[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
4 Ways to Engage Executives in Cyber Risk
A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs, though they (along with their peers in other industries) could still benefit from improved governance and engagement with business leaders.
This shift in perspective, from seeing cyber risk as an IT problem to treating it as a business issue, is taking hold in the retail industry, according to findings from a survey of retail executives conducted by Deloitte & Touche in 2014.š âExecutives at major retailers increasingly regard cyber risk as part of the broader conversation about business risk,â says Alison Kenney Paul, vice chairman and U.S. Retail and Distribution leader for Deloitte LLP. âAs a result, theyâre starting to seek a broader approach to cyber security than theyâve used in the past, and our survey results back this up.â
For example, two-thirds of respondents are actively reviewing the National Institute of Standards and Technologyâs (NIST) Cybersecurity Framework, and 21 percent are either already using it or planning to adopt it in the near future.
âTo combat cyber risk, the tone really must start at the top, with the board, CEO, and CFO setting up effective governance and organization structures,â says Mantha. âPart of their mandate as senior leaders is to ensure all employees understand their role in helping to prevent cyber attacks. That includes endorsing creative initiatives (e.g., threat simulations or war games) that teach and reward responsible behaviors across the enterprise.â
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9d73530f87&e=20056c7556
GLOBAL CYBERSPACE IS SAFER THAN YOU THINK: REAL TRENDS IN CYBERCRIME
What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. Information technology (IT) security firms such as Norton Symantec and Kaspersky Labs publish yearly reports that generally show the security of cyberspace to be poor and often getting worse. This paper argues that the level of security in cyberspace is actually far better than the picture described by media accounts and IT security reports.
Currently, numbers on the occurrence of cybercrime are almost always depicted in either absolute (1,000 attacks per year) or as year-over-year percentage change terms (50 percent more attacks in 2014 than in 2013). To get an accurate picture of the security of cyberspace, cybercrime statistics need to be expressed as a proportion of the growing size of the Internet (similar to the routine practice of expressing crime as a proportion of a population, i.e., 15 murders per 1,000 people per year). To substantiate this argument, data was collected on the size of the Internet, with a focus on users, points of interaction and volume of online activity. Data was then collected on the vectors of cyber attack, the occurrence of cyber attacks and the cost of cybercrime.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a168bcbb20&e=20056c7556
Evolving Threat Landscape Demands Executives Understand Cyber Risk
In the wake of a number of recent high-profile, damaging cyberattacksâincluding the recent breach of the Office of Personnel Management, which compromised the sensitive information of millions of federal employeesâexecutives and board members are gradually becoming aware of todayâs cyber threats and the potentially devastating impact these can have on their organizations.
In response, software provider Tripwire recently asked 22 prominent experts in the cyber field how security teams can improve their executivesâ cybersecurity literacy. The consensus?
One of the key ways security professionals can help boards/executives improve their cybersecurity literacy is to connect recent major security incidents with the tools that can be used to prevent, mitigate, and respond to them, according to David Meltzer, Chief Research Officer at Tripwire.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c03f3ebe77&e=20056c7556
New Horizons Computer Learning Center of Knoxville Offers CyberSec First Responder: Threat Detection and Response, a Groundbreaking Cybersecurity Training Course and Certification
KNOXVILLE, TN, Jul 21, 2015 (Marketwired via COMTEX) — New Horizons Computer Learning Center, a leading provider of instructor-led technical training, announces the addition of CyberSec First Responder: Threat Detection and Response to their public training schedule. This cybersecurity training course and corresponding ProCert Accredited certification, Certified CyberSec First Responder, were developed by Logical Operations with the goal of helping organizations combat cybersecurity threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e569ecb7c5&e=20056c7556
Average DDoS attack size increasing, Arbor warns businesses
The average size of distributed denial of service (DDoS) attacks is increasing in terms of bits and packets per second, according to Arbor Networks.
Although the largest attack monitored in the second quarter of 2015 was a 196 Gigabit per (Gbps) second user datagram protocol (UDP) Flood, Arbor says the growth in the average attack size is of most concern to enterprise networks.
According to the latest data from Arborâs active threat level analysis system (Atlas), 21% of attacks in the quarter topped 1Gbps, while the most growth was seen in the 2Gbps to 10Gbps range.
The data also shows a significant spike in the number of attacks in the 50Gbps to 100Gbps range in June 2015, which were mainly SYN floods targeting destinations in the US and Canada.
Arborâs data shows that reflection amplification DDoS attacks using the simple service discovery protocol (SSDP) appear to be abating compared with the first quarter of 2015, in which 126,000 were recorded, but they are still at the same level as the last quarter of 2014 of around 84,000.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d8cca186b8&e=20056c7556
New ISACA Governance Study Underscores Need for Business Involvement and Agility
Sydney, Australia (22 July 2015)â Corporate governance processes are at a weak level of implementation at most organisations, indicating that boards of directors are not sufficiently involved, according to a new global governance study commissioned by IT association ISACA. Conducted by the University of AntwerpâAntwerp Management School, Benchmarking and Business Value Assessment of COBIT 5 helps identify key gaps and priorities at organisations worldwide as well as how they are using the COBIT 5 business framework for information technology.
âThe findings are a call to action for board members to take responsibility for ensuring that their organisationâs information and technology are effectively governed and managed,â said Steven De Haes, an author of the survey report. âThere is a clear association between board involvement and strong organisational performance.â
The study results also underscore the need for a greater focus on agility.
COBIT 5 identifies seven key resources called enablers because they enable effective governance in an organisation. The study found that the most poorly utilised enabler in most organisations is culture, ethics and behavior. Services, infrastructure and applications are the most effectively leveraged enabler.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e8e4412486&e=20056c7556
Survey: Organizationâs size doesnât indicate its âsecurity maturityâ
Regardless of size, nearly three-quarters of companies lack the maturity to address cyber security risks, according to the inaugural âCybersecurity Poverty Indexâ released by RSA, The Security Division of EMC.
The index compiled survey results from more than 400 security professionals across 61 countries. Participants self-assessed the maturity of their cyber security programs against the NIST Cybersecurity Framework, and the results pointed to insufficient maturity across the board.
Of the organizations surveyed with more than 10,000 employees, 83 percent rated their capabilities as less than âdevelopedâ in overall maturity, suggesting that they see room for significant growth.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4912514608&e=20056c7556
Soteria Intelligence Announces Innovative Research on Social Media Threats and Counter-Messaging Strategies
LOS ANGELES–(BUSINESS WIRE)–Soteria Intelligence is pleased to announce the companyâs most recent research focused on analyzing anonymous social media threats as well as counter-messaging strategies to combat criminal and terrorist activity on social networks.
One of the biggest threats educational institutions face today is the use of anonymous messaging applications that have become a vehicle for delivering a wide variety of threats. Given the perceived anonymity of posts on such networks, Soteria Intelligenceâs research indicates that individuals often make more direct and violent threats when compared to threats that have been made on Twitter and other social networks in the past.
Soteria Intelligenceâs research on analyzing anonymous social media threats explores the use of linguistic pattern recognition to compare activity on public social networks where individuals have profiles (they’re identifiable) with activity taking place on anonymous social networks. âThe goal is to identify patterns as a way of revealing those who choose to operate under a veil of secrecy,â stated Aaron Schoenberger, CEO of Soteria Intelligence.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ee33c29f4b&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6235b56678)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)