[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Study of CEOs Reveals Alarming CyberSecurity Trends
\nThe report, entitled, Global CEO Outlook 2015, included information garnered from over a thousand CEOs of companies with at least $500M in revenue in ten major economies around the world.
\nWhile the executives generally expressed confidence about their respective businesses’ abilities to flourish over the next three years, about two thirds of CEOs expressed some level of concern regarding their firms ability to keep their offerings as “relevant” three years from now as they are today, and almost three quarters of the CEOs expressed concern about keeping current with new technologies in a rapidly changing world.
\nMore scary, however, was what the CEOs said about the risk of a crippling cyber attack to their businesses: A whopping 50%–half the CEOs polled–indicated that their firms are either not prepared, or only partially prepared, to deal with a major cyber event.
\nAt the same time, however, only one fifth of the CEOs considered information-security risk to be at the top of their list of business concerns.
\nThis combination–from the firms that are generally-speaking among the best financially-equipped to deal with cyber-risk–clearly illustrates that serious cybersecurity challenges remains severely unaddressed; it should not shock anyone if major firms continue to suffer significant breaches in the not so distant future.
\nAnother interesting statistic that Marshall discussed with me is that American CEOs (making up about a third of the CEOs polled) were generally much more confident of their respective businesses’ abilities to fight off cyberattacks than were their peers in Europe and Asia, with 87% of CEOs in the USA expressing that their operations were ready to address major cyber incidents.
\nOne thing is certain, however: hackers will be targeting businesses–and firms that are unprepared will likely pay a hefty price.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ed84e8fc82&e=20056c7556<\/p>\n
On Cyber Information Sharing, It\u2019s the Medium Not the Message
\nWhen Senators return to Washington, DC this fall, they will take up work on legislation to make it easier for companies to share cybersecurity information with each other and with the government.
\nThe future of the bill, the Cybersecurity Information Sharing Act, is uncertain.
\nBeset with concerns over privacy and civil liberties, many past attempts at addressing this issue have failed to reach the President\u2019s desk.
\nOne of the bill\u2019s primary objectives is to ensure that companies aren\u2019t liable for sharing cybersecurity information with government.
\nBut liability is not the problem it was once thought to be.
\nCompanies exchange millions of pieces of cybersecurity information each day.
\nNon-profit groups like the Financial Services Information Sharing and Analysis Center, the Center for Internet Security, and the Cyber Threat Alliance have coalesced whole industries to share data.
\nPrivate companies like ThreatConnect, TruStar, and AlienVault provide information sharing services to their clients.
\nA better model has been piloted by the Department of Defense for several years.
\nCompanies within the defense industrial base like Lockheed Martin, Boeing, and Raytheon have access to such capabilities today.
\nThey use a separate classified network called the DIBNET to share cybersecurity information securely with each other and with the Department of Defense.
\nOnly personnel working at participating defense companies that have been cleared through the background investigation process made famous by the hacking of the Office of Personnel Management can access the network.
\nCybersecurity is often characterized as a partnership between the government and the private sector.
\nFor that partnership to be fully realized, private companies bearing the costs of defending themselves against nation-state adversaries like China and Russia must be allowed access to the same networks and same information that federal agencies use to prevent and respond to cyberattacks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=88db8c66e0&e=20056c7556<\/p>\n
Ransomware Up, Spam Down: Seven Security Trends
\nThe seemingly relentless growth of malware has not abated in 2015, though there are some reasons to be optimistic, according to the latest security statistics from Intel Security.
\nIntel Security’s McAfee Labs released its August 2015 Threats Report on Sept. 1, detailing the state of the threat landscape during the second quarter of 2015.
\nAmong the trends noted in the report is the fact that ransomware attacks continue to accelerate, a trend that McAfee also reported in the first quarter of 2015.
\nFor the second quarter, McAfee Labs reported a 58 percent quarterly gain in the number of new ransomware samples it detected.
\nAnother continuing trend is the growth of mobile malware, which grew by 12 percent in the second quarter over the first quarter.
\nMobile malware attacks, however, are not uniform geographically, with infection rates statistically higher in Africa and Asia than in North America and Europe.
\nOn a more positive front, as was the case in the first quarter, McAfee Labs is reporting yet another quarterly decline in the volume of global spam, marking the third consecutive quarter of decline.
\nIn this slide show, eWEEK examines key takeaways from the August 2015 McAfee Labs Threats Report.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b550f8f1fb&e=20056c7556<\/p>\n
Cloud Security Alliance touts data breach sharing scheme
\nThe US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.The US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
\nThe CSA has set out its proposals in a new white paper The Mandate for Meaningful Cyber Incident Sharing for the Cloud, in which it says: \u201cA major impediment to protecting information assets in an enterprise is the unwillingness and\/or inability to share cybersecurity incident information.
\nFear of public exposure and resulting legal ramifications has caused organisations to withhold critical attack signatures that could have impeded or even prevented several of the industry\u2019s most notable breaches.\u201d
\nThe US-based Cloud Security Alliance is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a4d67c9b59&e=20056c7556<\/p>\n
ICO advises businesses on how to avoid falling foul of new EU data protection regulation
\nThe Information Commissioner’s Office (ICO) has published advice to British businesses on how they can prepare for the imminent and far-reaching European Union reforms to data protection.
\nIt is expected that the EU will release the finalised General Data Protection Regulation later this year – or, increasingly likely, in early 2016 – which will see it take effect in all 28 EU member states after a two-year transition period.
\nThe ICO also suggests that ‘privacy by design’ as a concept that every organisation should follow, with privacy being at the forefront of business decisions.
\nThis, Smith said, means many organisations will need to ask a few questions of their own processes.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e884b59f25&e=20056c7556<\/p>\n
Microsoft fixes five critical flaws, including two hitting all versions of Windows
\nYou can count this month’s most critical patches on one hand.
\nThat’s the good news.
\nThe bad news is that almost every major Microsoft product requires a patch to fix ongoing security vulnerabilities, including two patches that affect all versions of Windows.
\nFor this month’s so-called Patch Tuesday, the company has issued 12 bulletins fixing 56 separate vulnerabilities in some versions of Windows, Microsoft Office, and even the new Microsoft Edge browser
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fba1dadb0b&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If someone forwarded this email to you and you want to be added in,
\nplease click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=957ee08460)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Study of CEOs Reveals Alarming CyberSecurity Trends The report, entitled, Global CEO Outlook 2015, included information garnered from over a thousand CEOs of companies with at least $500M…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1144","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1144"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1144\/revisions"}],"predecessor-version":[{"id":3631,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1144\/revisions\/3631"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}