[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
When it comes to Cloud security which is better? Heavy hand or gentle policing?
\nTo get a sense of what enterprises think about Cloud deployments and cloud security, we recently reached out to Jim Reavis, cofounder and chief executive officer at the Cloud Security Alliance.
\nAs a nonprofit, the Cloud Security Alliance promotes the use of security assurance best practices in cloud computing, as well as Cloud computing education.
\nReavis is an information security industry vet and has advised on industry business launches, mergers and acquisitions, and IPOs.
\nSince its founding, the Cloud Security Alliance has launched numerous successful cloud security efforts, including the cloud security provider certification program, the CSA Security, Trust Assurance Registry (STAR), a cloud provider assurance program of self assessment, third party audit and continuous monitoring, and the cloud security user certification the Certificate of Cloud Security Knowledge (CCSK).
\nEnterprises also are learning now how to transition into cloud and to understand the level of security they are getting from cloud providers.
\nEnterprises will always have a role in securing their cloud deployments, whether it’s more of the implementation of the technical controls inside private cloud or if it’s more due diligence and procurement efforts and looking for the assurance from the providers that they adhere to secure practices.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e96b1d6f46&e=20056c7556<\/p>\n
Cybersecurity Policy Framework for South Africa finally published
\nThe State Security Department\u2019s National Cybersecurity Policy Framework, which was approved by Cabinet in 2012, has finally been published.
\nThe Right2Know (R2K) campaign said recently that, until October, the document was regarded as classified.
\nThe policy framework was published in last week\u2019s Government Gazette.
\nIt comes on the heels of the closure of public comments by the State Security Department on its controversial draft Cybercrimes and Cybersecurity Bill on November 30.
\nThe bill seeks to create offences and impose penalties on cybercrime.
\nIt also seeks to impose obligations on electronic communication service providers regarding aspects that may affect cybersecurity.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bdd2fb865d&e=20056c7556<\/p>\n
Cyber attacks can cost airlines ‘millions’
\nGeneva \u2013 Cyber attacks can cost airlines hundreds of millions of dollars in revenue and irreparably damage their reputations, according to Carolina Ramirez, global director of security and facilitation at the International Air Transport Association (Iata).
\nCyber attacks in the industry can vary from on-board or in-flight interferences affecting on board flight systems, navigation devices and communications to operational disruptions and business disruption (like bookings and check-in).
\nSo far in 2015 at least five airlines and two airport operations have been publicly reported as victims of targeted online attacks, she said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0da54cfb1d&e=20056c7556<\/p>\n
Twitter users are getting attacked by government hackers, site warns
\n\u201cState-sponsored actors\u201d have been looking to take information such as email addresses and phone numbers by breaking into a \u201csmall group of accounts\u201d, the site has warned.
\nTwitter has told its users that they appear to have been hacked before.
\nBut this seems to be the first time that it has explicitly blamed governments \u2014 though it did not attribute the hacks to any specific country.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f525f61467&e=20056c7556<\/p>\n
J.P. Morgan, Bank of America, Citibank And Wells Fargo Spending $1.5 Billion To Battle Cyber Crime
\nThere\u2019s a showdown going down between a global network of cyber criminals and the world\u2019s largest corporations, governments and cybersecurity companies.
\nThe British insurance company Lloyd\u2019s estimates that cyber attacks cost businesses as much as $400 billion a year, which includes direct damage plus post-attack disruption to the normal course of business.
\nSome vendor and media forecasts put the cybercrime figure as high as $500 billion and more.
\nThe biggest U.S. banks are responding to the cyber crime epidemic with some of the biggest security budgets.
\nThe Wall Street Journal reported in August that J.P.
\nMorgan Chase & Co. expects its cybersecurity spending to be around $500 million in 2016.
\nThat figure is more than double the $250 million it spent on cybersecurity in 2014.
\nIn a live interview from Davos Switzerland on Bloomberg earlier this year, Bank of America Corp.
\nCEO Brian Moynihan said the nation\u2019s second largest lender will spend $400 million on cybersecurity this year\u2026 and it is the first time in 20 years of corporate budgeting he has overseen a business unit with no budget.
\nMoynihan said the only place in the company that doesn\u2019t have a budget constraint is cybersecurity.
\nA Crain\u2019s article recently stated that Citibank\u2019s IT security budget reportedly tops $300 million.
\nYahoo Finance reports that Wells Fargo spends roughly $250 million a year on cybersecurity.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e82cdc5e04&e=20056c7556<\/p>\n
LogRhythm\u2019s Top 10 Security Predictions for 2016
\nLogRhythms 10 Security Predictions for 2016 By Simon Howe, Sales Director ANZ An uptick in all-in-one home surveillance systems.
\nWe are seeing more motion sensing\/camera\/recording devices in the home that can be managed through personal devices.
\nThis type of technology \u2026LogRhythm\u2019s Top 10 Security Predictions for 2016
\nAn uptick in all-in-one home surveillance systems.
\nA rise in the use of mobile wallet apps.
\nNew model of what to protect.
\nIdentity access management: The unsung hero.
\nThe next big attack target: Education.
\nEmergence of hacking for good.
\nSecurity is in a renaissance.
\nNext steps for CISA, open sharing of threat intelligence.
\nRansomware gaining ground.
\nVendors need to step up
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fa23b2a1fd&e=20056c7556<\/p>\n
R.I.P. APTs, hello stealth attacks
\nAs such, in the months and years ahead, organisations need to prepare themselves for an eerily quiet onslaught of attacks that are fundamentally designed to infect victims, steal data, and exit \u2013 and all without leaving a trace.
\nSuch campaigns will:
\n– Use memory-resident and file-less malware that deftly avoids detection.
\n– Repurpose off-the-shelf malware that, unlike rootkits, custom malware and bootkits, aren\u2019t burned by security researchers when discovered.
\n– Build custom attack vectors to exploit specific targets.
\n– Cloak both bad guys and their intentions, since they\u2019ll be lost in a huge pool of remote access trojans that are available for sale in the cyber underground.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d1d0d22a72&e=20056c7556<\/p>\n
IT Specialists\u2019 2016 Predictions: Three key Areas for Growth
\nPrediction #1: Managed service providers will become more popular amongst small to midsized businesses.
\nPrediction #2: Compliance overlay of management is critical.
\nPrediction #3: Management of private and public clouds will separate.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2c799b902c&e=20056c7556<\/p>\n
Advice to help today’s CISOs succeed at security leadership
\nPart of Renee Guttmann’s job as vice president of the Office of the CISO at Accuvant Inc. is to provide guidance to information security leaders across a variety of enterprises.
\n“The biggest issues I’m seeing right now or the challenges that folks are facing,” Guttmann said, “is that what they’re really missing is a strategy.
\nThis is what they’re being asked for by their boards; they’re being asked this by their companies.
\n“It’s critical that CISOs and security practitioners make the time to be involved with the community and learn how others are dealing with it,” Guttmann said. “Security leaders must make their staff also take the time to network and learn what’s going on in their particular space.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=86abf03ac1&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage2.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=bda2a276ab)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: When it comes to Cloud security which is better? Heavy hand or gentle policing? To get a sense of what enterprises think about Cloud deployments and cloud security,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1179","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1179"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1179\/revisions"}],"predecessor-version":[{"id":3666,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1179\/revisions\/3666"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}