[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
End-to-end encryption is key for securing the Internet of Things
The Internet of Things (IoT) is one of the hottest buzzwords these days.
It seems like almost everything is being connected, including cars, streetlights, oil rigs, wearables and more.
By the end of this decade, Gartner estimates there will be 26 billion IoT devices in service, while IDC predicts 28.1 billion.
Those attacks are in addition to those that leverage the IoT to steal credit information, corporate secrets and other data.
The Ponemon Instituteâs 2015 Cost of Data Breach Study: Global Analysis says the average cost of each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 this year.
IoT will drive that cost even higher simply because it increases the number of attack opportunities.
In fact, IDC predicts that by the end of 2016, 90 percent of all IT networks will have experienced an IoT-based security breach.
Within the next five years, 90 percent of all IoT data will reside in third-party clouds, IDC predicts.
That statistic is just one example of why enterprises, government agencies and other organizations should take adopt an âencrypt-everythingâ strategy to protect against IoT-enabled breaches.
In the Internet of Everything, data will reside everywhere, which means a lot of that data canât be protected by traditional, network-centric devices such as firewalls.
Only end-to-end encryption can provide the security necessary to minimize IoT-enabled breaches.
However, the encryption technology must be designed for modern use cases and devices, such as by making the most efficient possible use of processors and batteries.
Organizations that choose the right encryption solution and then apply it everywhere will be best equipped to address IoT-enabled threats.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c4e0619f8f&e=20056c7556
Why you Should Start Considering an Endpoint Management Upgrade
Rather than managing and reporting on all endpoints in a holistic way, todayâs marketplaces are managing different endpoint classes (PCs, servers, mobile devices) and non-traditional endpoints (ATMs, kiosks, and POS systems), with a wide range of toolsâand sometimes with completely different IT teams.
On top of that, they may use a variety of tools for different environments (Windows, Mac, Linux, etc.), as well as for different lifecycle functions (configuration, security enforcement, patching automation, etc.).
This system of management is becoming extremely inefficient.
Unified endpoint management (UEM) is the solution to ITâs fragmented endpoint management issue.
This full lifecycle management of endpoints allows organizations to utilize one single vendor and systems management platform to support a diverse and ever-growing deployment environment.
VDC Research recently released a full report on the business value of UEM solutions, in addition to discussing the top businesses innovating in the space.
In this report, VDC Research analyzed survey data from over 90 IT decision-makers, who either had direct involvement in purchasing and/or using endpoint management solutions within their organization.
Itâs a veritable smorgasbord of information that makes a serious business case for switching to UEM solutions.
Even with this rather apparent need for multi-endpoint management, few solutions have emerged that are truly implementing an effective, worthwhile endpoint management strategy for both traditional and mobile endpoints.
VDC stresses the operational and cost efficiencies that UEM solutions provide, which exceed the limitations of two separate management tools.
Along with the shared use of hardware, people, resources, and policy infrastructure, UEM offers IT admins with improved organization-wide mobility that encompasses all endpoint devices â one endpoint management solution to rule them all.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ab132e5f07&e=20056c7556
EU, U.S. clinch data-sharing deal for security, terrorism cases: document
BRUSSELS (Reuters) – The European Union and the United States have clinched a deal protecting personal data shared for law enforcement purposes such as terrorism investigations, according to a document seen by Reuters.
The text of the agreement has been finalized, according to the document.
A person familiar with the matter said it will be initialed by the chief negotiators in Luxembourg on Monday or Tuesday.
That would signal the end of talks.
The two sides have been negotiating for four years over the so-called “umbrella agreement” that would protect personal data exchanged between police and judicial authorities in the course of investigations, as well as between companies and law enforcement authorities.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e4f3eca411&e=20056c7556
Six Security Hang-ups: Beware the Black Holes
How secure are you about your security.
According to the past three Trustwave Global Security Reports, the hospitality industry is one of the top three most compromised industries.
And Privacyrights.org reports a 50 percent increase in hospitality breach disclosures in 2014.
Below are the top security pitfalls among hospitality businesses as identified by Trustwave:
– Insufficient malware protection
– Employees have too much access
– Lack of BYOD security
– Outdated security controls
– Unsecure applications and databases
– Customer approval supersedes security
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d388b17105&e=20056c7556
Act on your Threat Intelligence
Warning intelligence attempts to answer two main questions: whatâsmost likely to happen and whatâs the most dangerous thing that can happen.
The idea being if youâre prepared for the worst, anything that falls short should be dealt with handily.
The problem of course is that few people think the worst is going to happen to them.
A decision-maker may opt toheighten readiness (âHey everyone, keep your eyes open this weekâ) but take no far-reaching action because the âmost likelyâ scenario is something existing mechanisms and capabilities can address.
But what about the âmost dangerousâ scenario.
Well, what used to happen, with alarming frequency, was that decision-makers would look at their position (Generals or Admirals) and trust in the thought- and decision-making process that got them those stars and say, âWhat do those nerds know anyway.
How could a bunch of hackers cause me any pain and suffering?â
Cyber threat intelligence is just one of many things that you can use to help defend your enterprise, but it is not a silver bullet.
The vast majority of the time the warnings you receive are going to be busts.
Youâre going to start to think over time that because nothing you have been warned about has ever happened nothing will ever happen.
Thatâs the point at which youâre going to devalue intelligence and be caught by âsurprise.â Intelligence will have âfailedâ you and you will go looking for heads to cut off.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1bbc4e9f79&e=20056c7556
Borderless Cyber 2015
OASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber threat intelligence best practices and tools.
Hosted at The World Bank D.C. headquarters, the forum program will feature presentations from experts responsible for cyber security initiatives for public, private, and global institutional sectors.
In order to facilitate meaningful interaction, attendees are encouraged to share their questions, challenges, experiences and recommendations with our expert panel of presenters.
Current initiatives aimed at sharing cyber threat intelligences and response information in real time through systems and software will be a highlight.
Best practices, standards, specifications, and tools, such as STIX, TAXII and CybOX, will be part of the program.
Executives responsible for developing, influencing and managing critical infrastructure security decisions are invited to attend this conference.
This includes…
Onsite participation is limited, use our online reservation form to reserve a seat.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9eb790c569&e=20056c7556
Akerlof And Shiller, Phishing For Phools
George A.
Akerlof and Robert J.
Shiller, who previously collaborated to produce Animal Spirits, have joined forces again.
Their new book is Phishing for Phools: The Economics of Manipulation and Deception (Princeton University Press, 2015).
Their thesis is simple but powerful: that “competitive markets by their very nature spawn deception and trickery, as a result of the same profit motives that give us our prosperity.” (p. 165) Economies “have a phishing equilibrium in which every chance for profit more than the ordinary will be taken up.” (p. 2) Free-market equilibrium undermines our plans to eat healthily, it makes us pay too much for our cars and houses, it transforms rotten assets into gold.
We have weaknesses that can be exploited (monkeys on our shoulders), weaknesses that free markets by their very nature exploit.
Akerlof and Shiller modestly claim to be making only “a small tweak to the usual economics (by noticing the difference between optimality in terms of our real tastes and optimality in terms of our monkey-on-the-shoulder tastes).
But that small tweak for economics makes a great difference to our lives.
It’s a major reason why just letting people be Free to Choose – which Milton and Rose Friedman, for example, consider the sine qua non of good public policy – leads to serious economic problems.” (p. 6)
Phishing for Phools forswears technical language, making this book accessible not only to economists but to consumers and policymakers.
It should make everyone rethink the unfettered free-market model.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6062027455&e=20056c7556
Angler plonks August’s Flash feeding frenzy into its boat
Crooks behind the world’s worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite’s long list of attack vectors.
Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs.
French malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors.
The Angler exploit uses Diffie-Hellman key exchange to help tailor attacks to victims, a method authors used last month when they rolled in an Internet Explorer double-free vulnerability into the hacking kit. ÂŽ
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b9b648fbed&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=59c58fe616)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)