[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
When it comes to Cloud security which is better? Heavy hand or gentle policing?
To get a sense of what enterprises think about Cloud deployments and cloud security, we recently reached out to Jim Reavis, cofounder and chief executive officer at the Cloud Security Alliance.
As a nonprofit, the Cloud Security Alliance promotes the use of security assurance best practices in cloud computing, as well as Cloud computing education.
Reavis is an information security industry vet and has advised on industry business launches, mergers and acquisitions, and IPOs.
Since its founding, the Cloud Security Alliance has launched numerous successful cloud security efforts, including the cloud security provider certification program, the CSA Security, Trust Assurance Registry (STAR), a cloud provider assurance program of self assessment, third party audit and continuous monitoring, and the cloud security user certification the Certificate of Cloud Security Knowledge (CCSK).
Enterprises also are learning now how to transition into cloud and to understand the level of security they are getting from cloud providers.
Enterprises will always have a role in securing their cloud deployments, whether it’s more of the implementation of the technical controls inside private cloud or if it’s more due diligence and procurement efforts and looking for the assurance from the providers that they adhere to secure practices.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e96b1d6f46&e=20056c7556
Cybersecurity Policy Framework for South Africa finally published
The State Security Departmentâs National Cybersecurity Policy Framework, which was approved by Cabinet in 2012, has finally been published.
The Right2Know (R2K) campaign said recently that, until October, the document was regarded as classified.
The policy framework was published in last weekâs Government Gazette.
It comes on the heels of the closure of public comments by the State Security Department on its controversial draft Cybercrimes and Cybersecurity Bill on November 30.
The bill seeks to create offences and impose penalties on cybercrime.
It also seeks to impose obligations on electronic communication service providers regarding aspects that may affect cybersecurity.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bdd2fb865d&e=20056c7556
Cyber attacks can cost airlines ‘millions’
Geneva â Cyber attacks can cost airlines hundreds of millions of dollars in revenue and irreparably damage their reputations, according to Carolina Ramirez, global director of security and facilitation at the International Air Transport Association (Iata).
Cyber attacks in the industry can vary from on-board or in-flight interferences affecting on board flight systems, navigation devices and communications to operational disruptions and business disruption (like bookings and check-in).
So far in 2015 at least five airlines and two airport operations have been publicly reported as victims of targeted online attacks, she said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0da54cfb1d&e=20056c7556
Twitter users are getting attacked by government hackers, site warns
âState-sponsored actorsâ have been looking to take information such as email addresses and phone numbers by breaking into a âsmall group of accountsâ, the site has warned.
Twitter has told its users that they appear to have been hacked before.
But this seems to be the first time that it has explicitly blamed governments â though it did not attribute the hacks to any specific country.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f525f61467&e=20056c7556
J.P. Morgan, Bank of America, Citibank And Wells Fargo Spending $1.5 Billion To Battle Cyber Crime
Thereâs a showdown going down between a global network of cyber criminals and the worldâs largest corporations, governments and cybersecurity companies.
The British insurance company Lloydâs estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business.
Some vendor and media forecasts put the cybercrime figure as high as $500 billion and more.
The biggest U.S. banks are responding to the cyber crime epidemic with some of the biggest security budgets.
The Wall Street Journal reported in August that J.P.
Morgan Chase & Co. expects its cybersecurity spending to be around $500 million in 2016.
That figure is more than double the $250 million it spent on cybersecurity in 2014.
In a live interview from Davos Switzerland on Bloomberg earlier this year, Bank of America Corp.
CEO Brian Moynihan said the nationâs second largest lender will spend $400 million on cybersecurity this year⌠and it is the first time in 20 years of corporate budgeting he has overseen a business unit with no budget.
Moynihan said the only place in the company that doesnât have a budget constraint is cybersecurity.
A Crainâs article recently stated that Citibankâs IT security budget reportedly tops $300 million.
Yahoo Finance reports that Wells Fargo spends roughly $250 million a year on cybersecurity.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e82cdc5e04&e=20056c7556
LogRhythmâs Top 10 Security Predictions for 2016
LogRhythms 10 Security Predictions for 2016 By Simon Howe, Sales Director ANZ An uptick in all-in-one home surveillance systems.
We are seeing more motion sensing/camera/recording devices in the home that can be managed through personal devices.
This type of technology âŚLogRhythmâs Top 10 Security Predictions for 2016
An uptick in all-in-one home surveillance systems.
A rise in the use of mobile wallet apps.
New model of what to protect.
Identity access management: The unsung hero.
The next big attack target: Education.
Emergence of hacking for good.
Security is in a renaissance.
Next steps for CISA, open sharing of threat intelligence.
Ransomware gaining ground.
Vendors need to step up
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fa23b2a1fd&e=20056c7556
R.I.P. APTs, hello stealth attacks
As such, in the months and years ahead, organisations need to prepare themselves for an eerily quiet onslaught of attacks that are fundamentally designed to infect victims, steal data, and exit â and all without leaving a trace.
Such campaigns will:
– Use memory-resident and file-less malware that deftly avoids detection.
– Repurpose off-the-shelf malware that, unlike rootkits, custom malware and bootkits, arenât burned by security researchers when discovered.
– Build custom attack vectors to exploit specific targets.
– Cloak both bad guys and their intentions, since theyâll be lost in a huge pool of remote access trojans that are available for sale in the cyber underground.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d1d0d22a72&e=20056c7556
IT Specialistsâ 2016 Predictions: Three key Areas for Growth
Prediction #1: Managed service providers will become more popular amongst small to midsized businesses.
Prediction #2: Compliance overlay of management is critical.
Prediction #3: Management of private and public clouds will separate.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2c799b902c&e=20056c7556
Advice to help today’s CISOs succeed at security leadership
Part of Renee Guttmann’s job as vice president of the Office of the CISO at Accuvant Inc. is to provide guidance to information security leaders across a variety of enterprises.
“The biggest issues I’m seeing right now or the challenges that folks are facing,” Guttmann said, “is that what they’re really missing is a strategy.
This is what they’re being asked for by their boards; they’re being asked this by their companies.
“It’s critical that CISOs and security practitioners make the time to be involved with the community and learn how others are dealing with it,” Guttmann said. “Security leaders must make their staff also take the time to network and learn what’s going on in their particular space.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=86abf03ac1&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=bda2a276ab)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)