[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
**
————————————————————
**
————————————————————
**
————————————————————
**
————————————————————
* IRS warns: 400% flood in phishing and malware this tax year alone
* Director hopes ‘Zero Days’ will spark debate on cyberwarfare
* HSBC banks on biometrics with new voice and touch services
* Cybercrime And Hacking Atlas[Slide Show]
* No cyber attack response strategy at most Indian companies
* Kaspersky weighs up the true cost of a cyber attack
* Radware Security Survey Highlights Key Factors behind Cyber Attacks in 2015-16
* 32 Percent of Companies Don’t Evaluate Their Third Party Vendors
* W3C launches effort to replace passwords
* DHS releases guidelines for CISA-sanctioned cybersecurity information sharing
IRS warns: 400% flood in phishing and malware this tax year alone
There has been a 400% surge in phishing and malware incidents in this tax season alone, the Internal Revenue Service warned this week.
According to the IRS phony emails aimed at fooling taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies.
“The phishing schemes can ask taxpayers about a wide range of topics.
E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
Variations of these scams can be seen via text messages, and the communications are being reported in every section of the country,” the IRS stated.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d2f2dffc58&e=20056c7556
Director hopes ‘Zero Days’ will spark debate on cyberwarfare
A broad public debate about the use of cyberweapons has yet to happen, however, although every modern society is vulnerable to attacks on its critical infrastructure, says Alex Gibney, an Academy Award-winning documentary maker who spent years investigating the Stuxnet case for his new film, “Zero Days.”
The movie, which premiered Wednesday at the Berlin Film Festival, traces the origins of Stuxnet to joint U.S.-Israeli efforts to foil Iran’s nuclear weapons program without resorting to airstrikes.
But interviews with past and present intelligence officials in both countries soon met with a wall of silence that frustrated Gibney.
The CIA declined to comment on the claims made in the film, some of which have been previously reported by the New York Times and the Jerusalem Post.
It referred questions to the Office of the Director of National Intelligence, which didn’t respond to a request for comment.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=23af96316a&e=20056c7556
HSBC banks on biometrics with new voice and touch services
To illustrate this growing trend, HSBC has announced that it is taking a step closer to biometric banking in the UK by launching voice recognition and touch security services for its internet banking customers.
According to the bank, the new services will be available to up to 15 million customers, who will no longer have to go to the trouble of remembering passwords and answers to random security questions.
To make use of voice recognition – which will be supplied by Nuance Communications – customers will have to enrol their specific “voice print.” When users then try to log in, this sample will be cross-checked against over 100 unique identifiers such as speed, cadence and pronunciation.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a63343e8e8&e=20056c7556
Cybercrime And Hacking Atlas[Slide Show]
A geographic guide with cybercrime threat and target trends in 10 notable countries.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ec8c60de29&e=20056c7556
No cyber attack response strategy at most Indian companies
MUMBAI: Most top executives at Indian companies have no strategy to react to a cyberattack, cyber war games held earlier this year by consultancy EY showed.
EY ran a cyber attack simulation for 79 CEOs sitting in one room and they struggled to come to a consensus on whom to call first if their firm was hacked.
The simulation asked top executives at a slew of companies how they would react to a message from someone saying their customer database had been hacked and put on the Internet. ..
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61f143df8d&e=20056c7556
Kaspersky weighs up the true cost of a cyber attack
Kaspersky has worked it out for those of us who have not been tainted with the hacker brush, and found that the cost is large.
We could have worked that out ourselves but, hey, we aren’t a large security company.
The firm delivers its findings in a True costs of a cyber attack blog post, coming straight in with the big numbers: a breach can cost anywhere between $500,000 and $1.4m in terms of downtime alone.
Juniper Research has already spoiled the Kaspersky party here, having released numbers concerning this kind of thing almost nine months ago.
Juniper said that cyber crime will cost all industry over $2tn by 2019.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=29d1f8abe5&e=20056c7556
Radware Security Survey Highlights Key Factors behind Cyber Attacks in 2015-16
NEW DELHI, India – February 17, 2016 – Radware a global leader of application delivery and application security solutions for virtual, cloud and software defined data centers, today released their Global Application & Network Security Report 2015-16.
The report outlines top-level findings of the Radware industry survey on cyber attacks in the past year and offers best practice advice to organizations in planning for cyber-attack protection in 2016.
The report observes that the new generation of cyber attackers are demonstrating more patience and persistence, leveraging “low and slow” attack techniques that misuse application resources rather than those in network stacks.
In order to avoid detection and mitigation, they are using evasive techniques, which can prove highly destructive.
The key findings of the survey include:
More than 90% organizations reported they had experienced cyber attacks in 2015.
Education and Hosting industries moved from “Medium” to “High” risk, indicating that they are likely to experience more DoS/DDoS and other cyber-attacks and at a higher frequency.
While over 60% indicated being well prepared to safeguard against unauthorized access and worm and virus damage, the same proportion of respondents indicated somewhat not prepared against advanced persistent threats (APT) and information theft.
There is an increase in adoption of Hybrid Solutions that integrate cloud-based protection with on premise protection.
In 2015, 41% of survey participants indicated utilizing a hybrid solution.
In 2014, just 21% said the same.
While reputation loss was still the biggest business concern after a cyber-attack, the percentage citing it as such decreased significantly from 47% in 2014 to 26% in 2105.
More respondents are concerned about customer loss or service availability.
There’s been a significant growth in ransom as motivation for attackers, which increased from 16% in 2014 to 25% in 2015.
DDoS attacks continue to be the biggest threat for organizations as noted by almost half of the respondents, while unauthorized access follows as a close second.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d59819ee9f&e=20056c7556
32 Percent of Companies Don’t Evaluate Their Third Party Vendors
According to the results of a recent NAVEX Global survey of 321 professionals involved in third-party management, fully 32 percent of respondents don’t evaluate third parties at all before engaging with them, almost half of respondents have no dedicated budget for third party risk management, and 11 percent of respondents don’t even know how many third parties they manage.
Survey respondents said their top three concerns about third parties include bribery and corruption (39 percent), fraud (23 percent), and conflicts of interest (19 percent).
When asked to identify top objectives for their third party risk management programs, 90 percent said their key aim was to “protect our organization from risk and damage,” followed by “comply with laws and regulations” (82 percent), and to “meet legal and regulatory requirements” (71 percent).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2fc76ae227&e=20056c7556
W3C launches effort to replace passwords
The World Wide Web Consortium (W3C) is launching a new standards effort in web authentication that aims to offer a more secure and flexible alternative to password-based logins on the Web.
W3C’s new web authentication work, based upon the member submission of FIDO 2.0 Web APIs from the FIDO Alliance, will enable the use of strong cryptographic operations in place of password exchange.
The WebCrypto API provides a Javascript API to a standard suite of cryptographic operations across browsers.
Work in WebAppSec includes improvements to the HTTPS experience and updates to Content Security Policy, enabling application authors to set policy for what active content is permitted to run on their sites, protecting them against injection of unwanted or malicious code.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4cad0252cd&e=20056c7556
DHS releases guidelines for CISA-sanctioned cybersecurity information sharing
The US Department of Homeland Security has published guidelines on how the private sector and federal entities can share cyber threat indicators (CTIs) with the US federal government.
Among other things, CISA allows companies to share information (CTIs, defensive measures) about cyber attacks they suffered with government agencies, without having to worry about getting sued by users for breach of privacy.
The sharing will be executed through the Department’s Automated Indicator Sharing (AIS) initiative, and will result in the its National Cybersecurity and Communications Integration Center (NCCIC) receiving CTIs from the various entities, anonymizing them, and disseminating them to some or all of the above mentioned federal, non-federal and private sector entities.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f470788163&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=9b3725f1c6)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)