[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* U.S. manufacturers spend more on regulations than security: Philly Fed
* Global Physical Security Market to Reach $110B by 2020, Forecast Predicts
* Is Cloud Security An Exaggerated Concern?
* Free Wi-Fi hotspots are a major security threat for businesses
* Access Management Increases Security, Cuts Costs
* Motor Mouth: Ransomware is the future of car theft
* Post-intrusion report shows cyber attackers are getting quieter once inside the network
* Could the Bitcoin blockchain one day run your entire city?
* The future of ICS security depends on OT-centric security solutions
U.S. manufacturers spend more on regulations than security: Philly Fed
U.S.
Mid-Atlantic manufacturers on average have devoted more money to complying with regulations than to security on either their data and networks, or equipment and workers, a Philadelphia Federal Reserve survey released on Thursday showed.
These regional manufacturers when asked about their current capital expenditure said 5.8 percent goes to general state and federal regulatory compliance.
This is greater than the 4.7 percent on data and network security, and 2.8 percent on security on physical plants, employees and transportation.
Over the past few years, 73.9 percent of those companies surveyed said they have raised their spending to meet regulatory requirements in various areas including environmental and worker conditions.
No firms said they have cut expenditure in this area.
In comparison, 60 percent of firms said they have increased spending in data and network security, while 4.6 percent have scaled back.
Just over 31 percent of the regional manufacturers said they have ratcheted up spending on physical security, while 3.1 percent said they have reduced expenditure.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d2518b100c&e=20056c7556
Global Physical Security Market to Reach $110B by 2020, Forecast Predicts
Transportation — the largest application segment back in 2013 — is expected to remain the dominant segment by 2020, accounting for 20.1% of the overall industry.
The physical security market is witnessing technological innovation from analog to incorporated IP networked systems.
These technological shifts include disseminated public address environment integrated with smart devices, ubiquitous sensors, video displays, video analytics and power access systems.
Rising security concerns from hardware, personnel, network and information infrastructure will also positively impact the market demand shortly, according to Grand View.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d8447c0cdc&e=20056c7556
Is Cloud Security An Exaggerated Concern?
The results are in: We have made zero progress since 2010.
This was the year that IDC published results of a survey regarding cloud computing, and it found that security was the biggest barrier toward adoption.
This statistic has found its way onto pretty much every presentation about cloud computing since 2010.
Work within the Cloud Security Alliance (with whom we collaborated on this research) has begun to develop the necessary tools to provide the transparency so desperately needed.
For example, STAR is a registry that documents the security controls deployed by providers.
But perhaps the most encouraging tool is STAR Continuous Monitoring, which provides transparency of the security posture of a provider even after the auditor has left the building.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1872e49065&e=20056c7556
Free Wi-Fi hotspots are a major security threat for businesses
The recently released iPass Mobile Security Report says that 62 per cent of organizations are banning their mobile workers from using free Wi-Fi hotspots, with another 20 percent planning on doing the same in the future.
For 94 percent of surveyed companies, free and open Wi-Fi hotspots are a “significant mobile security threat”.
Out of the 500 companies from the US, UK, Germany and France that participated in the survey, 37 percent said free Wi-Fi hotspots were the biggest security threat, followed by employee lack of security attention (36 percent), and the devices in use (27 percent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=92ef3f63b2&e=20056c7556
Access Management Increases Security, Cuts Costs
Though IAM solutions are an investment at first, over time they actually save the organization a substantial amount of money.
This is mainly because there no longer needs to be one or more full-time employees handling account management, and these employees can be utilized elsewhere in the organization.
IAM solutions automate the complete end user lifecycle, requiring little to no manual tasks be performed.
For example, in education, at the beginning of each semester, several employees need to dedicate days of their time just to add new students and employees and move graduates to alumni status.
Another way IAM solutions can save money is through licensing costs.
Organizations tend to not review how many licenses they are paying for and how many are actually being used.
This has also been a major issue with employees who leave the organization.
Often, an ex-employee will still have access to an application that the company is unknowingly paying for.
Many IAM solutions provide an overview of access rights, allowing managers to see exactly who has access to what systems and applications to ensure they are paying for the correct number of licenses.
If there are any errors in access rights, an automated account management solution allows them to easily be corrected.
So, while IT spending may be cut back, investments in IAM solutions continue to grow because of security issues, flexibility and an overall cost savings.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bea80ef383&e=20056c7556
Motor Mouth: Ransomware is the future of car theft
Imagine you car has been stolen.
It’s brand new, you’ve barely made your third payment and it’s your first luxury car, a Mercedes or BMW with all the bells and whistles.
You held onto the old Taurus until the fenders almost rusted off, got pre-approved credit at the bank and cross-shopped online so assiduously that you could probably start writing for Driving.ca.
Here’s how it works: “Black hat” hackers — that’s the bad kind — install a worm that disables people’s most precious files.
Then they let them stew helplessly for a couple of hours, so that, when they finally send a malicious little email demanding money in return for control of the hard drive, the ransom demand is almost welcomed.
The average amount extorted, according to experts, is about $500.
But when you consider Forbes magazine estimates that just one “exploit” — Locky, which scrambles and renames all your important files — tries to extort as many as 90,000 victims around the world each and every day, you get an idea of how widespread ransomware already is.
Now, throw in the ubiquity of bitcoin — its untraceable nature is blamed for encouraging ransomware exploits around the globe — and then target industries with products notoriously lax in cyber-security.
Like, say, cars.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8222fe0653&e=20056c7556
Post-intrusion report shows cyber attackers are getting quieter once inside the network
Vectra Networks has published the results of its latest Post-Intrusion Report, a real-world study about threats that evade perimeter defences / defences and what attackers do once they get inside the network.
In the current report, all organizations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration.
Of the 120 participating organizations, 117 detected at least one of these activities during each month of the study.
Researchers found that not only are command-and-control (C&C) attacks increasing, accounting for 67 percent of detections, but the use of HTTP and HTTPS C&C for hidden tunnels also made a significant jump this year.
Together, HTTP and HTTPS tunnels accounted for 7.6 percent of all C&C detections, making them the third most-common C&C technique overall.
This trend was consistent when normalising for the number of hosts monitored.
Hidden C&C tunnels were observed 4.9 times per 1,000 hosts, which is up from 2.1 times per 1,000 hosts seen in the previous report.
Lateral movement, which enables attackers to spread from east to west to gather information, dropped significantly from 34 percent of total detections in 2015 to roughly 8.6 percent of total detections this year.
However, once inside the network, attackers appear to be getting quieter.
Of these lateral movement detections, brute force attacks – the most popular technique last year – are down significantly, while Kerberos client and automated replication activities increased over last year, tying at 36.3 percent of lateral movement detections.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=941c57a976&e=20056c7556
Could the Bitcoin blockchain one day run your entire city?
The idea is that by using a cryptographically secured and totally decentralized authority that can work at the speed of a computer, we should be able to keep power distribution, water treatment, self-driving transportation, and much more from ballooning beyond all practical limits as cities continue to grow.
With a robust public blockchain in place, cities could provide payment options for every business — why use your old plastic card, losing a fraction of the payment to an intermediary like a bank or credit card company and driving up the price, when you can transfer money quickly and securely, directly to a business owner?
There are basically three reasons to turn to the blockchain for a smart city: You’re an insurgent power in search of distinguishing features and the capacity to somehow continue your current, enormous rate of growth indefinitely (China); you’re a holiday destination with an economic incentive to stay ostentatiously futuristic (Dubai, in the UAE); you’re becoming so unwieldy that the concept of continuing to organize via old-world systems is just absurd (Los Angeles, maybe?).
How will cities — both existing ones growing to all new sizes and new ones springing up in developing nations — manage their ballooning organizational problems and stay competitive in the global market.
The answer might just be the blockchain.
And if not, the answer might be nothing at all.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c88ea86e33&e=20056c7556
The future of ICS security depends on OT-centric security solutions
New cybersecurity operational technologies are emerging to protect industrial control systems (ICS) against impending IT threats and attacks.
ABI Research indicates that demand will focus on network level security in the short term but eventually shift to place the significance on embedded security and lifecycle management.
As the market adapts, ICS vendors are at risk.
They will need to redesign next-generation control systems with digital security in mind.
Cybersecurity vendors need to create new product solutions for OT settings, as existing IT-based cybersecurity is not easily configurable.
The age-old technique for protecting industrial networks from attacks, namely separating them from the rest of the world using an ‘Air Gap’ is no longer a functionally or operationally feasible option in today’s connected world.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2ed99bfded&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f5fe89aa42)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)