[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Cybercrime: Barclays puts \u2018red team\u2019 to work
\nTroels Oerting, who joined as chief information security officer in February, set up a so-called \u201cred team\u201d in recent weeks to attack the digital defences of the London-based bank.
\nHis goal is to find any flaws and fix them before thieves, vandals or terrorists can exploit them.
\nOerting, a 35-year law-enforcement veteran, is part of a corps of former policemen and spies entering private industry to fend off a barrage of cyberattacks on businesses.
\nMore banks are building in-house teams that \u201coperate and think like cybercriminals\u201d as hackers become increasingly sophisticated, said Sergey Lozhkin, a security researcher at Moscow-based Kaspersky Lab, which has worked on investigations with Interpol and Europol.
\nBarclays is boosting spending by about 20 percent as part of its new cyber-defence strategy, Oerting said, declining to elaborate.
\nOerting\u2019s new team of internal hackers, which will number as many as eight, joins the bank\u2019s staff of 800 information technology security personnel.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=208b6c7d23&e=20056c7556<\/p>\n
How CISOs can beat the information security skills-gap
\nRichard Starnes, CISO at the Kentucky Health Cooperative, believes that relying on SIEMs from vendors is a positive first step for automating security.
\n\u201cThere is a great deal to be said for the automation of information security, such as in GRC or even outsourcing, particularly in areas like SIEMs,\u201d Starnes told CSO Online.
\nQuentyn Taylor, head of information security at Canon Europe, adds: \u201cIn the security space automation is the key, from the operational sphere to the investigative sphere, automation is what is needed to ensure that the response and action is timely enough to be effective.
\nThe key point is that for automation to be effective the staff themselves should be part of the design and implementation.\u201d
\n\u201cDevelop and promote your internal staff,\u201d says Starnes. \u201cCreate a work environment where they are happy and fulfilled.
\nKeep their remuneration at a sustainable level.
\nThis will reduce your staff churn significantly.
\nRecruit as you would normally and bring your new staff into this environment.
\nYou will always lose a few, but you will keep many of them and people will want to come work for you on their own.\u201d
\n\u201cMy first suggestion would be to review hiring role descriptions and cut back on the mandatory skills and qualifications and see what candidates you get.
\nMany people believe that certification is a substitute for experience or that demanding the right certification will ensure the correct level of experience, but I find this not the case.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c9323d2724&e=20056c7556<\/p>\n
Infographic: How XSS Attacks Work
\nXSS stands for Cross-Site Scripting and is a Web-based security vulnerability that’s been around since the birth of modern Web development techniques.
\nXSS attacks account for 12.75% of all of today’s Web-based attacks, and almost 70% of all reported vulnerabilities are XSS-related.
\nAlmost 90% of all websites have at least one XSS vulnerability.
\nA Reflected XSS attack occurs when hackers craft malicious URLs which Web servers execute via a single request and response loop.
\nThey are the most common and have a short lifespan, affecting one user at a time.
\nThey are also called first-order XSS, type 1 XSS, or non-persistent XSS.
\nA Stored XSS attack is the worst of the two, and it involves the attacker crafting a malicious script, which then gets stored on the Web server.
\nThis type of XSS attacks have a broader target, since once saved on the server in the form of a comment or database entry, they then can be displayed to all the users accessing that page without having to make them access a maliciously crafted URL.
\nThis type of attack is also called second-order XSS, type 2 XSS, or persistent XSS.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=adfd9035fb&e=20056c7556<\/p>\n
Best practices for ensuring compliance in the age of cloud computing
\nThe first place to start with any security or compliance initiative is visibility.
\nYou can\u2019t secure what you can\u2019t see.
\nOnce you understand what\u2019s going on with your infrastructure, applications, data and users, you can begin to understand how to limit your attack surface and better prevent and mitigate attacks.
\nManual processes are killing compliance teams, who are typically understaffed and overworked.
\nhe question then turns to \u201cHow do I ensure compliance while still maintaining real-time, agile work flows?\u201d Luckily, there is an emerging set of compliance automation solutions on the market today that take much of the manual process out of the equation.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d143a22c67&e=20056c7556<\/p>\n
Continuous monitoring vs Black Hat hackers \u2013 which should you rely on to identify web security issues? – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fec2620f6a&e=20056c7556
\nOne answer to cyber threats is continuous monitoring, which is becoming a very popular term, both among security vendors and CISOs.
\nIn a constantly changing and hostile network environment where new zero-day exploits appear regularly, continuous monitoring of your organisation\u2019s infrastructure is essential.
\nThe main role of continuous monitoring is to keep your security team constantly aware of newly detected vulnerabilities, weaknesses, missing patches and configuration flaws that appear to be exploitable.
\nVarious products, solutions and services exist today to assure the continuous monitoring process within both large and small organisations.
\nHowever, when examining the efficiency of such solutions, businesses should initially try to understand how competitive those solutions are on the market: and not only against other vendors\u2019 solutions, but with Black Hat hackers.
\nSophisticated hacking teams even patch the vulnerabilities after successful exploitation to prevent their competitors from exploiting them.
\nYes, there is as tough a competition among cyber gangs as there is among cyber security vendors.
\nYes, properly implemented continuous monitoring is not an easy task.
\nJan Schreuder (PwC) summarises the challenge for businesses: ‘In our experience the successful implementation of a continuous monitoring program often represents a significant change to the way IT departments operate, and to be successful it requires significant commitment through leadership support, enforcement, and system owner responsibility and accountability.’
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fed2893fbd&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=cc4ddd6f53)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Cybercrime: Barclays puts \u2018red team\u2019 to work Troels Oerting, who joined as chief information security officer in February, set up a so-called \u201cred team\u201d in recent weeks to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1140","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1140"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1140\/revisions"}],"predecessor-version":[{"id":3627,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1140\/revisions\/3627"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}