[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Data breaches could cost the global economy trillions by 2019
Juniper Research has concluded that data breaches could cost the global economy as much as $2 trillion in the next five years, and has pointed the finger at weak corporate and network security as the reason for the breaches.
Juniper notes that healthcare, financial and banking, and government industries will be the most lucrative targets.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c2b0ed96b3&e=20056c7556
The GC’s 30-Minute Breach Drill
A data breach requires you, the general counsel, to quickly assess the situation and be able to give a coherent initial report to your CEO. If you are well organized you should be able to prepare an effective CEO initial briefing in about 30 minutes. Here are some tips from working with 52 data breaches /data compromises in the past year. With advanced planning, every GC can master the first steps of a computer intrusion smoothly. Try to follow these nine steps in the order offered.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=405506c2ba&e=20056c7556
Security analytics key to breach detection
“Breach detection is top of mind for security buyers and the field of security technologies claiming to find breaches or detect advanced attacks is at an all-time noise level,” says Eric Ahlm, research director at Gartner. “Security analytics platforms endeavor to bring situational awareness to security events by gathering and analyzing a broader set of data, such that the events that pose the greatest harm to an organization are found and prioritized with greater accuracy.”
The challenge to this approach is that major security events, such as breaches, don’t happen all at once. There may be an early indicator, followed hours later by a minor event, which in turn is followed days or months later by a data leakage event. Gartner says that when these three things are looked at as a single incident that just happens to span, say, three months, the overall priority of this incident made up of lesser events is now much higher. This is why “look backs” are a key concept for analytics systems.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=384079c51d&e=20056c7556
Breaches and More Breaches – We need to play a new game!
The global survey results showed that 54 percent of respondents plan to increase their security spend to deal with insider threats next year and the remaining 39 percent will be spending at least as much as they are now. Below are a few results from our insider threat report:…. It’s clear we need to stay on top, or potentially get on top of these security threats. To do so, we all need to “get with the program” – not just play the same old game and get the same old results:…
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=354e7033af&e=20056c7556
Mystery botnet hijacks broadband routers to offer DDoS-for-hire
The discovery was made by security firm Incapsula (recently acquired by Imperva), which first noticed attacks against a few dozen of its customers in December 2014 since when the firm estimates its size to exceed 40,000 IPs across 1,600 ISPs with at least 60 command and control (C2) nodes.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8049ad1c1e&e=20056c7556
root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions
The banks identified as potential targets in the pending attack are TD Bank, Bank of America, UAE Bank, and other organizations including the United Nations Children’s Fund, United Bank for Africa and Regions Bank.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a0ce5d9987&e=20056c7556
Banking Malware Delivered from SQL Database, Disables G-Buster Plugin
Security researchers spotted a new method for distributing malware, where a banking Trojan is delivered to a compromised computer from a Microsoft SQL database available online.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5f02d09000&e=20056c7556
Cyveillance Phishing Report: Top 20 Targets
RBC Royal Bank, Facebook, and Sparkasse were new entrants on the Cyveillance top 20 list, displacing Lloyds, Comcast, and Navy Federal Credit Union. Apple remains a top phishing target with an increase of more than 65% over the prior week, and Bank of America increasing more than 60%. Lloyds TSB dropped off the list with the most dramatic reduction (>80%), followed by TD Canada Trust (>70%), Amazon (>50%), USAA (>55%), and AOL (>40%).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=62f185632f&e=20056c7556
Ad Industry Blacklist Will Help Share Fraud Intelligence
The ad industry is creating a blacklist for Web sites associated with online ad fraud, a move meant to spread the word about bad actors and help crack down on an activity that is costing marketers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a8ee29da5b&e=20056c7556
Microsoft releases 13 security updates for Windows as part of this month’s Patch Tuesday
Bulletin #8 (Important) – This is a security update to patch an elevation of privilege vulnerability found in the Service Control Manager of the Microsoft …
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bd1cb2b7be&e=20056c7556
Mozilla Firefox 38 Gets a Baker’s Dozen Security Updates
Five of the 13 security updates for Firefox 38 are considered critical. … Mozilla has also issued 13 security advisories for vulnerabilities fixed in the …
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=14a73cbdd0&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dde7f4592f)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)