[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions š
So onto the news:
**
————————————————————
* Obama Creating Federal CISO Post
* Google adds warning to unencrypted emails
* The economic cost of being hacked
* NTT Security : UK businesses could spend Ā£1.2 million recovering from a cyber security breach according to new research
* How to convince the CFO of the budgetary security need
* Cyber attack top business threat for second year running
* INSIGHT: Growing hacker threats make cybersecurity a great career choice
* Breaches Infest C-Stores, Gas Stations: Study
* Change Agent: Google Introduces Filter That Blocks Evolving Botnets
* IDT911ā¢ Revamps Industry Leading DataRiskStagesĀ® Service for More Accurate Cyber Underwriting, Simplified Claims Handling, and Enhanced Service for Commercial Policyholders
Obama Creating Federal CISO Post
President Obama is creating the position of federal chief information security officer as part of a multifaceted initiative aimed at strengthening the nation’s IT security.
White House Cybersecurity Coordinator Michael Daniel sees a “deep relationship” between modernizing federal IT and cybersecurity. “It is critically important that we begin to address the underlying structural weakness that we have in cybersecurity by modernizing underlying IT,” Daniel said at a White House briefing on Feb. 9.
The new federal CISO would drive these changes across the government.
The federal CISO would report to the federal CIO and be located in the White House Office of Management and Budget (see: 10 Facts About New Federal CISO Position).
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=68a334c7e5&e=20056c7556
Google adds warning to unencrypted emails
Users will be shown a small red unlocked padlock icon in the upper right-hand corner of a message to let them know that someone they’re sending messages to or receiving email from doesn’t support TLS encryption that would keep information from prying eyes in transit.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ac5ec602dc&e=20056c7556
The economic cost of being hacked
Cyber security specialist Praesidio has put together an infographic looking at just how expensive a cyber attack can be.
Increasingly businesses expect to be attacked at some point. 52 percent of brands anticipate being attacked in 2016, and only 20 percent say they’re confident about avoiding a phishing attack.
The total average cost of a data breach is now put at $6.53 million which includes $3.72 million in lost business.
For financial companies the cost of each compromised record is put at $259, with an average of 10,000 records stolen per incident thatās a significant cost.
The total cost of damage due to cyber attacks is put at $400 million.
Forensic investigations can cost up to $2,000 an hour, while the average annual salary of a security engineer is $92,000.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5cfc93630d&e=20056c7556
NTT Security : UK businesses could spend Ā£1.2 million recovering from a cyber security breach according to new research
London, UK; 10 February 2016 – Most business decision makers in the UK admit that their organisation will suffer from a cyber security breach at some point.
They also anticipate that to recover from a data breach would cost upwards of Ā£1.2 million on average for their organisation, the highest figure globally.
This is according to a new Risk:Value report from global information security and risk management company, NTT Com Security, which surveyed business decision makers in the UK, as well as US, Germany, France, Sweden, Norway and Switzerland.
While nearly half (48%) of UK business decision makers say information security is ‘vital’ to their organisation and just half agree it is ‘good practice’, a fifth admit that poor information security is the ‘single greatest risk’ to the business, ahead of ‘decreasing profits’ (12%), ‘competitors taking market share’ (11%) and on a par with ‘lack of employee skills’ (21%).
Well over half (57%) agree that their organisation will suffer a data breach at some point, while a third disagree and one in ten say they do not know.
Respondents estimate that a breach would cost them Ā£1.2m, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration, and take on average two months to recover from.
They also anticipate a 13% drop in revenue, on average, following a breach.
In terms of remediation costs following a security breach, nearly a fifth (18%) of a company’s costs would be spent on legal fees, 18% on fines or compliance costs, 17% on compensation to customers, and 11% for third party remediation resources.
Other anticipated costs include PR and communications (14%) and compensation paid to suppliers (12%) and to employees (11%).
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4097c01194&e=20056c7556
How to convince the CFO of the budgetary security need
It is important that the CFO understand an organizationās cyber security needs by working with the Chief Security Officer and/or Chief Information Security Officer.
Helping to educate the CFO on the nature of the threats, as well as their potential impacts against the organizationās business process, production, customer relations, and public perception will better inform them as to how to address security needs within a risk management environment.
Since it is nearly impossible for organizations to protect all aspects of their enterprise, working with the CFO to prioritize threats by severity, potential impact, and cost-benefit analysis is an integral endeavor for security personnel looking to receive a budget that fits their needs.
There are some encouraging signs that the gap between CFO and CSO/CISO is narrowing.
According to a 2015 survey conducted of 100 U.S. technology CFOs by BDO USA, a leading association of accounting, consulting, and professional service firms, two-thirds said they have increased cyber security measures for their respective organizations since the preceding year.
These findings are not alone.
A separate survey conducted by CFO Signals in 2015 found that of 103 CFOs polled, 74 percent ranked cyber security as their top priority, demonstrating that not only are CFOs getting the need to invest in cybersecurity, they are understanding that they have a role in it as well.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=109aeaf471&e=20056c7556
Cyber attack top business threat for second year running
Cyber attack is the top threat perceived by businesses, according to the fifth annual Horizon Scan report published today by the Business Continuity Institute (BCI), in association with BSI.
Similarly, the threat of a data breach rises to second in the list, up one place from 2015.
The annual BCI Horizon Scan assessed the business preparedness of 568 organisations worldwide and shows that three quarters (85%) of business continuity managers fear the possibility of a cyber attack, with 80% worried about the possibility of a data breach similar to those suffered by Carphone Warehouse and Sony.
Concerns over supply chain disruption remained in the top ten, but fell two places from fifth last year to seventh this year.
Almost half of those polled (47%) identified increasing supply chain complexity as a trend, leaving their organisation vulnerable to disruption from conflict or natural disasters.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=672369b950&e=20056c7556
INSIGHT: Growing hacker threats make cybersecurity a great career choice
A massive increase in cybersecurity jobs is coming.
Much of the money spent on cybersecurity finds its way to the professionals working daily to keep companies safe; therefore, spending toward new jobs is more than likely.
However, therein lies a problem.
Cybersecurity already has a huge number of empty jobs.
Currently, Cisco found that there are 1 million cybersecurity positions worldwide that arenāt filled.
As the market grows, new cybersecurity positions will increase, demanding more people to enter the field.
If you havenāt set your goals for the year, make it a point to receive training in cybersecurity.
The industry is poised for a lot of growth, and the high number of vacant positions will give you multiple career options.
Not only that, but youāll also have a level of job security that you probably wonāt be able to find elsewhere.
So take the leap.
Search local training centers for more on information security training and get that cybersecurity position youāve always dreamed about.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9eb9d9f36a&e=20056c7556
Breaches Infest C-Stores, Gas Stations: Study
Convenience store and gas station chains appear to be most susceptible to data breaches, according to a study from the Richmond, Va.-based Risk Based Security, āData Breach QuickView: 2015 Data Breach Trends.ā
According to the study, the total number of data breach incidents was up 23% to 3,930 in 2015 from 3,192 in 2014.
The number of exposed records, however, fell 33% to 736 million in 2015 from 1.1 billion the year before, the report said.
Automated fuel dispenser skimming is the most frequent form of data theft, the report said.
To pull this off, a skimmer usually affixes a device over the mouth of the card reader and secretly captures credit and debit card information when customers insert their cards into the ATM machines or fuel pumps.
Criminals also use a combination of cameras and video devices to capture cardholder PINs as part of their ATM skimming scheme.
The analysis found California had the highest number of data breach incidents in 2015 at 199, with Florida coming in second at 130.
California retained the top spot from 2014, while Florida rose to the No. 2 spot.
New York came in third in 2015 at 102 incidents.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=31c6190325&e=20056c7556
Change Agent: Google Introduces Filter That Blocks Evolving Botnets
Google is upping its defenses against ad fraud to take on three malware families.
The offenders include Bedep, plus two previously unknown entities internally code-named Beetal and Changthangi, which are named for goat species.
Read the blog post.
Google has developed a filter ā now available for advertisers using DoubleClick Bid Manager (DBM) and Google Display Network (GDN) ā to block traffic from these families.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=602e9a0343&e=20056c7556
IDT911ā¢ Revamps Industry Leading DataRiskStagesĀ® Service for More Accurate Cyber Underwriting, Simplified Claims Handling, and Enhanced Service for Commercial Policyholders
SCOTTSDALE, Ariz., Feb. 9, 2016 /PRNewswire/ — IDT911ā¢ announced significant enhancements to its industry leading DataRiskStagesĀ® data breach mitigation and remediation service to better support insurance companies and their commercial policyholders.
Anticipating insurance industry needs, the DataRiskStages platform has been enriched with three new features: Ins.breachresponse.com to help avoid and manage a breach, CyberClaims911ā¢ for more efficient claims handling, and new analytics for more accurate cyber underwriting.
Combined, the three services offer triple threat cyber service for the insurance industry.
or commercial policyholders, Ins.breachresponse.com from DataRiskStages offers important and comprehensive pre-breach risk awareness education and post-breach remediation guidance.
CyberClaims911 is the first and only third-party administrator that focuses solely on cyber claims processingādelivering industry-leading data breach avoidance and resolution services resulting in stronger management over losses and reduced operating expenses.
Advanced analytics and reporting from IDT911 strengthens your insight when underwriting cyber risks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2513afb7c2&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=04c460bc88)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)