[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
Finra CARDS data breach risk is real
The initiative by the Financial Industry Regulatory Authority Inc., which was recently put on hold for further evaluation amid negative feedback, was proposed as a means of collecting and analyzing broker-dealer client data. Finra’s stated goal for CARDS is to catch fraudulent activity early.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9ee68bd121&e=20056c7556
Gartner: Are security analytics key to breach detection – or just hype?
While most SIEM products can collect, store and analyse security data, the meaning that can be pulled from a data store (such as the security data found in a SIEM) depends on how the data is reviewed. How well a SIEM product can perform automated analytics — compared with user queries and rules — has become an area of differentiation among SIEM providers.
User behaviour analytics (UBA) is another example of security analytics that is already gaining buyer attention, says Ahlm. UBA allows user activity to be analysed, much in the same way a fraud detection system would monitor a user’s credit cards for theft.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6f987ee048&e=20056c7556
Cybersecurity, privacy not mutually exclusive, European data official says
An organization already exists to exemplify how the two issues interplay. The Budapest Convention on Cybercrime, established in 2001, is a “basis for cooperation in [the] fight against cybercrime based on respect for fundamental rights,” he said. Forty-five countries, including the United States and Australia, have ratified it.
Also, EDPS established the Internet Privacy Engineering Network last year to unite disciplines and developers from different areas to work together on implementing practical privacy.
Additionally, EDPS published in March a five-year strategy on cybersecurity that reinforces the rights to privacy and data protection in cyberspace, he said
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8526e5fe54&e=20056c7556
Cisco adds policy-based security to ACI platform
intrusion prevention system into the company’s software-defined networking platform to provide policy-based security.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=405940fd08&e=20056c7556
New Data Breach Notification Bill Lets States Keep Own Laws
Several Democratic senators have introduced a national data breach notification bill that will allow states to keep their own notification laws if they have more strict policies already in place.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8b294a0019&e=20056c7556
How the New ISO Cloud Service Standard Affects MSPs
The new international standard, designated ISO/IEC 27018 is described by ISO as “an important first step for protecting PII in the cloud. It is built on previous ISO guidance and will continue to evolve along with [cloud service providers] to provide more secure services upon which businesses can grow.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=90f4294d41&e=20056c7556
[India] Cyberdome Project: Police Urge Assistance of Firms
In a statement, Thiruvananthapuram range Inspector-General Manoj Abraham said that an online office would be established soon so that ethical hackers or cyber experts would give assistance to the police officials in the area of cyber crime investigation. “This online office with specially selected Cyberdome Officer will give assistance, suggestions to police to tackle issues in the cyber world. They will be given ID cards and ranks based on their contribution to the project”, he said.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4785ad420d&e=20056c7556
Ponemon Institute study finds innovation in payment technologies outpaces the security to prevent data breaches
Experian Data Breach Resolution and Ponemon Institute release the first industry study that closely examines payment technologies and how companies are managing the growing threat of data breaches.
Most executives support implementation of EMV “chip and PIN” technology, with 59 percent of survey respondents indicating it is an important part of their organization’s payment strategy. However, EMV is not the security silver bullet payment professionals have been waiting for, as barely more than half of respondents (53 percent) believe EMV cards will decrease the risk of a data breach.
Sixty-four percent of survey respondents believe it is more challenging to secure payment card information that other personally identifiable information.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2948079c2b&e=20056c7556
Survey Expects Banks Will be First to be Fined 100 Million Euros Under New European Union Legislation
Varonis Systems, Inc. VRNS, -0.38% the leading provider of software solutions for unstructured, human-generated enterprise data, conducted a survey in March of IT professionals who attended CeBIT, Europe’s largest IT show, about their general beliefs regarding the upcoming European Union (EU) General Data Protection Regulation, which is expected to go into effect this year or next.
80% think that a bank is the most likely organization to be the first to suffer the maximum fine (of 100 million Euros) for failing to meet the EU General Data Protection Regulation.
When asked in which country the bank is most likely to be based, of those surveyed 30% said Germany, 28% said U.S.A., and 22% said another EU country.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f3f4fd28d0&e=20056c7556
New Survey Finds A Vast Majority Of U.S. Small Business Owners Believe Cybersecurity Is A Concern And Lawmakers Should Do More To Combat Cyber-Attacks
BURLINGTON, Mass., May 4, 2015 /PRNewswire/ — Endurance International Group (NASDAQ: EIGI) today released the results of its 2015 Small Business & CyberSecurity survey, which found that 81% of small business owners believe cybersecurity is a concern for their business, with 94% stating they frequently or occasionally think about cybersecurity issues. The survey also found that 31% of small businesses have experienced a cyber-attack or attempted cyber-attack. However, despite these concerns, less than half (42%) of survey respondents have invested resources in cybersecurity protection in the last year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8f9e246c26&e=20056c7556
Rombertik malware destroys computers if detected
The malware, nicknamed Rombertik by Cisco Systems, is designed to intercept any plain text entered into a browser window. It is being spread through spam and phishing messages, according to Cisco’s Talos Group blog on Monday.
That behavior is not unusual for some types of malware, but Rombertik “is unique in that it actively attempts to destroy the computer if it detects certain attributes associated with malware analysis,” wrote Ben Baker and Alex Chiu of the Talos Group.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=69bae6f0ad&e=20056c7556
APWG Q4 Report: Phishers Target Retail Sites While Crimeware Proliferation Explodes
The APWG reports in its new Phishing Activity Trends Report that during the 4th quarter of 2014, a record number of crimeware variants were detected, a strategy of overwhelming proliferation of variations designed to defeat antivirus software. Meanwhile, phishers increasingly targeted retail and service sites, hoping to take advantage of the burgeoning numbers of online shoppers.
Retail/Service was the most-targeted industry sector in the fourth quarter of 2014, representing 29.37 percent of phishing sites, not a great surprise during the holiday season. Payment Services continued to be popular targets, with 25.13 percent of attacks during the three-month period, according to APWG member Internet Identity. “The final quarter of 2014 also witnessed a raft of email-based phishing attempts against well-established financial institutions, possibly timed to coincide with both the holiday spending increase and heightened consumer fears in the wake of corporate security breaches,” said Carl Leonard, Principal Security Analyst, Websense Security Labs.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0824ea7e0f&e=20056c7556
Zuck’ed up: Facebook opens up free internet in India – but bans HTTPS
The social network offers free mobile internet access to people in India, Tanzania, Kenya, Colombia, Ghana, and Zambia – provided they have a phone that can run the Opera web browser, it can connect to a mobile data network, and they stick to 38 selected websites – which range from Facebook and Wikipedia to health-information sites and a Reuters feed of farm prices. People visiting sites via Internet.org will not be billed for their mobile data use.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7db6ffc383&e=20056c7556
Mozilla to whack HTTP sites with feature-ban stick
Insecure websites will be barred from using new hardware features and could have existing tools revoked, if Mozilla goes ahead with a push towards HTTPS.
Webmasters that don’t turn on HTTPS could be excluded from the new features list under a Mozilla initiative designed to rid the net of careless clear text gaffes, sending a “message” to developers that their web properties need to be secured, regardless of content served.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cf247c3092&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=91f82b104a)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)