Virginia-Based Business Valor Cybersecurity Announces Launch of a Free New Rapid Cyber Threat Assessment Tool

Norfolk, VA, Janurary 22, 2023 –(Valor Cybersecurity)– With cybercrime and ransomware attacks on the rise, cybersecurity is becoming a hot-button issue for organizations across the globe. From boardrooms to server rooms, leaders are being asked how secure are we? The overwhelming response may surprise you. In a recent IBM study, an estimated 70% of businesses stated that they do not have the necessary resources to protect their assets. A critical component of any decision-making process is having the right information, at the right time, alongside the right expertise.

Leveraging more than 20 years of combined experience in helping build cybersecurity programs for leading organizations, the team at Valor Cybersecurity is excited to announce the release of its Free Rapid Cyber Threat Assessment. This tool is designed to help leaders identify the relevant cybersecurity threats to their business and brand by answering several targeted questions. At the completion of this assessment, individuals will receive actionable guidance to begin the journey of better protecting their organization.

“The team and I are extremely excited to release this accessible resource to the wider business community. Having the ability for business leaders to identify and receive actionable guidance to address cyber threats is something that I wish I had 7 years ago, when my business was decimated by a cyber-attack,” said Valor CEO Greg Tomchick. “Had I had the threat intelligence at hand early enough, we could have acted on it and prevented the attack.”

“The ability to provide leaders a lens into their business risks and help guide them with proactive protection mechanisms is extremely rewarding,” said Valor CSO Jeff White. “As a company, we strive to improve the security environment for organizations large and small, and this free rapid threat assessment tool can be one step in helping us achieve that goal.”

Click Here to take the free Rapid Cyber Threat Assessment.

About Valor Cybersecurity

Valor Cybersecurity simplifies identifying and addressing cybersecurity threats and business requirements for leading small to medium-sized businesses. Though we are laser-focused on serving organization in technology, defense, and investment communities, our expertise and collaborative approach enable our solutions to scale to tackle your cybersecurity requirements, save you money, and build the right-sized strategy to protect your business and brand. This work creates a more Valor future and we are passionate about that.

To learn more about us, we encourage you to visit our website (https://valor-cybersecurity.com/) and follow us on LinkedIn (https://www.linkedin.com/company/valor-cybersecurity/) and Twitter (https://twitter.com/valorcyber).

Driving Your Growth Forward: Cybersecurity as a Business Enabler

In today’s connected business environment, protecting your assets is more critical than ever. Attackers know that leaders rely upon having access to online information to make informed decisions. The reality is that most of this information is stored or touched by vendors in order to provide core services to their customers. But what happens when your business is unable to access critical data? Do you have a plan in place to operate despite the disruption? Just how long can you be without your data before a negative business impact is realized? Cybersecurity aims to bring awareness, preparation, and proactive solutions to these burning questions and more.   

At its core, cyber security is about identifying and addressing business risks. Cyber risk is in fact a business risk. Unfortunately, complex vendor marketing has driven many leaders to confusion on not only where to start in the security journey, but what tools and strategies to put in place to enable your business to operate safely. In the sections below, we break down these complexities so that your business can leverage cyber security to drive your business forward

Core Benefits of Investing in Cybersecurity 
  1. Protection against external threats

Cybercriminals are cashing in on businesses. In fact, a recent study expects the global cost of cybercrime to exceed $1 trillion in 2023. 

But what really motivates someone to perform a cyber-attack? While primarily launched for financial gain, the reasons behind cyber-attacks can vary from industrial espionage, reputation damages, or even hacking for a cause (typically known as hacktivism). Despite the motivating factors, cyber criminals all have one common thread; to negatively impact you. 

Cyber security however can be leveraged before a business impact is felt. From enabling best practices to include Multi Factor Authentication, regular systems, and software updates, and performing security awareness training, organizations can be better positioned to not only thwart attackers’ attempts but minimize business damages in the event of occurrence. 

  1. Protection against internal threats

Despite all the shiny cybersecurity tools and vendors out there, a simple click of a link by an employee or trusted third party can cripple these protections. The weakest link in the cyber security chain remains the human element. Whether it’s by accident, negligence, or outright malicious intent, insiders pose a real threat to your business. 

The insider threat is expected to grow in the coming months, as business continues to shift towards a fully remote, and hybrid workforce. You may be asking yourself: ‘With the shifting business landscape of today, how can I ensure employee flexibility while protecting my most trusted assets?’ Good news, as there are ways you can act NOW!  

Implementing proactive monitoring of networks and managed access and reviewing existing access control (permissions) for your employees can significantly cut down on the likelihood of a trusted insider damaging your business. In addition, providing your employees and vendor ecosystem with consistent, and relevant cyber education can turn your people into security champions for the organization.  

  1. Regulatory Compliance

With breaches continuing to make headline news, regulators are taking note that cyber protections must no longer be an afterthought. From Payment Card Industry (PCI) security standards to protected health information and even merger and acquisition safeguards, it’s likely that if you do business anywhere, you have required cyber protections.  

Even for those in typically unregulated markets, such as crypto-based investments, the time for regulatory oversight in how these transactions are performed and secured, is coming. The recent collapse of the crypto kingpin, FTX, has shown that decentralized investments are under the watchful eye of government and business entities.  With impending regulations on the horizon, you should be asking yourself, ‘why not take the first step today towards better protecting your business and your client’s information?’ 

But don’t just take our word for it. According to data privacy and cyber security law expert Jamal Hartenstein, leaders could approach cyber security in regulatory compliance as “a competitive advantage, getting ahead of industry competition before underregulated industries become regulated.” 

  1. Improved productivity

Threats such as malware, ransomware, and even compromised email boxes can bring traditional business operations to a screeching halt.  At best, you’re able to revert to good ol’ pen and pad transactions. At worst, your business has no access to its data, and the bad guy/girl wants a heap of money to give it back. 

By implementing a variety of proactive technical measures such as defined backups firewalls, alongside a security strategy to define the execution of these resources, you can drastically reduce not only occurrences but the time to detect, respond and recover from cyber breaches.  

  1. Cost savings and value

According to the Hiscox Cyber Readiness Report 2021, the average cost of a single cyber-attack to a small business in the U.S. is $25,612. Considering the fact that only about 40% of SMBs operate at a profit — the loss of data and cost to recover it, downtime to restart operations, and hefty fines can be a steep price to pay.  

As cyber-attacks only continue to grow more sophisticated and complex every day, it’s important to weigh the cost of dealing with one attack versus the value of taking preventative measures. By mitigating risks, you put your business in a better position to respond, recover, and keep existing customers happy — a far more cost-efficient option than attracting new ones. 

  1. Confidence in Your Brand

With inflation and uncertainties plaguing every industry vertical, can your business afford to lose any customers? Business success in today’s environment goes well beyond providing quality products and services. Today’s customer counts on your business to keep the information entrusted to you, safe, secure, and out of the news headlines.  

But what happens when one of your customer databases ends up for sale on the Dark Web? Is your team prepared to respond to and defend the reputational damages, such a breach could lead to? The fact is, our team continues to see this happen, where treasure troves of client information (credit cards, names, email, social security numbers, etc.) is leaked to the highest bidder). 

But what would you say if you could implement a basic security strategy, without costing an arm and a leg? Would you take that first step to ensure client confidence? 

Taking The First Step – Completing A Baseline Security Assessment 

Your business is on a journey, into the unknown and although you can’t predict the future, you can do everything to ensure its success.  How can you better protect your people, your brand, and your reputation? The logical first step in this process is to perform a baseline security assessment getting to know not only how your business operates, but what critical systems and processes enable its success.  

From here, you can apply industry best practices to determine how prepared your business is to defend, respond and recover from modern-day cyber-attacks.  

Lastly, a recommendations roadmap will detail how to improve upon your business’ current security state by utilizing cost-effective tools and practical resources.  

Not Quite Ready for A Full Fledged Assessment? Don’t worry, we’re here to help! 

Typical security assessments, require key stakeholders to allocate time for interviews. But what would you say if you could identify relevant cybersecurity threats and business requirements, on your own time and own pace? You’re in luck because we’ve done just that! 

 The team at Valor Cybersecurity is pleased to offer our FREE Rapid Cyber Threat Assessment today. As a bonus for taking our assessment, we will give you a free 30-minute, consultation with recommended guidance for better protecting your business! 

Be Bold, Brave, and Courageous In Your Endeavors 

Whether the Valor Team can help you now or in the future, we remain poised to support your business success and protection.

Authors: Greg Tomchick and Jeff White

The Growing Need for Cybersecurity Advisors. But how do you select the right one for your business?

Cyber beaches continue to make waves across almost all industry verticals. Whether your business is large or small, your people, technology, and information could be in the crosshairs of the next cyber-criminal. Over the past year, we’ve seen increasing instances of data exposures, extortion attempts, and crippled business across both critical infrastructure and supply chain vendors, resulting in reputational damages, the inability to serve customers, and even businesses closures. The reality is that our world is continuing to grow as connected businesses and society, one in which information that we need to make informed decisions is a mouse click away. As such. it is necessary for business leaders to understand, prepare for, and prioritize the protection of technologies in our digital world.

Cyber risk is a business risk at the end of the day.  But navigating the uncertainties of today’s cyber threats and ensuring your business has an effective plan of action is not an easy task. It is one which requires focus, expertise, and true understanding of how your business serves and enables its customers. A cybersecurity advisory partner can help you and your business navigate uncharted waters with the goal of getting you to your destination safely.

Are you needing help in protecting those precious things which you’ve spent years building? Let’s take a closer look at how a cyber partner can help add a layer of protection around your nest egg:

Selecting the right advisor for your business

The journey of building, maintaining, and maturing a cybersecurity program is unique for every business. Some organizations require support when it comes to identifying and addressing security gaps within business systems; others may seek support in developing an effective and scalable culture of security. Ultimately, the needs of an organization relating to protecting their business, will grow and evolve over time, just like the evolution of products and services.

Regardless of their role or function, the most important part of hiring the right cybersecurity advisor is feeling confident that their roadmap to securing your success aligns with your business goals and objectives.

Selecting a cybersecurity partner doesn’t have to be a daunting task, however. Let’s examine a few things to consider in your selection process:

  • Does the advisor have accessible resources with a wide range of functions and capacities in the event that they do not specialize in a specific subject matter?
    •  In this instance, they would be able to leverage a network of subject matter experts, as necessary, to better serve their customers’ needs.
  • Do they have your company’s best interest at heart?
    • The right advisor will focus on getting to know your company inside and out. They will provide the right security needs for your organization at the present time, considering cost and available internal resources.  The right partner will take care in building a trusting relationship, centered on transparent communication, timely feedback, and consistent collaboration.
  • Are they will be personable, in their interactions?
    •  A good cybersecurity advisor is someone who can relate to you and your businesses’ pain points, someone who you genuinely enjoy working with.

Advisors Serve as An Extension of Your Team

Before you consider hiring a cybersecurity advisor, it’s important to consider why you may need them. For example, have you determined if someone already working within the company may be able to support this need? Do they have the right skills necessary to perform these duties? If so, are they a full-time or part-time employee? Can they effectively manage the task themselves would they need additional support? These are very important questions to keep in mind as you look for cybersecurity support, internal or external, for your organization.

As you embark on enabling and better securing your business, realize that we’re all in this together. You’re not alone, and there are dedicated folks out there like @Valor-Cybersecurity committed to keeping your business running smoothly and securely so you can have increased peace of mind.  While you won’t accomplish these efforts overnight, you’re well on your way by taking the first step forward!

If you have questions or are interested in a collaborative conversation, reach out to our team of experts at www.valor-cybersecurity.com or email us at info@valor-cybersecurity.com.

Authors: Jeff White and Greg Tomchick

 

Why Choosing The Right Cybersecurity Partner Matters

L

et’s face it, cybercrime is constantly evolving, and no business is immune from these vicious attacks. Protecting businesses of today requires executives to take a strategic, and proactive approach that involves understanding relevant cyber threats and how these threats can impact operations.

How Do Cybersecurity Advisors enable your business?

As digital transformation continues to touch every part of a business, cybersecurity consulting firms have become a valuable resource to companies across all industry verticals. We also recognize that not every cybersecurity firm, can provide you with the right resources, with the right expertise, at the right time. As you search for that next trusted party to help you on your security journey, here are a few things to consider: Many organizations lack a dedicated security strategist, otherwise known as a Chief Information Security Officer (CISO). This individual typically serves as a point person to guide, advise, and transform business initiatives focused on better protecting the business. As such businesses routinely search for external expertise, who can help them baseline their security across people, process and technology and provide a prioritize way forward. External support in these activities not only saves money up front but provides business leaders with expertise on how to effectively navigate the cyber threats of today. In fact, external CISO support (typically referred to a fractionally or vCISO), costs on average, half the price as the same FTE. Not to mention the associated time and money associated with burdensome onboarding processes.

So how are the benefits of having cybersecurity advisor or vCISO realized? Let’s have a look:

Develop a Right-Size Strategy with The Right Partner

If done the right way, an independent cybersecurity consulting providing vCISO services, won’t sell you overpriced cyber tools that you can’t afford or can’t effectively utilize. Instead, they will evaluate the options, bearing in mind your budget, business structure, objectives, and ability to safeguard against relevant cyberattacks. The right cybersecurity advisor will develop a prioritized action plan alongside recommended tool options, so that your business knows where its headed and how to get there. Whether its security compliance, cyber insurance or establishing a board oversight, your cybersecurity partner should walk beside you in your journey.

Identify and Address Business Risks, Previously Undiscovered

Approximately 64 percent of businesses have experienced at least one web-based attack, according to Fundera. Even more astonishing is that small to mid-size organizations spend an average of $7.68 million per incident. Having a trusted advisor by your side, can help you proactively identify, cyber risk before they become incidents; such as identifying the lack of Multi-Factor Authentication (MFA) on business-critical systems.

Ensure Client and Internal Data Is Safeguarded and Recoverable

Technology alone is not the surefire solution for protecting your business. You should be able to answer critical questions like what data you have, what safeguards are in place, and who has access to your systems? By working with a trusted cybersecurity consulting firm, businesses can establish a data governance strategy to answer these questions and more. Thus, giving you piece of mind that you know where your data lives.

But controlling your data is just one component of data governance. What happens when your online service vendor is experience an outage, or you receive a message ‘corrupt file, cannot open’. Not to worry, as your cybersecurity partner working alongside your existing IT team, will formulate an effective backup strategy to implement. Thus, ensuring that you have access to data you need, at the right time, to make informed business decisions.

Thwart Phishing Attacks

Phishing is a common type of social engineering attack that cybercriminals use to steal business data, such as login credentials, credit card numbers, or even business documents. During a phishing attack, a hacker may masquerade as a trusted entity to trick the victim into opening a text message, email, or other online correspondence. Their goal here is to convince you, the end users, to provide something they want.

An effective Cybersecurity advisory team can work with you to reduce the likelihood of these attacks. Through a combination of tools and providing awareness on how to spot/report activity, you can reduce your likelihood of being the next victim.

Avoid Potential Fines from Lost or Compromised Data

Mistakes happen, whether intended or unintended. Unfortunately, some mistakes cost real headaches and financial loses. With cyber regulations tightening on all markets, regulators are cracking down on security breaches with increasing fines and penalties.

By proactively implementing security best practices. you can reduce the risk that your business will face these steep penalties. A trusted cybersecurity partner can help you identify appropriate safeguards within your industry, so you can stay ahead of the cyber threat.

Effectively Train and Inform Employees on Cyber Threats

The best offense is a good defense. Properly trained employees are an organization’s best defense to scoring ‘wins’ against cyber criminals. It is essential for companies to educate their employees on how to identify and avoid potential cyber threats that could put the business at risk. The right cybersecurity advisor can help train your employees on ways to stay vigilant to defense against cybercrime.

Save Costs on Hiring Cybersecurity Staff

These days, cybersecurity professionals are in high demand. It is expensive to hire and retain employees to work in an internal cybersecurity role. Outsourcing to trusted third-party cybersecurity firm is a cost-effective option for businesses that require prioritized cybersecurity expertise but cannot afford, or don’t need a full-time team member. An independent cybersecurity advisory firm can help you identify what roles and expertise your business needs, and rapidly deploy those resources when needed.

Curious about how cybersecurity support can help your business move the need? We’d love to have a chat.

Valor Cybersecurity exists to simplify the identifying and addressing of cybersecurity threats and business requirements. Our team of experts serve as an extension of your team helping you to achieve your business goals. Whether it be identifying cyber best practices, preparing for compliance requirements, or simplify considering cyber insurance for the first time, were here to help! For more information or to speak with an independent, vendor agnostic cybersecurity consulting firm, reach out to our team of experts today.

 
Authors: Jeff White and Greg Tomchick

Web 3 Explored – How Did We Arrive And Are Digital Experiences Evolving Faster Than We Can Secure Them?

T

here is no doubt about it, digital technologies have rapidly modernized the way we create, and innovate. With an internet connection and a swift click of a button, we can now access our friends, family, and work colleagues, without bounds or borders.  In fact, if we took a step back, most of us would be amazed by how far our technology has evolved throughout the years.

Let’s rewind back to 2007, when Apple released the 1st generation of iPhone; a device that would revolutionize the way we communicate, for years to come. In that same year, tech giant Amazon would release its first e-reader, the Amazon Kindle, which all but transformed mobile reading experiences. In 2009, the first peer-to-peer digital currency, known as Bitcoin, came on the scene, which would soon allow us a new way to buy, sell and transfer value, all without the need for a central banking system. In leveraging blockchain technologies, Bitcoin would soon give rise to alternative digital currencies, further expanding decentralized experiences and transaction opportunities.

Fast forward to 2014 when Gavin Wood, the founder of cryptocurrency ‘Ethereum’, coined the term Web3 (or Web 3.0). Web3 would soon become known as the next generation of the internet, where connected devices would further the connection between the physical and digital realms.  Facebook (now Meta) accelerated this transition to Web3 experience in 2019 and 2020, with their release of the Oculus Quest and Quest 2 Virtual Reality (VR) headsets. What was once a high-tech and relatively expensive gadget largely built for the tech community, was becoming more accessible for the everyday consumer.

Enter 2020, when the world was on the brink of a Pandemic. With growing health and safety concerns, many businesses were forced to send hundreds if not thousands of employees to work from home; thus, leading employers to incorporate innovative outlets that would encourage collaboration and sharing. From telephone calls, and traditional video conferencing to ‘Metaverse’ meetings on VR headsets, the computer connection became another extension of our lives.

Coinciding with the ongoing digital shift in work, leisure, and shopping from home, has been the emergence of digital assets, namely NFTs (Non-Fungible Tokens). The original premise for NFTs was to take a traditional physical asset and transform them into digital representations. What originally began as a platform for trading digital artworks, has continued to expand its NFT offerings. To date, paintings, real estate, clothing, and digital collectibles, are all being offered as investable, with some items selling in the Millions of Dollars ($USD). Furthermore, there’s no sign that this marketplace is drying up anytime soon. In 2021 alone, the Global Market for Non-Fungible Tokens was an estimated $15.70 Billion 1. Based on forecasts, this value is expected to reach close to 122.43 Billion ($USD) by 2028 1.

While not every industry vertical and business leader has been quick to the NFT and crypto table, private equity investors and sports teams are taking note in capitalizing on missed opportunities. Below we will explore who is ‘playing ball’ in the NFT space, and how investors are accelerating these ventures.

Digital Memorabilia – Professional Sports are going all in on new collectibles

Despite the crypto craze and uncertainties regarding the long-term value, sports teams, players, and partnering investors are striking while the iron is hot. Recent estimates demonstrate that there is a lot of playing field when it comes to monetizing digital collectibles. For 2021, NFT sports collectibles were estimated at $1.4 Billion (USD); Based on the forecast, this number is expected to rise to a whooping $92 Billion (USD) by 2032 2

Let’s have a look at some notable investments, made in the NFT – pro sports collectible space, and examine how they are shaking up traditional keepsakes.

Top Pro Sports – NFT Collectible Ventures

  • NBA Top Shot – A NFT marketplace started in 2020, in partnership between the NBA and Dapper Labs (creator of NFT venture ‘Crypto kitties’) allowing users to buy, collect, sell, and trade basketball video highlight reels of their favorite sports moments. The list of investors in this venture is ongoing, with recent funding in the amount of $305 million (USD); This most recent round was led by wealth management firm, Coatue, and included the likes of star Athletes including Michael Jordan, and Kevin Durant 3 . Even team owners got in on the investment, with Sacramento Kings owner Vivek Ranadive taking part in the action!
  • Autograph – Launching in 2021 and Inspired by both son Dillon and father Paul Rosenblatt, Autograph has risen to notoriety with collectible NFTs ranging from sports phenoms to music legends. With backing from Tom Brady, himself, Autograph has been able to attract top talent to their platform, providing offerings at the intersection of community and collectibles. In 2022, Autograph received $170 Million (USD) in series B funding through leading VC Firms Andreesen Horowitz, Kleiner Perkins, and San Francisco Based VC ‘01A’ 4 .
  • Sorare – Launching in early 2019, Sorare focuses on bringing the fantasy sports experience to the NFT community. While focused on European Football, Sorare has expanded its footprint into Major League Baseball as of early 2022. A notable series B investment round was received by Sorare in the amount of $680 Million (USD) and led by investment fund SoftBank Vision Fund 2.

Pro Sports – NFT Ventures to Watch

  • LPGA – While there has been initial NFT movement on the PGA front, the LPGA is preparing for this movement. Despite no confirmed signs, it’s apparent that the Ladies Professional Golf Association (LPGA) is exploring options in both NFTs and the Metaverse. As of June of 2022, the LPGA filed a trademark application for these spaces, with the United States Patent and Trademark Office, which can be viewed here: https://www.uspto.gov/patents/search (Trademark Nos: 97462083 and 976462042)
  • Crypto Country Club – Launching in 2021, a pair of Austin Entrepreneurs foster a community where members can buy, sell, and interact with one another through golf-inspired artwork. Crypto Country Club has a well-known PGA tour, Joel Dahmen, as its brand ambassador (while they refer to it as ‘Club Champ’)
  • Malbon Golf Buckets Club – Featuring exclusive golfer-inspired NFT art, Malbon Golf Buckets Club seeks to provide another form of rich ownership and lifestyle experience, typically afforded to the golf course members of Malbon Golf Club.

“Organizations that fail to evolve their digital security practices with rapidly evolving innovations are at a significant disadvantage, both from an IT and a competitive standpoint.” 

Looking ahead of the curve – the Risk of NFT ownership

Like trading cards, there may be both short- and long-term market volatility that comes with ownership of NFTs. But should the market value be the only risk, investors should be focusing on when hedging their bets on digital investments? Unfortunately, the answer is no, primarily because the transaction to acquire, sell and interact with NFTs occurs ‘online’ across an internet connection. With the rising values of these collectibles, malicious actors are seeking ways to cash in and cash out. Let’s look at some recent cyber news, as it relates to theft, fraud, and unintended mistakes in NFT land.

  • Fraudulent sale of NFT sells for $340,000 – In August 2021, a fraudulent actor lists and sells an NFT, featured by the world-renowned artist Banksy, in the amount of $340,000 5. In an interesting twist, however. the resulting media coverage by the BBC and others pressured the seller to return the buyer’s money in full.
  • Insider Trading– In September 2021, a senior employee of a well-known NFT marketplace was suspected of insider trading. It had appeared that they bought NFTs prior to the official launch, and subsequently sold them for a profit of close to $67,000 after launch  6 . Following this incident, the marketplace reportedly instituted security policies prohibiting the use of confidential and internal company information, for the use of NFT transactions.
  • Price Manipulation– In October 2021, an NFT character titled ‘CryptoPunk #9998’ sold for over $400,000. Unfortunately, it was soon determined that the buyer and seller were the same people. This NFT owner attempted to sell this NFT for over a billion dollars  7. While this may not be illegal at face value, this scenario represents the opportunity for price gouging in the marketplace.
  • Identity Theft – On or around March of 2021, well-known creator of Marvel’s Super Hero Adventures appeared as a seller on the secondary marketplace, Rarible. The comic creator went on to post on Twitter, that the ‘verified’ profile, was in fact not him 7 . This example demonstrates that fraudulent sellers may be posing as established figures, in an attempt to drive value to their NFT sales.
  • Actor loses his beloved Ape NFT – Actor, Seth Green became a recent victim of NFT theft. In May 2022, Green attempted to ‘mint’ an NFT on a phishing/fake site. Because Green had his cryptocurrency wallet linked to the site, the actor was able to make off with a total of 4 of his NFTs, including a well-known Bored Ape Yacht Club Character 8 .

Steps to protect your digital investments – Web 3 and Beyond

Now you’re probably asking yourself, now that I know the potential risks of Web3 transactions, how can I better protect my portfolio of assets? We have outlined several steps you can take, to immediately better safeguard your assets:

  • Perform Investment Due Diligence: Before making any sort of investment in cryptocurrency or NFTs, ensure the legitimacy of the seller and source. This can reduce the risk of acquiring counterfeits. Whether you talk to fellow investors or read a company publication, it’s always best to cross-reference multiple sources. You may typically buy NFTs from either the original Minting Company or from a secondary marketplace. If buying from a community marketplace, you should typically favor more established platforms, those that have been in business for a least a year, and focus on fighting not only theft but scams from members/outsiders. A few noteworthy NFT marketplaces are https://opensea.io/ and https://rarible.com/ . As always, we recommend you perform your own diligence, before taking the plunge into NFTs.
  • Ensure you are visiting the authentic website – Whether you are buying, selling, or trading an NFT, you must ensure that you are visiting authentic websites. Like bank account websites, hackers have been known to create fake websites that almost mirror the original one, with attempts to steal users’ login/account information. It is always a good idea to verify the website’s authenticity by looking for the ‘Padlock’ icon in the web browser. By clicking, you will be shown a subpage, where you can scroll down and look for the ‘dates of validity’ for the ‘certificate’. This padlock or certificate represents that the website uses encryption.
  • If the offer is too good to be true, it probably is! – Seeing your latest Bored Ape Yacht Club character going for $2,000? While we recognize that markets can drastically fluctuate in the NFT space if the going value of all other minted NFTS is much higher, then you probably have yourself a bad investment; it’s either a counterfeit item or stolen from the legitimate owner. To help in verifying the NFT transaction, you can check the authenticity of the listing, by visiting https://etherscan.io/ .
  • Storage of NFTs in an ‘offline’ wallet – Otherwise known as cold storage, this physical storage device allows for the transfer and safe keeping of your valued (and potentially high dollar worth) NFTs. At a high level, the main difference between online wallets, like ‘Meta Mask’ for example, and ‘offline’ wallets is that online wallets require an internet connection to access. In addition, a password typically referred to as a ‘seed phrase’ prevents those not knowing the combination to access. While we typically remain vendor agnostic, here are a few cool ones to check out: Ledger & Trezor.
  • Vetting Third Party Ecosystem-If you are actively investing or considering investing in NFT companies in the future, Vendor Due Diligence is critically important to the success and security of your money. What would you say if your company’s offices were locked, but the night cleaning crew left the door open? This example is strictly to illustrate that attackers actively look for weaknesses (intentional or unintentional) in vendor physical, data protection, and even software/web development practices. The NFT company or you as an investor may have strong digital security measures in place, but these may be bypassed if vendors aren’t good stewards of your investments. This all starts by having a conversation with critical vendors that are supporting a minting venture or website launch; asking them how to interact, store, and access data. An extra few days or weeks of undergoing thorough vendor due diligence will potentially save you months-long headaches in the future.
  • If you’re selling an NFT, make sure your double check your list price– While this one sounds like a no-brainer, a simple extra ‘0’ or decimal can make the difference between a profit or loss of thousands, if not hundreds of thousands of dollars!

Article References: Global News Wire 1 , Sports Pro Media , Ref: Sports Techie ¾. ,    BBC  5 , Reuters  , Inc 42  7 , The Crypto Times  8

The Valor Team looks forward to providing continual insights relevant to your industry.  For other tips and tricks in staying cyber informed, please visit our website at www.valor-cybersecurity.com

Authored By Jeff White, Chief Security Officer

Professional Sports Front Offices And Sports Agencies Are Using Cybersecurity As A Competitive Advantage, You Can Too

F

rom a Major League Baseball scouting director using a cyberattack to break into a competitor’s records, to an NBA franchise being compromised in a phishing scheme, U.S. professional sports leagues are waking up to the fact that cybersecurity is no longer just a problem for the government or tech firms—it has now reached into the playing field, locker room, and boardroom.  

In this ValorrInsight, we breakdown how the four major U.S. professional sports leagues—Major League Baseball, the National Football League, the National Basketball Association, and the National Hockey League—are currently protecting themselves from these cyber risks that threaten the competitive integrity of their games, and detail ways in which the leagues could do more to proactively mitigate their cyber risk. 

Unfortunately, the leagues’ efforts to safeguard the competitive integrity of their sporting competition from these threats have been relatively slow to develop.  Rather than formulate league-wide cybersecurity standards, U.S. leagues appear to largely defer to their teams to protect themselves from cyber intrusions.  Meanwhile, the leagues have also failed to enact specific rules to deter their teams from targeting one another in cyberattacks.  At the same time, the existing academic literature has completely overlooked the industry, and failed to analyze the unique cyber risks that these high-visibility leagues and franchises face.   

The common themes we see when conducting cyber threat assessments in this space are: 

  • Data Overload: Players, coaches and equipment are creating and sending gigabytes of data per second and sent back to the front office to make informed decisions.  If that data is altered or stolen, the teams reputation and decision making ability could open be at severe risk.  
  • Connected Everything: From third party vendors at stadiums, to connected lights, to cloud based security systems, credit card machines, and millions of lives in the hands of the venue, everything across the professional sports landscape is connected to the internet today.  
  • Single Points of Failure: Many teams have that one system that everything important about its players is exchanged within.  Whatever that one system is for your team, that is what we call a single-point-of-failure from a cybersecurity standpoint.  The system that attackers will be on the lookout and the one that we recommend you protect most.  
  • Not Enough Focus on Connected Devices: Many of the teams we work with are incredible at physical security but often lack the expertise or resources to tie the two together.  We strongly encourage teams to leverage their physical security strategies and converge them with sound cybersecurity practices and capabilities.  

The Unique Cyber Threat Landscape Under The Lights

It is no secret that the cost of cyberattacks on both the public and private sectors is mounting. According to a recent National Bureau of Economic Research report, large companies that are victims of a cyberattack in which customers’ personal data are compromised realize an approximately 1.1  percent loss in market value and a 3.4 percentage point drop in sales growth.  These statistics are sobering, given the prevalence of the attackers frequent success in penetrating even the most guarded corporate networks. One recent example of this all too familiar phenomenon was the alleged Chinese government hacking of a U.S. Navy contractor charged with developing a top-secret super-sonic missile.  

In fact, one leading cybersecurity scholar has reported that “[n]inety-seven percent of Fortune 500 companies have been hacked . . . and likely the other [three] percent have too, they just don’t know it.”   

Three trends are making it much more difficult for sports organizations of all sizes to mitigate the array of cyber risks they face:  

The evolution of the “Internet of Everything” (IoT): With the explosion of connected devices in our businesses and our homes, we are seeing rapid expansion of the cyber threat surface for organizations and available doors for the attackers to come through.  IoT vulnerabilities can cause widespread, supply chain disruptions, such as when they are utilized to spread ransomware attacks.  This occurred during the WannaCry and later NotPetya attacks, which impacted more than 7,000 firms globally and cost the shipping giant Maersk more than $200 million.  These IoT vulnerabilities can, in turn, help fuel the theft of invaluable trade secrets, which are the lifeblood of major Fortune 500 firms as well as the professional sports industry.  Sports teams are increasingly relying on IoT applications to track their players’ movements, training, and dietary regimens. 

The difficulty of protecting trade secrets in such an interconnected digital ecosystem: Any potential cyber intrusion against a professional sports team operating in the United States would potentially run afoul of several existing laws.  Such as the Computer Fraud and Abuse Act (CFAA) and the Economic Espionage Act (EEA) or Uniform Trade Secrets Act (UTSA) and the Defend Trade Secrets Act (DTSA).  We often see these attacks being covered up in expert fashion, which makes these post-incident actions difficult to defend against from a legal standpoint.  

The proliferation of threats to critical infrastructure, including public facilities: Many critical infrastructure sectors in the U.S. boast an array of federal  and state regulations, given their vital status to national life—examples range from the North American Electric Reliability Corporation standards to the Health Insurance Portability and Accountability Act (HIPAA)—but, as we will see below, professional sports leagues have long enjoyed a special status in which policymakers have allowed leeway to self-regulate. The question going forward is whether this should continue in light of the serious cyber risks facing these organizations, their players, staffs, and fans. 

 Each of these trends is analyzed below in turn to provide context for these debates before focusing in on the specific issues confronting the U.S. professional sports industry.  

“Professional sports teams that fail to evolve their cybersecurity practices with the recent threat landscape are at a significant disadvantage, both from an IT and on-the-field standpoint.” 

How could Front Offices be better prepared?

The best approach for managing cyber risk is to develop an informed perspective by way of a streamlined and manageable process that treats cyber risk as equally as other types of risk, for example, financial risk, vendor risk, and legal risk. 

Formal practices for managing cyber risk should align with other risk management and security approaches that are in place, where cyber risk is treated as just another risk.  

If you are in the professional sports business, we advise that you take the following actions: 

  • Document Single Points Of Failure: Document your critical systems, along with processes and manual procedures if your critical system(s) were to go down.  
  • Understand Cyber Risks to Players and Operations: Identify your team’s most critical connected risks and address them with a reasonable plan.  Take into account the cyber threats to your players, their reputation can be your most valuable asset. 
  • Document an Incident Response Plan: Ensure your organization and its leaders know how you will respond to a cyber incident or IT disruption, this proactive planning will literally save you millions.  
  • Back up your data: Back up your data within resilient infrastructure and test those backups frequently.  Not all backup and data storage facilities/services are created equal! 

As cyber threats continue to proliferate, anticipating and managing them at all front-office levels will remain vital during 2022 and beyond.  As recent events have proved, Professional Sports Teams are vulnerable on a variety of fronts, from their vendors and third-party suppliers to their players.  Taking steps now to ensure proactive protections and risk management practices can help reduce these risks and help ensure that the playing field remains competitive and your advantages stay under your roof.

The Valor Team looks forward to providing continual insight relevant to your industry.  For other tips and tricks in staying cyber informed, please visit our additional Valor Insights at Insights – Valorr Cybersecurity

Why Valorr, Why Now?

If you are like most business leaders and executives, cybersecurity is already top-of-mind. In today’s environment of remote workforce and cloud-based resources, the opportunities for cybercrime and ransomware have grown exponentially.

Throughout my career, I have had the honor of helping secure successful organizations ranging from thriving small businesses to Fortune 50 companies.  Enabled by strong partnerships, I was able to assess and implement cybersecurity initiatives tailored to their unique threat landscape.  This business transformation process has always been fascinating to my economist mind, going as far back as my undergraduate studies.  As an outsider, going into an environment with millions of moving pieces and helping to protect the organization from cyber risks, all while continuing to serve its customers, can be a daunting task under extreme scrutiny.  To achieve this in a balanced fashion, while keeping all key stakeholders happy, you must be able to deliver prioritized, and action-based security strategies focused on what’s most important to the business, whether that be intellectual property, customer data, monetary assets or a combination of.

After successfully preforming the above close to 200 times since joining this industry in 2014, there has consistently been a common theme; that company leaders must be part of the conversation when it comes to prioritizing security and continuity of business operations.  With the ever-evolving cyber threat, businesses must strike the balance between security and company strategic objectives.  I know this all too well, as my first successful business venture was hit with a cyber-attack years ago. This event forced me to make tough decisions on whether to continue my dream or close down the business.  Ultimately, doing right by my customers and closing the business was the best decision at that point in time, but this encounter has never been forgotten. I have used it as fuel over the last 6 years when navigating the complexities of business-focused cybersecurity.

These combined experiences, both good and bad, have led to the founding of Valor. Alongside Co-founder Jeff White and the Valor team of experts, we relentlessly strive to empower business and societal leaders to tackle their most challenging cyber risks through providing understanding and action.

Valor, at our core, represents having courage during times of adversity. Valor aims to deliver organizations we partner with the courage they need to face cyber threats head on. The ultimate measure of our success is the enhanced business resilience and security of our clients.   

There is no better time in history to be on this mission with Valorr.  As technology continues to advance, data points and technologies multiply by the second. Business leaders are increasingly reliant upon having systems and information available, in real-time, to make informed decisions.  Combined with increasing complexity in data privacy and protection laws, business leaders need a trusted partner who can provide them translated and actionable risk guidance. 

It is for these reasons, that Valor relentlessly pursues a stronger and more secure tomorrow. If we can serve you or your organization, through Valor’s mission, please do not hesitate to reach out.

Until then, be bold, be courageous and pursue your goals with extreme passion.

Greg Tomchick

CEO, Valor Cybersecurity