Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kroll

The 2021 Ransomware Landscape for Risk Managers (Q&A)

David Klopp, Managing Director in the Cyber Risk practice of Kroll, recently spoke at the first session of PARIMA’s Confident Response Series 2021. The series aims to fine-tune incident response preparedness and help risk managers understand the latest tactics, techniques and procedures from the most successful cybercriminals, leading to deeper collaboration with business partners and mitigation of technical, legal and reputational risks.

Effective Cyber Crime Investigations Demand Thoughtful Disclosures

The lifecycle of a cyber security incident can be broken up into three stages: investigation, remediation and notifications/disclosures, the latter often being the most complex, time consuming and costly. Disclosure challenges are compounded due to breach notification laws that require initial statements before the investigation is completed and the incident is fully contained. They can also stem from improper interpretation of digital forensics findings.

Human Resource and Security Teams Should Work Jointly to Reduce the Risk of Cyberattacks

COVID-19 has not only changed the way we live but also forced many changes to standard business processes. This article will explore some challenges around human resource (HR) hiring, offboarding and contracting activities. As companies in multiple jurisdictions continue to look for advice from state and federal authorities on COVID-19 safe work plans, this article offers some security considerations from a physical security as well as cyber security perspective.

Multi-Faceted Investigation Methodology

When incidents or traumatic events occur, there are a set of investigative techniques and methodologies that need to be deployed quickly and with the right expertise. In this episode of Kroll’s Security Concepts, three of Kroll’s investigative experts Marco De Bernardin, Francesca Castelli and Nick Doyle come together to discuss their experience with the lifecycle of investigations.

Anatomy of a Data Breach - How to Protect Your Clients and Brand

Industry veterans Brian Lapidus and David White recently hosted a 40-minute dive into data breaches, how to expedite your response and what to expect when facing a breach of sensitive data, regardless of how it happens. The session was followed by live Q&A. Together, Brian and David have responded to thousands of data breaches worldwide and supported over 300 million customers safeguard their identity.

CVE-2020-10189: Zoho ManageEngine Vulnerability Still Dangerous Nearly a Year Later - The Monitor, Issue 15

Zoho ManageEngine Desktop Central is an endpoint management solution offered by Zoho. A server running this software can push updates to managed systems, remotely control and lock them, apply access controls and more. In March 2020, a remote code execution (RCE) vulnerability was identified (tracked as CVE-2020-10189) in the ManageEngine software due to the deserialization of untrusted, user-controlled input in the getChartImage function of the FileStorage class within the application.

Case Study - Electronic Gift Card Fraud Investigation Uncovers Contractual Risks

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

Trade-based Money Laundering and Assets Tracing: Increased Risks and Hurdles Faced by Corporations

Stefano Demichelis, Managing Director in the Business Intelligence and Investigations team at Kroll, a division of Duff & Phelps, recently spoke at a webinar organized by LegalPlus Asia. In this webinar, he shared his views on trade-based money laundering (TBML) and the implications for corporations.

Cyber Risk in the Boardroom - Addressing the 2021 Threat Landscape

A new year typically brings a renewed sense of optimism; however, 2021 brings with it promises of unparalleled challenges for board members as their role in cyber risk oversight and increasing organizational resilience has never been more important. Over the course of 2020, as organizations shifted already overburdened staff to build capacity to support remote working, threat actors aggressively exploited weaknesses exposed in the transition.