[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
UK firms look to threat intelligence to focus security efforts
UK firms have identified cyber threat intelligence as an investment priority for 2016 as they struggle to get a consistent view of their information security capabilities, according to analyst firm IDC.
Performance, skills and costs remain the biggest hurdles to true data-driven security, revealed an IDC study based on interviews with heads of IT and security at 300 large UK enterprises.
All companies polled said they intend to use threat intelligence products and services in the next 24 months, with 96% already using them, according to the study, which was commissioned by cyber security managed services provider SecureData.
However, the study found that 77% of those polled regard threat intelligence as security information and event management (Siem), 73% regard it as risk-based analysis of threats and recommended remediation, and 64% see it as data feeds on attacks and threats.
Some 61% of respondents include automated remediation of attacks and data feeds of vulnerabilities and other threats (64%) as a core element of threat intelligence , while the majority of firms regard threat intelligence as a combination of both products and services but, in some cases, are implementing threat intelligence exclusively as a service .
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ca91cb27e4&e=20056c7556
Thereâs one big downside of built-in security measures
Itâs increasingly common for hardware manufacturers and software developers to build in various security measures to protect users.
However, a new survey by cloud encryption company Alertsec reveals that these standard security precautions may be creating a false sense of security for PC and mobile users.
The Alertsec SMB 2015 Encryption Study, carried out among 1,255 small-to-medium businesses, reveals that 68 per cent believe auto-saved passwords are not secure.
Nearly half (48 per cent) believe never logging out of user profiles decreases security.
Over one in five SMB executives (23 per cent) believe lock down â when functionality of the system is restricted â is not secure, while 16 per cent believe that locking out systems following multiple failed password attempts is also insecure.
87 per cent of those surveyed say they fear data breaches.
When pressed further most cited physical security fears, with 40 per cent of respondents saying they fear leaving their laptop in the car and consequently having their identity stolen, 37 per cent fear having their laptop stolen while working at a coffee shop, 30 per cent fear burglars breaking into their homes and obtaining online banking information and 27 per cent worry about having their laptop stolen at airport security and having their cloud storage and photo files breached.
Perhaps no surprise then that 68 per cent say the problems they have seen at work have made them encrypt their personal computers.
An impressive 90 per cent say that work computers should be encrypted, followed by smartphones (61 per cent), personal computers (58 per cent) and tablets (55 per cent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e353cce8df&e=20056c7556
FAKBEN is offering a professional Ransomware-as-a-service that relies on a new CryptoLocker ransomware which can be downloaded through the executable file.
News of the day is that a new Ransomware-as-a-service surfaces from the criminal underground, requesting customers 10 percent profit cut.
The FAKBEN Team is offering a professional Ransomware-as-a-service that relies on a new CryptoLocker ransomware which can be downloaded through the executable file.
Users can customize their CryptoLocker variant and manage the campaign by using the CryptoLocker service developed by FAKBEN.
FAKBEN ransomware-as-a-service included a user-friendly interface that will show the number of infected machines and ransoms paid.
This specific Ransomware-as-a-service surfaces is still not active, it will be launched in the coming days.
Fakben explained that the ransomware cold be customized by adding a number of exploits targeting vulnerabilities in products such as Adobe and Java.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61170df41c&e=20056c7556
It Only Takes One Hour to Detect APTs on Network, Apparently
A new survey from Lieberman Software Corporation has revealed that 83 percent of IT professionals do not believe advanced persistent threats are over-hyped, however they are still very naĂŻve about the length of time it would take to identify an advanced persistent threat on their own corporate network.
The study was carried out at Black Hat Conference 2015 and looked at the attitudes of nearly 150 IT security professionals.
It revealed that 10 percent of IT professionals believe it would take them only one hour to identify an APT on their network, while 55 percent said it would take them one week to one month.
However this is in contrast with data from a recent Mandiant report which revealed that hackers are present on the network for an average of 205 days before being discovered.
Other findings from Lieberman Softwareâs study revealed that 84 percent of respondents believe that unmanaged privileged credentials are the biggest cyber security vulnerability within their organisation.
Other findings from the study revealed that many IT professionals are still very dubious about the cloud, with 97 percent of respondents stating that they are worried about some of their organizationâs cloud hosted data being either lost, corrupted or accessed by unauthorized individuals.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c4307d9295&e=20056c7556
3 Emerging Cyber Threats to Watch in 2016: SIFMA
The cybersecurity landscape is âworsening,â and 2016 âwill be a tougher yearâ in terms of fighting breaches, Matthew Chung, Morgan Stanleyâs chief information officer of technology and risk information, said Tuesday.
Speaking on a panel at the Securities Industry and Financial Markets Associationâs annual conference in Washington, Chung said that the âcomplexityâ along with the cost of keeping up with cybersecurity is an ongoing challenge.
He cited three worrisome âemerging threatsâ that âwill start to cause an impression in 2016.â
First, an âincreaseâ in ransomware, which infects a system and causes a firm to lose access to its data unless the users pay a ransom, often in bitcoin.
He noted that the group DD4BC â which stands for Distributed Denial of Service for Bitcoin â has been targeting financial services firms since mid-2014 with threats of locking up systems unless they are paid a bitcoin ransom.
The second threat is from âmalicious insiders,â Chung said, which is someone within a firm with âvalid credentialsâ thatâs looking to do harm.
The third threat: destructive malware, which Chung said is more prevalent in the energy sector than in financial services. âThis is a risk that will become more interesting over the next year,â Chung said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d0d8e2df0c&e=20056c7556
Third-Party Security IoT Providers
Fair or not, your customers will hold you accountable for any security breach related to your company, especially when your brand is the face of the partnership.
Companies that must maintain security compliance â like those that have to maintain The Payment Card Industry Data Security Standard â can be found legally liable for their partnerâs security deficiencies, so more than your brand will suffer if you trust the wrong firm with your business.
Follow these three steps when vetting potential partners to prevent breaches and maintain the trust of your customers:
Do your research.
Donât trust what someone else tells you.
Perform your own security audit of potential partners by visiting their data centers, meeting with their IT security teams, and reviewing their security controls.
Set high standards.
Know what security controls you require from your partners.
Continue to monitor.
Once you find the right third-party business, donât sit back and assume everything will be fine moving forward.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=aca6fac991&e=20056c7556
UK law mandates software backdoors, jail for disclosing vulnerability
Now the UK is getting in on the action, as itâs been revealed that under the upcoming Investigatory Powers Bill it will have the ability to order companies to build software âbackdoorsâ into their products, and revealing that collaboration could result in up to a year in prison.
More than that, the government is also empowering itself to enlist the services of talented individuals like hackers, and to also legally restrain these people from revealing the work theyâve done â even in open court.
In the US, these orders are called as National Security Letters (NSLs), and they have come to be routinely served to everyone from a small business owners to major corporate executives.
The bill, widely referred to as the Snoopers Charter, could also mean that citizens subjected to these secret orders, who decide to defy them, would be tried by secret courts and appeal to secret tribunals with zero public accountability or even disclosure of its decisions.
This fundamentally makes resistance impossible â try to make a stink about what you see as improper use of government power in the UK, and the UK government may soon be able to respond with a judicial system not all that different from a black bag over the head.
As a Canadian, someone who has tried investigating even minor details about Canadaâs SIGINT body, let me just say that while things may be getting worse in America, they are absolutely not the worst out there.
The current parliamentary democracies, whether in Britain, Canada, or elsewhere, have the capacity to produce far less restricted governments and government agencies, while also subjecting those agencies to less meaningful public oversight.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1191a1b663&e=20056c7556
Email is more secure today than it was two years ago
Google has partnered with University of Michigan and the University of Illinois, and they have been trying to discover, for the last couple of years, how email security has evolved.
The researchers have been collecting data regarding the adoption of SMTP security extensions (STARTTLS, SPF, DKIM, and DMARC), both by checking the Alexa Top Million domains’ SMTP server configurations, and SMTP connections to and from Gmail.
“First, we found regions of the Internet actively preventing message encryption by tampering with requests to initiate SSL connections.
Second, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail.
While these threats do not affect Gmail to Gmail communication, they may affect messaging between providers,” they explained Google’s particular interest in fixing this problem.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0f4b62cf84&e=20056c7556
Data breaches and bots are driving cybercrime surge
From July to September, ThreatMetrix detected more than 90 million attempted attacks across industries, representing a 20 percent increase over the previous quarter.
This increase in attacks can largely be attributed to the growing sophistication of cybercriminals and the amount of customer data available for interception.
In the financial services industry, attacks increased 30 percent over the previous quarter, with more than 15 million fraud attempts.
As online lending and alternative payments providers represent significant financial gain for fraudsters, this segment is continuing to experience a very high volume of attacks.
Financial services transactions broken down consist of the following percentages and risks:
– 85 percent of transactions were account logins, with 2.5 percent high risk
– 13 percent of transactions were payments, with three percent high risk
– Two percent of transactions were account creations, with two percent high risk.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d182e72d33&e=20056c7556
Small companies’ big cyber risks highlighted at underwriting conference
DALLAS â Small and medium-size businesses’ lack of knowledge and resources to address their cyber risks can not only threaten their own existence, but also pose significant risks to the larger companies with which they deal, say experts.
âOne of the big challenges we have when we think aboutâ the cyber risks faced by small and medium-size businesses is they have limited resources, which they direct toward making money, and information security âin a lot of cases is what gets put on the back burner,â said Sarah Stephens, a London-based partner with JLT Specialty Ltd.’s financial lines group.
Another issue is that smaller firms often incorrectly assume they will not be targets of cyber attacks because of their size, said Ms.
Stephens.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a565d14948&e=20056c7556
New SANS Survey Reveals Lack Of Skilled Personnel As The Biggest Barrier To Implementing Security And Analytics Tools
SEATTLE, Nov. 12, 2015 /PRNewswire/ — DomainTools, the leader in domain name and DNS research, today announced a new 2015 Analytics and Intelligence Survey, conducted by the SANS Institute.
The research revealed that the demand for cybersecurity tools and resources has doubled since 2014, with the majority (59 percent) of respondents citing a lack of skills and dedicated resources as the main obstacles to discovering and acting on cybersecurity incidents and breaches.
The results allude to an industry-wide disconnect with 43 percent of enterprises fully understanding the importance of cyber threat solutions yet still relying on manual processes to protect their organization.
Currently, only 9 percent of enterprises’ analytics and intelligence processes used for uncovering a breach are automated.
The full research report can be downloaded here.
On the bright side, while cybersecurity attacks have increased 66 percent since 2009, the research revealed the time to remediation is improving.
In 2015, 67 percent of organizations were able to unearth an attack in one week or less versus only 50 percent in 2014.
With detection and response times improving, the majority (83 percent) of organizations believe visibility into cyber incidents has improved with more effective intelligence programs that leverage analytics capabilities.
In fact, almost half of organizations are diligently working to increase visibility by integrating data from external threat providers and another 31 percent are planning to do so in the future.
Key findings from the report include:
– 35 percent of organizations cite a lack of centralized reporting and remediation controls as a barrier to identifying cybersecurity incidents.
– Only 3 percent of organizations feel that their analytics and intelligence processes for pattern recognition are fully automated, and another 6 percent report having a “highly automated” intelligence and analytics environment.
– 26 percent still can’t understand and baseline “normal” cybersecurity behavior, making it difficult for them to identify and block abnormal behaviors.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ac03ccda43&e=20056c7556
Naughty list to get longer, biggest cybercriminal Christmas on its way
This Christmas could be the most wonderful time of year for cyber criminals, according to digital identity company ThreatMetrix.
In a new report, the firm reveals that it has detected a 25% jump in attacks on online retailers in the last 90 days, with 45m attacks recorded.
ThreatMetrix saw 11.4m fraudulent transaction attempts during the peak holiday shopping period last year.
The Q3 Cybercrime Report from ThreatMetrix detected a number of attacks across billions of transactions globally, with account logins representing 78% of transactions, of which 5% were high risk.
Further analysis found that payments made up 21% of transactions, with 3.2% at high risk, while 1% of transactions were account creations, with nearly 7% high risk.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e824887834&e=20056c7556
The automation and industrialization of cyber attacks
A new Imperva report highlights cyber criminalsâ use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive data.
Every application analyzed in the report was attacked, with over 75 percent of the applications attacked by every one of the eight identified attack types.
The eight attack types analyzed in the report are SQL injection (SQLi), remote file inclusion (RFI), remote code execution (RCE), directory traversal (DT), cross site scripting (XSS), spam, file upload (FU), and HTTP reconnaissance.
2015 also saw hackers shift emphasis to attacking healthcare applications, likely reflecting the black market value of the personally identifiable information contained within healthcare applications.
The data also highlights an increase in the percentage of attacks successfully identified and blocked by reputation services, further validating that already identified and known hackers use automation to more effectively and efficiently launch attacks against a broad set of targets.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5a1606921a&e=20056c7556
Most companies ‘unaware of cyber breach costs’
Most New Zealand companies and organisations are unaware of the probability of and real cost of cyber security breaches, a New Zealand tech expert says.
The average global cost of a breach is now $US154 per record and the likelihood is now 22 percent of a breach over a two year period New Zealand Technology Industry Association (NZTech) chief executive Graeme Muller says.
Muller will be chairing the top c-level New Zealand security summit in Wellington on November 30.
The summit includes industry, government and academic interests in an effort to improve the state of cyber security in New Zealand.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bcf7e83139&e=20056c7556
10 legal aspects of data breaches lawyers urge you to abide
cynthia-larose.jpg
Cynthia Larose
Image: Cynthia Larose
According to Cynthia Larose and Meredith Leary, members of the law firm Mintz Levin, when it comes to dealing with the legal aspects of data breaches, organizations must be able to explain in the aftermath that actions taken before and during the data breach were reasonable.
To do that, both attorneys say responsible parties within the company need to plan ahead and think like litigators, which to them means abiding by the following.
1: Fail to plan equals plan to fail
2: Big problems first, small problems later
3: The criticality of the tone at the top cannot be overstated
4: You cannot prevent idiocy, but you can train
5: Make good email practices your fight song
6: Say what you mean and mean what you say
7: Avoid inconsistencies wherever possible
8: Know what your peers are doing
9: Document close calls
10: Imagine your story being told to the world
Data security is a new area of litigation.
The US federal government does not have a unified set of data security regulations.
Moreover, what is on the books only protects certain types of data in specific industries (Graham-Leach-Bliley, COPPA, HIPAA, etc.).
Worse yet, there is only a patchwork of statutes and regulations at the state level.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f78a090f21&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dc02458a5e)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)