[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
And so, now the news
* ThreatMetrix Cybercrime Report Reveals a 50% Increase in Global Attacks, With 1 in 10 New Account Applications Now Rejected
* Study Finds Consumers Can Be Convinced To Uninstall Ad Blockers
* External cyber attacks cost enterprises $3.5 million a year
* HID Global releases mid-year updates for top security trends in 2016
* 7 strategies to avoid CSO burnout
* ICO Reveals Latest City Council Data Breach – Training Is Not Enough To Prevent Breaches
* Data security and breach notification in Japan
* Cybersecurity Posture Grows In Importance In Mergers and Acquisitions
* Infographic: The 5 phases of a ransomware attack [LogRythm]
* Killer Interview Question: How Do You Learn About Your Field Of Work?
* ‘Cyber Incidents’ First Responder? The FBI
* Cisco wants incident responders to be more self-conscious.
* How cybersecurity mismanagement can destroy value
* Legal Sector’s Threat Intel-Sharing Group Grows
* Only a third of sensitive data stored in cloud-based applications is encrypted
* IT security experts struggle to measure ROI
* KPMG Study: Breaches Up, Security Spending Down
ThreatMetrix Cybercrime Report Reveals a 50% Increase in Global Attacks, With 1 in 10 New Account Applications Now Rejected
/EINPresswire.com/ — SAN JOSE, CA–(Marketwired – July 27, 2016) – As part of its ongoing effort to thwart cybercrime, ThreatMetrix®, The Digital Identity Company™, today released its Q2 2016 Cybercrime Report.
The ThreatMetrix Digital Identity Network (The Network) detected and stopped a record 112 million cyber attacks this quarter, a 50 percent increase from last year.
The report revealed that the rise in stolen identity credentials available in the market led to an increased level of attacks on new accounts, a 250 percent increase year-over-year.
Fraudsters are using identity credentials obtained from the dark web to run substantial automated bot attacks that have increased 50 percent since last quarter.
The Network detected 450 million such threats, thwarting millions of attacks on numerous individual companies.
Other key findings:
– Attacks are becoming more prevalent and are evolving in scope, depth and complexity
: 450 million bot attacks were detected and stopped this quarter, a 50 percent increase over last quarter.
-As mobile transactions increase, fraudsters’ mobile attacks evolve
-EMV has a noticeable impact on e-commerce attacks
-P2P media platforms see a spike in fraudulent activity ahead of the summer holiday season:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6796f1d256&e=20056c7556
Study Finds Consumers Can Be Convinced To Uninstall Ad Blockers
The Interactive Advertising Bureau (IAB) on Tuesday released the findings of a new report which reveals that two-thirds of U.S. consumers using ad blockers could be convinced to uninstall their ad blocking software on their computers.
The report reveals that the top methods for influencing Web visitors to turn off blockers on their computers include:
– Preventing access to content alongside a notice stating that content is blocked because of the use of an ad blocker.
– Ensuring that ads do not have auto-play audio or video in environments where they aren’t anticipated by consumers.
– Making certain that ads do not block content.
– Safeguarding users from ads infected with malware/viruses.
– Guaranteeing that ads do not slow down browsing.
One of the study’s surprising results was that while 40% of users believed they were using ad blockers on their computers, only one in four (26%) actually used the software on their PCs.
The rest confused built-in pop-up blockers and security software with ad blockers.
These stats “mean that self-reported ad blocking rates may be lower than originally expected due to misidentification of the software,” Gombert noted.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=67b0d30c9a&e=20056c7556
External cyber attacks cost enterprises $3.5 million a year
Seventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise.
The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.
The report “Security Beyond the Traditional Perimeter,” (http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=13051dfb91&e=20056c7556) sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks.
These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter.
Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.
Some of the key findings include:
° Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.
° External internet attacks are frequent and the financial costs of these attacks are significant.
° Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38%), ad hoc (23%) or inconsistently applied throughout the enterprise (18%).
° Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, 62% lack the tools and resources they need to analyze and understand, and 68% lack the tools and resources they need to mitigate external threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2dbbb3dd8e&e=20056c7556
HID Global releases mid-year updates for top security trends in 2016
A mid-year update to HID’s top 2016 security trends has been released.
During the first six month’s of the year, HID stated continued progression in market adoption of mobile solutions and interest in the Internet of Things (IoT).
HID’s mid-year updates to the trends that the company forecast in January are as follows:
Trend #1: Mobilising security will make it more pervasive and personalised.
Phones will also work with RFID tags, adding security and trust to the IoT for proof-of-presence applications.
Mid-year update: Demand for mobile solutions continues to grow, along with an increasing focus on security issues.
Trend #2: Security will move to a greater focus on the user experience, helping to close the gap between planning and compliance while ensuring that security adapts to, rather than defines, end-user habits and lifestyles.
Mid-year update: Customers continue to want an easier, trustworthier way to use digital identities to access on-the-go services and applications.
Biometrics continued to emerge as an effective solution for bringing security and convenience together.
Trend #3: The industry will enter a new chapter of connected identities, using multi-layered security strategies that also include biometrics to bind these identities to their real owners.
Mid-year update: A huge growth of trusted digital identities began ushering in new innovation opportunities
Mid-year update: The need for embedded security and privacy technology has increased
Trend #5: Security policies and best practices will become as important as technology advances.
Mid-year update: Two key policy issues emerged: protecting privacy by using a smartphone’s Bluetooth connection, and ensuring citizens can control what data is made available to others.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0a3b80d792&e=20056c7556
7 strategies to avoid CSO burnout
Strategy 1: After major incidents, take time for self-rejuvenation
Strategy 2: Hire very well, learn to delegate
Strategy 3: Realize what can and can’t be controlled
Strategy 4: Take time for self within the 24×7 grind
Strategy 5: Understand the job never stops
Strategy 6: Communicate and then communicate some more
Strategy 7: Come to peace with the fact that success is silence
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=63acf5c0d9&e=20056c7556
ICO Reveals Latest City Council Data Breach – Training Is Not Enough To Prevent Breaches
“The ICO’s latest report following a breach at Wolverhampton City Council demonstrates that local authorities and other organisations need to shift their data handling policies beyond training.
Emailing the wrong recipient is the most common digital cause of data security incidents reported to the ICO, and even a well-trained, vigilant employee can make that split-second mistake.
“While regular data handling training should be standard, organisations can prevent these breaches by protecting all sensitive data directly.
All files on the network should be classified by order of sensitivity, and confidential information such as payroll data can then be restricted to specific clearance levels, or marked as “internal use only” so that it cannot leave the network at all.
Classified files are encrypted and can only be opened by authorised users, rendering them useless to anyone else.
This means that even if an accident does happen, the data is kept safe and no breach will occur.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d6db827722&e=20056c7556
Data security and breach notification in Japan
Business operators governed by the Act on the Protection of Personal Information have a broad obligation to “take necessary and proper measures for the prevention of leakage, loss, or damage, and for other security control of the Personal Data”.
Notifying individuals when a security breach has occurred is not required under the Act on the Protection of Personal Information, but it is mentioned in some guidelines.
While this is not required under the Act on the Protection of Personal Information, some guidelines require or recommend that the relevant minister be notified.
Click here to view the full article.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7b0722ad7f&e=20056c7556
Cybersecurity Posture Grows In Importance In Mergers and Acquisitions
In mergers and acquisitions (M&A), corporate acquirers are increasingly aware of the need for vigorous cybersecurity due diligence, yet often lack the proper personnel to conduct thorough analyses, according to a new study by technology consulting firm West Monroe Partners and research firm Mergermarket.
About three quarters (77%) of the participants said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result.
Among the key findings from the report: 80% of respondents said cybersecurity issues have become highly important in the M&A due diligence process; 70% said compliance problems are one of the most common types of cybersecurity issues uncovered during due diligence; more than one third (40%) of acquirers said they had discovered a cybersecurity problem at an acquisition after a deal went through, indicating that standards for due diligence remain low.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4bcb02c9cb&e=20056c7556
Infographic: The 5 phases of a ransomware attack [LogRythm]
How to defend against attackers and avoid ransom demands.
Ryan Sommers, manager of threat intelligence and incident response at LogRhythm Labs, recommended the following five steps of defense against ransomware….
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6abb58997f&e=20056c7556
Killer Interview Question: How Do You Learn About Your Field Of Work?
This week’s KIQ comes from the CTO of global IT security company RSA.
IT security is a dynamic industry.
Those who are working in it need to stay abreast of the latest security news and technological developments.
It’s something that’s at the forefront of RSA CTO Zulfikar Ramzan’s mind when he’s looking for new talent to join his company.
When he’s interviewing security professionals who want to work for RSA, he will often ask the question: “How do you learn about your field?”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b3386c306c&e=20056c7556
‘Cyber Incidents’ First Responder? The FBI
The FBI is now considered a key cyberleader.
According to the Presidential Policy Directive-41 (PPD-41) on U.S.
Cyber Incident Coordination Policy, released on Tuesday (July 26) by the Obama administration, the FBI is one of the agencies taking the lead in three different cyber-response areas — threat response, asset response and intelligence support.
“PPD-41 codifies the essential role that the FBI plays in cyber incident response, recognizing its unique expertise, resources and capabilities.
And as the bureau continues evolving to keep pace with the cyberthreat, the authorities contained in PPD-41 will allow us to help shape the nation’s strategy for addressing nationally significant cyber incidents,” FBI Assistant Director James Trainor of the Cyber Division explained in a post on the agency’s website.
“This new policy,” Trainor added, “will also enhance the continuing efforts of the FBI — in conjunction with its partners — to protect the American public, businesses, organizations and the economy and security of our nation from the wide range of cyberactors who threaten us.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5caffbb881&e=20056c7556
Cisco wants incident responders to be more self-conscious.
http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1f63ff2909&e=20056c7556
The Borg’s seasoned computer security incident response team boffins Gavin Reid and Jeff Bollinger say a knock to the ego will help combat the Dunning-Kruger effect in which over-confidence and a steering away from the rule book can lead to dangerous oversights.
The pair paint a picture of a junior incident response operative running malware in sandbox.
On execution the malware runs through various commands and contacts a command and control server.
The fictional flunk ceases their analysis once the domain is captured, assuming that the malware is simple.
That misses a series of failover domains which are discovered when an experienced by-the-book incident response boffin analyses the malware.
“A measured, consistent, and creative approach to incident response and security monitoring delivers the most effective and efficient results for your organisation.”
Crudely put, Dunning and Kruger found the more hopeless a person is, the more they tend to overestimate their skills.
Test subjects in the bottom performance quarter had a larger illusionary complex than those in the top whose reflections best represented reality.
Incidence response boffins can peruse the six stages of IR penned by Griffiths University IR wonk Ashley Deuble, which covers preparation, identification documentation, containment, and recovery. ®
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0d6e08748b&e=20056c7556
How cybersecurity mismanagement can destroy value
In surveying 403 CIO, CISO, CTO and CIOs in the automotive, banking, technology and retail sectors, KPMG found that 81 percent of executives admitted their companies had been compromised by cyber-attacks in the past 24 months – ranging from malware, botnet to other attack vectors.
Retail cyber executives reported the most breaches in the past 24 months, with 89% reporting yes, followed by automotive at 85% and banking and technology companies reporting 76%.
Despite these alarming admittances, 49% of these same executives said they have invested in information security in the past year.
Banks appear to be most proactive when it comes to investments in information security, with 66% of execs reporting investments made, followed by technology at 62%, retail at 45% and automotive at 32%.
The report also found that some industries are more equipped to handle cyber-attacks because they have an executive whose sole responsibility is information security.
Industry-wide, 69% of companies reported having a leader in place.
However, there is a vast discrepancy – 85% of both banks and technology companies reported having a leader with retail and automotive lagging at 58% and 45% respectively.
Security executives acknowledged the ramifications of a breach citing reputation (53%), financial loss (50%) and job security (49%) as the top concerns associated with falling victim to cyber-attacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=51e9a9dcff&e=20056c7556
Legal Sector’s Threat Intel-Sharing Group Grows
The Legal Services Information Sharing and Analysis Organization (LS-ISAO), which was founded less than a year ago, now has more than 100 members and is regarded the “fastest growing” ISAO, the group said this week.
Legal services firms wishing to join LS-ISAO may contact membership@ls-isao.com
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=74b179f1d5&e=20056c7556
Only a third of sensitive data stored in cloud-based applications is encrypted
Despite the continued importance of cloud computing resources to organisations, companies are not adopting appropriate governance and security measures to protect sensitive data in the cloud, according to a new Ponemon Institute study that surveyed more than 3,400 IT and IT security practitioners worldwide.
According to 73 percent of respondents, cloud-based services and platforms are considered important to their organisation’s operations and 81 percent said they will be more so over the next two years.
In fact, thirty-six percent of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to forty-five percent over the next two years.
Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54 percent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments.
This is despite the fact that 65 percent of respondents said their organisations are committed to protecting confidential or sensitive information in the cloud.
Furthermore, 56 percent did not agree their organisation is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.
According to respondents, 49 percent of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department.
However, confidence in knowing all cloud computing services in use is increasing.
Fifty-four percent of respondents are confident that the IT organisation knows all cloud computing applications, platform or infrastructure services in use – a nine percent increase from 2014.
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud.
Since 2014, the storage of customer information in the cloud has increased the most, from 53 percent in 2014 to 62 percent of respondents saying their company was doing this today.
Fifty-three percent also considered customer information the data most at risk in the cloud.
Only 21 percent of respondents said members of the security team are involved in the decision-making process about using certain cloud application or platforms.
The majority of respondents (64 percent) also said their organisations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d57b9d3bda&e=20056c7556
IT security experts struggle to measure ROI
The majority of IT security experts actually struggle to measure the return on investment in security measures, Tenable Network Security says.
Based on a survey of 250 IT security professionals, conducted during the Infosecurity Europe 2016 summit, it says that the majority can only measure the return on less than 25 per cent of their security spend.
What’s more, just 17 per cent were confident their investments were being distributed properly.
Tenable also asked 33 security experts how they justify their security programs to business executives and the boardroom.
Collected recommendations, as well as best practices, can be found in the Using Security Metrics to Drive Action ebook.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f5a151511f&e=20056c7556
KPMG Study: Breaches Up, Security Spending Down
Finally, some numbers to put to one of business’s biggest security disconnects: More than 80 percent of “C” suite executives admitted their companies have been breached in the last two years, but less than half said they’ve actually invested in any kind of information security product or service as a result.
The findings were part of a KPMG LLP’s Consumer Loss Barometer report, released this week, which surveyed 403 CIOs, CISOs, CTOs and CIOs.
Respondents in the retail sector counted the most breaches, with 89% reporting yes, followed by automotive (85%), and banking and technology companies (76%).
On the spending side, 66% of banking respondents said they’d made some sort of security investment, followed by technology (62%), retail (45%), and automotive (32%).
The disconnect between the high volume of breaches and low amount of security spending reflects a growing sense of overwhelm, particularly among CXOs, according to Greg Bell, KPMG’s cyber US leader.
“We started using the term ‘cyber fatigue’ about 18 months ago and it’s only accelerated,” Bell says.
It’s not just an increase in the volume of breaches companies are experiencing, but also new kinds of risk that CXOs must learn about – and respond to strategically.
There’s also concern among executives around security as they watch (and approve) lots of money getting spent to address vulnerabilities and improve safeguards, according to Bell.
But yet the number of threats, hacks and actual breaches continues to increase.
So while organizations may need to spend more on prevention and detection, there’s nothing that can ever completely eliminate the threats. “That’s been a mixed message to executives,” says Bell, “and we need to articulate that better.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=84f6a5cd43&e=20056c7556
* Best practices in cyber vulnerability assessment
* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
* Will Faster Payments Mean Faster Fraud?
* Accenture : Data theft, malware infection big threat to digital businesses
* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
* Twitter Hacking and Social Media’s Risk to Executive Security
* Beyond Data: Why CISOs Must Pay Attention To Physical Security
* $2.7 Million HIPAA Penalty for Two Smaller Breaches
* Using compliance as a tool for change
* In the Breach War, File Protection Is Just as Important as Data
* Data security and breach notification in Finland
* ISO compliance in the cloud: Why should you care, and what do you need to know?
* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
* Breach notification reporting can be complicated without proper skills, tools
* Banks must do better on cyber security: KPMG
* Australia gets one-quarter of a minister for national infosec
* The Case for Continuous Security Monitoring
* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
* 5 Best Practices for Outsourcing Cybersecurity
* Most CISOs and CIOs need better resources to mitigate threats
Best practices in cyber vulnerability assessment
Here are the best practices for cyber vulnerability assessment.
First and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
Research other companies in your industry.
To know exactly which parts of your business structure need an assessment, you need to research your company’s processes with a focus on the systems that are critical to keeping your business running.
Once you’ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
Now that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you’re aware of the security systems you already have in place.
f you’ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what’s needed, you’re ready to perform your vulnerability scans.
f you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
Don’t wait.
Don’t second guess.
The assessment will produce recommendations for remediation that you should act on right now.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=717fb732b5&e=20056c7556
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
A recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
“Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,” Scott writes.
In a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
While the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
The report provides an interesting perspective about the need for CISOs to ignore the hype surrounding “silver bullet” solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
“In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,” he writes.
And, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
According to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
“Vendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
The culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.”
In the report, the author offers strategic recommendations for calculating a cybersecurity solution’s ROI and uses a healthcare organization as an example.
The ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
The report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ab67b16c7d&e=20056c7556
Will Faster Payments Mean Faster Fraud?
Crowe contends that to ensure global payments interoperability, faster payments are a necessity.
The U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
Parry says the most fundamental risk to payments is poor identity management.
And it’s a legitimate concern.
After all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
And in a real-time or near-real-time environment, once the money is gone, it’s gone.
Unlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
Crowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
The top concern, she says, is “a faster process that is still secure for business.”
The Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
And the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
Faster payments will be part of that, but not all.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=64923e4059&e=20056c7556
Accenture : Data theft, malware infection big threat to digital businesses
The new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
This insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
The survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
More than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
The survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
The findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
Despite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider dat