[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Spotting an Attacker’s “Tell” through Data Analysis
A tell in poker is a change in a player’s behavior or demeanor that is claimed by some to give clues to that player’s assessment of their hand.
A player gains an advantage if they observe and understand the meaning of another player’s tell, particularly if the tell is unconscious and reliable.
Some are easier to read than others.
Some occur right away at a point in time, like a scratching above the eye, other times it can be a pattern over time, like a slow sweat that builds.
Defenders armed with the right information, and the right analytical technology, gain the advantage of having visibility into behavior –so that when the attacker elicits their tell, the defender can take notice and quickly take the correct action.
Today’s sophisticated attackers use ways to get information and sortware in and out of the organization that evade detection, leveraging what are known as “covert channels.” For example, Phishing scams typically use covert channels to deliver malware to victims, making it difficult to spot that initial “click”.
And, after compromise, today’s threats often use covert channels to effect “command and control” of victim endpoints, hiding communication traffic amongst normal web traffic.
This can take weeks or months before this “command and control” is started to be used, making it even more difficult to detect.
Even with a trained eye, it can be difficult to spot them.
Tells over time require access to the right data, the ability to apply analytics to the data, the expertise to know what they’re looking for, and the tools to help them more easily hone in on the suspicious behavior.
Using Big Data and data science techniques to spot the use of covert channels means that security teams can spot these sophisticated threats (tells) quicker, and reduce the likelihood that an attack harms the organization.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9c0ee10cf3&e=20056c7556
Security Stands As Top Factor In Digital Brand Confidence
Security is one of the biggest factors in building or eroding consumer confidence in businesses online, according to a new report out by the Ponemon Institute today.
Twice as many consumers are likely to distrust a digital brand for poor security as those who get annoyed by stringent security when dealing with shopping, banking, and online services, the report shows.
Commissioned by Neustar, the report found that half of all consumers say security and privacy are important to brand perception.
But diving into the numbers, it is clear that consumer behavior is impacted even more heavily by security concerns than customers realize.
For example, 69 percent of consumers have left a website because of security concerns.
The survey showed that three out of four consumers report that they do not trust websites that have identity and authentication procedures that appear too easy.
And in a crossover with IT operations concerns, 88 percent of consumers report that website downtime causes them to distrust a site.
In the latter case, even though 84 percent of consumers have no idea what a DDoS attack is, uptime is a big concern.
Approximately 67 percent of consumers lose trust in a site when pages load slowly and more than three quarters worry about security when site performance is sluggish.
The report found that 63 percent of consumers distrust brands that have been breached, and even a year after the breach occurred, over 50 percent of people view the brand negatively.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dc31a3fe4e&e=20056c7556
National Survey Finds Healthcare Costs and Cyber Security Are Top Business Threats
The Graham Company, one of the Mid-Atlantic region’s largest insurance and employee benefits brokers, today announced the results from its 2015 Business Risk Survey, a national survey of 300 senior business professionals.
The survey revealed that nearly three quarters of business leaders are most concerned about potential risks associated with healthcare costs and cyber security threats to their organizations.
The survey also found that even though business leaders perceive that they are taking the adequate measures to protect their organizations, in reality they’re falling short of doing what’s necessary to mitigate the risk associated with these potential threats.
According to The Graham Company’s survey, 64% of respondents felt that their organization was either very well prepared or fairly well prepared to address the risks associated with healthcare costs, and 83% of respondents felt the same way about employee safety in the workplace.
However, only slightly more than half of respondents regularly consulted with an insurance or risk management expert to review plans for mitigating risk.
Survey results show that companies’ fears regarding cyber threats are significant, with nearly half of respondents expressing that they felt there was a significant level or risk
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=377aff048d&e=20056c7556
5 Ways GRC Can Bust Workplace Silos
OVERLAND PARK, KS –(Marketwired – August 27, 2015) – Workplace silos are defined as “groups or departments within an organization that work in a vacuum with little functional access to other groups, or little communication with them.” They present an obstacle to collaboration, especially in larger organizations with multiple departments.
While breaking down siloed departments must begin with the corporate culture, a governance, risk and compliance (GRC) tool can simplify this process by helping promote communication and linking data across departments.
Here are five ways a GRC platform can assist in breaking down an organization’s silos:
1.Act as a central repository for documents, policies, procedures,
checklists, plans, etc.
2.Gain visibility into other departments by linking corresponding data.
3.Put workflows in place that allocate tasks across divisions.encouraging people from different departments to work together is one of the best
ways to eliminate office silos.
4.Issue bulk assessments to collect information from multiple departments.
5.Use a common framework to measure different areas of the business, such as risk.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=68f3083a79&e=20056c7556
Still using ColdFusion? Really? Well, you’ll want to install this patch
Adobe is advising users and administrators running ColdFusion to patch their software following the release of a security fix for an information disclosure vulnerability.
Both patches address a single CVE-listed security vulnerability, CVE-2015-3269.
The flaw, if exploited, would allow an attacker to potentially view files on the targeted system, leading to information disclosure.
Adobe has listed both versions of the hotfix as “2” priorities, a designation commonly given to non-critical bugs that are not likely to be targeted in the wild immediately.
In general, Adobe suggests such updates be installed within the next 30 days.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=637b12b438&e=20056c7556
The Complexities of Attribution in Cyber Space: An Overview
The challenges with attribution and Cyber Space are a study of both social and political aspects that directly relate to the overall technical architecture of the Internet as a whole.
Rid and Buchanan argue that attribution is not a matter of technology but a matter of want (Rid and Buchanan 2015); meaning: attribution in Cyber Space is determined by the importance for states to want accurate high confidence attribution with regards to cyber systems.
The term attribution itself poses a further layer of complexity when dealing with cyber systems.
Due to the social, technical, and political nature of interconnectedness involved in these systems makes asking the question of attribution a multidimensional question itself.
When considering the dilemma of attribution from a small-to-medium (SMB) and large enterprise standpoint they both share one attribute in common with regards to negative events within Cyber Space: jurisdiction (Marco 2014).
Neither type of organization has jurisdictional authority to pursue an investigation beyond their own physical perimeter.
Furthermore, both have to rely on law enforcement who they themselves also have a limited jurisdiction when considering the scope of Cyber Space.
Confidence is a blended attribute in the Intelligence lifecycle when performing an analysis of collected data and is not different when applied to Cyber Threat Intelligence (CTI).
Here organizations can leverage this confidence an apply CTI data into their security programs (Shackleford and Northcutt 2015).
Regardless of the challenges surrounding achieving high confidence attribution in Cyber Space, the fact remains: attribution is important (Hunker, Hutchinson & Margulies 2008).
It will most likely be many years before a consensus is agreed upon with regards to acceptable use of the Internet and attribution on a global scale.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d485df85d7&e=20056c7556
Select few pose vast majority of cyber risks, security firm warns
Cloud computing has changed the way organizations operate by allowing applications and data sets to be accessed from anywhere with Internet.
But researchers warn in a new report that entire businesses can be easily brought down because of serious risks caused by a concentration of authority evidenced across the cloud.
Analysts with CloudLock, a Massachusetts-based security firm, say companies that put their product on the cloud are often times also placing a tremendous — and potentially dangerous — amount of trust in a small group of privileged users.
Just one percent of all users account for 75 percent of the risks faced by an entity that operates on the cloud, according to a report published by the firm on Wednesday this week.
The findings included in the firm’s third-quarter cybersecurity report stem from an analysis of more than 1 billion files shared by over 10 million cloud users, according to CloudLock, whose customers include Google and Microsoft.
The Department of Defense, meanwhile, said Wednesday that contractors who operate on the cloud are required immediately to adhere to new rules regarding cyberattacks and data breaches.
According to the Pentagon, roughly 10,000 contractors will now be obligated to notify the DOD within 72 hours of any cyber incidents spotted on their networks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=beace102ad&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=99227aedfa)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)