[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
And so, now the news
* Telcos not responsible for monitoring piracy – Milan court
* Site Security: Background Checks
* Machine Learning for Risk Management
* New MobileIron report details most common mobile threats and blacklisted apps
* Famed hacker Mudge creates new ratings system for software
* Cyber security slated to become standalone practice area [Law]
* MasterCard workers go “phishing” for malware
* The CISO Insomniac: What’s Keeping Them Awake at Night?
* HR Heads to the Front Line as Cybercrime Combatants
* The True Cost of Cybercrime in Brazil
* ‘BSides’ Las Vegas Offers Fresh Cybersecurity Insights from Industry Leaders
Telcos not responsible for monitoring piracy – Milan court
A Milan court has rejected a request from Mediaset that telecommunications operators be required to monitor sites that illegally stream live football broadcasts, according to a statement from industry group Asstel.
Mediaset had requested that Internet Service Providers (ISPs) be ordered to take down the calcion.at site and all links thereto, accusing the site of hosting streams to football matches for which it owns the exclusive rights, but the court issued a decision on 28 July confirming that operators weren’t responsible for the conduct of third parties.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9190f5d6dd&e=20056c7556
Site Security: Background Checks
If you require your vendors, including staffing agencies to conduct background checks, it’s imperative that you do not leave it to them to define what a thorough background check entails.
Similar to screening your own employees, the background screening package should be tailored to each position.
For example if driving a vehicle is required, then it is important to discover if they have a valid driver’s license as well as examine their driving record.
If a degree or professional license is required, you will want to verify these credentials.
In the case of a professional license you may also be able to search for sanctions or other disciplinary actions imposed by the agency issuing the license.
It is also important to define what information found in a background check is grounds for disqualification and who is responsible for making that decision.
Since the Equal Employment Opportunity Commission (EEOC) strongly discourages bright line policies such as, “a felony conviction within the past five, or even 10, years is an automatic disqualifier,” you’ll need a mechanism that allows the candidate to provide additional details and extenuating circumstances about the information in the background check report.
More importantly, you don’t want to leave it to a junior level recruiter at a staffing agency whose commission is dependent on placing workers at an organization.
Employers have a duty to provide a safe environment for their employees, and that includes exercising reasonable care when hiring new employees.
As more employers come to recognize this, those whose criminal records would preclude them from being hired at such organizations will naturally gravitate to employers who do no background checks or whose screening is less than thorough.
This may often be the case at staffing agencies that provide temporary or contract workers, unless you, their client contractually require a compressive background check and periodically check to make sure it is being done to your standards.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bc6cca8182&e=20056c7556
Machine Learning for Risk Management
It all started as a normal day for David and John (not their real names).
Out of the blue, the Audit and Compliance team called them, seeking clarifications about some of their recent trades.
Shortly afterward, David and John realised they had just become more victims of the rise of the machines.
Both traders had engaged in inappropriate behaviours.
David had favoured a single counterparty at the expense of his employer but this had been cloaked by a complex trading pattern.
John, on the other hand, had built a position with an unauthorised risk profile and camouflaged this through after-hours orders and inappropriate communications with other traders.
For months, both individuals had been able to evade detection but the bank had just implemented a new system of behavioural analysis based on artificial intelligence.
They got caught.
This tool now gives the bank the ability to process massive amounts of structured and unstructured data from multiple sources to reveal trends and detect deviations from expected behaviour, incorporating data-driven rules that learn and adapt to changes in the environment.
This solution includes extensive business logic to review multiple trading activities.
It also mines and analyses chat-logs and news.
Within days of system deployment, David and John were identified.
The benefits of predictive analytics and machine learning are not limited to the detection of rogue trading.
Take credit risk management, for example.
Traditional systems focus mainly on borrowers financials with limited assessment of their business dependencies and networks.
Assessments are conducted based on events such as user-initiated loan applications and regular annual reviews.
The process is labour intensive and critically depends on the heuristics of individual judgements.
Machine learning technology can leverage on a range of different sources of information such as company financials, transactions, real-time market information, business networks and news.
There is an emerging recognition in the financial services sector that leveraging advanced technologies, such as artificial intelligence and machine learning, is the key to deriving real value from big data infrastructure.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4a14e2bc19&e=20056c7556
New MobileIron report details most common mobile threats and blacklisted apps
The report listed five threats that had either emerged, or gotten worse, over the last few months:
– Android GMBot – A spyware, usually from third-party app stores, that tries to trick users into giving up their bank credentials.
– AceDeceiver iOS malware – Malware that works to steal a user’s Apple ID.
– SideStepper iOS vulnerability – A technique that works in between the MDM server and a device to install unapproved applications.
– High-severity OpenSSL issues – Two OpenSSL flaws that can either decrypt traffic or corrupt memory.
– Marcher Android malware – A malware that pretends to be a bank website in hopes that users will give up their login credentials.
Despite these new and growing threats, security practices remain largely unchanged, meaning that many organizations are risking these threats becoming real problems.
In addition to the aforementioned lack of app reputation software or enforcing of OS updates, 40% of companies had missing or unaccounted for devices, and 27% of companies had out-of-date policies.
Both of these numbers had risen since the end of 2015.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=baf9927f95&e=20056c7556
Famed hacker Mudge creates new ratings system for software
Peiter Zatko, known in the hacker world as Mudge, and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a ‘Consumer Reports’-style rating system for software. — Reuters picPeiter Zatko, known in the hacker world as Mudge, and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a ‘Consumer Reports’-style rating system for software. — Reuters picSAN FRANCISCO, Aug 3 — A famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes is now going after the computer software industry, whose standard practices all but guarantee that most products will be vulnerable to cyber attacks.
Now Zatko and his wife, former National Security Agency mathematician Sarah Zatko, are developing what amounts to a Consumer Reports-style rating system for software.
The initiative, if it catches on, could lead to major changes in the business practices of some of the world’s largest software companies.
It could also, he says, help deliver something that decades of the free market, the open-source movement, government commissions and well-paid lawyers have not: software that is consistently secure, or at least very expensive to compromise.
Among the preliminary findings: on Apple’s Macintosh computers, Google’s Chrome web browser is significantly harder to attack than Apple’s Safari, which in turn is much more secure than Firefox.
Many Microsoft products have scored quite well so far, but its Office suite for Mac did terribly.
The Zatkos’ system, which they have licensed in perpetuity to a new nonprofit, is a radical attempt to solve a problem that has vexed software customers for decades: There is no unbiased, consistent method for rating the security of programs.
The new approach shows the critical role played by compilers, which turn source code to binary.
Major strides have been made in preventing compiler flaws, but many vulnerabilities remain.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5e77ee02ef&e=20056c7556
Cyber security slated to become standalone practice area [Law]
The rapidly increasing level and complexity of cyber security work conducted by lawyers, coupled with the introduction of mandatory data breach notification, could see cyber security become a standalone practice area, according to a global firm partner.
Jones Day has recently established a standalone cyber security, privacy and data protection practice group, with partners in the US and in Europe solely dedicated to this area.
For a long time, privacy law in Australia has been focused on the Australian Privacy Principles and their predecessor, the National Privacy Principles, meaning a lot of legal work around privacy was relatively simple, according to Mr Salter.
“With the development of technology and the enhanced use of technology in all manners of business, and the concerns about hacking of personal information, cyber security is becoming much more of an issue with clients who are concerned about liability, not only to end-user consumers but also in the context of breaching contracts with customers.”
“The thing that hasn’t really hit Australia – it has certainly hit the US and I think it will come here – is the litigation arising out of data breaches, and the reason for that is there will now be a trigger for people to put their hands up and say, ‘We have had a serious data breach’,” he said.
Another factor that may contribute to the increase of cyber security-related work is the introduction of mandatory data breach notification legislation in Australia.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a5abe5358d&e=20056c7556
MasterCard workers go “phishing” for malware
MasterCard CSO Ron Green touted his company’s latest effort to fight malware as not only being successful, but saying it also helps keep up employee moral by giving everyone a reason to keep an eye out for malicious acts.
Green told SCMagazine.com in an exclusive interview at Black Hat that MasterCard wanted to come up with a way to not only spot the malware, but make everyone feel as if they are playing an important role in keeping the company safe.
The answer, he said, was to hold quarterly phishing tourneys where each employee who spotted a malicious email would get credit.
More points are gained for digging out a piece of malware and fewer for finding general spam.
Prizes range from goofy gifts to a monetary payout for those who find the most malware.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b161df6fc2&e=20056c7556
The CISO Insomniac: What’s Keeping Them Awake at Night?
There has never been a tougher time to be a Chief Information Security Officer (CISO).
Regulatory changes across the EU have led to the introduction of much more stringent controls on how businesses should manage the customer data they collect.
Any organization that suffers a data breach will be subject to a far larger financial penalty than before – something that no CISO wants to preside over.
New Regulation, New Concerns
The GDPR specifies fines of up to 4% of an institution’s revenue per data breach.
So with fines jumping to millions, potentially billions, of pounds for a single hack, many CISOs will endure sleepless nights getting the right security measures in place.
The Bad Guys are Moving Faster than the Defenses
CISOs must also contend with the fact that the cyber attackers targeting western institutions always seem to be one step ahead.
It’s Not All Doom and Gloom
These might sound like insurmountable odds and some CISOs may be resigning themselves to never sleeping again in the face of such worry, but there is hope.
There are things that can be done to combat almost any threat.
The good news is that, with the GDPR and the general awareness of cybersecurity risks growing, senior executives outside of IT are starting to take the threat seriously.
So CISOs should be able to sleep better at night knowing that, at the very least, their concerns are shared.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=61edcc721c&e=20056c7556
HR Heads to the Front Line as Cybercrime Combatants
In the war against cybercrime, human resource professionals are being asked to join their companies’ cyberdefense as “boots on the ground,” at the front lines.
The reason: HR is home to valuable personal and corporate data, systems and processes that cybercriminals target day in, day out.
Whereas IT and other technology specialists work daily with the thought of protecting corporate networks, in today’s cyber risk-laden world, HR professionals, despite their limited technical expertise, must work to protect sensitive data and operate in ways that mitigate the potential for attacks by technologically proficient cybercriminals.
In a recent worldwide survey of 1,100 senior IT security executives by Vormetric, 85 percent revealed they keep sensitive data in the cloud and 70 percent admitted they are very concerned about the security of the data in this environment.
So far this year, a record amount of personal information was stolen from W-2s and used to file fraudulent tax returns.
Despite the increased vulnerability of HR systems, many HR professionals still view themselves in the traditional role of workforce management, choosing to leave cyber risk management to other departments, notably IT.
According to a recent IBM security study released this year, 57 percent of chief human resources officers globally have rolled out employee training that addresses cybersecurity.
However, the respondents’ positive percentages dropped noticeably when asked if they provided cybersecurity training that included measurable, results-based outputs, or if there was reinforcement throughout the year that provided more than a once a year cybersecurity training.
The IBM report urged key executives in human resources, finance and marketing departments to be more proactive in security decisions, coordinate plans internally and to be more engaged in cybersecurity strategy and execution with the C-suite and IT.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6618a78072&e=20056c7556
The True Cost of Cybercrime in Brazil
In the war against cybercrime, human resource professionals are being asked to join their companies’ cyberdefense as “boots on the ground,” at the front lines.
The reason: HR is home to valuable personal and corporate data, systems and processes that cybercriminals target day in, day out.
Whereas IT and other technology specialists work daily with the thought of protecting corporate networks, in today’s cyber risk-laden world, HR professionals, despite their limited technical expertise, must work to protect sensitive data and operate in ways that mitigate the potential for attacks by technologically proficient cybercriminals.
In a recent worldwide survey of 1,100 senior IT security executives by Vormetric, 85 percent revealed they keep sensitive data in the cloud and 70 percent admitted they are very concerned about the security of the data in this environment.
So far this year, a record amount of personal information was stolen from W-2s and used to file fraudulent tax returns.
Despite the increased vulnerability of HR systems, many HR professionals still view themselves in the traditional role of workforce management, choosing to leave cyber risk management to other departments, notably IT.
According to a recent IBM security study released this year, 57 percent of chief human resources officers globally have rolled out employee training that addresses cybersecurity.
However, the respondents’ positive percentages dropped noticeably when asked if they provided cybersecurity training that included measurable, results-based outputs, or if there was reinforcement throughout the year that provided more than a once a year cybersecurity training.
The IBM report urged key executives in human resources, finance and marketing departments to be more proactive in security decisions, coordinate plans internally and to be more engaged in cybersecurity strategy and execution with the C-suite and IT.
The cost of data breach report assessed post-breach costs incurred by 33 Brazilian companies in 12 different industry sectors.
The research revealed that the average per capita cost of a data breach (per capita cost and cost per compromised record have equivalent meaning in this report) increased significantly, from R$175 (Brazilian Real) to R$225.
The total organizational cost of data breach increased from R$3.96 million to R$4.31 million, according to the report.
Some sectors saw a steeper rise in costs than others.
Specifically, services, energy and financial services had a per capita data breach cost substantially above the overall mean of R$225, with services topping out at R$398.
Meanwhile, public sector, transportation and consumer companies had a per capita cost well below the overall mean value.
The report broke down root cause of data breach into three main categories: malicious or criminal attack, system glitch and human error.
Although a system glitch could have been ultimately connected to a human error, the report looked at whether an individual was directly connected to the breach.
Malicious incidents are not only more common, but they’re also more costly.
The per capita cost of data loss caused by a malicious incident was R$256.
System glitches had an average per capita cost of R$211 and human error was R$200.
As shown in the graphic below, having an incident response plan, using encryption, involving the BCM team, and implementing employee training and threat sharing can significantly decrease the per capita cost of a data breach.
Availability of an incident response team, for example, reduced the average cost of data breach from R$225 to R$192.4 (decreased cost = R$32.6).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d71285f95f&e=20056c7556
‘BSides’ Las Vegas Offers Fresh Cybersecurity Insights from Industry Leaders
BSides Keynote Speaker Dr.Lorrie Cranor Discusses Misconceptions in Password Security
The conference kicked off with an outstanding keynote speaker, Dr. Lorrie Cranor, Chief Technologist of the U.S.
Federal Trade Commission.
She discussed a report by the University of North Carolina that studied 10,000 defunct accounts.
The study found that people apply changes in predictable ways, making it easier for UNC to determine future passwords using an algorithm.
Expert Haydn Johnson Talks about Organizational Confusion with Information Security
Johnson described concerns about how to modify scanning tools to keep up with new security vulnerabilities.
He advised that information security companies should differentiate themselves from their competition in the future by providing much-needed education to customers about business risks and the impact of security vulnerabilities.
Cybersecurity Research Expert Keren Elazari Calls for Better Computer Software Content Identification
Elazari discussed why security research matters for the coming decades and emphasized that third-party computer software needs to be better identified to determine potential vulnerabilities.
She drew a startling comparison—while candy bar labels are required to list all of their ingredients, software has no labels that explain elements of the software code.
BSides Conference Showcases Information Security Nonprofits
One of the interesting tables on display at BSides was The Open Web Application Security Project (OWASP), a nonprofit focused on improving the security of software.
Their mission is to make software security visible, so that individuals and organizations are able to make informed decisions.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=17256c8b7f&e=20056c7556
* Best practices in cyber vulnerability assessment
* Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
* Will Faster Payments Mean Faster Fraud?
* Accenture : Data theft, malware infection big threat to digital businesses
* Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
* 2016 Malware Levels Now Stand at Nearly Four Times 2015 Totals
* Twitter Hacking and Social Media’s Risk to Executive Security
* Beyond Data: Why CISOs Must Pay Attention To Physical Security
* $2.7 Million HIPAA Penalty for Two Smaller Breaches
* Using compliance as a tool for change
* In the Breach War, File Protection Is Just as Important as Data
* Data security and breach notification in Finland
* ISO compliance in the cloud: Why should you care, and what do you need to know?
* Federal Privacy Commissioner Provides Submission on New Data Breach Notification and Reporting Regulations
* Breach notification reporting can be complicated without proper skills, tools
* Banks must do better on cyber security: KPMG
* Australia gets one-quarter of a minister for national infosec
* The Case for Continuous Security Monitoring
* Arbor Networks Releases Global DDoS Attack Data for 1H 2016
* 5 Best Practices for Outsourcing Cybersecurity
* Most CISOs and CIOs need better resources to mitigate threats
Best practices in cyber vulnerability assessment
Here are the best practices for cyber vulnerability assessment.
First and foremost you should have a very clear understanding of why you need a cyber vulnerability assessment.
Research other companies in your industry.
To know exactly which parts of your business structure need an assessment, you need to research your company’s processes with a focus on the systems that are critical to keeping your business running.
Once you’ve identified the systems that need an assessment, you should rank them according to both their importance to your overall business model and to the sensitivity of the information they contain.
Now that you know exactly which systems and software need an assessment and how they rank in terms of priority, you should make sure you’re aware of the security systems you already have in place.
f you’ve completely mapped out both your vulnerabilities and your already-in-place security, and your inter-departmental security task force is in agreement on what’s needed, you’re ready to perform your vulnerability scans.
f you did your homework on what you needed to assess and also on the vulnerability assessment tool you chose, then you should fully trust the results of your cyber vulnerability assessment and act on them.
Don’t wait.
Don’t second guess.
The assessment will produce recommendations for remediation that you should act on right now.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8b359bf211&e=20056c7556
Are Healthcare CISOs Suffering from Cybersecurity Solution Fatigue? An Expert Probes Some of the Issues
A recent Institute for Critical Infrastructure Technology report provided some intriguing thoughts about the pressure facing chief information security officers (CISOs) to keep their organizations secure and how they are combating information and vendor solution overload.
“Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO,” Scott writes.
In a recent report, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank, points out that a well-informed CISO can improve the engagement of the C-suite and improve the cyber posture of the organization.
While the report offers a cross-industry perspective of the CISO role and the challenge of vendor solution overload, the report author does spend moments focusing on healthcare organizations, specifically in a section detailing how CISOs can assess the return on investment of cybersecurity solutions.
The report provides an interesting perspective about the need for CISOs to ignore the hype surrounding “silver bullet” solutions in order find the most effective cybersecurity solutions and strategies for their particular organizations, but at the same time, the report author also highlights the part that the vendor community plays in this problem.
“In many cases, CISOs operate under the unrealistic expectation that they should be able to prevent every breach with a finite budget.
They are expected to have enough technical expertise to develop a strategy to protect the business and enough business acumen to convince the board to adopt that strategy because it aligns with the goals of the organization,” he writes.
And, he asserts that modern CISOs tend to function more as Chief Information Risk Officers, managing the risk to data and technology.
According to the ICIT report, there is rapid burnout among CISOs, as the average turnover rate is 17 months.
“Vendor attempts to offer silver bullet solutions undermine the community at large and poisons the vendor-customer relationship.
The culture promoting these inadequate solutions distracts CISOs, technical personnel and solution developers from the risks and threats in the threat landscape and it distracts them from designing the right solutions to address the market needs.”
In the report, the author offers strategic recommendations for calculating a cybersecurity solution’s ROI and uses a healthcare organization as an example.
The ROI of security solutions can be equated to the fiscal component of the impact that the organization would assume if an adversary exploited the vulnerability that the solution addresses, the author writes.
The report concludes with statistics sourced from the Economist Intelligence Unit that indicates proactive CISO-led strategies can cut the success rate of cyber-breaches by more than 50 percent, hacking successes by 60 percent and ransomware infections by 47 percent.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7d8b2626d2&e=20056c7556
Will Faster Payments Mean Faster Fraud?
Crowe contends that to ensure global payments interoperability, faster payments are a necessity.
The U.S. will soon be at a competitive disadvantage if it does not enable faster payments, she argues.
Parry says the most fundamental risk to payments is poor identity management.
And it’s a legitimate concern.
After all, poor identity management apparently enabled hackers to steal $81 million from the central bank of Bangladesh in February, as part of a fraudulent transaction that was approved by the Federal Reserve Bank of New York.
And in a real-time or near-real-time environment, once the money is gone, it’s gone.
Unlike in the United Kingdom, Australia and other economically advanced parts of the world, faster payments are not the norm in the U.S.
Crowe declined to touch the interchange issue. “Cost is not the No. 1 worry for the Fed when it comes to faster payments,” she noted during the summit.
The top concern, she says, is “a faster process that is still secure for business.”
The Secure Payments Task Force’s goals differ from the goals of the Faster Payments Task Force.
And the Secure Payments Task Force has identified four areas that must be addressed to ensure the ongoing security of the payments system in the U.S. going forward.
Faster payments will be part of that, but not all.”
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bdd7c9598c&e=20056c7556
Accenture : Data theft, malware infection big threat to digital businesses
The new report from Accenture and HfS Research say that 69 percent of respondents experienced an attempted or successful theft or corruption of data by insiders during the prior 12 months, with media and technology organizations reporting the highest rate (77 percent).
This insider risk will continue to be an issue, with security professionals’ concerns over insider theft of corporate information alone rising by nearly two-thirds over the coming 12 to 18 months.
The survey, “The State of Cyber security and Digital Trust 2016′”, was conducted by HfS Research on behalf of Accenture.
More than 200 C-level security executives and other IT professionals were polled across a range of geographies and vertical industry sectors.
The survey examined the current and future state of cyber security within the enterprise and the recommended steps to enable digital trust throughout the extended ecosystem.
The findings indicate that there are significant gaps between talent supply and demand, a disconnect between security teams and management expectations, and considerable disparity between budget needs and actual budget realities.
Despite having advanced technology solutions, nearly half of all respondents (48 percent) indicate they are either strongly or critically concerned about insider data theft and malware infections (42 percent) in the next 12 to 18 months.
When asked about current funding and staffing levels some42 percent of respondents said they need more budget for hiring cyber security professionals and for training.
More than half (54 percent) of respondents also indicated that their current employees are underprepared to prevent security breaches and the numbers are only slightly better when it comes to detecting (47 percent) and responding (45 percent) to incidents.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cbafeb002c&e=20056c7556
Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks
TORONTO–(BUSINESS WIRE)–Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study sponsored by BrandProtect.
Seventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise.
The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.
The report “Security Beyond the Traditional Perimeter,” sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks.
These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter.
Security professionals cited an acute