[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
And so, now the news
* Black Swans – Antifragile Network Design
* New investigative tool helps Kiwi businesses uncover cyber crime
* Ransomware attracts FTC attention
* HIT Think 4 signs you’re not prepared for cybersecurity threats
* Sage data breach highlights the risk of the insider threat
* ‘Mr. Robot’ Launches Text-Based Hacking Game to Accompany Season One
* Top 10 Security Predictions Through 2020
* How Diversity Can Bridge The Talent Gap
* Threat of terrorism boots Sydney out of Economist’s top 10 liveable cities
* Health IT pros are worried about hacking, but many still don’t encrypt
* Law Firms Are Seeking Data Security Certification (Perspective)
* Lack of Cloud, App Visibility Plagues Security
* Rate of cybercrimes up by 39%, says expert
Black Swans – Antifragile Network Design
John Merline, blogging with Packet Pushers, explored the concept of antifragile network design and management.
Merline pointed to examples of recent black swan events, such as the partial router failure that brought down Southwest Airlines’ IT infrastructure on July 20, and a fire at Delta Air Lines’ Atlanta data center earlier this month that paralyzed the carrier.
Black swan events have three main attributes: They lie outside of regular expectations, they have extreme effects and are often rationalized in hindsight.
Merline said he believes scholar Nassim Nicholas Taleb’s ideas on antifragile network design and management must be applied to reduce the possibility of black swan incidents, especially in an age of cloud-native design.
Black Swans as written about by Nassim Nicholas Taleb have three attributes:
– The event lies outside regular expectations
– The event has extreme impact
– It is rationalized by hindsight as if it could have been planned for.
Applying similar principles to cloud computing means running the same application in multiple public or private clouds, which is made possible by widespread support for container platforms.
Does running in multiple regions or availability zones within the same cloud platform provide separate fault domains.
Does “Antifragile” computing imply separate cloud providers and the technology stacks?
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f58354402a&e=20056c7556
New investigative tool helps Kiwi businesses uncover cyber crime
Managing director at Computer Forensics Brian Eardley-Wilmot, says the new tool, CheckIT, is especially useful for revealing intellectual property (IP) theft but can be used to uncover any kind of computer misuse, such as false document creation, harassment, the downloading of porn.
“The CheckIT process involves getting a brief from management as to what they think is happening.
We then perform an exploratory examination on the hard disk/media concerned, then we come back with indicative information that essentially says ‘Yes, you’re right and you should move to a full forensic investigation,’ or ‘No, there isn’t a problem’, as the case may be,” Eardley-Wilmot explains.
Eardley-Wilmot says there are four areas where CheckIT can be used, to both reveal and deter cyber-crime:
– When a key employee resigns and there are concerns
– When incontestable evidence of misconduct is needed
– When an employee is specifically suspected of wrongdoing
– When a random audit of computers and mobile devices can discourage cyber-crime
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=569763b5cb&e=20056c7556
Ransomware attracts FTC attention
The Federal Trade Commission (FTC) will host several panel discussions on ransomware next month to highlight the seriousness of the crime wave and offer businesses and consumers ideas to avoid becoming victims.
The ransomware focus for the Sept. 7 event — the first of three by the FTC on technology issues — was announced earlier this year.
But on Monday the agency listed the government officials and business representatives who will participate.
Among the latter will be executives and experts from companies such as Cylance, PhishLabs and Symantec.
Officials from the FTC and the FBI will also take part.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d61e04ffa5&e=20056c7556
HIT Think 4 signs you’re not prepared for cybersecurity threats
It’s clear by now that IT executives take cybersecurity threats seriously, at least in the abstract.
The most recent SIM IT Trends Study, which surveys industry IT leaders, found that security is among the main issues keeping them up at night and is one of the biggest investments IT departments are making.
Researchers from IBM’s Institute for Business Value surveyed 700 C-suite executives from 28 countries across 18 industries to assess non-IT executives’ understanding of the security threats facing them and their preparedness for such threats.
So where are the disconnects.
What are some of the signs that your organization isn’t truly prepared for realistic security threats.
The report identified several of the most significant signs your organization isn’t prepared for a cybersecurity threat.
You’ve misidentified the actual threats.
You don’t have a CISO.
Not every C-suite member is involved.
You’re not willing to share information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0b37b149f1&e=20056c7556
Sage data breach highlights the risk of the insider threat
A suspect in a recent data breach at Sage, a U.K. provider of business software, has been arrested.
On Wednesday, police in London detained a company employee.
The 32-year-old woman was held for alleged fraud against the company, London City Police said.
She has since been released on bail.
To protect their systems, companies need to reconsider offering employees unrestricted access to valuable data.
Companies can also consider monitoring their employees’ activities, when accessing sensitive resources, said Mimecast, a provider of business email and data security.
To ward off the danger, companies can install internal safeguards that can prevent employees from sending sensitive data to anyone outside the network, Mimecast said.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a8c6c29568&e=20056c7556
‘Mr. Robot’ Launches Text-Based Hacking Game to Accompany Season One
Fans can dive into the “Mr.
Robot” world with a new mobile game that you can now download on your smart phones called “Mr.Robot:1.51exfiltrati0n.” The fake messaging app casts players as a stranger who finds a mysterious cell and begins communicating with the show’s characters.
The game is developed by “Oxenfree” and published by Telltale Games.
The developers worked closely with the show’s creator Sam Esmail and writer Kor Adana to give fans a chance to perform some awesome hacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=25f81b1eae&e=20056c7556
Top 10 Security Predictions Through 2020
The following list shares other Strategic Planning Assumptions (SPAs) by Gartner for security in the next two to four years.
Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.
By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
By 2020, 80% of new deals for cloud-based access security brokers (CASBs) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.
By 2018, enterprises that leverage native mobile containment rather than third-party options will rise from 20% to 60%.
By 2019, 40% of Identity of as a Service (IDaaS) implementations will replace on-premises identity and access management (IAM) implementations, up from 10% today.
By 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
Through 2018, more than 50% of Internet of Things (IoT) device manufacturers will not be able to address threats from weak authentication practices.
By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7bbd8625fc&e=20056c7556
How Diversity Can Bridge The Talent Gap
The dirty little secret about most security job openings today is that they often inadvertently preclude women and minorities.
There’s also a glaring disconnect today between many job openings in cybersecurity and the types of skills the field now demands.
The panelists pointed to the importance and need in security for non-technical skills and backgrounds in psychology, linguistics, communications, for example.
Yet those skills aren’t the norm in a typical job opening.
There’s a mindset problem here as well.
Studies and anecdotal data show that women are less likely to apply for a job if they don’t fit all of the listed qualifications, whereas men apply even if they don’t have all of the listed skills.
But that’s a trend that can be broken, the panelists said.
Leifson, who graduated from college in December and is now a SOC analyst, had a refreshing view on this: even when she doesn’t meet all of the qualifications listed in a job opening, she still applies for it. “I still feel confident in my skills,” she said. “Don’t be afraid” to put yourself out there and apply, she said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=838a7e2579&e=20056c7556
Threat of terrorism boots Sydney out of Economist’s top 10 liveable cities
The Victorian capital topped the Economist Intelligence Unit’s most liveable city index for the sixth year running, again just pipping Austria’s Vienna and Canadian duo Vancouver and Toronto.
Adelaide again landed fifth, tied with Calgary.
Sydney was surprisingly dumped from seventh to 11th with the index report owing the drop “to a heightened perceived threat of terrorism”.
The report owed the high rankings of Australian and Canadian cities to their wealth and medium density which can “foster a range of recreational activities without leading to high crime levels or overburdened infrastructure.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=14ad799307&e=20056c7556
Health IT pros are worried about hacking, but many still don’t encrypt
A significant minority of security pros still report their systems are not encrypting patient data, a basic defense, according to the survey by the Healthcare Information and Management Systems Society, a Chicago-based trade group for the health information technology industry.
Most HIMSS survey respondents (77% acute, 74% non-acute) believe their adversaries’ primary motivation is to grab their data for medical identity theft.
The good news is, surveyors found that 85% of respondents from acute care providers and 81% from non-acute-care organizations made healthcare security a higher priority in 2016 than in the past.
More than half (59%) reported using encryption of their data at rest, while 64% were encrypting data in transit.
Flipped over, those numbers imply that 41% were still not encrypting their data in storage and 36% were not even encrypting patient information when moving it from one place to another.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c08a6b7b7e&e=20056c7556
Law Firms Are Seeking Data Security Certification (Perspective)
In the wake of a number of high-profile data breaches involving law firms — including the recent Panama Papers breach — many U.S. law firms are moving toward obtaining ISO data security certification.
The move toward ISO certification was initially driven by law firm clients — particularly those in financial services industry — that have long been the target of malicious cyber-attacks seeking customer credit card and financial information.
To improve their data security practices, and provide assurance to jittery clients, many Am Law 100 law firms are seeking ISO certification.
A March 2015 ILTA survey found that 18 law firms had obtained ISO certification, and that another 30 were in the process of obtaining the certification.
The trend toward ISO certification is not likely to abate as long as law firms continue to be targets of hackers.
In the future, obtaining ISO certification may be like obtaining malpractice insurance for law firms — a cost of doing business.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e602fbadd1&e=20056c7556
Lack of Cloud, App Visibility Plagues Security
Enabling a highly connected and mobile workforce means new attack vectors, as evidenced by the fact that a lack of visibility is the biggest problem IT and security professionals cite when asked about issues with their current cloud and mobile solutions (85%).
In fact, data from Okta’s new Secure Business Agility Report reveals that 80% of respondents pointed to weak passwords or weak access controls as a security issue.
As a result, 65% of IT leaders expect a serious data breach to hit their business within the next year.
The report also highlights that organizations are unsure if security is enabling or compromising productivity and agility: Just over half (52%) of IT leaders believe their current security solutions compromise productivity, while 48% believe their security measures enable the organization to adopt best-of-breed solutions that enable productivity and agility.
Also, 92% of IT leaders believe their organizations could do more to integrate and support cloud applications into their infrastructure and systems.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=73a2544d6b&e=20056c7556
Rate of cybercrimes up by 39%, says expert
JEDDAH: A Saudi information security specialist revealed a rise in the rate of cybercrimes in the country.
He confirmed that Saudi Arabia leads other Gulf states in terms of electronic threats by 39 percent.
Competent authorities have made efforts in this regard to increase awareness on the issues of cybercrime and malware, he pointed out.
Information security researcher Mohammad Al-Sareei said the Kingdom leads the Gulf countries in electronic threats by 39 percent.
This data was disclosed by Kaspersky Lab, an international software security group, and Norton, in which its latest report on the results of electronic security issues showed that about 6.5 million people in Saudi Arabia were subjected to cybercrimes last year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3bea19ad8d&e=20056c7556
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3cca38ce38)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)
============================================================
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()
()