[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
I had a request to change the format of the date in the Subject line to make it easier to sort. So I made the change.
* IBM & Ponemon Institute Study: Data Breach Costs Rising, Now $4 million per Incident
* Block malware, ransomware, and phishing with 5 layers
* Hack the hackers: Eavesdrop for intel on emerging threats
* JTB hack underscores need for revamp of cybersecurity in Japan
* India Inc scrambles to check cybercrime
* Small firms unfairly carry the cost of cyber crime, says the FSB [UK]
* A UK council hit by ransomware 13 times in a year
* NATO formally recognises the importance of cyber warfare; agrees to classify cyber space as an ‘operational domain’
* Preliminary Agreement Reached On Airline Cybersecurity
* Securing Utilities Against Malware
* The Top 7 AWS Security Issues: What You Need to Know
* pxGrid Keeps Growing
* Cyber attack damages cost 10-20x more than expected: Deloitte
* FireEye Releases First Mandiant M-Trends EMEA Report
* Gartner Predicts Top Ten InfoSec Technologies
* RSA Research: 75% of Organizations are at Significant Risk of Cyber Incidents
* 5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead
* New eBook from AccessData Helps CIOs and CISOs Plan Technology Portfolios to Meet Changing Demands
IBM & Ponemon Institute Study: Data Breach Costs Rising, Now $4 million per Incident
ARMONK, N.Y. – 15 Jun 2016: IBM Security (NYSE: IBM) today announced the results of a global study analyzing the financial impact of data breaches to a company’s bottom line.
Sponsored by IBM and conducted by the Ponemon Institute, the study found that the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013.
Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014.1 As these threats become more complex, the cost to companies continues to rise.
In fact, the study2 found that companies lose $158 per compromised record.
Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.
According to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – saving companies nearly $400,000 on average (or $16 per record).
In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach.2 Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don’t have incident response plans in place.3
The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve.
While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million).
The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.
The study found that companies that had predefined Business Continuity Management (BCM) processes in place found and contained breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM. 4
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0fc724dc86&e=20056c7556
Block malware, ransomware, and phishing with 5 layers
At InfoSec plenty of solutions were proffered to blunt such attacks, from point products to suites.
It became clear that there are five key layers needed to defend your company from such attacks.
1- Email security gateway
2- DNS security
3- Endpoint protection
4- User behavior analytics
5- Phishing testing and training
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5aba66167d&e=20056c7556
Hack the hackers: Eavesdrop for intel on emerging threats
Given their increasingly large attack surfaces, most organizations tie their vulnerability management cycle to vendor announcements.
But initial disclosure of security vulnerabilities doesn’t always come from vendors, and waiting for official announcements can put you days, or even weeks, behind attackers, who discuss and share tutorials within hours of a vulnerability becoming known.
“Online chatter typically [begins] within 24 to 48 hours of the initial public disclosure,” says Levi Gundert, vice president of threat intelligence at Recorded Future, citing the firm’s in-depth analysis of discussions on foreign-language forums.
Vendor advisories, blog posts, mailing list messages, Homeland Security CERT alerts — defenders aren’t the only ones reading these announcements.
Knowing what piques attackers’ interest — and how they plan to exploit holes before vendors can respond — is a great way to get a jump on the next wave of attacks.
One reason why attackers get such a big jump on vendors and security pros is the vulnerability announcement process itself.
Vendor announcements are typically tied to when a security flaw gets a Common Vulnerability and Exposures (CVE) identifier.
The CVE system is maintained by MITRE Corp., a nonprofit that acts as a central repository for publicly known information security vulnerabilities.
When someone finds a security vulnerability — whether it’s the application owner, a researcher, or a third-party entity acting as a broker — MITRE receives a request for a new CVE.
In cases where the initial disclosure does not come from vendors, such as with the Java object serialization flaw, attackers have a head start over defenders still waiting for the CVE to be assigned.
This time difference is critical.
But lately, the CVE system itself has become a bottleneck.
Another issue is that not all vulnerabilities get assigned CVEs, such as web applications that are updated at the server and require no customer interaction.
As a threat intelligence company, Recorded Future wants enterprises to use its platform to listen for the threat chatter on forums — English-speaking or foreign language — but there are other options.
Organizations can select a handful of forums, IRC channels, and other online sources to monitor discussions.
Remote code execution flaws tend to trigger online chatter almost immediately.
Local exploits, those that require the attacker to somehow gain a foothold on the device first, appear to not generate as much chatter.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6e5c60d1f5&e=20056c7556
JTB hack underscores need for revamp of cybersecurity in Japan
A massive data breach at Japan’s largest travel agency has underscored the risks companies face when they keep sensitive data on networks connected to the internet, experts say.
Some warn government systems are especially vulnerable to state-sponsored attack, including by China and North Korea.
JTB Corp. said Tuesday hackers may have obtained the passport details and other records of 7.93 million customers after a subsidiary’s server was hacked in April.
Investigative sources in the JTB case told Kyodo News on Thursday the breach began when a worker opened a virus-infected email attachment that purported to be a booking request sent by All Nippon Airways Co.
“Japan faces unique threats coming from North Korea and China, which usually would only target Europe for industrial espionage, but which have cultural or historical reasons to target Japan for more complex attacks,” he said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6190334108&e=20056c7556
India Inc scrambles to check cybercrime
MUMBAI: Boards of directors across India Inc are increasingly concerned about the growing menace of cybercrime.
Loss of funds is just one facet, as theft of sensitive information is perceived to be more damaging in the long run.
/articleshow/52775501.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
In PwC-India’s latest survey, 61 per cent of the 480 respondents mentioned that boards were actively involved in cyber security issues, against a global average of 41 per cent.
Several companies are putting in place holistic processes to mitigate cyber security threats and cyber liability insurance is gaining traction.
“With emergence of new threats such as ransomware (a malware which prevents users from accessing their system till a ransom is paid), companies across sectors, including banks, retailers and IT, are showing an interest in our new product -a cyber liability insurance cover (which also covers cyber extortion),” he says.
Another product, crime insurance policy , has seen 30 per cent growth in customer interest over the past few years.
This policy covers internal and external crime, including fraudulent fund transfers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e3cd774e8e&e=20056c7556
Small firms unfairly carry the cost of cyber crime, says the FSB [UK]
A new report from the Federation of Small Businesses (FSB) has found that small firms are unfairly carrying the cost of cyber crime in an increasingly vulnerable digital economy.
The report, ‘Cyber Resilience: How to protect small firms in the digital economy,’ suggests smaller firms are collectively attacked seven million times per year, costing the UK economy an estimated £5.26 billion.
Despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cyber crime in the last two years.
Over that period, those affected have been victims on four occasions on average, costing each business almost £3000 in total.
Cyber crime costs small businesses disproportionately more than big businesses when adjusted for organisational size.
Currently the responsibility largely falls on small businesses to protect themselves.
FSB is calling for more support to be given to those smaller firms least able to bear the burden of the increasing global cyber threat.
Almost all (99%) of the UK’s 5.4 million small firms rate the internet as being highly important to their business, with two in three (66%) offering, or planning to offer, goods and services online.
Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases, close them down.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d9edef8253&e=20056c7556
A UK council hit by ransomware 13 times in a year
At least 30 per cent of UK’s councils were victims of a ransomware attack, a new report by endpoint security software company Avecto says.
The report, based on a freedom of information (FOI) request towards the councils, says 46 councils were asked if they had been targeted by a ransomware attack in the past year.
Thirty per cent answered affirmative (13 councils), with one council saying it suffered 13 attacks in 2015.
Nine councils withheld information and 14 per cent failed to answer. “The true figures could be even higher,” the company said in a press release.
Almost two thirds, however, (65 per cent) said they had not paid any ransom to the attackers, while 35 per cent did not disclose this information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b117152641&e=20056c7556
NATO formally recognises the importance of cyber warfare; agrees to classify cyber space as an ‘operational domain’
Speaking after the summit NATO Secretary-General Jens Stoltenberg said that treating cyber as an operational domain would enable NATO to better protect its missions and operations.
“NATO as an organization does not have or does not develop offensive cyber capabilities,” explained Stoltenberg, “but what we are doing is that we are both enhancing our capabilities when it comes to defending our own networks, our own systems, and we help nations develop their capabilities to defend their networks.
At our summit in Wales in 2014 we decided to make clear that a cyber attack can trigger Article 5, meaning that a cyber attack can trigger collective defence of the whole alliance because we regard cyber attacks as something that can be as devastating as a conventional attack. [Now] we have taken a step further and that is to recognize cyber as an operational domain, so we have air, land, sea and cyber as operational domains inside NATO and that will further strengthen our cyber capabilities and capacities.”
NATO has a fundamental challenge in the cyber domain: The idea of NATO is a collective capability for defense, which, when any one member is attacked, can trigger the appropriate defensive military action.
In cyber, NATO has none.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b92ad2d39f&e=20056c7556
Preliminary Agreement Reached On Airline Cybersecurity
A team comprising government and aviation experts has arrived at a preliminary agreement on proposals to improve cybersecurity in the airline industry, reports The Wall Street Journal (WSJ) quoting people close to the matter.
Recommendations are expected to include installing alert systems in cockpits to warn against compromise of critical safety networks.
The panel, formed by the U.S.
Federal Aviation Administration (FAA) to protect the aviation industry from hacks, started work last summer with more than 36 members and observers including air safety regulators and aviation experts.
It will submit its report with only generic recommendations to the FAA in August, but converting it into technical standards and implementation will take time, reports WSJ, citing sources.
The report is likely to be the most comprehensive one in the aviation industry’s fight against cyber attacks.
They are expected to recommend a broad package of future cyber protection and increased air-worthiness requirements applying to both new and existing aircraft, including tighter restrictions on maintenance computers and electronic flight bags.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=108ae272c1&e=20056c7556
Securing Utilities Against Malware
Securing utilities against cyber-attacks and malware in particular is not an easy task
The World Energy Council recently warned that one of the top threats facing the energy sector, is Malware and securing utilities against malware attacks is of critical importance.
The utility sector is a compelling target for almost every type of hacker, since it offers multiple points of attack – data, money, access to critical infrastructure, etc. – which can suite several attacks.
Utilities are also more vulnerable because of their size – sprawling office networks, industrial control systems, customer service portals and payments systems.
Also the inherently weak left flank – the ICS environment.
There are four specific categories that utility operators should anticipate:
* Backdoor malware, * Banking Trojans, *Ransomware and *Wipers.
In securing utilities, what is most important for utility operators to realize is that advanced malware defense is comprised of two equal parts: prevention and post-infection damage control.
Given the growing sophistication of malware and the groups using it, utilities should not bet on being able to block these infections every time.
Network monitoring and testing are critical.
Utilities should use a combination of intrusion detection and prevention systems (IDS/IPS), security information and event management (SIEM) and exfiltration monitoring to catch potential malware infections or other network breaches.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=65b908430a&e=20056c7556
The Top 7 AWS Security Issues: What You Need to Know
Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, companies are still learning about best practices for security in the cloud.
We’ve spoken to many of our own customers and associates across the security industry to identify the most common challenges when it comes to AWS security, as well as some of the ways they are rising to meet them.
1 Prioritizing a Security Strategy Ahead of Controls and Tools
2 Overcoming the Lack of Security Visibility in the Cloud
— To achieve better visibility on AWS, follow these three best practices:
— Take an inside-out perspective
— Go beyond logs
Protect against the insider threat
3 Improving Confidence in Cloud Provider Security
4 Defining Who is Liable
5 Understanding Why Attackers are Attracted to the Cloud
6 Defending Against Curious Onlookers in Multi-Tenant Infrastructures
7 Addressing Compliance Regulations From the Get-Go
Your AWS Mantra: Trust, But Verify
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a6182f626&e=20056c7556
pxGrid Keeps Growing
Cisco pxGrid reduces the complexity and fragmentation you get with security products that don’t interoperate, and allows you to get more value from the tools you especially need to keep your company safe.
With pxGrid you can automate the sharing of telemetry and even automate the containment of threats without sneakernet (I can’t believe I used that, but you get the idea).
Plus you can suck-in identity information from the Identity Services Engine and turn a misbehaving IP address into a real thing: a person, their BYOD type, at a certain location, and access time.
Check out the new partners (notice the cutting-edge companies that are adopting pxGrid?)
netskope-pxgridNetskope™ the cloud access security broker (CASB) enables IT to protect data and ensure compliance across cloud apps so businesses can move fast, with confidence.
fortscale-pxgridFortScale finds insider threats with intelligent rule-free UEBA that’s quick to set up, low false-positive and easy to scale.*
niara-pxgridNiara provides machine learning-based analytics for automatic cyber-attack detection on the inside, and integrated forensics for easy access to the context needed to investigate actionable events.
attivo-pxgridAttivo Networks Deception Platform integrates with the Cisco ISE using pxGrid to automatically block attacks that have been detected by the Attivo BOTsink engagement server, expediting incident response and safeguarding networks.
intelliIntelliment allows enterprises to automate network security policy management in order to help them better handle security at scale and to automatically respond to network threats via the ISE integration.
lemonfish-pxgridLemonFish provides advanced discovery and high-end threat analytics by scouring the deep and dark web to determine if sensitive data has been leaked from the organization, to quickly reduce risk and shorten the time to mitigate.
qualys-pxgridQualys supports the new Threat Centric NAC feature to dynamically change user permissions based on the changing threat ratings of a device.*
redshift-pxgridRedShift Networks is a leader in securing Cloud based VoIP networks and provides the industry’s first complete security solutions developed for Unified Communications (UC), VOIP and Video.
threattrack-pxgridThreatTrack empowers cybersecurity teams to quickly identify and disrupt active cyberattacks by correlating discovered malware with anomalous network behavior to reveal malicious intent, the malware infections and lateral movement that indicate a breach or attack is in progress.
trapx-pxgridTrapX DeceptionGrid deploys camouflaged traps that uniquely emulate endpoints, servers, Cisco Switches, VoIP, SCADA and IOT devices to deceive, detect and then defeat insider threats.
TrapX DeceptionGrid integrates with Cisco pxGrid to support rapid network mitigation actions through Cisco ISE for high-severity threats.
Situational provides integrated security for identity, mobility, and information protection.
lumeta-pxgridLumeta delivers real-time, authoritative network visibility for simplified breach detection.
ibm-pxgridIBM: IBM Security QRadar SIEM integrates with AnyConnect NVM to form a solution that combines leadership IBM Security Intelligence capabilities with valuable contextual information about users, identities, privilege levels, and device types including mobile and BYOD.*
liveaction-pxgridLive Action integration with Cisco ISE allows Live Action to manage user information and give administrators deep visibility in performance and availability of network devices.*
Splunk: combining Splunk software with Cisco ISE provides analysts with the context they need to quickly assess and respond to network and security events in Cisco network environments.*
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=303b21d5c1&e=20056c7556
Cyber attack damages cost 10-20x more than expected: Deloitte
“This report – the first accurate picture of the impact of cyberattacks – is truly unprecedented,” said Emily Mossburg,co-author of the report and resilient practice leader for Deloitte Advisory.
Given the picture this provides on the potential impact of a cyberattack to an organization, implementation of a business aligned cyber risk program is critical.
“Our report highlights the need for organizations to focus on securing their environment (including their critical information and data); being vigilant in monitoring for threats and attacks to quickly identify potential incidents; and to be resilient, quickly responding and recovering in the face of attack,” she said. “The 14 impact factors identified include those things that are well known and frequently discussed (such as technical investigation, customer breach notification, and legal fees) but also includes those financial valuation elements that to date have not been part of the dialogue (devaluation of trade name, loss of intellectual property and lost value of customer relationships).”
Hidden costs include increases to insurance premiums, increased costs to raise debt, operational disruption/destruction, lost value of customer relationships, lost contract revenue, the devaluation of the trade name and the loss of intellectual property.
These hidden costs regularly equate to at least 20 times the more visible costs.
That means that businesses may be improperly budgeting cyber-security, as their calculation of the ratio of the budget for security and potential cost in the incidence of a cyber attack is far removed from reality.
The report details a cyber attack and impending costs of two separate businesses, one a U.S.-based health insurer, the other a U.S. technology manufacturer.
Examining these scenarios, Deloitte illustrates how responses, attack objectives and differing industries impact the damage of a cyber attack, but that impact extends further than generally considered.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a7b945d7ff&e=20056c7556
FireEye Releases First Mandiant M-Trends EMEA Report
Some of the key findings include:
– Organizations in EMEA took three times longer to detect a compromise
– EMEA businesses can’t rely on local agencies to receive a notification of compromise
– Many organisations in EMEA were re-compromised within months of an initial breach
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dcd8cf403b&e=20056c7556
Gartner Predicts Top Ten InfoSec Technologies
So Gartner’s top ten technologies for information security are as follows:
– Cloud Access Security Brokers
– Endpoint Detection and Response
– Non-Signature Approaches for Endpoint Prevention
– User and Entity Behavioral Analytics
– Micro-Segmentation and Flow Visibility
– Security Testing for DevOps
– Intelligence-Driven Security Operations Center Orchestration Solutions
– Remote Browser
– Deception
– Pervasive Trust Services
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ef1fd6a7e1&e=20056c7556
RSA Research: 75% of Organizations are at Significant Risk of Cyber Incidents
– For the second straight year, 75% of survey respondents have a significant cybersecurity risk exposure
– Organizations that report more business-impacting security incidents are 65% more likely to have advanced cyber maturity capabilities
– Half of those surveyed assess their incident response capabilities as either “ad hoc” or “nonexistent”
– Less mature Organizations continue to mistakenly implement more perimeter technologies as a stop gap measure to prevent incidents from occurring
– Government and Energy ranked lowest among industries in cyber preparedness
– American entities continue to rank themselves behind both APJ and EMEA in overall cyber maturity
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=697b10ed20&e=20056c7556
5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead
For Class of 2016 graduates seeking career paths in this burgeoning field, professional success starts with making sure your skills stand out among the competition.
Mastering identity management and device encryption techniques are table stakes for landing a cybersecurity job today.
Though technical chops are prerequisites, it’s the soft skills – including communication and a knack for problem-solving – that will differentiate candidates from the pack.
Here are five in-demand soft skills aspiring cybersecurity gurus need to get ahead:
Skill #1: Strong research and writing instincts
Skill #2: A teacher’s disposition
Skill #3: Collaboration
Skill #4: Consultative thinking
Skill #5: A passion for learning
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0fa2bcddbf&e=20056c7556
New eBook from AccessData Helps CIOs and CISOs Plan Technology Portfolios to Meet Changing Demands
LINDON, Utah, June 16, 2016 (GLOBE NEWSWIRE) — AccessData Group, a leading provider of integrated digital forensics and e-Discovery software, has published a free guide to help corporate information technology executives with strategic technology planning that addresses the needs of legal, compliance, human resources and investigative teams across the organization.
AccessData’s CIO & CISO Guide to Digital Discovery Technology Planning was written for corporate Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs), who must plan technology purchases to meet a wide swath of corporate purposes and users.
The guide is available as a free eBook and can be downloaded by clicking here.
There are five key sections in the eBook:
– Data Security
– Incident Response
– Regulatory Compliance
– Internal Investigations
– E-Discovery
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f39e44e203&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage2.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=92cb9f5bde)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)