[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Spotting an Attacker\u2019s \u201cTell\u201d through Data Analysis
\nA tell in poker is a change in a player\u2019s behavior or demeanor that is claimed by some to give clues to that player\u2019s assessment of their hand.
\nA player gains an advantage if they observe and understand the meaning of another player\u2019s tell, particularly if the tell is unconscious and reliable.
\nSome are easier to read than others.
\nSome occur right away at a point in time, like a scratching above the eye, other times it can be a pattern over time, like a slow sweat that builds.
\nDefenders armed with the right information, and the right analytical technology, gain the advantage of having visibility into behavior \u2013so that when the attacker elicits their tell, the defender can take notice and quickly take the correct action.
\nToday\u2019s sophisticated attackers use ways to get information and sortware in and out of the organization that evade detection, leveraging what are known as \u201ccovert channels.\u201d For example, Phishing scams typically use covert channels to deliver malware to victims, making it difficult to spot that initial \u201cclick\u201d.
\nAnd, after compromise, today\u2019s threats often use covert channels to effect \u201ccommand and control\u201d of victim endpoints, hiding communication traffic amongst normal web traffic.
\nThis can take weeks or months before this \u201ccommand and control\u201d is started to be used, making it even more difficult to detect.
\nEven with a trained eye, it can be difficult to spot them.
\nTells over time require access to the right data, the ability to apply analytics to the data, the expertise to know what they\u2019re looking for, and the tools to help them more easily hone in on the suspicious behavior.
\nUsing Big Data and data science techniques to spot the use of covert channels means that security teams can spot these sophisticated threats (tells) quicker, and reduce the likelihood that an attack harms the organization.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9c0ee10cf3&e=20056c7556<\/p>\n
Security Stands As Top Factor In Digital Brand Confidence
\nSecurity is one of the biggest factors in building or eroding consumer confidence in businesses online, according to a new report out by the Ponemon Institute today.
\nTwice as many consumers are likely to distrust a digital brand for poor security as those who get annoyed by stringent security when dealing with shopping, banking, and online services, the report shows.
\nCommissioned by Neustar, the report found that half of all consumers say security and privacy are important to brand perception.
\nBut diving into the numbers, it is clear that consumer behavior is impacted even more heavily by security concerns than customers realize.
\nFor example, 69 percent of consumers have left a website because of security concerns.
\nThe survey showed that three out of four consumers report that they do not trust websites that have identity and authentication procedures that appear too easy.
\nAnd in a crossover with IT operations concerns, 88 percent of consumers report that website downtime causes them to distrust a site.
\nIn the latter case, even though 84 percent of consumers have no idea what a DDoS attack is, uptime is a big concern.
\nApproximately 67 percent of consumers lose trust in a site when pages load slowly and more than three quarters worry about security when site performance is sluggish.
\nThe report found that 63 percent of consumers distrust brands that have been breached, and even a year after the breach occurred, over 50 percent of people view the brand negatively.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dc31a3fe4e&e=20056c7556<\/p>\n
National Survey Finds Healthcare Costs and Cyber Security Are Top Business Threats
\nThe Graham Company, one of the Mid-Atlantic region\u2019s largest insurance and employee benefits brokers, today announced the results from its 2015 Business Risk Survey, a national survey of 300 senior business professionals.
\nThe survey revealed that nearly three quarters of business leaders are most concerned about potential risks associated with healthcare costs and cyber security threats to their organizations.
\nThe survey also found that even though business leaders perceive that they are taking the adequate measures to protect their organizations, in reality they\u2019re falling short of doing what\u2019s necessary to mitigate the risk associated with these potential threats.
\nAccording to The Graham Company\u2019s survey, 64% of respondents felt that their organization was either very well prepared or fairly well prepared to address the risks associated with healthcare costs, and 83% of respondents felt the same way about employee safety in the workplace.
\nHowever, only slightly more than half of respondents regularly consulted with an insurance or risk management expert to review plans for mitigating risk.
\nSurvey results show that companies\u2019 fears regarding cyber threats are significant, with nearly half of respondents expressing that they felt there was a significant level or risk
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=377aff048d&e=20056c7556<\/p>\n
5 Ways GRC Can Bust Workplace Silos
\nOVERLAND PARK, KS –(Marketwired – August 27, 2015) – Workplace silos are defined as “groups or departments within an organization that work in a vacuum with little functional access to other groups, or little communication with them.” They present an obstacle to collaboration, especially in larger organizations with multiple departments.
\nWhile breaking down siloed departments must begin with the corporate culture, a governance, risk and compliance (GRC) tool can simplify this process by helping promote communication and linking data across departments.
\nHere are five ways a GRC platform can assist in breaking down an organization’s silos:
\n1.Act as a central repository for documents, policies, procedures,
\nchecklists, plans, etc.
\n2.Gain visibility into other departments by linking corresponding data.
\n3.Put workflows in place that allocate tasks across divisions.encouraging people from different departments to work together is one of the best
\nways to eliminate office silos.
\n4.Issue bulk assessments to collect information from multiple departments.
\n5.Use a common framework to measure different areas of the business, such as risk.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=68f3083a79&e=20056c7556<\/p>\n
Still using ColdFusion? Really? Well, you’ll want to install this patch
\nAdobe is advising users and administrators running ColdFusion to patch their software following the release of a security fix for an information disclosure vulnerability.
\nBoth patches address a single CVE-listed security vulnerability, CVE-2015-3269.
\nThe flaw, if exploited, would allow an attacker to potentially view files on the targeted system, leading to information disclosure.
\nAdobe has listed both versions of the hotfix as “2” priorities, a designation commonly given to non-critical bugs that are not likely to be targeted in the wild immediately.
\nIn general, Adobe suggests such updates be installed within the next 30 days.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=637b12b438&e=20056c7556<\/p>\n
The Complexities of Attribution in Cyber Space: An Overview
\nThe challenges with attribution and Cyber Space are a study of both social and political aspects that directly relate to the overall technical architecture of the Internet as a whole.
\nRid and Buchanan argue that attribution is not a matter of technology but a matter of want (Rid and Buchanan 2015); meaning: attribution in Cyber Space is determined by the importance for states to want accurate high confidence attribution with regards to cyber systems.
\nThe term attribution itself poses a further layer of complexity when dealing with cyber systems.
\nDue to the social, technical, and political nature of interconnectedness involved in these systems makes asking the question of attribution a multidimensional question itself.
\nWhen considering the dilemma of attribution from a small-to-medium (SMB) and large enterprise standpoint they both share one attribute in common with regards to negative events within Cyber Space: jurisdiction (Marco 2014).
\nNeither type of organization has jurisdictional authority to pursue an investigation beyond their own physical perimeter.
\nFurthermore, both have to rely on law enforcement who they themselves also have a limited jurisdiction when considering the scope of Cyber Space.
\nConfidence is a blended attribute in the Intelligence lifecycle when performing an analysis of collected data and is not different when applied to Cyber Threat Intelligence (CTI).
\nHere organizations can leverage this confidence an apply CTI data into their security programs (Shackleford and Northcutt 2015).
\nRegardless of the challenges surrounding achieving high confidence attribution in Cyber Space, the fact remains: attribution is important (Hunker, Hutchinson & Margulies 2008).
\nIt will most likely be many years before a consensus is agreed upon with regards to acceptable use of the Internet and attribution on a global scale.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d485df85d7&e=20056c7556<\/p>\n
Select few pose vast majority of cyber risks, security firm warns
\nCloud computing has changed the way organizations operate by allowing applications and data sets to be accessed from anywhere with Internet.
\nBut researchers warn in a new report that entire businesses can be easily brought down because of serious risks caused by a concentration of authority evidenced across the cloud.
\nAnalysts with CloudLock, a Massachusetts-based security firm, say companies that put their product on the cloud are often times also placing a tremendous \u2014 and potentially dangerous \u2014 amount of trust in a small group of privileged users.
\nJust one percent of all users account for 75 percent of the risks faced by an entity that operates on the cloud, according to a report published by the firm on Wednesday this week.
\nThe findings included in the firm\u2019s third-quarter cybersecurity report stem from an analysis of more than 1 billion files shared by over 10 million cloud users, according to CloudLock, whose customers include Google and Microsoft.
\nThe Department of Defense, meanwhile, said Wednesday that contractors who operate on the cloud are required immediately to adhere to new rules regarding cyberattacks and data breaches.
\nAccording to the Pentagon, roughly 10,000 contractors will now be obligated to notify the DOD within 72 hours of any cyber incidents spotted on their networks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=beace102ad&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=99227aedfa)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Spotting an Attacker\u2019s \u201cTell\u201d through Data Analysis A tell in poker is a change in a player\u2019s behavior or demeanor that is claimed by some to give clues…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1136","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1136"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1136\/revisions"}],"predecessor-version":[{"id":3623,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1136\/revisions\/3623"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}