American International Group, XL Group and Chubb, according to the reports. These companies had a combined market share of approximately 40 percent at year-end 2016. The top 15 writers of cyber held approximately 83 percent of the market in 2016. Completing the top 10 writers of cyber ranked by direct premium written are: Travelers, Beazley, CNA, Liberty Mutual, BCS Insurance (owned by Blue Cross licensees), AXIS Insurance Group and Allied World. Two carriers made big gains in cyber in 2016: Markel Corp. went from #116 in 2015 to #16 and Starr International Group rose to #18 from #110 in 2015. these statements likely underestimate(s) the industry’s cyber premium exposure due to challenges in breaking out cyber-related premium from other coverages in multi-line coverage products." "In its report, A.M. Best noted how the top cyber insurance writers have shifted their writings to standalone policies and away from packaged policies by nearly a 70-30 split on the $1.3 billion of total direct premiums written in 2016."
5.5 Million Devices Operating with WannaCry Port Open Last week, security firm Rapid7 issued its annual National Exposure Index report, the result of scans of over 3 billion IP-addressable, public internet devices, checking for exposed services on 30 different ports. It found 160 million devices with open ports that generally should’t be exposed to the internet. For file-sharing SMB port 445, the port associated with WannaCry, it found 5.5 million devices operating with the port exposed. About 800,000 of those were on Windows’ systems — meaning they’re directly vulnerable to the cryptoworm that targets Windows machines.
What Not to Do After A Data Breach "Unfortunately, if you hadn’t previous developed a strategy, then whatever hasty decisions you make after an attack could worsen the situation." "Key contacts should be mapped out ahead of time and stored digitally. It should also be available in hard copy in case of a catastrophic breach." "isolate the effected system and eradicate the cause of the breach to ensure your system is out of danger." "If you determine that a breach has indeed occurred following your internal investigation, bring in third-party expertise to help handle and mitigate the fallout" "you may want to look into hiring a public relations team to help control the messaging behind your response." "you’ll want to be as accurate and honest as possible when addressing the public. This is beneficial to your brand, but it’s also beneficial to how much money you’ll recoup from your cyber-insurance policy" "When users hear about a breach from a third party, it immediately erodes hard-won trust" “Be sure to also interview anyone involved and carefully document their responses,” he continued. “Creating detailed reports with disk images, as well as details on who, what, where, and when the incident occurred, will help you implement any new or missing risk mitigation or data protection measures.”
Experts Debate: Is Big Data a Boon or Risk for Actuaries? "One of the biggest issues with big data is validation. Data is often aggregated from sources where it can be difficult to assess the reliability. A growing number of actuaries use data from social media, where it can be difficult to authenticate." "Banthorpe predicts that the FTC and other regulators are expected to roll out new regulations in the future. This is a risk for actuaries, because they may need to revise their models in the future if they lose access to certain data that has become instrumental to their models." "Many actuaries worry that the algorithms behind big data may not be properly setup."
FBI report: Minnesotans reported losing $12.6 million to cybercrime in 2016 "just 15 percent of victims report their cases to the authorities." Victims 60 or older were the most common and reported losing the most last year. The extradition to Minnesota this month of Peteris Sahurovs, a 28-year-old Latvian man, illustrates the far-flung nature of the frauds, making for long investigations. A grand jury in Minnesota indicted Sahurovs in 2011 for allegedly defrauding victims of more than $2 million in a "scareware" scheme that involved posing as a fictitious hotel chain and running ads on the Star Tribune's website. The scam infected consumers' devices with malware that required visitors to buy $50 antivirus software to regain control of their computers.
How the SEC uses machine learning to assess risk "Fraud, for example, is what social scientists call a latent variable. You don’t see it until it’s found. So, it is more challenging for machine learning algorithms to make accurate predictions of possible fraud than shopping decisions."" "Topic modeling and other cluster analysis techniques are producing groups of “like” documents and disclosures that identify both common and outlier behaviors among market participants. These analyses can quickly and easily identify latent trends in large amounts of unstructured financial information, some of which may warrant further scrutiny by our enforcement or examination staff." "More broadly, we use unsupervised algorithms to detect patterns and anomalies in the data, using nothing but the data, and then use supervised learning algorithms that allow us to inject our knowledge into the process; that is, supervised learning “maps” the found patterns to specific, user-defined labels. From a fraud detection perspective, these successive algorithms can be applied to new data as it is generated, for example from new SEC filings. When new data arrives, the trained “machine” predicts the current likelihood of possible fraud on the basis of what it learned constituted possible fraud from past data." "The results are impressive. Back-testing analyses show that the algorithms are five times better than random at identifying language in investment adviser regulatory filings that could merit a referral to enforcement. But the results can also generate false positives or, more colloquially, false alarms." "But given the demonstrated ability of these machine learning algorithms to guide staff to high risk areas, they are becoming an increasingly important factor in the prioritization of examinations. This enables the deployment of limited resources to areas of the market that are most susceptible to possible violative conduct." "market exchanges will begin reporting all of their transactions through the Consolidated Audit Trail system, also known as CAT, starting in November of this year. Broker-dealers will follow with their orders and transactions over the subsequent 2 years. This will result in data about market transactions on an unprecedented scale." "One example is the Option Pricing Reporting Authority data, or OPRA data. To help you grasp the size of the OPRA dataset, one day’s worth of OPRA data is roughly two terabytes. To illustrate the size of just one terabyte, think of 250 million, double-sided, single-spaced, printed pages. Hence, in this one dataset, we currently process the equivalent of 500 million documents each and every day. And we reduce this information into more usable pieces of information, including market quality and pricing statistics."
Ransomware Attack Affects 500,000 Patients In its statement, the company says the incident "was a highly sophisticated attack, which we believe may have been carried out from an offshore location." The company did not reveal in its statement to say how much of a ransom was demanded by the attackers or whether it had paid the extortionists.
Get Hacked and Your Cybersecurity Company May Pay "SentinelOne offers a warranty that puts the company on the hook for up to $1,000,000 if the customer falls victim to a ransomware attack, in which hackers break in and encrypt data before demanding a ransom to unlock it. Other cybersecurity startups, as well as big players like Symantec and McAfee, now similarly promise to pay up if their product or service fails. " "In evaluating these risks, cybersecurity firms have an advantage over traditional insurance companies, because they have crucial data that can only come from analyzing real events like the data breaches they themselves have experienced."
http://www.databreachtoday.com/when-ransomware-strikes-twice-or-impacts-emergency-services-a-10093 Walnut Place, a Dallas-based provider of rehabilitation, skilled nursing and assisted living services, says that it was hit in May with a second ransomware attack while it was still investigating an earlier ransomware attack that was remediated in February.
Next global cyber attack could cost insurers $2.5 billion “It would only need a combination of WannaCry’s wide reach and Petya’s destructive force to cost cyber insurers something like $2.5 billion, or a full year of gross premium income in the market.” Those events didn’t result in meaningful insurance claims because they didn’t affect many companies in the U.S., where currently more than 90 percent of the cyber insurance market is located, Newman said. Reckitt Benckiser Group Plc cut its full-year sales forecast on Thursday after a global cyberattack last month disrupted manufacturing and distribution for the maker of Air Wick fresheners and Dettol cleaners. CFC underwrites approximately $100 million of cyber-insurance premiums, making it one of Europe’s biggest sellers of the product, and has sold the coverage since 2000. As a Lloyd’s of London-backed managing general agent, the company underwrites on behalf of other insurers. The global market for cyber insurance grew to about $3.4 billion in premiums last year and could rise to between $8.5 billion and $10 billion by 2020, reinsurer Munich Re estimates. CFC saw its premiums in the market climb by more than 60 percent last year and Newman expects to match that this year. Thomas Seidl, an analyst at Sanford C. Bernstein in London: “Everybody has exposure to cyber risks and the best precaution can’t eliminate that, so there is a strong demand for insurance making cyber coverage by far the biggest opportunity for non-life insurers for the next years.” Low claims, combined with more companies entering the market, mean that prices for cyber coverage have been falling globally. They are down about 10 percent in the U.S. and about 20 percent in the international market this year, according to CFC’s Newman. Link via businessinsurance.com
Australia:Reinsurance pool eyes cyber terrorism cover Cyber terrorism will be on the agenda of the government terrorism reinsurance agency, the Australian Reinsurance Pool Corporation (ARPC), as part of its tri-annual review. Dr Chris Wallace, CEO of ARPC, told The Australian that the next review, due in late 2018, should consider extending coverage to cyber terrorism.
The Bank of England's Prudential Regulation authority has issued a supervisory statement on cyber insurance underwriting risk. This supervisory statement (SS) sets out the Prudential Regulation Authority’s (PRA) expectations of firms regarding cyber insurance underwriting risk.
What mission control will look like at the hospital of the future "The 4,500-square-foot center will feature GE Analytic Tiles using artificial intelligence, predictive analytics and thoughtful design to target improved clinical, operational and patient outcomes..." There is a fixed bedside monitor at the head of every bed, which once the patient's vitals are taken and checked by the nurse, automatically sends them to the patient's electronic chart. If there are abnormal results or abnormal cardiac monitoring results and a certain level of concern, other members of the team including the physician can automatically see the results. Wearable technologies are going to allow providers to send patients home sooner and avoid ER visits. In the next year, we will look to increasing the use of wearable devices for patients who return home but need to continue care.
How hospitals can shore up cybersecurity on a 'skinny' budget Providers should look toward vendors with a healthcare-focus that are able to provide the necessary security evaluations. “In healthcare specifically, there are certain things the systems need to be able to run properly: the EHR needs certain things to run and medical devices need to be certified, among others. Healthcare needs a security person who understands these unique needs.” All hospitals need to assign a group of people on site who are the security glue that holds the organization together. Lovejoy said these employees -- although not necessarily fully designated security staff -- can manage and implement security needs, while measuring outcomes.
eClinicalWorks Lawsuit Leads to EHR Replacement for Few Users A new KLAS report surveying customer reactions to the eClinicalWorks $155 million settlement with the Department of Justice (DOJ) found that only 4 percent of customers plan to find a replacement EHR as a result of the settlement. The lawsuit settled allegations that eClinicalWorks had made false claims regarding the certification of its EHR technology and paid some customers kickbacks in return for positive product promotion. Thirty-five percent are keeping eClinicalWorks and report being satisfied with the technology, while 24 percent said they intend to replace eClinicalWorks due to reasons other than the settlement. Some believe eClinicalWorks is just the first vendor to get caught