[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
State of the Network study: How security tasks are dominating IT staff
The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.
The 2015 Network Instruments State of the Network Study found 85% of network teams regularly engage in security investigations today, with nearly one-fourth of those teams working on security tasks from 10 to 20 hours each week.
One finding from the State of the Network Study that really stood out was the top three methods for identifying security issues:
– syslogs
– Simple Network Management Protocol
– Tracking performance anomalies
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61ac3b34df&e=20056c7556
Threat Intelligence May Not Be The Answer
Rob Sloan Head of Cyber Content and Data, Dow Jones Risk and Compliance
Threat intelligence, according to many security vendors, is a key part of the solution to network defense. Organizations are encouraged to spend tens of thousands of dollars on intelligence feeds that will actually do very little to substantially improve their cybersecurity. For many, threat intelligence will be a complete waste of money.
The argument from the vendors is simple: knowing what threat actors are doing allows proactive protection of networks. To generate insight, vendors employ teams to analyze data from deployed security appliances or client networks where incident response work was conducted.
At its best threat intelligence might provide occasional protection from attacks. At its worst it is an expensive source of information that bears no relevance to securing a network and may mislead decision-makers. Knowing the threat actors who are seeking to attack can be useful, as can identifying business critical data, but knowledge of other attacks is not required for that. Limited security budgets are better invested in resources and technology to strengthen defenses, identify and respond to attacks and to prevent damage rather than on cyber clairvoyance.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c755773de0&e=20056c7556
Key Components of a High-Performing Information Risk Management Program
Creating an information risk management program consists of designing, implementing and maturing security practices to protect confidential information, critical business processes and information assets across the organization. A high-performing information risk management program is one that recognizes IRM is an ongoing business process requiring the support of departments, functions and individuals throughout the organization. Over the years, these programs have evolved from a security operations and technology focus to a more holistic, organization-wide approach involving multiple levels of people, processes and technology. This has led to significant changes in the role and scope of the program and has expanded the portfolio of activities that fall under its umbrella.
Typically, establishing a high-performing information risk management program can take three to five years in large organizations. Maintaining executive commitment and investment for the duration is essential. Carefully choosing a combination of both short-term, low-hanging-fruit projects that emphasize value and longer-term infrastructural and cultural change projects will provide incremental increases in program quality while strengthening executive support. Attempts to build a program can fail because management does not take advantage of the lessons learned from other organizations. Understanding and implementing the key components a high-performing information risk management program will ensure success.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=72445bc420&e=20056c7556
Cybercrime costs SA in excess of R3 billion
A new study has found that South Africa is the most affected by cybercrime in Africa. The study was conducted by the University of Johannesburg’s Centre for Cyber Security.
“There are some international statistics proving that South Africa is third on the international list of the number of cybercrime victims, we are then number one in the African continent…”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e04af50b2f&e=20056c7556
CIOs And Security: Time To Rethink The Processes?
Businesses need to develop new security responses to address gigantic attacks, and the CIO is in the best position to lead the way.
First, IT needs to recognize that the traditional methods of dealing with security breaches are not enough to effectively respond to the massive break-ins. “Companies are under attack every day,” said Bill Stewart, executive VP at Booz Allen and leader of the firm’s commercial cyber-business, which in April issued a report titled “Emerging Trends: Big Changes in Cyber Risk, Detection, Improved Incident Response.”
To be successful, a business needs unprecedented levels of cooperation among different departments and a proactive, top-management-involved approach to dealing with security threats. The enterprise needs to form a cyber-crisis management team, a group that deals only with high-level threats.
“We are seeing a slow but growing awareness among CIOs that a new approach is needed to dealing with massive breaches,” said Stewart. The process starts with the CIO recognizing the need for handling massive breaches in their own way and then putting the response pieces in place.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=75ba812921&e=20056c7556
Research Reveals Great Disconnect Between Loss Prevention, IT and Other Business Units in Retail
CHELMSFORD, Mass.–(BUSINESS WIRE)–Axis Communications, the global leader in network video surveillance, today revealed the results of “The Great Disconnect Between LP and IT,” a 2015 study by IHL Group, a global research and advisory firm specializing in technologies for the retail and hospitality industries. The research illustrates the differing ways in which IT and loss prevention (LP) teams view priorities, including staff and budgetary allocation. It also outlines the barriers to a closer LP to IT relationship and new revenue-generating functions of IP-enabled technologies.
Research suggests that after using IT budget to fund significant data breach protection and PCI certification efforts, retailers on average still have 6.4 percent of that budget left to spend on other LP priorities. As organization revenues increase, PCI and data breach protection costs level out, and IT budgets continue to grow linearly, larger retailers end up with two to three times more funds than smaller retailers for additional LP activities, such as organized retail crime and slip and fall prevention, electronic article surveillance (EAS), CCTV, video analytics and more.
“Our team has noticed a clear disconnect in retail between IT and LP departments when it comes to budget, focus and staffing,” said Hedgie Bartol, Business Development Manager, Retail, for Axis Communications. “This is a natural and expected interaction given their differing priorities, but IHL Group’s research has put in place actionable feedback and future-looking opportunities due to IP surveillance technology advancements that can be put in place organization-wide to create stronger relationships and ultimately, turn up revenue from a department otherwise known as a cost center.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=63abaab30c&e=20056c7556
Ten data center trends driving change in 2015
IT professionals need to pay attention to new developments, and consider the impact that those products or initiatives can have on the data center — and the business. At Gartner’s IT Operations Strategies and Solutions Summit 2015 here this week, analyst David J. Cappuccio outlined 10 IT trends poised to impact data centers over the next year and beyond.
1. Non-stop demand
2. Treating business units as technology startups
3. Internet of Things
4. Software-defined infrastructure
5. Integrated systems evolution
6. Disaggregated systems
7. Proactive infrastructures
8. IT service continuity
9. Bimodal IT
10. Scarcity of IT skills
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=22517b0acd&e=20056c7556
Akerman Joins in Launching Data Law Group
Data security and information governance are the hot practice areas for law firms these days, and nearly every month a new law firm unveils a rebranding effort or a new practice group angling to grow its business in this area. The latest is Akerman, which launched an 18-person Data Law group this month that will focus on data security, information governance and eDiscovery.
Like other law firms operating in this area, Akerman believes data law is a growth area, a view supported by many experts. Mary Meeker, of venture capital firm Kleiner Perkins Caufield & Byers, also highlighted the need for better cybersecurity in her annual presentation on Internet trends earlier this year.
There’s also one other reason Akerman wants to make sure its clients know it has expertise in cybersecurity: Many clients are aware that law firms hold all their data and could be “the soft back door target” for hackers if there data security isn’t up to snuff, according to Tully.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b487d69dff&e=20056c7556
Exploit code released for unpatched Internet Explorer flaw
Researchers at computer giant HP have published exploit code that can be used to attack a weakness in Internet Explorer, after Microsoft refused to issue a patch.
In a blog post, Dustin Childs, HP senior security content developer, said the move to publish the flaw was not out of “spite or malice,” but was in accordance with its own disclosure policy.
“Microsoft confirmed in correspondence with us they do not plan to take action from this research, we felt the necessity of providing this information to the public,” said Childs. That’s in spite of Microsoft earlier this year awarding the team $125,000 — which was later donated — for discovering the flaw.
The bug allows an attacker to bypass Address Space Layout Randomization (ASLR), which acts as one of the many lines of defense in the popular browser. But the flaw only affects 32-bit systems, which the HP researchers said still affects millions of systems, even if many systems nowadays are 64-bit.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d5fbab84dc&e=20056c7556
How more joined-up security thinking could save billions in data breach costs
A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.
Very often, security breaches are the result of simple oversights that cybercriminals are always quick to exploit. You can reduce these risks with a security framework that is integrated, coordinated, and context-aware. And as we have noted, this is especially critical for SMB organizations, which typically lack dedicated IT security personnel.
Ultimately, such a joined-up approach will reduce costs and improve security at the same time, simply by requiring fewer products to procure, deploy, manage and expensively maintain.
So maybe we can all think and act in a more joined-up way. With smart investment in the education of staff and products that work better together, we might see more businesses reducing the risk of breaches while avoiding some of the costs.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fc6837b74d&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=96a8020d36)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)