[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
IT managers could be swayed to turn to hacking for as little as a couple thousand dollars, according new research from Centrify. According to the findings, 24% of U.S IT decision makers hear more ab
\nIT managers could be swayed to turn to hacking for as little as a couple thousand dollars, according new research from Centrify.
\nAccording to the findings, 24% of U.S IT decision makers hear more about office happy hours than they do about security, while 22% hear more about office birthdays and 18% hear more about kitchen etiquette.
\nThe survey also revealed how little it would cost to persuade an IT decision maker to become a hacker.
\nWhen asked if they would become a hacker for $2,000 or less, 28% respondents said yes.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5b8d73c124&e=20056c7556<\/p>\n
The hackers are now using well-known brands names such as Standard Chartered Bank on LinkedIn to attract senior executives to divulge information that they can use. It\u2019s all very plausible unless you
\nThe hackers are now using well-known brands names such as Standard Chartered Bank on LinkedIn to attract senior executives to divulge information that they can use.
\nIt\u2019s all very plausible unless you know what to look for.
\nUsing a process called \u2018social engineering\u2019, OCGs assemble as much information via the Internet as they can on a target subject within an organisation that has been identified as likely prey.
\nLinkedIn is proving a rich vein for OCGs.
\nExecutives have become too cavalier about posting details of their movements and personal information on LinkedIn.
\nKCS\u2019 own experience shows that 90 per cent of passwords take the form of the name of a sports team, a pet or other personal details.
\nBut even if the target has been careful to use a more complex password, his or her organisation\u2019s most sensitive data might still be at risk.
\nFor example, details of business trip dates combined with personal details such as a recent illness or family names can be all an OCG needs to socially engineer a \u2018Friday Afternoon\u2019 attack.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d8bd2a7021&e=20056c7556<\/p>\n
Non-profit CIOs talk data security at Dreamforce
\nLast year, Dreamforce 2014 attracted 7,000 attendees from non-profits, around 5 percent of the 135,000 total.
\nThis year\u2019s figures have yet to be released, but 8,000 were expected and 120 breakout sessions were dedicated to the sector.
\n..it was good to see Salesforce.com\u2019s vice president of strategic research Peter Coffee address the issue at a non-profit CIO panel held at Dreamforce.
\nData security is a major issue for the sector, Coffee pointed out, because if they lose the trust and confidence of donors, volunteers and the people they aim to help, much of their good will quickly grind to a halt.
\nSo how are non-profit CIOs using new technologies and improved IT practices, he asked, to cope in a climate:
\nBut for him, he added, the real challenge around data security doesn\u2019t lie in implementing technology, but in pushing through the cultural change of attitudes needed to ensure that Sierra Club employees understand the risks and follow procedures that keep data safe.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=16ebca8b2a&e=20056c7556<\/p>\n
Collaboration Between HR, IT Essential to Prevent Data Breaches, HR Exec Says
\nPreventing data breaches in an organization requires a strong collaborative effort between the HR and IT departments\u2014a collaboration that may even involve a blurring of the line between those traditionally separate functions.
\nThat\u2019s the assessment of Jacqui Summons, international HR director at Clearswift, a provider of data loss prevention technology in the UK.
\nI had the opportunity to speak with Summons about this topic recently, and I began the conversation by asking her to provide an overview of what HR\u2019s role should be in preventing data loss.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4fafaf287c&e=20056c7556<\/p>\n
DHS CISO: Revoke security clearance of feds who keep falling for phishing scams
\nDuring the “Government CISO Priorities” track at the Billington Cybersecurity Summit held last week in Washington, Beckman explained that he sends fake phishing emails to DHS staff members to see if they will fall for it.
\nNextGov reported that he is concerned about how often “even senior-level federal employees” who handle top-secret documents fall for the scams; Beckman is apparently so frustrated that he believes it’s time to adopt “get-tough solutions.”
\nRight now, the cost of cleaning up after cyberattacks falls on the victims, but DoD CIO Terry Halvorsen wants to make it more expensive for hackers to “play.” He said, “We are on the wrong side of the cyber economic curve.
\nWe need to raise barriers to attackers’ entry, making it more expensive to play.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4cd82b4a4f&e=20056c7556<\/p>\n
India to cripple its tech sector with proposed encryption crackdown
\nThe Indian government has published a draft of its latest plans for encryption.
\nThe proposals spell bad news for domestic software developers and will make other companies looking to do business in the subcontinent very nervous indeed.
\nThe new National Encryption Policy [PDF] proposed by the nation’s Department of Electronics and Information Technology states that the government will require applications using encryption to store plain text versions of all data for 90 days so that they can be examined by the police if need be.
\nIn addition, any overseas companies using encryption must submit their full crypto software, along with testing suites and supporting documentation, for scrutiny by the Indian government.
\nNo encryption algorithms or key lengths that haven’t been approved by the government will be allowed.
\nBear in mind, however, that these are proposed rules only.
\nThe public comment period is open until October 16, and it’s to be hoped that by then India’s large technology sector will have pointed out how stupid and misguided these plans are. \u00ae
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bf5c715a3e&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=27e3e54350)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: IT managers could be swayed to turn to hacking for as little as a couple thousand dollars, according new research from Centrify. According to the findings, 24% of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1151","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1151"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1151\/revisions"}],"predecessor-version":[{"id":3638,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1151\/revisions\/3638"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}