[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* How Your Voice Is Preventing Hackers From Accessing Financial Information
* Infamous Hacking Groups: 5 Things They Hope to Accomplish
* 6 cybersecurity and emergency situations every IT department should train for
* The 5 most common reasons for corporate data loss
* Complex Bitcoin Phishing Scheme Revealed – Cisco’s OpenDNS Security Team
* Online Exclusive: DDoS Attacks Fuel the Need for Modern Protection Methods
* Overcoming the barriers to ISO 27001 adoption for success on G-Cloud
* The key tenets of a regional cyber security framework
* 5 questions the CISO should ask the Threat Analyst
* Taking cyber risk management to the next level
How Your Voice Is Preventing Hackers From Accessing Financial Information
Voice biometrics is being implemented by many financial institutions such as banks and retirement providers, because it does not require consumers to be physically present or have the software capable of authenticating them through their fingerprint or an iris scan.
The technology encompasses an individual’s voiceprint of over 100 vocal and personal characteristics with 50% consisting of their physical traits such as their vocal cords, sinuses and lung capacity and the remaining half comprising of their personal tone, pitch and pace when they speak, she said.
Many companies utilize the technology by acquiring a person’s voiceprint passively or simply capturing it as the individual inquires about a transaction and answers questions with a customer service representative.
The next time they call to ask about a purchase or a deposit, the company can compare their current voice against the voiceprint, Thomson said.
Within seconds, the employee at the bank can determine if the caller’s voice matches the voiceprint.
After a pilot program last year, Citigroup now authenticates a small fraction of its customers who have their branded credit cards by using NICE’s voice biometrics technology.
As of June, 750,000 customers out of a total of 23.8 million active and inactive accounts can access their accounts by using their voiceprint.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=387a25a475&e=20056c7556
Infamous Hacking Groups: 5 Things They Hope to Accomplish
As one might assume, not all hacking groups are bent on simply causing mass destruction of computer systems or stealing user information.
Possibly the most well-known hacking group, Anonymous, is infamous for their strong-armed methods to raise awareness of hacktivist related issues.
On the flip side, some hacker collectives do not want to defend the interests of the greater good, but merely work to defend their opinions and attack those that oppose their views.
For instance, the Syrian Electronic Army (SEA) is a group of hackers that strongly voices their support for the President of Syria, Bashar al-Assad.
Although the first two examples of hacking groups were more politically motivated, not all hacking initiatives are driven to fight for a specific cause or interest.
Some are simply created to arbitrarily wreak havoc on networks and computer systems.
For example, one hacking group that focuses on hacking for sport is known as Lulz Security or LulzSec for short.
Their group motto is aptly written as, “Laughing at your security since 2011.”
Other hacking groups are more insidious in the way they deal with hacking attempts and primarily want to strike fear in others.
In 2014, a hacker collective called the Lizard Squad successfully shut down the online Xbox and Sony PlayStation gaming networks, which caused major outages during a peak holiday gaming season.
Unfortunately, this isn’t where the issue ends.
Lastly, some hacking groups form in order to educate the general public on the dangers of cyber security vulnerabilities.
Over thirty years ago, a hacking group called the Chaos Computer Club (CCC) was formed with the sole purpose of exploiting various security flaws that are present in today’s cyber security standards.
CCC is regarded as one of Europe’s largest and well-known hacking groups in existence.
In the mid-1980s, the group once successfully stole 135,000 Deutsch Marks from an establish credit union in Germany to highlight the lack of proper security for their computer systems.
The club then returned the money once they gained notoriety for their accomplishment.
These days, CCC is working to shed some of the negative connotations associated with hackers and look to rebrand themselves as “technology experts.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3223d2b388&e=20056c7556
6 cybersecurity and emergency situations every IT department should train for
Serious vendor vulnerability
Major web site rollback
Social engineering attack
Insider data theft
Critical change request
Continuity of IT leadership
[Paul would also add-in be prepared for the UnExpected, i.e. when there is a predefined playboook.]
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=767ed7ce83&e=20056c7556
The 5 most common reasons for corporate data loss
A recent study by Kroll Ontrack revealed very interesting data gathered using the company’s data recovery tool.
According to the study, the main problem, accounting for 25% of the total number of cases, is failure to detect the storage drive.
That is logical, especially if we are talking about hard drives and flash drives, which are used in mass storage devices in all kinds of corporate environments despite being much more prone to failure than other more reliable types of devices, like magnetic tape.
Another of the big problems behind data loss is the device not powering on, which can be caused by a failure in the power supply or in other components.
Curiously, in third place, we find one of the reasons that can cause hardware to fail, and that is the device being dropped on the floor from height.
Furthermore, the increased use of solid-state drives (SSD) with flash memory in recent years will undoubtedly have pushed this percentage up.
These types of drive offer faster access to data than conventional mechanical hard drives, but also are more prone to failure if used to write data continually, which is why they are not recommended for use in servers or in computers where reliability is critical.
In fourth and fifth place in the table, we can find two reasons that tend to be caused by software failures occurring at the same time as the data is being used, or malware that directly affects the stored data.
So here we are talking about files being deleted (accidentally or deliberately) or becoming corrupted.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=606ce4bd2b&e=20056c7556
Complex Bitcoin Phishing Scheme Revealed – Cisco’s OpenDNS Security Team
Criminals have started staging phishing campaigns having discovered that Bitcoin can provide an easier way to steal, says Cisco’s OpenDNS security team after they revealed a complex phishing scheme aimed at collecting user credentials from various Bitcoin-related services.
The discovery was made after the price of the digital currency rose by over 58% to reach about $775 in the last month (though it has dropped in a week) based on several factors.
The latter includes the finite and constrained supply of Bitcoin, its pending supply growth reduction next month, the anticipated supply drop which will drive demand and more people using and wanting Bitcoin.
Cyren says it detected the investment pattern of a phishing campaign – rental of botnets, purchase of exploit kits, and the acquisition of compromised site lists – as its attack vector is pay-per-click advertising via Google AdWords.
The OpenDNS Labs detected blolkchain[.]com which was another phish on the same IP 89.248.171.88 June 13 2016.
They were able to uncover three anonymous offshore hosting companies using the identified websites’ IP space.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=de9946c972&e=20056c7556
Online Exclusive: DDoS Attacks Fuel the Need for Modern Protection Methods
Nearly every day there is a headline brandishing the news of yet another distributed denial of service (DDoS) attack on some major organization.
Many other organizations experience DDoS attacks on a daily basis, but those attacks don’t make headline news.
It’s an alarming situation, globally.
In a recent survey of IT security professionals and network operators at the RSA Conference 2016, 31% of respondents stated that their enterprise experiences DDoS attacks weekly or daily.
This survey also asked participants about their current methods of handling the DDoS threat; nearly one third (30%) of respondents still rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks.
Although hackers often launch DDoS attacks purely to create a nuisance by taking a website offline, it’s becoming very common for hackers to launch “Dark DDoS” attacks that distract IT security staff while the hackers launch malware or infiltrate sensitive databases.
In all of these cases, the DDoS attacks are low-threshold, short-duration attacks that escape the attention of IT security staff; such attacks may not cripple a website but they can negatively affect network or application performance.
An organization’s security posture is only as good as their ability visualize the security events in the environment.
A robust modern DDoS solution will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques.
Automatic DDoS mitigation is available today to eradicate the threat to your business and eliminate both the service availability and security impact.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6ca0332140&e=20056c7556
Overcoming the barriers to ISO 27001 adoption for success on G-Cloud
barriers ISO 27001 adoptionA recent attention grabbing headline that was just too controversial to ignore: “Sloppy SaaS firms lose out on G-Cloud deals, research suggests”.
In the article, former EuroCloud secretary general Lindsay Smith stated that the majority of SaaS providers on the UK G-Cloud were failing to win business there because their listings are not up to scratch.
His research into Digital Marketplace buying trends suggests three-quarters (77%) of SaaS suppliers recorded zero sales during the 12 months to January 2016.
The fact is that whilst ISO 27001 certification is not a prerequisite to working with the public sector, there is little doubt that a UKAS accredited ISMS is an important differentiator.
An ISO 27001 implementation is no insignificant investment.
Taking into consideration the cost of gaining in-house expertise, or buying it in from external consultants, audit visits and certification, all on top of the anticipated management resource can result in a hefty budget being needed.
Of course, there are firms that will promise to ‘deliver’ an ISMS to minimise disruption to business and eliminate the need for in-house expertise.
Some will even guarantee UKAS certification.
However, the costs are high and without an organisation’s active involvement, understanding and ownership, there is a danger this becomes a ‘manual’ to be dusted-off prior to each annual audit.
If you are on G-Cloud presumably you want to do business with government.
More and more firms are recognising they’ll stand a far better chance with ISO 27001.
But, keep in mind that a UKAS accredited ISO 27001:2013 certification is the only one they will recognise so, whilst arguably more rigorous and expensive, choosing a non-UKAS accredited certification could be a false economy.
Because it is the only independently audited ISMS it demonstrates the competence, impartiality and performance capability of certification bodies.
This reduces the need to be assessed by customers and supply chain partners and will differentiate you amongst knowledgeable buyers and procurement departments.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bd46eb7a94&e=20056c7556
The key tenets of a regional cyber security framework
At the recent Fortinet Partner Conference 2016 in Chengdu, China, representatives from Cyber Security Malaysia (CSM), Korea Internet and Security Agency (KISA), Philippine National Police Anti-Cybercrime Group (PNP ACG), Frost & Sullivan and the host vendor shared ideas and possibilities for an Asia Pacific Security Framework.
Inspired by the tenets of the US National Institute of Standards and Technology cyber security framework, the panelists discussed incident response, culture and education, risk and resiliency, collaboration and enforcement.
KISA, for example, has established systems and policies for incident response to mitigate distributed denial of service (DDoS) and malware attacks; and a threat intelligence-sharing program in collaboration with industry players such as Fortinet.
In the Philippines, the PNP ACG was established to implement and enforce laws on cybercrimes and pursue an effective anti-cybercrime campaign in line with the PNP Patrol Plan 2030.
By 2025, the PNP ACG aims to be a highly responsive and dynamic unit in enforcing laws such as the Cybercrime Prevention Act 2012 and the Data Privacy Act of 2012.
Meanwhile, the Cyber Security Malaysia specialist agency provides technical assistance and training services in support of the country’s cyber crisis management.
Its core services include: cyber security emergency services; security quality management services; info-security professional development and outreach; and cyber security strategic engagement and research.
Frost & Sullivan recommends operationalizing cyber protection for defending against known threats; cyber intelligence for uncovering unknown threats; and cyber resilience for organizational readiness and responsiveness.
Representatives from the respective national cyber security agencies agree that, beyond just sharing information, there’s a need to collaborate on a higher scale.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e194fc40bd&e=20056c7556
5 questions the CISO should ask the Threat Analyst
The following five questions represent a way for the CISO to start a risk-based dialogue that can be a source of metrics supporting the use of threat intelligence data.
The answers to the questions can also be a regular part of board level discussions.
– What are the risks to our brand?
– Are our employees’ credentials part of any mass exposure?
– Are we as aligned as we can be with security operations?
– How do we know we are hunting the right threats?
– What can we share with and learn from other companies in our industry vertical?
Making threat intelligence data useful requires a robust threat intelligence platform that can off-load correlation IOCs with log data from the SIEM.
This is a necessary step for making tens of millions of active IOCs useful for threat hunting.
This approach is efficient and aligned across threat analysts, SOC personnel and incident responders.
A proactive approach to cyber security means finding threats before they become a problem.
Make everyone a threat hunter by unleashing your entire security team’s creativity but keep it efficient through active prioritisation and inside the bounds of what matters to the organisation.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0866ea0c3d&e=20056c7556
Taking cyber risk management to the next level
Banks, investment companies, and insurers are prime targets for cybercriminals looking to steal money or information, disrupt operations, destroy critical infrastructure, or otherwise compromise data-rich financial services institutions (FSIs).
Indeed, FSIs lead the pack in terms of the average cost of cybercrime incurred by companies in a particular industry, counting both internal activities and external consequences.
That figure reached $28.3 million in 2015—which is significantly higher than the six-year average for FSIs of $19.4 million annually (see figure 1).1
Yet despite having had several years to bolster cybersecurity capabilities, our latest research found that many FSIs are still struggling to keep up with a moving target.
Basic blocking and tackling strategies to lock down devices, systems, and platforms remain a work in progress at many companies because of the pace of attacks, the growing sophistication of threat actors, as well as multiplying, often conflicting demands facing chief information security officers (CISOs).
Adding to the sense of urgency surrounding cybersecurity is the massive technological transformation underway in financial services driven by fintech, regtech, mobile applications, cloud adoption, and other emerging developments.
CISOs and the business executives they work with are being challenged to become more agile and provide a frictionless customer experience.
Beyond facilitating technology upgrades, they must balance the needs of cybersecurity with other forces, such as cost reduction, globalization of the workforce, and regulatory compliance.
Overall, we found that while some FSIs have become leaders in cyber risk management, there is a wide variance on the cybersecurity maturity curve.
The bar needs to be raised for many individual companies and the industry as a whole.
Our interviews with leading players and experience in serving clients across financial services provide a number of key insights into how these challenges might be overcome, whether by sharing leading practices or through continuous innovation, just as the threat actors themselves have done.
The bottom line is that by whatever measurement, cybersecurity is not being shortchanged by FSIs, and the vast majority of those we spoke with don’t foresee a significant slowdown in spending anytime soon.
One respondent said trends in cybersecurity spending are the “new normal,” noting that his budget will likely have to keep increasing to stay ahead of evolving threat actors.
Longer term, at some point CISOs will have to start making hard choices on spending priorities, based on a true cybersecurity game plan that is aligned with the company’s business and technology strategies.
Since it is probably unlikely, even for the largest institutions, to allot funds to build capabilities in all areas of security simultaneously, CISOs should triage among competing calls for investments.
One interviewee advises his staff to be “disciplined” about product choices as new solutions emerge.
CISO teams should see what works and what doesn’t before adding or substituting new security technologies as they are introduced.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1d6e31a916&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=8369782959)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)