[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Study of CEOs Reveals Alarming CyberSecurity Trends
The report, entitled, Global CEO Outlook 2015, included information garnered from over a thousand CEOs of companies with at least $500M in revenue in ten major economies around the world.
While the executives generally expressed confidence about their respective businesses’ abilities to flourish over the next three years, about two thirds of CEOs expressed some level of concern regarding their firms ability to keep their offerings as “relevant” three years from now as they are today, and almost three quarters of the CEOs expressed concern about keeping current with new technologies in a rapidly changing world.
More scary, however, was what the CEOs said about the risk of a crippling cyber attack to their businesses: A whopping 50%–half the CEOs polled–indicated that their firms are either not prepared, or only partially prepared, to deal with a major cyber event.
At the same time, however, only one fifth of the CEOs considered information-security risk to be at the top of their list of business concerns.
This combination–from the firms that are generally-speaking among the best financially-equipped to deal with cyber-risk–clearly illustrates that serious cybersecurity challenges remains severely unaddressed; it should not shock anyone if major firms continue to suffer significant breaches in the not so distant future.
Another interesting statistic that Marshall discussed with me is that American CEOs (making up about a third of the CEOs polled) were generally much more confident of their respective businesses’ abilities to fight off cyberattacks than were their peers in Europe and Asia, with 87% of CEOs in the USA expressing that their operations were ready to address major cyber incidents.
One thing is certain, however: hackers will be targeting businesses–and firms that are unprepared will likely pay a hefty price.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ed84e8fc82&e=20056c7556
On Cyber Information Sharing, It’s the Medium Not the Message
When Senators return to Washington, DC this fall, they will take up work on legislation to make it easier for companies to share cybersecurity information with each other and with the government.
The future of the bill, the Cybersecurity Information Sharing Act, is uncertain.
Beset with concerns over privacy and civil liberties, many past attempts at addressing this issue have failed to reach the President’s desk.
One of the bill’s primary objectives is to ensure that companies aren’t liable for sharing cybersecurity information with government.
But liability is not the problem it was once thought to be.
Companies exchange millions of pieces of cybersecurity information each day.
Non-profit groups like the Financial Services Information Sharing and Analysis Center, the Center for Internet Security, and the Cyber Threat Alliance have coalesced whole industries to share data.
Private companies like ThreatConnect, TruStar, and AlienVault provide information sharing services to their clients.
A better model has been piloted by the Department of Defense for several years.
Companies within the defense industrial base like Lockheed Martin, Boeing, and Raytheon have access to such capabilities today.
They use a separate classified network called the DIBNET to share cybersecurity information securely with each other and with the Department of Defense.
Only personnel working at participating defense companies that have been cleared through the background investigation process made famous by the hacking of the Office of Personnel Management can access the network.
Cybersecurity is often characterized as a partnership between the government and the private sector.
For that partnership to be fully realized, private companies bearing the costs of defending themselves against nation-state adversaries like China and Russia must be allowed access to the same networks and same information that federal agencies use to prevent and respond to cyberattacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=88db8c66e0&e=20056c7556
Ransomware Up, Spam Down: Seven Security Trends
The seemingly relentless growth of malware has not abated in 2015, though there are some reasons to be optimistic, according to the latest security statistics from Intel Security.
Intel Security’s McAfee Labs released its August 2015 Threats Report on Sept. 1, detailing the state of the threat landscape during the second quarter of 2015.
Among the trends noted in the report is the fact that ransomware attacks continue to accelerate, a trend that McAfee also reported in the first quarter of 2015.
For the second quarter, McAfee Labs reported a 58 percent quarterly gain in the number of new ransomware samples it detected.
Another continuing trend is the growth of mobile malware, which grew by 12 percent in the second quarter over the first quarter.
Mobile malware attacks, however, are not uniform geographically, with infection rates statistically higher in Africa and Asia than in North America and Europe.
On a more positive front, as was the case in the first quarter, McAfee Labs is reporting yet another quarterly decline in the volume of global spam, marking the third consecutive quarter of decline.
In this slide show, eWEEK examines key takeaways from the August 2015 McAfee Labs Threats Report.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b550f8f1fb&e=20056c7556
Cloud Security Alliance touts data breach sharing scheme
The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
The CSA has set out its proposals in a new white paper The Mandate for Meaningful Cyber Incident Sharing for the Cloud, in which it says: “A major impediment to protecting information assets in an enterprise is the unwillingness and/or inability to share cybersecurity incident information.
Fear of public exposure and resulting legal ramifications has caused organisations to withhold critical attack signatures that could have impeded or even prevented several of the industry’s most notable breaches.”
The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a4d67c9b59&e=20056c7556
ICO advises businesses on how to avoid falling foul of new EU data protection regulation
The Information Commissioner’s Office (ICO) has published advice to British businesses on how they can prepare for the imminent and far-reaching European Union reforms to data protection.
It is expected that the EU will release the finalised General Data Protection Regulation later this year – or, increasingly likely, in early 2016 – which will see it take effect in all 28 EU member states after a two-year transition period.
The ICO also suggests that ‘privacy by design’ as a concept that every organisation should follow, with privacy being at the forefront of business decisions.
This, Smith said, means many organisations will need to ask a few questions of their own processes.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e884b59f25&e=20056c7556
Microsoft fixes five critical flaws, including two hitting all versions of Windows
You can count this month’s most critical patches on one hand.
That’s the good news.
The bad news is that almost every major Microsoft product requires a patch to fix ongoing security vulnerabilities, including two patches that affect all versions of Windows.
For this month’s so-called Patch Tuesday, the company has issued 12 bulletins fixing 56 separate vulnerabilities in some versions of Windows, Microsoft Office, and even the new Microsoft Edge browser
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fba1dadb0b&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=957ee08460)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)