[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
4 Ways to Engage Executives in Cyber Risk<\/p>\n
A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs, though they (along with their peers in other industries) could still benefit from improved governance and engagement with business leaders.<\/p>\n
This shift in perspective, from seeing cyber risk as an IT problem to treating it as a business issue, is taking hold in the retail industry, according to findings from a survey of retail executives conducted by Deloitte & Touche in 2014.\u00b9 \u201cExecutives at major retailers increasingly regard cyber risk as part of the broader conversation about business risk,\u201d says Alison Kenney Paul, vice chairman and U.S. Retail and Distribution leader for Deloitte LLP. \u201cAs a result, they\u2019re starting to seek a broader approach to cyber security than they\u2019ve used in the past, and our survey results back this up.\u201d<\/p>\n
For example, two-thirds of respondents are actively reviewing the National Institute of Standards and Technology\u2019s (NIST) Cybersecurity Framework, and 21 percent are either already using it or planning to adopt it in the near future.<\/p>\n
\u201cTo combat cyber risk, the tone really must start at the top, with the board, CEO, and CFO setting up effective governance and organization structures,\u201d says Mantha. \u201cPart of their mandate as senior leaders is to ensure all employees understand their role in helping to prevent cyber attacks. That includes endorsing creative initiatives (e.g., threat simulations or war games) that teach and reward responsible behaviors across the enterprise.\u201d<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9d73530f87&e=20056c7556<\/p>\n
GLOBAL CYBERSPACE IS SAFER THAN YOU THINK: REAL TRENDS IN CYBERCRIME<\/p>\n
What are the real trends in cybercrime? Recent media coverage has been rife with stories of large-scale data breaches, hacks and online financial crime. Information technology (IT) security firms such as Norton Symantec and Kaspersky Labs publish yearly reports that generally show the security of cyberspace to be poor and often getting worse. This paper argues that the level of security in cyberspace is actually far better than the picture described by media accounts and IT security reports.<\/p>\n
Currently, numbers on the occurrence of cybercrime are almost always depicted in either absolute (1,000 attacks per year) or as year-over-year percentage change terms (50 percent more attacks in 2014 than in 2013). To get an accurate picture of the security of cyberspace, cybercrime statistics need to be expressed as a proportion of the growing size of the Internet (similar to the routine practice of expressing crime as a proportion of a population, i.e., 15 murders per 1,000 people per year). To substantiate this argument, data was collected on the size of the Internet, with a focus on users, points of interaction and volume of online activity. Data was then collected on the vectors of cyber attack, the occurrence of cyber attacks and the cost of cybercrime.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a168bcbb20&e=20056c7556<\/p>\n
Evolving Threat Landscape Demands Executives Understand Cyber Risk<\/p>\n
In the wake of a number of recent high-profile, damaging cyberattacks\u2014including the recent breach of the Office of Personnel Management, which compromised the sensitive information of millions of federal employees\u2014executives and board members are gradually becoming aware of today\u2019s cyber threats and the potentially devastating impact these can have on their organizations.<\/p>\n
In response, software provider Tripwire recently asked 22 prominent experts in the cyber field how security teams can improve their executives\u2019 cybersecurity literacy. The consensus?<\/p>\n
One of the key ways security professionals can help boards\/executives improve their cybersecurity literacy is to connect recent major security incidents with the tools that can be used to prevent, mitigate, and respond to them, according to David Meltzer, Chief Research Officer at Tripwire.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c03f3ebe77&e=20056c7556<\/p>\n
New Horizons Computer Learning Center of Knoxville Offers CyberSec First Responder: Threat Detection and Response, a Groundbreaking Cybersecurity Training Course and Certification<\/p>\n
KNOXVILLE, TN, Jul 21, 2015 (Marketwired via COMTEX) — New Horizons Computer Learning Center, a leading provider of instructor-led technical training, announces the addition of CyberSec First Responder: Threat Detection and Response to their public training schedule. This cybersecurity training course and corresponding ProCert Accredited certification, Certified CyberSec First Responder, were developed by Logical Operations with the goal of helping organizations combat cybersecurity threats.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e569ecb7c5&e=20056c7556<\/p>\n
Average DDoS attack size increasing, Arbor warns businesses<\/p>\n
The average size of distributed denial of service (DDoS) attacks is increasing in terms of bits and packets per second, according to Arbor Networks.<\/p>\n
Although the largest attack monitored in the second quarter of 2015 was a 196 Gigabit per (Gbps) second user datagram protocol (UDP) Flood, Arbor says the growth in the average attack size is of most concern to enterprise networks.<\/p>\n
According to the latest data from Arbor\u2019s active threat level analysis system (Atlas), 21% of attacks in the quarter topped 1Gbps, while the most growth was seen in the 2Gbps to 10Gbps range.<\/p>\n
The data also shows a significant spike in the number of attacks in the 50Gbps to 100Gbps range in June 2015, which were mainly SYN floods targeting destinations in the US and Canada.<\/p>\n
Arbor\u2019s data shows that reflection amplification DDoS attacks using the simple service discovery protocol (SSDP) appear to be abating compared with the first quarter of 2015, in which 126,000 were recorded, but they are still at the same level as the last quarter of 2014 of around 84,000.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d8cca186b8&e=20056c7556<\/p>\n
New ISACA Governance Study Underscores Need for Business Involvement and Agility<\/p>\n
Sydney, Australia (22 July 2015)\u2014 Corporate governance processes are at a weak level of implementation at most organisations, indicating that boards of directors are not sufficiently involved, according to a new global governance study commissioned by IT association ISACA. Conducted by the University of Antwerp\u2014Antwerp Management School, Benchmarking and Business Value Assessment of COBIT 5 helps identify key gaps and priorities at organisations worldwide as well as how they are using the COBIT 5 business framework for information technology.<\/p>\n
\u201cThe findings are a call to action for board members to take responsibility for ensuring that their organisation\u2019s information and technology are effectively governed and managed,\u201d said Steven De Haes, an author of the survey report. \u201cThere is a clear association between board involvement and strong organisational performance.\u201d<\/p>\n
The study results also underscore the need for a greater focus on agility.<\/p>\n
COBIT 5 identifies seven key resources called enablers because they enable effective governance in an organisation. The study found that the most poorly utilised enabler in most organisations is culture, ethics and behavior. Services, infrastructure and applications are the most effectively leveraged enabler.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e8e4412486&e=20056c7556<\/p>\n
Survey: Organization\u2019s size doesn\u2019t indicate its \u201csecurity maturity\u201d<\/p>\n
Regardless of size, nearly three-quarters of companies lack the maturity to address cyber security risks, according to the inaugural \u201cCybersecurity Poverty Index\u201d released by RSA, The Security Division of EMC.<\/p>\n
The index compiled survey results from more than 400 security professionals across 61 countries. Participants self-assessed the maturity of their cyber security programs against the NIST Cybersecurity Framework, and the results pointed to insufficient maturity across the board.<\/p>\n
Of the organizations surveyed with more than 10,000 employees, 83 percent rated their capabilities as less than \u201cdeveloped\u201d in overall maturity, suggesting that they see room for significant growth.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4912514608&e=20056c7556<\/p>\n
Soteria Intelligence Announces Innovative Research on Social Media Threats and Counter-Messaging Strategies<\/p>\n
LOS ANGELES–(BUSINESS WIRE)–Soteria Intelligence is pleased to announce the company\u2019s most recent research focused on analyzing anonymous social media threats as well as counter-messaging strategies to combat criminal and terrorist activity on social networks.<\/p>\n
One of the biggest threats educational institutions face today is the use of anonymous messaging applications that have become a vehicle for delivering a wide variety of threats. Given the perceived anonymity of posts on such networks, Soteria Intelligence\u2019s research indicates that individuals often make more direct and violent threats when compared to threats that have been made on Twitter and other social networks in the past.<\/p>\n
Soteria Intelligence\u2019s research on analyzing anonymous social media threats explores the use of linguistic pattern recognition to compare activity on public social networks where individuals have profiles (they’re identifiable) with activity taking place on anonymous social networks. \u201cThe goal is to identify patterns as a way of revealing those who choose to operate under a veil of secrecy,\u201d stated Aaron Schoenberger, CEO of Soteria Intelligence.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ee33c29f4b&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6235b56678)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage2.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: 4 Ways to Engage Executives in Cyber Risk A survey of retail executives shows many retailers making progress toward strengthening their cyber risk management programs, though they (along…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1117","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1117"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1117\/revisions"}],"predecessor-version":[{"id":3604,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1117\/revisions\/3604"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}