[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
UK firms look to threat intelligence to focus security efforts
\nUK firms have identified cyber threat intelligence as an investment priority for 2016 as they struggle to get a consistent view of their information security capabilities, according to analyst firm IDC.
\nPerformance, skills and costs remain the biggest hurdles to true data-driven security, revealed an IDC study based on interviews with heads of IT and security at 300 large UK enterprises.
\nAll companies polled said they intend to use threat intelligence products and services in the next 24 months, with 96% already using them, according to the study, which was commissioned by cyber security managed services provider SecureData.
\nHowever, the study found that 77% of those polled regard threat intelligence as security information and event management (Siem), 73% regard it as risk-based analysis of threats and recommended remediation, and 64% see it as data feeds on attacks and threats.
\nSome 61% of respondents include automated remediation of attacks and data feeds of vulnerabilities and other threats (64%) as a core element of threat intelligence , while the majority of firms regard threat intelligence as a combination of both products and services but, in some cases, are implementing threat intelligence exclusively as a service .
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ca91cb27e4&e=20056c7556<\/p>\n
There\u2019s one big downside of built-in security measures
\nIt\u2019s increasingly common for hardware manufacturers and software developers to build in various security measures to protect users.
\nHowever, a new survey by cloud encryption company Alertsec reveals that these standard security precautions may be creating a false sense of security for PC and mobile users.
\nThe Alertsec SMB 2015 Encryption Study, carried out among 1,255 small-to-medium businesses, reveals that 68 per cent believe auto-saved passwords are not secure.
\nNearly half (48 per cent) believe never logging out of user profiles decreases security.
\nOver one in five SMB executives (23 per cent) believe lock down \u2013 when functionality of the system is restricted \u2013 is not secure, while 16 per cent believe that locking out systems following multiple failed password attempts is also insecure.
\n87 per cent of those surveyed say they fear data breaches.
\nWhen pressed further most cited physical security fears, with 40 per cent of respondents saying they fear leaving their laptop in the car and consequently having their identity stolen, 37 per cent fear having their laptop stolen while working at a coffee shop, 30 per cent fear burglars breaking into their homes and obtaining online banking information and 27 per cent worry about having their laptop stolen at airport security and having their cloud storage and photo files breached.
\nPerhaps no surprise then that 68 per cent say the problems they have seen at work have made them encrypt their personal computers.
\nAn impressive 90 per cent say that work computers should be encrypted, followed by smartphones (61 per cent), personal computers (58 per cent) and tablets (55 per cent).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e353cce8df&e=20056c7556<\/p>\n
FAKBEN is offering a professional Ransomware-as-a-service that relies on a new CryptoLocker ransomware which can be downloaded through the executable file.
\nNews of the day is that a new Ransomware-as-a-service surfaces from the criminal underground, requesting customers 10 percent profit cut.
\nThe FAKBEN Team is offering a professional Ransomware-as-a-service that relies on a new CryptoLocker ransomware which can be downloaded through the executable file.
\nUsers can customize their CryptoLocker variant and manage the campaign by using the CryptoLocker service developed by FAKBEN.
\nFAKBEN ransomware-as-a-service included a user-friendly interface that will show the number of infected machines and ransoms paid.
\nThis specific Ransomware-as-a-service surfaces is still not active, it will be launched in the coming days.
\nFakben explained that the ransomware cold be customized by adding a number of exploits targeting vulnerabilities in products such as Adobe and Java.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61170df41c&e=20056c7556<\/p>\n
It Only Takes One Hour to Detect APTs on Network, Apparently
\nA new survey from Lieberman Software Corporation has revealed that 83 percent of IT professionals do not believe advanced persistent threats are over-hyped, however they are still very na\u00efve about the length of time it would take to identify an advanced persistent threat on their own corporate network.
\nThe study was carried out at Black Hat Conference 2015 and looked at the attitudes of nearly 150 IT security professionals.
\nIt revealed that 10 percent of IT professionals believe it would take them only one hour to identify an APT on their network, while 55 percent said it would take them one week to one month.
\nHowever this is in contrast with data from a recent Mandiant report which revealed that hackers are present on the network for an average of 205 days before being discovered.
\nOther findings from Lieberman Software\u2019s study revealed that 84 percent of respondents believe that unmanaged privileged credentials are the biggest cyber security vulnerability within their organisation.
\nOther findings from the study revealed that many IT professionals are still very dubious about the cloud, with 97 percent of respondents stating that they are worried about some of their organization\u2019s cloud hosted data being either lost, corrupted or accessed by unauthorized individuals.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c4307d9295&e=20056c7556<\/p>\n
3 Emerging Cyber Threats to Watch in 2016: SIFMA
\nThe cybersecurity landscape is \u201cworsening,\u201d and 2016 \u201cwill be a tougher year\u201d in terms of fighting breaches, Matthew Chung, Morgan Stanley\u2019s chief information officer of technology and risk information, said Tuesday.
\nSpeaking on a panel at the Securities Industry and Financial Markets Association\u2019s annual conference in Washington, Chung said that the \u201ccomplexity\u201d along with the cost of keeping up with cybersecurity is an ongoing challenge.
\nHe cited three worrisome \u201cemerging threats\u201d that \u201cwill start to cause an impression in 2016.\u201d
\nFirst, an \u201cincrease\u201d in ransomware, which infects a system and causes a firm to lose access to its data unless the users pay a ransom, often in bitcoin.
\nHe noted that the group DD4BC \u2014 which stands for Distributed Denial of Service for Bitcoin \u2014 has been targeting financial services firms since mid-2014 with threats of locking up systems unless they are paid a bitcoin ransom.
\nThe second threat is from \u201cmalicious insiders,\u201d Chung said, which is someone within a firm with \u201cvalid credentials\u201d that\u2019s looking to do harm.
\nThe third threat: destructive malware, which Chung said is more prevalent in the energy sector than in financial services. \u201cThis is a risk that will become more interesting over the next year,\u201d Chung said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d0d8e2df0c&e=20056c7556<\/p>\n
Third-Party Security IoT Providers
\nFair or not, your customers will hold you accountable for any security breach related to your company, especially when your brand is the face of the partnership.
\nCompanies that must maintain security compliance \u2014 like those that have to maintain The Payment Card Industry Data Security Standard \u2014 can be found legally liable for their partner\u2019s security deficiencies, so more than your brand will suffer if you trust the wrong firm with your business.
\nFollow these three steps when vetting potential partners to prevent breaches and maintain the trust of your customers:
\nDo your research.
\nDon\u2019t trust what someone else tells you.
\nPerform your own security audit of potential partners by visiting their data centers, meeting with their IT security teams, and reviewing their security controls.
\nSet high standards.
\nKnow what security controls you require from your partners.
\nContinue to monitor.
\nOnce you find the right third-party business, don\u2019t sit back and assume everything will be fine moving forward.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=aca6fac991&e=20056c7556<\/p>\n
UK law mandates software backdoors, jail for disclosing vulnerability
\nNow the UK is getting in on the action, as it\u2019s been revealed that under the upcoming Investigatory Powers Bill it will have the ability to order companies to build software \u201cbackdoors\u201d into their products, and revealing that collaboration could result in up to a year in prison.
\nMore than that, the government is also empowering itself to enlist the services of talented individuals like hackers, and to also legally restrain these people from revealing the work they\u2019ve done \u2014 even in open court.
\nIn the US, these orders are called as National Security Letters (NSLs), and they have come to be routinely served to everyone from a small business owners to major corporate executives.
\nThe bill, widely referred to as the Snoopers Charter, could also mean that citizens subjected to these secret orders, who decide to defy them, would be tried by secret courts and appeal to secret tribunals with zero public accountability or even disclosure of its decisions.
\nThis fundamentally makes resistance impossible \u2014 try to make a stink about what you see as improper use of government power in the UK, and the UK government may soon be able to respond with a judicial system not all that different from a black bag over the head.
\nAs a Canadian, someone who has tried investigating even minor details about Canada\u2019s SIGINT body, let me just say that while things may be getting worse in America, they are absolutely not the worst out there.
\nThe current parliamentary democracies, whether in Britain, Canada, or elsewhere, have the capacity to produce far less restricted governments and government agencies, while also subjecting those agencies to less meaningful public oversight.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1191a1b663&e=20056c7556<\/p>\n
Email is more secure today than it was two years ago
\nGoogle has partnered with University of Michigan and the University of Illinois, and they have been trying to discover, for the last couple of years, how email security has evolved.
\nThe researchers have been collecting data regarding the adoption of SMTP security extensions (STARTTLS, SPF, DKIM, and DMARC), both by checking the Alexa Top Million domains’ SMTP server configurations, and SMTP connections to and from Gmail.
\n“First, we found regions of the Internet actively preventing message encryption by tampering with requests to initiate SSL connections.
\nSecond, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail.
\nWhile these threats do not affect Gmail to Gmail communication, they may affect messaging between providers,” they explained Google’s particular interest in fixing this problem.”
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0f4b62cf84&e=20056c7556<\/p>\n
Data breaches and bots are driving cybercrime surge
\nFrom July to September, ThreatMetrix detected more than 90 million attempted attacks across industries, representing a 20 percent increase over the previous quarter.
\nThis increase in attacks can largely be attributed to the growing sophistication of cybercriminals and the amount of customer data available for interception.
\nIn the financial services industry, attacks increased 30 percent over the previous quarter, with more than 15 million fraud attempts.
\nAs online lending and alternative payments providers represent significant financial gain for fraudsters, this segment is continuing to experience a very high volume of attacks.
\nFinancial services transactions broken down consist of the following percentages and risks:
\n– 85 percent of transactions were account logins, with 2.5 percent high risk
\n– 13 percent of transactions were payments, with three percent high risk
\n– Two percent of transactions were account creations, with two percent high risk.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d182e72d33&e=20056c7556<\/p>\n
Small companies’ big cyber risks highlighted at underwriting conference
\nDALLAS \u2014 Small and medium-size businesses’ lack of knowledge and resources to address their cyber risks can not only threaten their own existence, but also pose significant risks to the larger companies with which they deal, say experts.
\n\u201cOne of the big challenges we have when we think about\u201d the cyber risks faced by small and medium-size businesses is they have limited resources, which they direct toward making money, and information security \u201cin a lot of cases is what gets put on the back burner,\u201d said Sarah Stephens, a London-based partner with JLT Specialty Ltd.’s financial lines group.
\nAnother issue is that smaller firms often incorrectly assume they will not be targets of cyber attacks because of their size, said Ms.
\nStephens.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a565d14948&e=20056c7556<\/p>\n
New SANS Survey Reveals Lack Of Skilled Personnel As The Biggest Barrier To Implementing Security And Analytics Tools
\nSEATTLE, Nov. 12, 2015 \/PRNewswire\/ — DomainTools, the leader in domain name and DNS research, today announced a new 2015 Analytics and Intelligence Survey, conducted by the SANS Institute.
\nThe research revealed that the demand for cybersecurity tools and resources has doubled since 2014, with the majority (59 percent) of respondents citing a lack of skills and dedicated resources as the main obstacles to discovering and acting on cybersecurity incidents and breaches.
\nThe results allude to an industry-wide disconnect with 43 percent of enterprises fully understanding the importance of cyber threat solutions yet still relying on manual processes to protect their organization.
\nCurrently, only 9 percent of enterprises’ analytics and intelligence processes used for uncovering a breach are automated.
\nThe full research report can be downloaded here.
\nOn the bright side, while cybersecurity attacks have increased 66 percent since 2009, the research revealed the time to remediation is improving.
\nIn 2015, 67 percent of organizations were able to unearth an attack in one week or less versus only 50 percent in 2014.
\nWith detection and response times improving, the majority (83 percent) of organizations believe visibility into cyber incidents has improved with more effective intelligence programs that leverage analytics capabilities.
\nIn fact, almost half of organizations are diligently working to increase visibility by integrating data from external threat providers and another 31 percent are planning to do so in the future.
\nKey findings from the report include:
\n– 35 percent of organizations cite a lack of centralized reporting and remediation controls as a barrier to identifying cybersecurity incidents.
\n– Only 3 percent of organizations feel that their analytics and intelligence processes for pattern recognition are fully automated, and another 6 percent report having a “highly automated” intelligence and analytics environment.
\n– 26 percent still can’t understand and baseline “normal” cybersecurity behavior, making it difficult for them to identify and block abnormal behaviors.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ac03ccda43&e=20056c7556<\/p>\n
Naughty list to get longer, biggest cybercriminal Christmas on its way
\nThis Christmas could be the most wonderful time of year for cyber criminals, according to digital identity company ThreatMetrix.
\nIn a new report, the firm reveals that it has detected a 25% jump in attacks on online retailers in the last 90 days, with 45m attacks recorded.
\nThreatMetrix saw 11.4m fraudulent transaction attempts during the peak holiday shopping period last year.
\nThe Q3 Cybercrime Report from ThreatMetrix detected a number of attacks across billions of transactions globally, with account logins representing 78% of transactions, of which 5% were high risk.
\nFurther analysis found that payments made up 21% of transactions, with 3.2% at high risk, while 1% of transactions were account creations, with nearly 7% high risk.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e824887834&e=20056c7556<\/p>\n
The automation and industrialization of cyber attacks
\nA new Imperva report highlights cyber criminals\u2019 use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive data.
\nEvery application analyzed in the report was attacked, with over 75 percent of the applications attacked by every one of the eight identified attack types.
\nThe eight attack types analyzed in the report are SQL injection (SQLi), remote file inclusion (RFI), remote code execution (RCE), directory traversal (DT), cross site scripting (XSS), spam, file upload (FU), and HTTP reconnaissance.
\n2015 also saw hackers shift emphasis to attacking healthcare applications, likely reflecting the black market value of the personally identifiable information contained within healthcare applications.
\nThe data also highlights an increase in the percentage of attacks successfully identified and blocked by reputation services, further validating that already identified and known hackers use automation to more effectively and efficiently launch attacks against a broad set of targets.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5a1606921a&e=20056c7556<\/p>\n
Most companies ‘unaware of cyber breach costs’
\nMost New Zealand companies and organisations are unaware of the probability of and real cost of cyber security breaches, a New Zealand tech expert says.
\nThe average global cost of a breach is now $US154 per record and the likelihood is now 22 percent of a breach over a two year period New Zealand Technology Industry Association (NZTech) chief executive Graeme Muller says.
\nMuller will be chairing the top c-level New Zealand security summit in Wellington on November 30.
\nThe summit includes industry, government and academic interests in an effort to improve the state of cyber security in New Zealand.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bcf7e83139&e=20056c7556<\/p>\n
10 legal aspects of data breaches lawyers urge you to abide
\ncynthia-larose.jpg
\nCynthia Larose
\nImage: Cynthia Larose
\nAccording to Cynthia Larose and Meredith Leary, members of the law firm Mintz Levin, when it comes to dealing with the legal aspects of data breaches, organizations must be able to explain in the aftermath that actions taken before and during the data breach were reasonable.
\nTo do that, both attorneys say responsible parties within the company need to plan ahead and think like litigators, which to them means abiding by the following.
\n1: Fail to plan equals plan to fail
\n2: Big problems first, small problems later
\n3: The criticality of the tone at the top cannot be overstated
\n4: You cannot prevent idiocy, but you can train
\n5: Make good email practices your fight song
\n6: Say what you mean and mean what you say
\n7: Avoid inconsistencies wherever possible
\n8: Know what your peers are doing
\n9: Document close calls
\n10: Imagine your story being told to the world
\nData security is a new area of litigation.
\nThe US federal government does not have a unified set of data security regulations.
\nMoreover, what is on the books only protects certain types of data in specific industries (Graham-Leach-Bliley, COPPA, HIPAA, etc.).
\nWorse yet, there is only a patchwork of statutes and regulations at the state level.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f78a090f21&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=dc02458a5e)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: UK firms look to threat intelligence to focus security efforts UK firms have identified cyber threat intelligence as an investment priority for 2016 as they struggle to get…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1171","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1171"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1171\/revisions"}],"predecessor-version":[{"id":3658,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1171\/revisions\/3658"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}