Posted on Wed, Apr 25, 2012 @ 08:45 AM
Author: Kyle Cooper, kylec@gladtech.net
In Verizon’s 2012 Data Breach Report published last month, they dubbed 2011 “The Year of The Hackivist” due to the large amount of chaos caused by hacker activist groups like Anonymous and LulzSec. Though we’re only four months into the current year, another trend has already begun to take shape. It looks like 2012 could be “The Year of the Vulnerability.” Let’s take a look at why.
To start the New Year right, Microsoft released an update for a critical .NET vulnerability (MS11-100) on Dec. 29th 2011. This vulnerability was considered so crucial that its patch was released “out-of-band,” or weeks ahead of the next scheduled Patch Tuesday, in order to mitigate the threats it posed. There were rumors that the Microsoft Security Team sacrificed their Christmas’s in order to plug the hole as soon as possible. Unfortunately, that out-of-band patch set the stage for the upcoming year.
March brought a patch that piqued the interest of many hackers and researchers alike. MS12-020 was released with a rare “PATCH IMMEDIATELY” severity level. This patch remediates a vulnerability that resides in Microsoft’s extremely popular Remote Desktop Protocol (RDP) service. What makes this vulnerability so dangerous is that RDP is typically implemented to be accessible from outside of an organization’s network, giving hackers at large an easy service to exploit and use to pivot into the targeted system.
But Microsoft isn’t the only vendor with vulnerability problems. Adobe has released five patches in the last eight weeks alone, three of them for its widely-used Flash Player application. Third party applications present a cross-platform target which is operating system independent. Reading a PDF requires Adobe Reader. Watching a video on Youtube requires Adobe Flash Player. Java is needed for running both Java Web Applets as well as numerous desktop applications. Third party applications are a part of everyday life in the workplace and at home, and their tremendous install base makes them very popular targets for vulnerability exploitation.
Apple’s Macintosh OS, long lauded as superior to Windows in terms of security, is just as vulnerable as other operating systems when running the same third party applications; a fact that Mac users all over the world learned the hard way when a mass infection explicitly targeting them was discovered weeks ago. A recent Java vulnerability was responsible for back to back malware outbreaks affecting Mac users. The Flashback and SubPub Trojans were estimated to have infected 600,000 Macintosh computers within the past month, or approximately 1% of the entire Mac user base.
In light of the above examples, it’s important to emphasize how an aggressive patching program can mitigate the threats posed by vulnerabilities. Most vendors fix vulnerabilities before they are detected being used maliciously in the wild. In fact, last year Microsoft’s Security Intelligence Report found that 0.0% of attacks (a number too small to measure) were executed using unpatched vulnerabilities. Poor patch management is also the root cause for the recent Macintosh outbreak. Patches for the Java vulnerably responsible were accessible and had been pushed to Windows and Linux machines, but Apple had not yet made them available to their users.
So what can you do to protect yourself? Identifying and controlling the operating systems and third party applications in your environment is a good first step towards developing a strong patch management infrastructure. Likewise, staying on top of the current vulnerability landscape can help prioritize patching procedures. New vulnerabilities will continue to be discovered, but it’s possible to minimize their destructive potential with good patching processes and policies.
Posted on Wed, Apr 18, 2012 @ 08:09 AM
Author: David McDaniel, DMcDaniel@profitstars.com
You know, it occurred to me recently, while watching the original Die Hard movie, that one of the most glaring gaps identified by the FFIEC’s Supplement to Authentication in an Internet Banking Environment is the need to educate and arm the small- to medium-sized business (SMB) customer against the ‘Bad Guys’. Now, I know that a comparison of the BEST action movie EVER to a financial institution governance sounds like a stretch, but stay with me.
It seems every time I turn around, I read a story about how someone surfed somewhere they had no business surfing and clicked something they shouldn’t have. Then, some bad guy broke into their computer and took something valuable (private information, credentials, money, $600 million in negotiable bearer bonds…). Sadly, too often these SMB owners, busy struggling to keep their enterprise afloat, become the weakest link in the electronic payments network by cutting corners. Among other things, they fail to recognize the value in paying for safeguards and reconciling their bank accounts regularly. The results are fraudulent debit transactions going unnoticed until the very narrow commercial ACH debit return window has passed, or funds are illegally wired/ACH’d out to money mules, and ultimately, a bankrupt business.
Somehow, we must take the time to help our customers understand just how easy it is for fraudsters to take advantage of them if they do not take precautions, and just how easy it is to ward off those same fraudsters by simply putting the cookie jar on a higher shelf. If there is one truth here, it is that the bad guys tend to go for the easiest targets, so creating more barriers between the SMB and the villains will shift the bad guys’ risk/reward equation in the customers’ favor. I mean, if Mr. Takagi had put all those bonds in his wallet (where the safeguards = button, silk thread, and a silk pants pocket) instead of in that huge vault (where safeguards = 7 locks, Al-the-Pal, and Bruce Willis), Hans Gruber would have totally gotten away with it!
Even though most small businesses do not typically have hundreds of millions to protect, there are some great safeguards out there to help deter the Hans Grubers of the world from taking their life blood. Products that allow the SMB to review and approve incoming ACH debits, and maintain their wire and ACH credit recipients, all using out-of-band communication channels. These products will help them to do it, but unless these customers begin treating their online-accessible assets with the same care they give their cash, the bad guys will continue to take them down one at a time, and the banking industry, as well as the ACH network, will suffer.
Now, I understand you may still be scratching your head about the whole comparing Die Hard to the FFIEC guidance thing. Especially since Mr. Takagi was killed, the bad guys required quite a bit of convincing to get them to leave (die), and NO ONE wants to be in Holly Gennaro’s shoes, hanging by a wristwatch from a window 80 stories up! But since SMBs cannot put all of their valuable information in a Nakatomi vault, they need to be convinced of the value of safeguarding their private information, being diligent about reconciling their accounts, and taking advantage of the tools that can allow them to protect themselves and the future of their company…because, my friends, the future of their company truly is at stake, and Bruce Willis is just an actor with bad hair (still the best action movie EVER though).
Posted on Wed, Apr 11, 2012 @ 08:43 AM
Author: Pat True, rtrue@profitstars.com
Vital US Healthcare Statistics *
- Healthcare is now a $2 trillion dollar industry, growing at a rate of 6 – 7% per year.
- Worldwide, healthcare is a $5 trillion dollar industry. (Side note: The US is currently 4.5% of the world’s population and represents 40% of the healthcare industry worldwide. This is due to higher per capita healthcare consumption as well as healthcare production by US firms internationally.)
- Healthcare expenditures (private and public) now make up approximately 18% of the US GDP.
- The healthcare sector includes about 6,500 general hospitals; 75,000 nursing homes and residential care facilities; 13,000 diagnostic labs; 30,000 outpatient clinics; 220,000 doctor offices; and 150,000 family and social services providers.
- The average family of five spends $15k per year on health insurance. On average, employers currently cover 75% of that cost.
- Approximately 85% of Americans are currently covered by health insurance. Approximately 15% are uninsured.
- On average, healthcare spending per person is 85% higher for US citizens over age 65.
- Between 2015 and 2030, the US population of citizens over age 65 is expected to increase by 50%.
*Statistics from First Research and the Organization for Economic Co-operation and Development.
Business Needs
Healthcare related businesses typically demonstrate the same needs for financial services as the general commercial sector, although there may be challenges in meeting those needs due to the complexities of the billing and revenue cycle in this industry. Some of the more common services include:
- Equipment financing and/or leasing
- Owner occupied real estate financing (or real estate owned by the individual practitioners and leased to the business)
- Working capital lines of credit
- Financing of the private pay portion of the accounts receivable
- Cash management services
- Personal banking needs of the practitioners
Working capital financing in this sector
While many financing requests in the healthcare sector are for leasehold improvements, equipment and owner occupied real estate; a significant number also involve short term notes or revolving lines. On average, accounts receivable comprise more than 16% of a company’s assets in the healthcare sector. The daily turn rates for these accounts vary significantly by industry segment, ranging from 20 days to over 120 days. This is heavily influenced by the nature of the accounts, whether private pay, due from third party insurance, or due from government insurance programs. Claim reimbursement rates also vary widely based on contractual adjustments with each payer. In some cases a claim might be reimbursed at a rate of 90%, while in others, reimbursement rates might be 40% or lower.
When attempting to provide short term working capital solutions for their healthcare clients, financial institutions often have trouble accurately valuing the collateral. In the worst case scenario, they become overfunded on medical claims, having assumed too high a reimbursement rate. Banks often need a system to determine accurate reimbursement rates on insurance claims they seek to finance and to categorize the claims by payer and by payer class.
Whatever the business need, the healthcare sector is likely to be a significant opportunity for financial institutions in the years ahead. Do you have a strategy to market to this sector and to address the specific financing needs it involves? Please feel free to share your thoughts with us.
Posted on Wed, Apr 04, 2012 @ 08:22 AM
Author: Milton King, MKing@profitstars.com
Those of you that have read my blog postings before know that I like to look at a historical view of the topic at hand. In this case it is the check. I have to admit, this research yielded some surprises for me too.
Why the historical perspective? Well, to understand where something is going, it helps to understand where it has been. The “death of the check” has been around the corner for decades. Yet the check is still here. Considering it has survived for over 2000 years, what made us think this time would be any different?
The early forms of what we know as the check (cheque) date back to 321 BC.
According to Wikipedia - In India, during the Mauryan period (from 321 to 185 BC), a commercial instrument called adesha was in use, which was an order on a banker desiring him to pay the money of the note to a third person.
The Adesha sounds an awful lot like what we would call a check today. What’s interesting is there are examples of check-like instruments being used all over the world in every century. It appears to be a natural part of the maturation of any economy.
What we might call the “Modern Era” of the check dates back to around 1770, where the informal exchange of checks took place between London banks. Clerks of each bank visited all the other banks to exchange checks, whilst keeping a tally of balances between them until they settled with each other.
The 1800’s noted the introduction of the pre-printed checks, check books and wide acceptance and usage. The 1950’s brought in MICR and the use of automation to enhance the exchange process. Then 2004 was the year of the Check 21 Act.
2004 moved the focus from processing the checks to capturing them. How do we get as close to the consumer as possible? The answers:
- Branch Capture
- Teller Capture
- Image ATM
- Smart Phones
- Home Capture
With 24 billion checks still in circulation we still have to ask “what is next.” We clearly can’t ignore 24 billion “orders on a banker desiring him to pay the money of the note to a third person.” in hopes they will go away.
Some possible solutions of the future:
- Write a virtual check on your smart phone and text it to the recipient.
- Write a virtual check on your smart phone and text it to an ATM for deposit.
- A drive-through that scans your phone, similar to SpeedPass (a service that allows you to quickly pay tolls; for those of you who do not live in Toll Road areas)
- You could do your entire transaction in seconds.
- A virtual checkbook on your phone that positions you to take advantage of all of the above and log it in your accounting program.
- This would be great for small businesses.
Oddly enough, had you asked a group of Check-Professionals the “what’s next” question 15 years ago they would have said things like:
- Electronic presentment
- Scanning at a business
- Scanning at the POP
- Teller Scanning
- The elimination of the paper check
They wouldn’t have considered large-scale use of image ATMs or smartphones. They would have frowned at the thought of the consumer doing the scanning. In fact there are many of you who are still frowning at it.
The point being, just 15 years ago much of what we were doing today was unthinkable. So, if history is any indication of the future, the future list we create today is probably aiming low.
Whatever the new technology ultimately brings us; it is safe to say, that after 2000 years, the check will still be a part of it.