[From the desk of Paul Davis – his opinions and no-one else’s]
I hope you don’t mind but I changed the subject line to make it easier to distinguish from other newsalerts
Apart from the reporter’s opinions đ
So onto the news:
Bitcoin regulation begins
The bitcoin regulation era has begun. A top Wall Street watchdog on Wednesday issued new rules that place stricter cybersecurity requirements on financial firms wishing to use virtual currencies. Under the guidelines, financial firms handling bitcoins and other digital currencies will need to obtain a “BitLicense” from the New York Department of Financial Services (NYDFS), ensure a strong cyber defense and maintain detailed records of all bitcoin transactions. Tech companies like Reddit and digital rights advocates have pushed back against the rules since a first draft was released last year. They argue the guidelines could inhibit some of the privacy and market benefits of cryptocurrency. To read our full piece, click here.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2da6bc1a13&e=20056c7556
FTC looks âmore favorablyâ upon companies that report data breaches to law enforcement
The Federal Trade Commission recently announced that it views companies that report data breaches to appropriate law enforcers âmore favorablyâ than those companies that are less cooperative. Mark Eichorn, Assistant Director in the Bureau of Consumer Protectionâs Division of Privacy and Identity Protection, included the announcement in a May 20, 2015 blog post, describing a typical FTC data breach investigation to help companies know what to expect if they are investigated.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=da3f07d0c8&e=20056c7556
10 Threat Intelligence Goals for Financial Institutions
Russell Pierce, Vice President of Cyber Security and Threat Intelligence at Regions Financial Corporation recently shared his experiences with building a threat intelligence program, and how Recorded Future contributes to its overall success.
The top four threats, said Mr. Pierce, are those risks to Your Company:
1. Direct risk (targeted or named; institutional vulnerabilities)
2. Indirect risk (vendor, service, or technology dependencies)
3. Actors, campaigns, tools, or tactics that targeted your company or sector
4. Internal inquiry (leadership, corp communications, or technical areas)
Since many cyber attacks occur as a result of indirect threats, risks, or vulnerabilities, companies must be aware of whatâs happening in the industry. A large company or group of companies in Your Industry being hit with targeted malware, for instance, is a good indication that trouble may be brewing for your company, too:
5. Affecting multiple companies in your sector
6. Affecting a large company or leader in your sector
7. Affecting a direct peer (by market size, holdings, or geography)
Rounding out Mr. Pierceâs top 10 intelligence goals are threats to Your Internet:
8. Mass campaign (widespread, significant volume, or high level of success)
9. Has, or expected to have, significant media attention (inquiries expected)
10. New or significant actors, campaigns, tools, or tactics
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=69ed1d39a5&e=20056c7556
This firm paid hackers a ransom in bitcoin worth thousands of dollars after they threatened an employee’s family
The company, which police refused to identify, paid the hackers an initial ransom worth thousands of dollars after its computer system was hacked and sensitive data stolen earlier this year.
When the company refused a further larger ransom demand and contacted police, hackers then âprofiled a senior member of the organisation, identified their family and threatened to discredit members of his family through online attacks particularly targeting a childâ, police said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=33b4f0da39&e=20056c7556
Kuwait- Cybercrime Bill Backed In First Vote Join our daily free Newsletter
(MENAFN – Arab Times) Kuwait’s Parliament Wednesday backed legislation stipulating 10-year jail terms and fines of up to 165,000 for online crimes, especially those related to terrorism, despite warnings that this could undermine freedoms.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3b675293d3&e=20056c7556
Modulo Announces New Version of Modulo Risk Manager Featuring âGRC App Creatorâ at Gartner Security & Risk Management Summit 2015
Modulo, a leading provider of technology governance, risk and compliance (GRC) solutions, today announced today a new version of its award-winning Modulo Risk Manager GRC platform. Modulo will demonstrate the new capabilities for the first time at the Gartner Security & Risk Management Summit 2015 on June 8-11 at the Gaylord Hotel in National Harbor, Maryland.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7abb63e2d9&e=20056c7556
#infosec15: Threat Intelligence Industry Set for Major Consolidation
Speaking at Infosecurity Europe 2015 in London this morning, Digital Shadows CTO James Chappell, claimed that threat intelligence has actually been around for many years.
However, a new breed of platforms has emerged over the past year or two, tapping several key industry trends.
Chappell highlighted in particular rich analytic tools like Patervaâs Maltego; the emergence of powerful products based on open source intelligence (OSINT) tools; and information sharing through bodies like US-based Information Sharing and Analysis Centers (ISACs).
IT teams can also improve their security posture by talking to NOCs and CERTs to gather and consolidate information, as well as tapping marketing teams to find out how their firm is being discussed online.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0f34da6c4e&e=20056c7556
#infosec15: Focus on People Not Tech for Best Threat Intelligence
Effective security controls, network-level visibility and talent are vital underpinnings to good threat intelligence, but IT teams need intellectual rigor rather than whizz bang tools to get the best results, according to a panel of experts.
Wendy Nather, research director for 451 Research, and FCC Group CISO Gianluca DâAntonio argued that despite its image as a high tech discipline, good threat intelligence ultimately requires human input to interpret and analyse data in a meaningful way.
Marc Lueck, director of global threat management for Pearson, argued that threat intelligence is a great opportunity for IT to expand beyond bits and bytes and into new areas like data analytics, which can be invaluable additional skills to have on board.
The recipe for good threat intelligence should include timeliness, relevance and specificity, according to Nather. But itâs also important to focus outwards, added Noble Group CISO, Burim Bivolaku.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c33cd8b569&e=20056c7556
Cost of an average Canadian data breach is $5.3 million: Study
Thatâs according to research conducted by the Ponemon Institute and sponsored by IBM, which looked at the actual costs of data loss or theft suffered by 21 Canadian companies in 11 industry sectors. The costs were based upon estimates provided by the organizations interviewed over a 10-month period. Ponemon acknowledges that the 21 companies sampled were not statistically representative of all companies here that suffered a breach last year.
Note thatâs an average cost: The study didnât include organizations that lost over 100,000 records because they wouldnât have been representative of most breaches. (The average number of lost records in the group was just over 20,400. The biggest number of lost records among the 21 firms studied was 74,550).
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=24bdfc43eb&e=20056c7556
IT Industry Luminary Shlomo Kramer Joins Board and Invests in LightCyber
LOS ALTOS, Calif. & RAMAT GAN, Israel–(BUSINESS WIRE)–LightCyber, a leading provider of Active Breach Detection solutions, today announced that network security business leader and luminary Shlomo Kramer has joined its board of directors. Kramer is best known as the co-founder of Check Point Software, founder and CEO of Imperva, early investor and board member of Palo Alto Networks from 2006 to 2012, and early investor in Trusteer (recently acquired by IBM). Kramer also made an equity investment in LightCyber.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=261314552c&e=20056c7556
Check Point reports explosion in unrecognizable malware
The average large enterprise saw 106 previously-unknown pieces of malware an hour last year
Check Point Software Technologies gathered network traffic from more than 60,000 enterprise gateways last year and the increase in new malware was “frightening,” said Check Point Vice President Juliette Rizkallah.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6fe360cd59&e=20056c7556
FBI probing major federal breach The FBI is probing a major hack (believed to come from China) of the Office of Personnel Management (OPM), which handles security clearances and employee records for federal workers. The agency plans to notify ~4M current and former employees their data may have been compromised. The AP reports the White House is thinking of making an announcement tonight or tomorrow morning.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=683479ee5b&e=20056c7556
Firms must prepare for era of ‘shaming’ cyber attacks
Businesses need to create response and mitigation strategies for state and hacktivist ‘shaming’ attacks or go the way of Sony, according to security chiefs from the Met Office, Heathrow Airport and the Economist Group.
“You need to consider and put plans together that address the fact that you may be targeted by a state actor. [For example] the Sony attack wasn’t about IP theft it was about embarrassment.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0b79c26173&e=20056c7556
A framework to help make sense of cybersecurity tools
Many security tools are fragmented, and as a result it is often difficult to describe, categorize and compare various security tools given the numerous subcategories and new startups tackling one small part of the problem. We offer a framework to fix that.
This framework is based on two dimensions: one captures the capability provided by the security technology, while the second is related to the layer of the IT stack where the technology is deployed. I hope you will find it helpful not only to review the current security landscape, but also to classify and compare the different security vendors in this complex market.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e71554710f&e=20056c7556
Security sleuths, sniff out the stupid from your Oracle DBs
The Datacom TSS hacker says the Database Security Scorecard will help inform system administrators of security shortfalls in databases and help bridge the language gap between management and tech.
Litchfield will implement some additional tweaks before uploading the tool later this week.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=373d9ce479&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d8ac676044)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)