[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
End-to-end encryption is key for securing the Internet of Things
\nThe Internet of Things (IoT) is one of the hottest buzzwords these days.
\nIt seems like almost everything is being connected, including cars, streetlights, oil rigs, wearables and more.
\nBy the end of this decade, Gartner estimates there will be 26 billion IoT devices in service, while IDC predicts 28.1 billion.
\nThose attacks are in addition to those that leverage the IoT to steal credit information, corporate secrets and other data.
\nThe Ponemon Institute\u2019s 2015 Cost of Data Breach Study: Global Analysis says the average cost of each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 this year.
\nIoT will drive that cost even higher simply because it increases the number of attack opportunities.
\nIn fact, IDC predicts that by the end of 2016, 90 percent of all IT networks will have experienced an IoT-based security breach.
\nWithin the next five years, 90 percent of all IoT data will reside in third-party clouds, IDC predicts.
\nThat statistic is just one example of why enterprises, government agencies and other organizations should take adopt an \u201cencrypt-everything\u201d strategy to protect against IoT-enabled breaches.
\nIn the Internet of Everything, data will reside everywhere, which means a lot of that data can\u2019t be protected by traditional, network-centric devices such as firewalls.
\nOnly end-to-end encryption can provide the security necessary to minimize IoT-enabled breaches.
\nHowever, the encryption technology must be designed for modern use cases and devices, such as by making the most efficient possible use of processors and batteries.
\nOrganizations that choose the right encryption solution and then apply it everywhere will be best equipped to address IoT-enabled threats.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c4e0619f8f&e=20056c7556<\/p>\n
Why you Should Start Considering an Endpoint Management Upgrade
\nRather than managing and reporting on all endpoints in a holistic way, today\u2019s marketplaces are managing different endpoint classes (PCs, servers, mobile devices) and non-traditional endpoints (ATMs, kiosks, and POS systems), with a wide range of tools\u2014and sometimes with completely different IT teams.
\nOn top of that, they may use a variety of tools for different environments (Windows, Mac, Linux, etc.), as well as for different lifecycle functions (configuration, security enforcement, patching automation, etc.).
\nThis system of management is becoming extremely inefficient.
\nUnified endpoint management (UEM) is the solution to IT\u2019s fragmented endpoint management issue.
\nThis full lifecycle management of endpoints allows organizations to utilize one single vendor and systems management platform to support a diverse and ever-growing deployment environment.
\nVDC Research recently released a full report on the business value of UEM solutions, in addition to discussing the top businesses innovating in the space.
\nIn this report, VDC Research analyzed survey data from over 90 IT decision-makers, who either had direct involvement in purchasing and\/or using endpoint management solutions within their organization.
\nIt\u2019s a veritable smorgasbord of information that makes a serious business case for switching to UEM solutions.
\nEven with this rather apparent need for multi-endpoint management, few solutions have emerged that are truly implementing an effective, worthwhile endpoint management strategy for both traditional and mobile endpoints.
\nVDC stresses the operational and cost efficiencies that UEM solutions provide, which exceed the limitations of two separate management tools.
\nAlong with the shared use of hardware, people, resources, and policy infrastructure, UEM offers IT admins with improved organization-wide mobility that encompasses all endpoint devices \u2013 one endpoint management solution to rule them all.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ab132e5f07&e=20056c7556<\/p>\n
EU, U.S. clinch data-sharing deal for security, terrorism cases: document
\nBRUSSELS (Reuters) – The European Union and the United States have clinched a deal protecting personal data shared for law enforcement purposes such as terrorism investigations, according to a document seen by Reuters.
\nThe text of the agreement has been finalized, according to the document.
\nA person familiar with the matter said it will be initialed by the chief negotiators in Luxembourg on Monday or Tuesday.
\nThat would signal the end of talks.
\nThe two sides have been negotiating for four years over the so-called “umbrella agreement” that would protect personal data exchanged between police and judicial authorities in the course of investigations, as well as between companies and law enforcement authorities.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e4f3eca411&e=20056c7556<\/p>\n
Six Security Hang-ups: Beware the Black Holes
\nHow secure are you about your security.
\nAccording to the past three Trustwave Global Security Reports, the hospitality industry is one of the top three most compromised industries.
\nAnd Privacyrights.org reports a 50 percent increase in hospitality breach disclosures in 2014.
\nBelow are the top security pitfalls among hospitality businesses as identified by Trustwave:
\n– Insufficient malware protection
\n– Employees have too much access
\n– Lack of BYOD security
\n– Outdated security controls
\n– Unsecure applications and databases
\n– Customer approval supersedes security
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d388b17105&e=20056c7556<\/p>\n
Act on your Threat Intelligence
\nWarning intelligence attempts to answer two main questions: what\u2019smost likely to happen and what\u2019s the most dangerous thing that can happen.
\nThe idea being if you\u2019re prepared for the worst, anything that falls short should be dealt with handily.
\nThe problem of course is that few people think the worst is going to happen to them.
\nA decision-maker may opt toheighten readiness (\u201cHey everyone, keep your eyes open this week\u201d) but take no far-reaching action because the \u201cmost likely\u201d scenario is something existing mechanisms and capabilities can address.
\nBut what about the \u201cmost dangerous\u201d scenario.
\nWell, what used to happen, with alarming frequency, was that decision-makers would look at their position (Generals or Admirals) and trust in the thought- and decision-making process that got them those stars and say, \u201cWhat do those nerds know anyway.
\nHow could a bunch of hackers cause me any pain and suffering?\u201d
\nCyber threat intelligence is just one of many things that you can use to help defend your enterprise, but it is not a silver bullet.
\nThe vast majority of the time the warnings you receive are going to be busts.
\nYou\u2019re going to start to think over time that because nothing you have been warned about has ever happened nothing will ever happen.
\nThat\u2019s the point at which you\u2019re going to devalue intelligence and be caught by \u201csurprise.\u201d Intelligence will have \u201cfailed\u201d you and you will go looking for heads to cut off.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1bbc4e9f79&e=20056c7556<\/p>\n
Borderless Cyber 2015
\nOASIS, in collaboration with The World Bank, will bring together public and private sector security professionals from around the world to evaluate, debate, and collaborate on cyber threat intelligence best practices and tools.
\nHosted at The World Bank D.C. headquarters, the forum program will feature presentations from experts responsible for cyber security initiatives for public, private, and global institutional sectors.
\nIn order to facilitate meaningful interaction, attendees are encouraged to share their questions, challenges, experiences and recommendations with our expert panel of presenters.
\nCurrent initiatives aimed at sharing cyber threat intelligences and response information in real time through systems and software will be a highlight.
\nBest practices, standards, specifications, and tools, such as STIX, TAXII and CybOX, will be part of the program.
\nExecutives responsible for developing, influencing and managing critical infrastructure security decisions are invited to attend this conference.
\nThis includes…
\nOnsite participation is limited, use our online reservation form to reserve a seat.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9eb790c569&e=20056c7556<\/p>\n
Akerlof And Shiller, Phishing For Phools
\nGeorge A.
\nAkerlof and Robert J.
\nShiller, who previously collaborated to produce Animal Spirits, have joined forces again.
\nTheir new book is Phishing for Phools: The Economics of Manipulation and Deception (Princeton University Press, 2015).
\nTheir thesis is simple but powerful: that “competitive markets by their very nature spawn deception and trickery, as a result of the same profit motives that give us our prosperity.” (p. 165) Economies “have a phishing equilibrium in which every chance for profit more than the ordinary will be taken up.” (p. 2) Free-market equilibrium undermines our plans to eat healthily, it makes us pay too much for our cars and houses, it transforms rotten assets into gold.
\nWe have weaknesses that can be exploited (monkeys on our shoulders), weaknesses that free markets by their very nature exploit.
\nAkerlof and Shiller modestly claim to be making only “a small tweak to the usual economics (by noticing the difference between optimality in terms of our real tastes and optimality in terms of our monkey-on-the-shoulder tastes).
\nBut that small tweak for economics makes a great difference to our lives.
\nIt’s a major reason why just letting people be Free to Choose – which Milton and Rose Friedman, for example, consider the sine qua non of good public policy – leads to serious economic problems.” (p. 6)
\nPhishing for Phools forswears technical language, making this book accessible not only to economists but to consumers and policymakers.
\nIt should make everyone rethink the unfettered free-market model.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6062027455&e=20056c7556<\/p>\n
Angler plonks August’s Flash feeding frenzy into its boat
\nCrooks behind the world’s worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite’s long list of attack vectors.
\nAngler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs.
\nFrench malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors.
\nThe Angler exploit uses Diffie-Hellman key exchange to help tailor attacks to victims, a method authors used last month when they rolled in an Internet Explorer double-free vulnerability into the hacking kit. \u00ae
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b9b648fbed&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=59c58fe616)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage2.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: End-to-end encryption is key for securing the Internet of Things The Internet of Things (IoT) is one of the hottest buzzwords these days. It seems like almost everything…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1143","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1143"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1143\/revisions"}],"predecessor-version":[{"id":3630,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1143\/revisions\/3630"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}