Dyman & Associates Risk Management Projects on Top 20 mSecurity Companies 2014

Leaders in Software as a Service (SaaS), Mobile Device Management (MDM) & Bring Your Own Device (BYOD) Security

Mobile devices have become an intrinsic part of everyday life, for individual consumers and large organizations alike. Consequently, the popularity of smart devices is an increasingly attractive target for cybercriminals with regards the potential value of personal data found on a device.

The increasing demand for mobile security software is seeing the emergence of security specialists offering solutions aimed at mobile as well as PC.

Established market players in internet security are adapting their services to mobile, while a number of new companies are specializing specifically in smartphone and tablet security. Solutions including software, device management and security as a service are looking to answer this nascent security demand.

The complex nature of the mobile ecosystem and the close affinity to the broader cyber security market has made the mobile security sector a relatively fragmented market, with overlaps between the different submarkets. .

 As a result, vision gain has determined that the top 20 companies in the global mobile security market account for $2.06 billion, or 58.9% of annual market revenue which illustrates a highly competitive and fragmented market.

Why you should buy Top 20 Mobile Security (mSecurity) Companies 2014: Leaders in Software as a Service (SaaS), Mobile Device Management (MDM) & Bring Your Own Device (BYOD) Security

Who are the leading players in the mobile security market? Vision gain’s comprehensive analysis contains highly quantitative content delivering solid conclusions benefiting your analysis and illustrates new opportunities and potential revenue streams helping you to remain competitive. This definitive report will benefit your decision making and help to direct your future business strategy.

Avoid falling behind your competitors, missing critical business opportunities or losing industry influence. The report assesses technologies, competitive forces and expected product pipeline developments.

Discover key Information in this 139 page report:

• Explore the top 20 mobile security (mSecurity) companies to keep your knowledge ahead of your competition and ensure you exploit key business opportunities

- The report provides detailed market shares along with revenues for the leading mSecurity companies, including original critical analysis, revealing insight into commercial drivers and restraints allowing you to more effectively compete in the market.

- Find 70 tables, charts, and graphs

- Let our analysts guide you with a thorough assessment of the leading players in the mSecurity market. This analysis will achieve quicker, easier understanding. Also you will gain from our analyst's industry expertise allowing you to demonstrate your authority on the mSecurity sector.

• Read exclusive interviews from 3 market leading companies

- By reading the exclusive expert interviews contained in the report you will keep up to speed with what is really happening in the industry. Don't' fall behind. You will gain a thorough knowledge on the mSecurity sector finding strategic advantages for your work and will learn how your organization can benefit and allowing you to assess prospects for investments and sales

- Bullguard

- AVG Technologies

- Kaspersky

Dyman & Associates Projects: A New Graduate’s Survival Guide Against Identity Hackers

As fresh graduates descend from the ivory tower (bearing their unstained diplomas), many will eventually encounter “real world” interactions for the very first time, and they run the risk of being eaten alive out there. Identity-connected scams, dark schemes and credit status traps litter the way to financial success. And for many of those new graduates who confidently say, “It will never to me,” get ready for you bubble to burst.

Information violations and the identity-theft crimes that arise from them have become realities in life, next only to death and taxes. But there are a few things you can undertake to improve your protection against them, identify the problems and reduce the effects in case the inevitable happens. However, if you believe a compromise to your identity or credit will never cause you to incur a good amount of money, you will be surprised to realize the emotional turmoil and endless moments of annoyance spent regretting things which are non-refundable.

New grads must bear this in mind: Your personal identity and credit are significantly precious assets. And whereas it might be quite early in the game to seriously consider your investment portfolio, you now have a built-in two investment-grade portfolios that you ought to manage well: your identity portfolio and your credit portfolio.

Take a look at a few general rules in the game that will aid you to protect your identity that, if you observe them, could make it easier for you to succeed.

1. Credit Cards

If you are newbie to the world of credit cards, you tend to make some beginner’s errors that may lead to identity risk.

First, be wary as to where you divulge your credit card data. Consider yourself as your worst enemy when it concerns credit card scams if you fail to observe proper security steps when sharing your credit card information over the websites, to companies and even to friends. And while scammers have a way of stealing your account numbers, taking extra care if you live with roommates will protect you in a big way.

Make sure to check your account statements as often as you can, even daily, for unauthorized withdrawals or purchases. If anyone steals your debit or credit card number and goes out to spend like a king, and you fail to discover it early enough to prevent more damage, you could find yourself back to zero.

Keep track of your credit report and note how your credit standing moves. This will allow you ascertain that all the accounts listed there belong to you. Usually, the first sign that says you have fallen victim to a new account fraud arises from these reports. Being aware lets you face and deal with the issue way before a collection firm asks for money you did not spent. Check your credit reports without being charged yearly from all three credit reporting agencies through this site: AnnualCreditReport.com. Likewise, you can check two of your credit scores for free with a Credit.com account  –  in case you observe an unexpected reduction in your credit scores, check your reports for any issues, including fraudulent accounts.

2. Utilities

What about utilities? You phone a customer service agent who gets your name, address and phone number, and when your bill comes on the last day of the month, you pay accordingly. Sounds so simple, even a child could do it — which is exactly the problem. Identity thieves are so good at stealing electricity in your name, and since it is that easy for anyone to set up an account using your name, you may not be aware of it until you receive a notice from a collection agency for unpaid utilities bills and your credit status falls.

Here is what you need to do: Take extra time assessing your bills and immediately check on any doubtful items, pay your bills on time always, (think of enrolling in a direct debit plan), safeguard your personally identifiable data (which means protecting your Social Security number from everyone except the select few who have to know it), and keep in mind that monitoring your scores and your reports often can warn you of any issue soon enough. One could never be too paranoid when it comes to monitoring nowadays.

3. Applying for Jobs

Many fresh graduates are not aware that a significant number of firms and institutions will check credit reports (not credit scores) prior to offering anyone a job. They are required to obtain a permission from you (often in writing) before looking at your reports and most of them will ask for your Social Security number, a primary asset in your identity portfolio, for them to do so.

Obviously, you have to be sure the employer is authorized, and if you feel uneasy about divulging your Social Security number to a potential employer, conduct a little research before you give it. Many job scammers will take your SSN upfront, before they even interview you.

4. Filing Your Taxes

For a few new graduates, taxes have never entered their vocabulary or their limited world. It may be that their parents filed taxes for them, or they have never worked at a job to make it necessary.

If you are new at dealing with taxes, be aware of this: Not every person who offers to assist you will be trustworthy. Thieves abound everywhere, so take a careful look before getting an accountant or a tax-preparation service provider. Tax-connection identitytheft is one more reason why you must check who has access to your personally identifiable data. If a scammer files a tax return in your name before you do, you will spend six months or more waiting for the IRS to rectify the error and give you a refund.

Last Word on Identity Protection

In the realm of personal finance, many kinds of fraudulent people will try to take advantage of you, snatch your personally identifiable data and possibly decimate your credit. They revel in feasting over fresh-graduate meat. Not surprising as most new graduates still have a clean credit record and may not know the possible harm that identity thieves waiting at a dark corner can do. But if you carefully manage and attentively check your identity portfolio, it will be a real asset and not a liability.

Q&A on Dyman & Associates Risk Management Projects’ Involvement in Project Management

One of the main involvements of Dyman & Associates is in the field of Project Management. Here is a brief Q&A that will provide essential information about this service:

Q: What particular aspects of Project Management does Dyman & Associates engage in?

A: Here is a list of Dyman’s involvement in project management:

Remediation Project Management – Dyman assists companies comply with audit-process requirements to make them stay viable.

Data Center Transfer – Dyman reduces downtime risks on clients’ systems and unmet goals during data-center relocation within one site.

Business Continuity – Dyman assures clients of unhampered delivery of their methods and materials during disruptions in vital operations.

Business Impact Analysis – By measuring the viability of each application through extensive interviews within the organization and analyzing the internal and external Service Level Agreements, Dyman can determine the overall health of a company and provide ways for improvement.

Big-scale Technology Resets – Dyman helps clients avoid non-delivery of committed materials by improving cable plant, routers, switches, desktops, Wide Area Network, and others.

Q: Do Dyman & Associates’ consultants have enough experience?

A: Dyman & Associates Risk Management Projects senior-leaders have started from very humble beginnings; however, through the years, they have undergone sacrifice and applied diligence to succeed in both private and public sectors. With all their successes, however, they have maintained their focus on doing well and right, not just for their clients but also for the community at-large, and have continued to possess this attitude in their business and personal profession.

Q: Why do we need Project Management?

A: Unpredictability is at the root of Project Management. Many people simply muddle through from crisis to crisis without resolving the root causes of problems that constantly arise to disrupt operations. Project Management allows organizations to predict with greater precision when and how such potential obstacles occur and to implement the necessary solutions or adaptive measures to minimize or remove all threats to the targeted results and achieve sustainability and viable development.

If efficient Project Management is the main ingredient missing in your organization’s operations, call Dyman & Associates Risk Management Projects for assistance.

Dyman & Associates Risk Managements Projects: 8 Tips for Keeping Spreadsheets Secure

For most businesses, spreadsheets offer a simple way to perform key business functions, such as accounting, data analysis or chart creation. But many of the user-friendly advantages of spreadsheets also make them susceptible to data or security errors that can create nightmares for organizations if overlooked.

According to the European Spreadsheet Risk Interest Group (EuSpRIG), a global resource for spreadsheet risk management, spreadsheet errors can have a tangible impact on companies ranging from lost revenue or fraud to poor decision-making or financial failure.

In a recent survey by Forrester Research, only 10 percent of 155 IT decision makers surveyed said they provide an alternative to Microsoft Office. Although Excel is an excellent business tool, it still requires careful auditing, particularly as the complexity of a spreadsheet increases, says Jürgen Schmechel, owner of Capitalise-IT, a Sydney based consultancy specializing in spreadsheet auditing and business strategies for growing companies. By following best practices for spreadsheet use, whether Microsoft Excel or an alternative, many common problems can be prevented, he says.

1. Define parameters for use- “Complex spreadsheets in large enterprises normally involve several departments, and designing an effective template for each process is often necessary,” says Schmechel. By identifying requirements for spreadsheet use up front, companies can avoid common errors such as versioning mistakes or allowing the wrong person access.

2. Perform an audit- Identify the most critical spreadsheets used within your organization and ensure ad hoc sheets are not used for critical processes. “Logical handover processes for spreadsheets are crucial, especially when multiple departments are involved,” says Schmechel.

3. Don’t rely on document protections- Security features such as password protection, hiding or protecting sheets and other features are not actually designed to secure information and can be easily bypassed. “Many companies do not consider that software is readily available to crack passwords or are unaware that opening an Excel document on the iPad using a $10 app called Numbers will remove all perceived protection features such as hidden sheets,” says Schmechel. “The fact that third-party solutions also remove such so-called protection is another issue, with common examples including cloud offerings from Google GOOG +0.19% and Zoho,” he adds. Preventing this problem can be difficult without taking steps to better manage or secure files.

4. Determine sharing requirements- Make a distinction between spreadsheets designed for internal and external use, ensuring that confidential information or source data is not present in documents designed for third-party review. “Alternatively, use PDF format only for third parties,” says Schmechel.

5. Secure at the file level- Security must be enforced at a file level for true protection. “File or directory-based, read-only or edit permissions for internal spreadsheets is recommended, given the open nature of spreadsheets,” says Schmechel.

6. Utilize document management- Implement an internal document management system that includes file versioning, testing and approval processes before sharing takes place.

7. Don’t forget to check the work- Manual data entry and custom formulas must be checked to correct errors just like a spell-check is needed on text documents. Studies indicate that almost 90 percent of spreadsheets contain errors ranging from minor to severe. “Larger companies often base multimillion-dollar decisions on spreadsheet information that contains errors. If a $10,000 external audit ensures all data is correct, the expense is worth it,” says Schmechel.

8. Bring your own- With BYOD increasing, companies must also consider spreadsheet security for personal mobile devices and for documents created using software from home or freeware, such as Google Docs. Decide whether employees can send out spreadsheets to third parties or edit them on portable devices using Polaris Office, Kingsoft Office or other solutions. Alternatively, maintain all data on local servers, with remote access  technology  granted to approved staff and frequent audits from uninvolved parties.

The ubiquity of spreadsheet use within organizations of all sizes can make it easy to overlook the potential risks they can pose. Companies that follow these simple best practices will ensure they are less vulnerable to errors and security flaws.

Dyman & Associates Risk Managements Projects: For cloud providers, fraud detection is integral part of business plan

Cloud providers have attracted enterprise customers with the promise of rapid elasticity, on-demand provisioning, high availability and a pennies-per-hour pricing model. But there's just one problem: These very qualities have enticed criminals to adopt cloud services as well.

When a scam artist is looking to set up a phishing scheme to gain access to victims' bank accounts, the built-in redundancy, scalability and automation capabilities of cloud servers are extremely appealing. And when all it takes to procure cloud services is a working credit card -- without ever needing to deal with a live salesperson -- the cloud becomes an even more viable base from which criminals can commit fraud.

"All of the advantages of the cloud for enterprises are the advantages for the bad guys," said Jeff Spivey, international vice president of ISACA, a founding member of the Cloud Security Alliance (CSA) and president of Security Risk Management Inc., a Charlotte, N.C., and information security consultancy. "It's that anonymity and scale that's attractive to the fraudsters."

Without proper cloud-based fraud detection and prevention practices in place, cloud providers can become unwitting hosts for cybercriminals. It's a threat that can expose providers to legal liabilities, profit loss and blacklisting. What's more, any cloud provider can become a target.

"While cloud has been a phenomenal enabler for legitimate businesses, it's also been a phenomenal -- and I mean phenomenal -- enabler for fraud and fraudulent activity," said John Rowell, senior vice president of research and development as well as global service operations at Dimension Data, a South African cloud and managed services provider. "Fraud is a huge deal on the business side."

How does cloud-based fraud occur?

Across the broader market, discussions about cloud security have focused primarily on the customer side of the equation. Even as cloud providers continue to devote the resources necessary to ensure that customer data is secure, they can't overlook the fact that some of their own customers could be a threat.

Fraud manifests in the cloud in several ways, according to experts. Typically, fraudsters use a stolen credit card to procure virtual machine (VM) instances or platform services on which they build their operations -- among them phishing schemes, money-transfer scams, identity theft and malware.

"[You] can go get a fraudulent credit card, a good one -- it'll be working, but it'll be stolen -- for less than a dollar," Rowell said. "So, think about how the cloud enables [criminals]. All they have to do is sign up online and they can have a server in five minutes for less than a buck, and it's a throwaway identity."

In a joint investigation in 2012, researchers from McAfee Labs and Guardian Analytics uncovered a massive, cloud-based banking fraud operation that attempted to bilk an estimated $78 million from account holders in Europe, Latin America and the United States. The investigation, dubbed "Operation High Roller" because of the criminals' focus on high-balance accounts, found the scheme's success hinged on the resource availability and automation in the cloud, as opposed to a single host computer.

"With no human participation required, each attack moves quickly and scales neatly," investigators wrote in a report.

In some cases, criminals skip the stolen credit cards altogether and instead crack into a legitimate customer's account, hijacking the VMs to use for their own fraudulent activities. Cyber criminals are also looking to Infrastructure as a Service to provide vast amounts of on-demand processing power to launch distributed-denial-of-service attacks, according to Raj Samani, vice president and chief technology officer of McAfee Inc.'s EMEA operations.

Consequences of failure to detect fraud

Although fraud may not be the gravest security threat cloud providers face, ignoring it jeopardizes their bottom line in several ways.

From a purely financial perspective, any revenue gained from a stolen credit card is likely to evaporate quickly, thanks to the sophisticated fraud detection systems banks and credit card companies now use. The real damage comes from the revenues cloud providers never see from legitimate customers because the hundreds of VMs they would have paid to access have been tied up by the fraudsters.

"[There are] service providers that … do not have adequate fraud measures in place, and they have to be losing insane amounts of money on it," said Dimension Data's Rowell. "It's got to have an immense impact to their profitability as well as just the health and cleanliness of their platform."

Moreover, cloud providers that don't commit resources to fraud detection and prevention could ruin their reputation -- and kiss goodbye any chance to engage enterprise customers, Rowell added.

"If you were putting up a storefront, you wouldn't want to hang your shingle beside a shop that says, 'Hey, we're selling stolen credit cards.' No one wants to be associated with that," he said. "It's incumbent on the service provider industry to police fraud. If they're not doing it, they're doing their entire customer base a disservice."

Enterprises are also likely to block IP addresses from which spam and other suspicious activity originate, unintentionally blacklisting the cloud providers that host them.

While there is no legal precedent yet, it's possible that governments and law enforcement agencies may start holding cloud providers criminally or civilly responsible for neglecting to detect and eradicate fraud, said ISACA's Spivey.

"Depending on how big the problem becomes will determine whether regulators or lawmakers start to get more involved," he said. "But if I'm running a store, for instance, and I know people are coming into the store buying and selling drugs, and I never brought it up to people, then law enforcement is basically going to [conclude] that I enabled this to occur because I let it happen on my premises."

Dyman Associates Management The political science of cybersecurity V: Why running hackers through the FBI really isn’t a good idea

(Washingtonpost) - One of the most difficult challenges of cybersecurity is that it enables private actors to play a significant role in international security. Both security officials and international relations scholars tend to assume that states are the most important security actors. With a couple of minor exceptions (mercenary forces and the like) private actors simply don’t have the firepower to play a substantial role. Even terrorist groups with international ambitions usually require some kind of state to provide them with safe haven or to back them. Many (although certainly not all) experts argue that cybersecurity is different. Computers and Internet access are all that you need to carry out many kinds of attack, allowing private actors to become a real force in international cyber politics.

This potentially presents two problems for traditional understandings of international security. First, many argue that the world will be less stable if private actors can affect international security. For example, Joseph Nye, a prominent scholar and former policymaker, argues (PDF) that states have not been displaced by private actors in cybersecurity, but now have to share the stage with them. This creates greater volatility in world politics. The more actors there are, the greater the chance of unpredictable accidents, events, attacks or misunderstandings. Furthermore, private actors may have widely varying motivations and be more difficult to discipline. They are less likely to be concerned with the stability of the international system than states are.

There is also a more subtle problem. The existence of empowered private actors in cybersecurity presents temptations to states. It is easier for states to attack other states while blaming hackers, rogue elements or others for the attacks, thus making retaliation less likely. In cyberspace, it is often hard to figure out who precisely is responsible for an attack. These problems are multiplied when states can e.g. use clandestine relationships with private actors to carry out attacks by proxy.

For example, there is still vigorous debate over whether or not the Russian state mounted cyber attacks on Georgia during a dispute a few years ago. Certainly, the major attacks appear to have been mounted from within Russia. However, Ron Deibert, Rahal Rohozinski and Masashi Crete-Nishihata argue (paywalled) that the likely perpetrators were patriotic Russian cyber criminals (who had already created “botnets” of compromised computers for purely criminal attacks) rather than the Russian state itself. While it is possible that the Russian state (some elements of which maintain clandestine contact with the Russian underworld) was using these criminal networks as a cutout to blur responsibility, it is nearly impossible to prove one way or another.

This has led some experts to call for new norms about responsibility. Jason Healey of the Atlantic Council proposes a sliding scale under which states would effectively be required to take responsibility for any major attacks organized from their territory or carried out by their citizens. This would change the incentives, so that states would both be less inclined to cheat by acting through hidden proxies, and more inclined to tidy up rogue elements on their territory that might mount international attacks and land them in hot water. They suggest that the best way for the U.S. to protect its national security interest is to push for such norms.

In this context, yesterday’s New York Times story about the relationship between the FBI and the loosely-knit hacker culture/collective Anonymous raises some problems. The FBI identified a key Anonymous member, Sabu, and turned him so as to identify other hackers. Sabu then appears to have shared a list of foreign Web sites (including sites run by the governments of Iran, Syria, Poland, Turkey, Brazil and Pakistan) with vulnerabilities, and encouraged his colleagues to try to hack into them, uploading data to a server monitored by the FBI.

The Times says it is unclear whether he was doing so on direct orders from his FBI handlers. It is also unclear what happened to the information after it was uploaded (the Times raises the possibility that it was shared with other intelligence agencies, but it may have been left there to sit as evidence). Either way, this report is sure to be interpreted by other countries (including U.S. allies like Poland and Turkey) as strong circumstantial evidence that the U.S. has used independent hackers to conduct attacks in the past, and very possibly is doing so at present.

This obviously makes it harder for the U.S. to push for the kinds of norms that Healey and others advocate. If the U.S. appears to have dirty hands, it will have a more difficult time getting other states to believe in the purity of its actions and intentions. U.S. allies  will be disinclined to believe its protestations. Countries that are more or less hostile to the U.S., and which have dubious relations with their own hacking community (such as Russia), are sure to point to the FBI’s decision to run Sabu as evidence of U.S. hypocrisy if the U.S. tries to get them to take responsibility for attacks mounted from their soil.

This will also have consequences if and when U.S. hackers (who are smart, talented and sometimes politically motivated) mount a successful public attack on a target in a third country. The U.S. administration will likely come under sustained suspicion as the hidden culprit behind such an attack, even if it has had absolutely nothing to do with it. Apparent past history will guide other states’ judgment (especially if these other states themselves have clandestine but systematic relationships with hackers, and assume that countries do the same). It’s doubtful that these issues of international policy were foremost in the thoughts of FBI officials when they decided to run Sabu (the FBI is a domestically focused agency, primarily concerned with criminal enforcement). Even so, their decisions may turn out to have important, and likely unfortunate, international ramifications.

Dyman Associates Management 5 Things You Need to Know About Cybersecurity Insurance

Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. But it doesn’t do a good job of covering the reputation damage and business downturn that can be triggered by a security breach.


CIO — Cybersecurity insurance does mitigate some financial damage should you suffer an attack, but it's not a complete solution. Here are five things CIOs need to know.

1. It’s a risk-management strategy. Cybersecurity insurance transfers some of the financial risk of a security breach to the insurer. First-party insurance typically covers damage to digital assets, business interruptions and, sometimes, reputational harm.

Third-party insurance covers liability and the costs of forensic investigations, customer notification, credit monitoring, public relations, legal defense, compensation and regulatory fines. Cyberthreats are so broad that the cost of protecting against them all would be prohibitive. The best approach is to identify and secure the company's digital crown jewels, then quantify and insure the remaining risk, says Daljitt Barn, director of cybersecurity at PricewaterhouseCoopers.

2. American and European markets differ. The cybersecurity insurance market is more mature in the U.S. than in the E.U., primarily because of U.S. states' mandatory data-breach-notification laws. Third-party insurance is more common in the U.S., and first-party is more popular in Europe, but that may change if the E.U. starts requiring breach notifications, Barn says.

The U.S. market is growing about 30 percent per year, says Richard Betterley, president of Betterley Risk Consultants. Some surveys estimate that 30 percent of large U.S. companies have cybersecurity insurance, but among companies of all sizes, Betterley says, the number is probably under 10 percent.

3. Clear wording is essential. Before you buy, investigate what risks are covered by existing insurance packages, because there may be overlaps with a cyber-insurance policy. "Make sure the cyber policy wording covers your true cyber exposure," Barn says. "Challenge your corporate insurance broker to find a policy that provides a multifaceted response, including legal, PR, notification, forensics and cyber incident response."

4. Coverage is inadequate in some areas. Cybersecurity insurance doesn't do a good job of covering intellectual property theft or the reputational damage and business downturn that can be caused by a security breach, Betterley says. Meanwhile, the industry is debating whether state-sponsored cyberattacks, to the extent they can be identified as such, are covered by cybersecurity insurance policies.

5. There's room for improvement. Ideally cybersecurity insurance should encourage companies to improve security so they can negotiate lower premiums. However, insurers don't have enough actuarial data to adjust premiums based on what security controls and products are most effective, says Andrew Braunberg, research director at NSS Labs.