[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
**
————————————————————
**
————————————————————
**
————————————————————
**
————————————————————
* Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast
* France votes to extend state of emergency to May 26 with terrorism threat ‘never higher’
* Are you ready for EU General Data Protection Regulation changes?
* Instagramâs new security feature will help keep hackers out of your account
* Insurance execs changing technology use amid complex risks
* Five Tips for Keeping Security Costs Down
* Biggest risks and GRC challenges for 2016 are disclosed
* Visualizing The Cisco Annual Security Report (ASR 2016)
* Internal auditors challenged by cyber-security, data quality
Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast
Australians are more worried about email security than their peers in comparable countries and fully half of IT decision-makers believe their organisations are more vulnerable to attack than they were 12 months ago, according to new survey results that also found Australian businesses are more concerned about email breaches causing reputational damage than about the actual loss of data.
The figures â collated in Mimecast’s Email Security Uncovered survey of 600 IT decision-makers in the US, UK, South Africa and Australia â also found that 40 percent and 39 percent of Australian respondents felt unprepared to deal with malicious insider attacks and the compromise of mobile devices, respectively.
The numbers suggested that concerns about email security have permeated the C-level far more in Australia than in other countries, with 95 percent of respondents saying C-level executives were engaged with email security and risk-management practices â compared to 89 percent in South Africa and 74 percent in the UK.
Australia was the only of the four surveyed markets to report that no C-suite executives were ‘not at all engaged’ with email security.
Despite their impact, the report noted that experience gained during attacks âcan be a key tool to inform strategies to combat future threatsâ and noted that IT security managers with direct experience in handling an attack generally felt more exposed to email threats than their peers with no direct experience.
The research also found that Australians were more concerned about ransomware than their overseas peers, with 34 percent rating ransomware as a high threat compared to 25 percent in the US and 18 percent in South Africa.
This is consistent with ongoing reports suggesting that ransomware authors are particularly targeting Australians with schemes designed to exploit Australians’ relative wealth and technological nous.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c0af7af5e9&e=20056c7556
France votes to extend state of emergency to May 26 with terrorism threat ‘never higher’
The French parliament has voted to extend the country’s state of emergency, implemented after the November 13 terrorist attacks, by a further three months to May 26 as the Government warns the threat of an attack remains great.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b80255abc4&e=20056c7556
Are you ready for EU General Data Protection Regulation changes?
The GDPR promises to force companies to scrutinise how they process and handle customer data, with mandatory reporting of breaches ‘that are likely to harm individuals’ and potential fines of up to 4% of global revenues.
– Mandatory breach notification: Should an organisation suffer a breach that compromises data, it will have 72 hours to report it to the information commissioner responsible in that country.
A single set of rules: Rather than maintaining 28 different national standards for data management, the GDPR will introduce a single set of regulations covering the EU as a whole.
Putting the owner’s rights first:
Businesses that collect data must now do so explicitly, rather than assuming consent.
Individuals will also be able to withdraw their own data at any point, as part of the EU’s well-publicised ‘right to be forgotten’.
astly, in order to avoid the sizeable penalties mentioned above, organisations must still ensure that their staff are aware of and prepared to guard against the risk of data breaches.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ccf67470cf&e=20056c7556
Instagramâs new security feature will help keep hackers out of your account
The most surprising thing about Instagram rolling out two-factor authentication is that it didnât do it sooner.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a1fbbaef3&e=20056c7556
Insurance execs changing technology use amid complex risks
More than 70 percent of insurance chief executive officers (CEOs) are making significant changes to the way they use technology to assess and meet customer expectations, according to a new survey by PwC.
The report found that threats businesses are facing are becoming more complex, crossing the borders of geopolitics, regulation, cyber security, societal development, people and reputation, according to PwC.
Accordingly, 64 percent of insurance CEOs are making significant changes to the way they define and manage risks in response to changing stakeholder expectations.
Seventy nine percent of insurance CEOs see cyber threats as a barrier to growth, more than their counterparts in banking and capital markets.
PwC also said that cyber risk could expose insurers to significant losses, both through specific cyber coverage and their technology, errors and omissions, and other existing business lines.
It said a UK Government report estimates that the insurance industryâs global cyber-risk exposure is already in the order of ÂŁ100 billion ($140 billion).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b60a17e585&e=20056c7556
Five Tips for Keeping Security Costs Down
1: Build an integrated remote monitoring and management solution.
2: A unified system is needed for monitoring, managing and securing endpoint devices.
3: Gain platform robustness from a one-stop shop.
4: Insuring your business against cyber-threats helps.
5. Make a cyber-security assessment.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4597e0c520&e=20056c7556
Biggest risks and GRC challenges for 2016 are disclosed
A need to improve overall risk oversight (76.2 percent) is a key driver for investment in governance, risk, and compliance (GRC), says MetricStream.
Over half (54 percent) of new business initiatives introduce new risk and regulatory concerns, suggesting that risk management professionals have evolved beyond compliance and are much more business-focused.
Data privacy and protection issues make up 39.5 percent of GRC investment influencers, reflecting a business where data privacy, protection and cyber-security are more important now than ever before.
Organisations have said that they will place GRC technology spending as a higher priority than GRC services for third party risk management.
Less than five percent of organisations assume they will lower their GRC spend in 2016.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4654ad172d&e=20056c7556
Visualizing The Cisco Annual Security Report (ASR 2016)
This yearâs visuals were all built with our open source tool OpenGraphiti and were all select attacks that were highlighted within the Cisco report.
OpenGraphiti allows researchers, not only create visual representations of the attackers infrastructure, but also interact with the data in 3D.
With that we also included recordings of us pivoting through the data in the following attacks.
All attack information was obtained from OpenDNSâs Security Graph, which is based on our view into more than 90 billion daily DNS requests.
Each of the visualizations include examples of: the attackerâs infrastructure domains, IPs, WHOIS information, co-occurrences, name servers, and traffic patterns.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=75298f3fdd&e=20056c7556
Internal auditors challenged by cyber-security, data quality
About half of internal audit leaders lack confidence in their staffsâ cyber-security expertise, and nearly half say internal audit has little or no involvement in evaluating the quality of data used in their organisation, according to a new survey.
Fifty-two per cent of the nearly 500 respondents to The Institute of Internal Auditors (IIA) North American pulse survey said that a lack of cyber-security expertise amongst internal audit staff very much or extremely affects internal auditâs ability to address cyber-security risk.
Just one-quarter of respondents who reported having a business continuity plan said their plan provides clear, specific procedures in response to a data breach.
And 17% said their plans provide no data breach or cyber-attack procedures at all.
With regard to cyber-security, internal audit organisations primarily are focused on prevention.
More than half (53%) of respondents said prevention efforts, such as hardening interior or external barriers, are the most effective method for addressing a cyber-attack.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a7f4e5172&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6ce9d1c388)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)