[From the desk of Paul Davis – his opinions and no-one else’s]
And now for the news:
Yahoo unveils sneak peek at end-to-end email encryption plugin
After the company was thrown under the bus by the National Security Agency surveillance disclosures, Yahoo is following up on its promise to fight back. At SXSW festival in Austin, Texas, Yahoo chief information security officer Alex Stamos confirmed the company will introduce end-to-end encryption to its Yahoo Mail service by the end of this year. “Our users are much more conscious of the need to stay secure online,” Stamos said in a blog post. “We’ve heard you loud and clear.”…
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=403f78dc9b&e=20056c7556
Gamers beware! – Malware attacks “save files”
Gamers around the world are being targeted by these cyber-criminal groups using the virus that stops the gamers from playing their favourite titles unless they pay a ransom. Why? because hardcore gamers have great value in their saved files. This virus-ransomware seeks out saved and other user-generated files of an online game and encrypts them, blocking them from playing the game any further unless the victims pay atleast $500 in Bitcoins.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=126f9a54b8&e=20056c7556
Zurich launches cyber protection policy
Zurich has launched a cyber-protection policy with a global breach response service, designed to help companies face cyber risks.
The policy, ‘Security and Privacy’, has been specifically developed to cover first party exposures as well as cover for third party liabilities and includes a new cover to provide loss of income following a data breach or damage to reputation.
The policy, ‘Security and Privacy’, has been specifically developed to cover first party exposures as well as cover for third party liabilities and includes a new cover to provide loss of income following a data breach or damage to reputation.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=64597b65c5&e=20056c7556
The new breed of internet service provider: frontline of cyber security
Step forward, then, the new breed of ISP, which can offer a diverse range of services and become a trusted protector against the growing cyber threat. Protection will shift over time from protecting the device using traditional tools like antivirus to protecting network connections. These new frontiers can increase the lifetime value of the customer to the ISP, provide new revenue streams and impact customer loyalty.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ae9b0dbc99&e=20056c7556
Lookout bets on big data analytics to secure enterprise mobiles
“We use machine intelligence to analyse new apps every day and make correlations with every other app we’ve seen to protect mobile users,” said Aaron Cockerill, global head of enterprise products at Lookout. Now Lookout has 20 businesses beta testing its enterprise products ahead of the official launch in May 2015, with products set for release in the summer. Mobile app stores use Lookout’s application programming interface (API) to submit code to Lookout’s cloud-based systems, which respond with an initial assessment in ten seconds.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=10125c095d&e=20056c7556(UserUniverse:%201445363)_myka-reports@techtarget.com&src=5369414
Sixty-one per cent of IT heads would welcome larger fines for data protection breaches – survey
A survey of 150 UK businesses ranging from SMEs to large enterprises, commissioned by Fujitsu in December, found that by and large IT decision-makers welcome a tightening of rules around data protection.
Eighty per cent said that more stringent data protection laws are needed in this data-driven world, and 40 per cent do not believe that current regulation around data protection and privacy is adequate to protect an individual’s data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3de5b932a6&e=20056c7556
CIO trends for 2015 and beyond
The acceleration of digitisation and the increasing adoption of third platform technologies like cloud, mobile, social and big data present tremendous opportunities for CIOs to expand their role within the enterprise and spur corporate growth, but only if those CIOs can prepare their organisations for the coming changes, and adapt their existing business models for use in a different IT world.
4. By 2016, security will be a top 3 business priority for 70 per cent of CEOs of global enterprises.
6. By 2017, 80 per cent of the CIO’s time will be focused on analytics, cyber-security and creating new revenue streams through digital services.
These predictions show that we are living in a moment of great significance for CIOs. Great changes are coming in the not-so-distant future, and CIOs must be ready to make the most of these changes in order to ensure the continued relevance of their organisations.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f5f383a336&e=20056c7556
Information Security: The Most Important IT Initiative in 2015
CISOs face a difficult situation where they must reinforce cybersecurity defenses and oversight while supporting new IT initiatives. This means::
* Large organizations must scramble to get their houses in order.
* CISOs must be involved at the start of projects.
* Security must be baked into other meta-trends.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=87493887fd&e=20056c7556
Retailers say data security rules would be ‘poor fit’
The National Retail Federation is asking Congress to throw out any legislation that would force retailers to follow data security rules created for the banking industry.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=17d686103c&e=20056c7556
A global tour of data regulation
Every business now has the potential to be global. There are new ways to operate in different countries and markets, and this brings with it extraordinary opportunities for organisations large and small.
Laws surrounding the protection and handling of data vary wildly across the globe. Below is a quick snapshot of the current situation in some of the biggest global markets…
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2b5061569f&e=20056c7556
Known vulnerabilities pose biggest IT security threats
It’s often said, “There’s nothing new under the sun.” And that appears to be the case in the world of cybersecurity where hackers most often exploit known vulnerabilities to gain access to private computer files, according to HP’s 2015 Cyber Risk Report.
While newer exploits may generate more press, the report found that in 2014 the majority of attacks had exploited common misconfigurations of technologies and known bugs in code written years ago. The report found that 44% of breaches came from vulnerabilities that are two to four years old. According to the report, server misconfiguration was the number one vulnerability of 2014. Access to files and directories provide attackers with crucial information for additional avenues of attack and to determine if their method of attack was successful.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=52d7d90681&e=20056c7556
Native Hadoop Security Tools Not Enough to Protect Sensitive Data in Big Data Environments, According to Protegrity Survey
Protegrity surveyed nearly 150 attendees at last month’s Strata + Hadoop World Summit in San Jose, Calif. on their use of the Hadoop platform for Big Data projects. When asked whether data security is a critical requirement for their Hadoop data lake or hub, 86 percent said that it was. However, when asked whether native Hadoop security was enough to protect their data, only 11 percent said it met their data security needs.
Indeed, 80 percent of those surveyed indicated that their organizations are using Hadoop in production environments. Supporting the growing hype around Hadoop, the Protegrity survey also revealed that 80 percent of respondents said their organizations will be spending more on Hadoop-related projects this year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6b5dd2b109&e=20056c7556
#Iran gearing up to avenge
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6d45c86392&e=20056c7556
OpenSSL preps fix for mystery high severity hole
The hole will be patched as part of a series of fixes that will land on 19 March and apply to versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. “The highest severity defect fixed by these releases is classified as ‘high’ severity.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=70b53acd5b&e=20056c7556
10 Ways To Measure IT Security Program Effectiveness
Average Time To Detect And Respond
Also referred to as mean time to know (MTTK), the average time to detect (ATD) measures the delta between an issue occurring—be it a compromise or a configuration gone wonky—and the security team figuring out there’s a problem.
“By reducing ATD, Security Operations Center (SOC) personnel give themselves more time to assess the situation and decide upon the best course of action that will enable the enterprise to accomplish its mission while preventing damage to enterprise assets,” says Greg Boison, director of cyber and homeland security at Lockheed Martin.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1ddc90a562&e=20056c7556
‘Only three places take it seriously’: The bleak view of Italy’s online security
The first report, by the Italian Information Security Association (CLUSIT), details current cybersecurity threats both on a global and national level, focusing mainly on attacks that are public knowledge and have caused serious damage to the infrastructure and reputation of the victims. But, thanks to a collaboration with Fastweb, it also gives a broader perspective of the number of online threats that businesses and organisations have to face on a daily basis.
The second report, a collaboration between the University of La Sapienza’s Cyber Intelligence and Information Security (CIS) research unit and Microsoft Italia, highlights instead the vulnerabilities and strengths of public administrations’ digital infrastructure.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b5d441e976&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=1319d59f8e)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)