[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* SamSam: The Doctor Will See You, After He Pays The Ransom
* Present These 10 Key Application Security Risk Management Findings to Your Executive Team
* Second-Hand Devices Are the Next Privacy Frontier
* How To Share Threat Intelligence Through CISA: 10 Things To Know
* Network security operations becoming more difficult
* Cyber Insurance: Make Sure You Understand Your Coverage
* HITRUST Head Addresses Health Data Security, Cyber Insurance
* Benchmarking Trends: Operational Risks Drive Cyber Insurance Purchases
SamSam: The Doctor Will See You, After He Pays The Ransom
In their annual report that identifies statistically significant data on global bot traffic, Distil Networks identified an influx of Advanced Persistent Bots (APBs).
These can mimic human behavior, load JavaScript and external assets, tamper with cookies, perform browser automation, and spoof IP addresses and user agents.
“The persistency aspect is that they evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, using Tor networks and peer to peer proxies to obfuscate their origins, and distributing attacks over hundreds of thousands of IP addresses,” said Rami Essaid, CEO of Distil Networks.
Medium-sized websites (10,001 to 50,000 Alexa ranking) are at a greater risk, as bad bot traffic made up 26 percent of all web traffic for this group.
For the first time since 2013, humans outnumbered bots for website traffic. 46 percent of all web traffic originates from bots, with over 18 percent from bad bots.
Real estate websites saw a 300 percent increase in bad bot activity, with large real estate sites experiencing the most pain
As an industry, digital publishers were hit hardest by bad bots, which make up over 31 percent of all their traffic
Maldives, Israel and Kyrgyzstan had the highest Bad Bot GDP (number of bad bots per online user) at 526, 168, and 94 respectively
China, Norway, Germany, and the Netherlands are the most blocked countries for web traffic
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c45094a93e&e=20056c7556
Present These 10 Key Application Security Risk Management Findings to Your Executive Team
While there’s much to be learned from the paper, here are 10 critical findings from the IBM-sponsored Ponemon Institute study “State of Application Security Risk Management Report” that you can leverage in C-level discussions.
We present these findings, as well as some recommendations, below.
1) Security Professionals View the Application Layer as Extremely Vulnerable
2) Application Security Risk Is Growing
3) Executives Underestimate Application Security Risk
4) A Vast Majority of Organizations Don’t Know Which Applications and Databases Are Active
5) Most Businesses Don’t Conduct Application Security Testing Throughout the Development Life Cycle
6) More Than One-Third of Businesses Don’t Perform Application Security Testing
7) Organizations’ Risk Management Initiatives Are More Operational Than Strategic
8) Organizations Don’t Allocate Sufficient Resources to Address Application Security Risk
9) Most Organizations Rate Their Ability to Curtail Security Exploits in Software Applications as Below Average
10) Application Security Funding’s Expected to Grow
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c1e14f4789&e=20056c7556
Second-Hand Devices Are the Next Privacy Frontier
The second-hand mobile market is huge.
In fact, Gartner estimates it will be worth approximately $14 billion by 2017.
And, it makes sense—new and improved device models are launched all the time and users have a desire to get the latest shiny thing.
Because of how expensive smartphones have become, most users are inclined to resell their old phones to recoup at least some of their original spend.
I can tell you that this issue hasn’t been addressed nearly as seriously as it should have been.
Recently, Blancco Technology Group conducted a data recovery study, where we purchased over 122 used hard drives and mobile devices from Amazon, eBay and Gazelle and analyzed them to determine the presence of residual data and what types of deletion methods may have been used.
What we found was both frightening and unfortunate.
Not only did 48 percent of the used drives have residual data on them, but we were also able to recover thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos from 35 percent of the used mobile devices.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=855b735de1&e=20056c7556
How To Share Threat Intelligence Through CISA: 10 Things To Know
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS’s new guidelines.
Here’s what you need to know.
1) You need to remove individuals’ personal data before sharing it.
2) The personal data you need to remove may be more extensive than you think.
3) Be particularly careful of Europeans’ personal data.
4) If you want liability protection, share with DHS or ISACs and not other federal agencies.
5) DHS scrubs it of personal information too, but…
6) Joining AIS and building a TAXII client makes all this easier.
7) There are other ways to share indicators with, too.
8) There are rules government agencies must follow, and punishments if they don’t.
9) There are still privacy concerns.
10) The liability protections themselves aren’t entirely clear.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0c953a0020&e=20056c7556
Network security operations becoming more difficult
“We’re witnessing a new network model evolving: the heterogeneous, multi-dimensional cloud infrastructure, in which enterprises have a little bit of everything – AWS, Microsoft Azure, Google, IBM SoftLayer, VMware, and Cisco.
As this model evolves, organizations are struggling to implement policies that help them manage all of these fragments and meet security, compliance and risk mandates,” said Jon Oltsik, principal analyst with ESG.
Survey respondents cited the addition of more devices to the network (55%), increases in the number of networking and security technologies in use (52%), and the deployment of numerous new applications (50%) as the primary drivers of this increased security operations difficulty.
The survey also found that 69% of respondents currently operating a private cloud, using public cloud services, or both say they are still learning how to apply security policies to hybrid cloud infrastructure.
The survey found that 79% of organizations are committed to SDN as a long-term strategy and are already implementing various technologies or conducting proofs of concept.
The survey also found that 91% of organizations are actively using cloud-based infrastructure-as-a-service (IaaS) and/or platform-as-a-service (PaaS) as part of their IT strategy, and that 61% of organizations currently use multiple public cloud services.
Sixty-one percent (61%) also say it’s difficult to get the same level of visibility into cloud-based workloads as they have in their physical network, and 56% say it’s difficult to audit network security controls in the cloud.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e2d0c412aa&e=20056c7556
Cyber Insurance: Make Sure You Understand Your Coverage
Today, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.
In terms of what might be covered in a cyber insurance policy, there are basically two types of coverage – “first party” coverage and “third-party” coverage.
First party coverage covers the types of losses that your company might suffer directly in the event of a data incident.
That may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, credit monitoring, data restoration, business interruption, lost intellectual property, theft and extortion, or damage to reputation.
Third party coverage refers to coverage for claims that may be made by third parties against your company arising out of a data incident, such as data breach lawsuits, for example.
But key questions remain.
Are cyber risks covered by more general policies that are not cyber-specific.
If not, what should cyber insurance look like.
Looking at some recent cases involving the still nascent cyber insurance market is revealing.
Many companies think their GCL or E&O policies cover certain cyber risks, when in reality those risks may be specifically excluded.
And many companies that have already purchased cyber insurance wrongly think it covers all first party costs in the event of an incident – like investigation, notification and credit monitoring – when it actually only covers third party claims.
The fact is that, of the nearly 5,000 publicly-known data breaches over the past dozen or so years, less than 5% have resulted in litigation.
If your cyber coverage only kicks in when a third party makes a claim, then practically speaking you may not have any coverage at all.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d088ccb878&e=20056c7556
HITRUST Head Addresses Health Data Security, Cyber Insurance
HITRUST CEO speaks to Congress about the role of cyber insurance in the healthcare industry and HITRUST’s new underwriting process for managing the risk of health data security breaches.
“As a result of increased targeting by threat actors and recent incidents, underwriters have determined the risks were greater than they had anticipated given the methods leveraged to evaluate risk and, subsequently, healthcare organizations’ cyber insurance premiums have increased dramatically,” Nutkis said in his testimony.
HITRUST collaborated with Willis Towers Watson to develop an underwriting program for healthcare providers that have HITRUST CSF or CSR Assurance Program.
“The benefits of the HITRUST RMF-based underwriting model for cyber insurance in the healthcare industry allows organizations to maximize the benefits of demonstrating an enhanced information security posture,” Nutkis stated.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9eac36cfa2&e=20056c7556
Benchmarking Trends: Operational Risks Drive Cyber Insurance Purchases
Standalone cyber insurance purchases among US-based Marsh clients increased 27% from 2014 to 2015, driven mainly by an increasing awareness and appreciation of cyber risk, from the boardroom to the data center.
Among the key findings from the report:
The manufacturing industry saw the biggest uptick in new cyber purchases in 2015, a 63% increase over 2014.
The amount of limits purchased was up 15% on average in 2015 to $16.9 million for clients of all sizes.
Overall capacity in the cyber market remains abundant with more than $500 million in limits available for a given risk.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c77eb4b3e7&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e99c97f64e)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)