[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Mature & Unconfident: The Best Information Security Teams Ever!
\nThe organization that is mature and unconfident is the best kind, in my opinion.
\nThese types of organizations took all the same steps as the mature and confident organizations.
\nWhat\u2019s the difference.
\nThey are never satisfied.
\nThey always remain hungry.
\nThey are never confident that they are safe.
\nOrganizations that are immature and unconfident are my favorite type of organization to work with.
\nAt first this may seem like a puzzling statement but hear me out: Lack of security maturity may indeed be a weakness.
\nBut if an organization is self-aware enough to honestly evaluate where they stand, it is something that can be overcome.
\nWhich type of organization are you.
\nI never ask this question of organizations I meet with, for obvious reasons.
\nIt is a question that each organization needs to ask itself and answer honestly.
\nThe resulting introspection and self-awareness may not be comfortable, but it is the best way for an organization to develop a robust and mature security posture based upon security operations and incident response.
\nMaturity is the key to improving an organization\u2019s security posture, but it is not something that can be arrived at through dishonesty.
\nSecurity through maturity and humility is a workable philosophy with proven results for those organizations that are willing to give it a try.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fa08014db4&e=20056c7556 (http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a33472e754&e=20056c7556)<\/p>\n
The Future of Passwords Isn\u2019t Just Biometric, It\u2019s Behavioral
\nMotivated, no doubt, by the rash of large-scale online security breaches in recent years, companies like Apple and Google have attempted to move security into a post-password world with features like fingerprint or iris recognition.
\nBiometric technology represents a vast improvement over strings of letters and numbers, but the future\u2019s most secure passwords will likely also be behavioral.
\nOur bodies, it turns out, are easier to imitate than our actions.
\nThe two things in concert, well, that\u2019s what makes us recognizable to each other and will soon be what makes us recognizable to our phones and computers.
\nSwiping.
\nFingerprints, the quintessential personal ID, are less replicable than the average string of alphanumerics, which is why devices from the iPhone to the Lenovo ThinkPad are equipped with fingerprint scanners.
\nTalking.
\nIn addition to carrying a baseline acoustic \u201cvoiceprint,\u201d the human voice carries information about variables like cadence, accent, and emotional state, all of which make hacking more difficult as long as authentication rests on the characteristics of speech and not simply on a spoken password, which could easily be replicated mechanically.
\nBlinking.
\naces can be replicated even more easily than fingerprints and voices.
\nIn addition to recognizing your face, systems like IdentityCheck also require users to blink \u2014 verifying that you\u2019re actually there.
\nWalking.
\nBy analyzing a person\u2019s walk, a phone could determine whether it was in its rightful owner\u2019s pocket without requiring them to actively authenticate.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=93cbde1373&e=20056c7556<\/p>\n
Private Reporting Helpline to Check Cyber Crime in Delhi-NCR
\nNew Delhi: Victims of cyber offences can now report their cases and seek technical help at zero cost at the first private cyber crime reporting helpline which has become operational in Delhi-NCR.
\nThrough the helpline number launched last month, the reporting centre has received around 250 complaints in 15 days.
\nOf the total complaints, 130 pertained to cases of financial fraud mostly phishing, and around 80 cases of outraging modesty of women through social networking sites, said a source in the Indian Cyber Army, developer of the helpline and consultant to Delhi Police and their counterparts in three other states.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ce86b9dc0b&e=20056c7556<\/p>\n
Wells Fargo study: Businesses not well-prepared for cyber attacks
\nThe study of 100 U.S. middle-market companies and large corporations found that 85 percent have purchased cyber security and data privacy insurance coverage and 44% have already filed an insurance claim because of a breach.
\nBut besides insurance coverage, companies aren\u2019t very prepared for a cyber breach.
\nThe study found that one in five businesses have not tested their \u201cincident response plan\u201d and 27% don\u2019t have an employee awareness training program for cyber security.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8700a7d48f&e=20056c7556<\/p>\n
90% of directors believe regulators should hold firms liable for hacks
\nA new Veracode and NYSE Governance Services survey of 276 board members reveals how cybersecurity-related corporate liability is being prioritized in the boardroom.
\nNine out of 10 of those surveyed believe regulators such as the FTC should hold businesses liable for cyber breaches if due care has not been followed, and more than 50 percent expect investors to demand more transparency as a result of the increased public focus on cybersecurity liability.
\nPressure is building for boards and management teams to be especially wary of any corporate behavior that can impact their brand and erode shareholder value.
\nSecurity is now the second leading risk to a company\u2019s brand \u2013 behind ethical issues and ahead of traditional risks related to safety, health, and the environment.
\nNearly 50 percent who knew of the FTC\u2019s lawsuit against a major hotel chain said the case has influenced their executive discussions on cybersecurity liability.
\n90 percent of respondents feel third-party software providers should bear legal liability when vulnerabilities are found in their packaged software.
\nThis is particularly relevant because, according to Veracode\u2019s 2015 State of Software Security Report, nearly three out of four enterprise applications produced by third-party software vendors contain vulnerabilities listed in the OWASP Top 10, an industry-standard security benchmark.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5597eec119&e=20056c7556<\/p>\n
Firefox 42 is out, with many privacy and security improvements
\nMozilla has released Firefox 42, and with it, a new feature that should increase user privacy online.
\nIt’s called Tracking Protection and it’s incorporated into the Private Browsing option.
\nAnother new feature in Firefox is a new Control Center – a central place for reviewing and changing site security and privacy controls.
\nIt’s located in the browser’s address bar.
\nIn addition to this, the company has updated the browser’s security indicators.
\nFinally, the new version of the browser also includes fixes for a dozen security issues, some of which could lead to arbitrary code execution.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a071265293&e=20056c7556<\/p>\n
Global banking, cyber, blockchain, digital IDs and Varoufakis \u2013 experts examine the future of banking
\nKey figures voiced big predictions at yesterday’s FT Banking Summit.
\nCredit Suisse chief executive Tidjane Thiam’s thoughts on why the global economy needs European investment banks to succeed grabbed the headlines, as did, the four point plan on how to boost the Eurozone through reforms to the European Central Bank outlined by former Greek finance minister Yanis Varoufakis.
\nThree points stood out for me.
\nThere is a pressing need for greater support for cyber threat intelligence sharing; there may be a need for a ‘regulatory pause’ to banking reform, and the hour has come for digital currencies, payments and identities to take online financial services to a new level.
\nOver the coming months therefore banks have good reason to move forward quickly with this initiative while they still have some advantage in terms of being viewed as the most trusted type of entity to provide financial services.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2bdf4e4624&e=20056c7556<\/p>\n
OPINION: Top 10 security predictions for 2016
\nSniper’ and ‘shotgun’ malware:
\nWe believe that larger breaches in 2016 will be the result of custom-designed malware designed to get past the defences of specific organisations, such as the attack on US retailer Target.
\nMoving to mobile:
\nMobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data.
\nOur 2015 Security Report found that 42% of organisations had suffered mobile security incidents which cost more than $250,000 to remediate, and 82% expected incidents to rise.
\nThreat prevention:
\nThese new attack vectors require more proactive and advanced solutions that catch evasive malware.
\nCPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
\nAttacks on critical infrastructure:
\nAttacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control those processes.
\nAnd as control systems become increasingly connected, this will extend the potential attack surface \u00e2\u0080\u0093 which will require better protection.
\nIoT and smart devices:
\nThe Internet of Things is still emerging and is unlikely to make a big impact in 2016.
\nNevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT.
\nYou wear it well:
\nWearables like smartwatches are making their way into the enterprise, bringing with them new security risks and challenges.
\nTrains, planes and automobiles:
\n2015 saw the emergence of car hacking, in which the vehicle’s software is hijacked to take control of it.
\nReal security for virtual environments:
\nAs organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
\nNew environments, new threats:
\nsince adoption of Windows 8 was relatively low, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to trying to exploit these new operating systems where updates are more frequent and users are less familiar with the environment. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=86f69fcc4c&e=20056c7556
\nSecurity consolidation keep it simple!:
\nTo protect against multifaceted threats, security professionals are likely to increase their reliance on centralised security management solutions.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=77cf3bf38d&e=20056c7556<\/p>\n
4 in 10 Businesses Have Filed a Cyber Insurance Claim: Survey
\nA recent Wells Fargo survey of 100 U.S. middle-market and large companies found that 85 percent say they have purchased cyber and data privacy insurance, while 44 percent have already filed a claim as a result of a breach.
\nAnd how much do companies pay for cyber insurance.
\nThe cost of a policy depends on a variety of factors including the type of business, volume of records (personally identifiable information, protected health information, credit card data) and the organization’s security controls.
\n“Network security and privacy liability (aka ‘cyber’) is one of the most subjective lines of insurance, meaning that the underwriter has significant flexibility when pricing the risk,” Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice, told NBC News by email. “The premium can be as low as $750 for a small, well-managed organization and well into the seven figures for large organizations with significant volumes of data.”
\nMeanwhile, the rise in cyber claims filed is also driving up insurance rates.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b27520730d&e=20056c7556<\/p>\n
OPM hires new cybersecurity adviser to address data breach concerns
\nClifton Triplett will serve as the senior cyber and information technology adviser to acting OPM Director Beth Cobert, the agency announced Wednesday in a press release.
\nIn his new role, Triplett will help carry out OPM\u2019s IT infrastructure plan, which calls for modernizing and overhauling its computer systems and minimizing the threat of future cyber intrusions.
\nTriplett is expected to work alongside OPM Chief Information Office Donna Seymour to make these improvements to the IT architecture.
\nPrior to joining OPM, Triplett was the managing partner at SteelPointe Partners, a global management consulting company.
\nHe holds 30 years of cross-industry and IT organizational transformation experience with Fortune 200 companies and industry leaders in the defense, telecommunications, oil field service, tractor, automotive, and aerospace industries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=efcc499b33&e=20056c7556<\/p>\n
Business Demand for Cyber and Data Privacy Insurance Surges While Gaps Remain in Incident Response Plans
\nThe FINANCIAL — In a recent study of 100 U.S. middle market companies and large corporations, 85% say they have purchased cyber security and data privacy insurance coverage to protect against financial loss, while nearly half (44%) have already filed an insurance claim as a result of a breach.
\nHowever, while more companies are purchasing cyber security and data privacy insurance, some gaps still remain in incident response plans, making those companies vulnerable to the financial consequences of a data privacy incident, according to the study, commissioned by Wells Fargo Insurance\u2019s Technology, Privacy and Network Risk Practice (TPN), part of Wells Fargo & Co.
\nExamining middle market companies and large corporations with $100 million or more in annual revenue, the study looked at companies from a variety of industries ranging from manufacturing to educational services.
\nIt measured the companies\u2019 current levels of readiness to respond to a cyber security or data privacy incident, perceptions of their own security and network vulnerabilities, and challenges faced when purchasing coverage.
\nNot surprisingly, the most common reasons given for purchasing this specialized coverage were to protect the business against financial loss (78%), protect shareholders (64%), and help prepare for data privacy events (61%).
\nOf those that filed an insurance claim, 96% reported they were satisfied with their coverage, how the claim was handled, and that their policy had enough coverage for expenses and damages.
\nCompanies are not testing their plans \u2013 Despite that most companies surveyed have an incident response plan, one in five have not tested their plan.
\nOne in 10 companies that had to implement their plan did so without testing it beforehand, with three in four (74%) saying they needed to revise their plan following the incident.
\nLeaked data is the top cyber security and data privacy concern, yet one in 10 companies does not have an existing incident response plan \u2013 35% of companies are concerned about private data leaks, while 25% are concerned about hackers.
\nOf those companies that have a plan, (85%) developed it with the help of a third-party vendor.
\nFor almost half of the companies that have cyber and data privacy insurance, the biggest challenges they faced when purchasing the coverage was finding a policy to adequately fit their company\u2019s needs (47%) or the cost (42%) \u2014 highlighting the need for an experienced broker to help with this process.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1c25459148&e=20056c7556<\/p>\n
Foreign business lobbies ask China to revise cyber insurance draft rules
\n(Reuters) \u2014 Foreign business lobbies have asked China to substantially revise proposed cyber security regulations for the insurance industry, signaling a dispute that started with the publication of similar bank technology rules earlier this year may widen.
\nThe draft regulations, announced by the China Insurance Regulatory Commission last month, state that insurers, along with their holding companies and asset managers, should prioritize the purchase of \u201csecure and controllable\u201d products, including domestic encryption technologies and local hardware and software.
\nMore than 20 foreign business lobbies, including the American Chamber of Commerce, the American Council of Life Insurers, and Japan Electronics and Information Technology Industries Association, stated that such provisions would run counter to global information security standards, in a joint letter to CIRC which they delivered at the end of last month.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4d0be4fcba&e=20056c7556 (http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1972f33d5c&e=20056c7556)<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=ec6de9325f)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Mature & Unconfident: The Best Information Security Teams Ever! The organization that is mature and unconfident is the best kind, in my opinion. These types of organizations took…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1168","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1168"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1168\/revisions"}],"predecessor-version":[{"id":3655,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1168\/revisions\/3655"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}