[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
How To Convince Management You Need More People
\nCISOs stand a better chance of getting the resources they need if they establish proper performance metrics that show how information security supports and benefits business objectives and opportunities.
\n\u201cIt is widely known that more is needed from an information security standpoint to face today\u2019s challenges.
\nYet, many organizations are still reactive, and will boost their staffing only when faced with a breach,\u201d says Paul Calatayud, chief information security officer at Surescripts, which provides a nationwide health information network that connects doctor\u2019s offices, hospitals, pharmacists, and health plans through an integrated and technology-neutral platform.
\nCISOs can present a convincing argument about the need for more staff by establishing proper operational performance metrics that help demonstrate the resource requirements the security department is facing, says Calatayud. \u201cThese performance metrics should align to the business objectives and benefit business opportunities, as management teams want to see how investments in talent and tools will affect the bottom line.\u201d
\nToo often there are still disconnects between CISOs and the rest of the C-Suite from both a communication and trust standpoint, Calatayud says.
\nThe need for security managers to have better communication skills appears to be supported by responses in The 2015 (ISC)\u00b2 Global Information Security Workforce Study, which was conducted by Frost & Sullivan. When reporting how important various skills and competencies are to career success, 77 percent of the respondents said communications skills ranked as the single-most important attribute. \u201cInterestingly, analytical skills, another soft skill, ranked second, ahead of more concrete competencies such as architecture; incident investigation and response; info systems and security operations management; and governance, risk management, and compliance,\u201d according to the report.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2761de0504&e=20056c7556<\/p>\n
YARA rules download: The best YARA rules for Malware Analysis and Detection
\nYARA rules are used to identify specific types of malware, and the use of YARA rules is very simple and straight forward.
\nThe fact that the use of YARA is easy has allowed the community to create hundreds of YARA rules which identify unique malicious binaries and threats.
\nBut here comes the though part, there are tons of sources where you can find and download YARA rules.
\nA lot of YARA rules can be found on Github, but there are also private environments which share YARA rules.
\nSo, in order to make it easy to keep track of those environments, we have listed down environments where you can find and download YARA rules.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=45f23e1591&e=20056c7556<\/p>\n
Data Insecurity: Flawed Technology Or Outdated Business Process?
\nAre data breaches caused by flawed security or outdated business processes.
\nIf we want to truly shift the momentum in the cybersecurity fight, as an industry we need to drastically change how we conduct business and think about securing business processes first.
\nOnly then can we focus on the IT systems in which they reside.
\nFrom swiping your card to getting \u201capproved,\u201d there are about 16 steps.
\nThat\u2019s an amazing number of potential attack vectors for threat actors to exploit.
\nIn today\u2019s digital environment, a consumer should not be required to carry plastic cards \u2014 holding exploitable account numbers \u2014 to pay for goods and services at the point of sale.
\nThis technology has outlived its practicality in a modern, hyper-connected world.
\nIt\u2019s smart, simple, and actual proof that changing the process helped improve security.
\nThe technology (i.e., the phone itself) does not require any additional feature sets to be secure.
\nThe process secures itself.
\nSo instead of getting out your pen to write a multimillion dollar check for the latest big data or artificial intelligence security tool, a smarter play may be to take a precursor step and re-assess your business processes and how they affect or hinder security.
\nYou may find you don\u2019t need that complex security tool, but just sound segmentation and role-based access.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6dadaf6cc7&e=20056c7556<\/p>\n
Survey: Many stock market pros see ‘significant’ risks from terrorism, global events
\nAre data breaches caused by flawed security or outdated business processes.
\nIf we want to truly shift the momentum in the cybersecurity fight, as an industry we need to drastically change how we conduct business and think about securing business processes first.
\nOnly then can we focus on the IT systems in which they reside.
\nFrom swiping your card to getting \u201capproved,\u201d there are about 16 steps.
\nThat\u2019s an amazing number of potential attack vectors for threat actors to exploit.
\nIn today\u2019s digital environment, a consumer should not be required to carry plastic cards \u2014 holding exploitable account numbers \u2014 to pay for goods and services at the point of sale.
\nThis technology has outlived its practicality in a modern, hyper-connected world.
\nIt\u2019s smart, simple, and actual proof that changing the process helped improve security.
\nThe technology (i.e., the phone itself) does not require any additional feature sets to be secure.
\nThe process secures itself.
\nSo instead of getting out your pen to write a multimillion dollar check for the latest big data or artificial intelligence security tool, a smarter play may be to take a precursor step and re-assess your business processes and how they affect or hinder security.
\nYou may find you don\u2019t need that complex security tool, but just sound segmentation and role-based access.
\nDespite expectations of higher interest rates, our 1st-quarter 2016 Market Mavens survey finds the odds of a bear market next year are relatively low, similar to what we found in previous surveys.
\nThe experts are generally bullish, with just 1 in 4 of the experts saying that the likelihood of a downturn is 50-50 or higher. “There is ample liquidity, and the banks are in solid shape,” notes Michael Farr, president and CEO of Farr, Miller & Washington.
\nRisks from terror and global events: The Market Mavens were split down the middle when asked whether geopolitical and terrorist threats pose unusually significant risks for financial markets in the year ahead: 50% of the respondents said yes, 50% said no.
\nPositive on stocks: While individual responses were widely varied, when taken together the outlook for the stock market over the next 12 months is positive.
\nAbout 80% of the respondents expect the market to edge higher in 2016.
\nBear market chances: If the experts have it right, the bull market that began in March 2009 will remain intact and celebrate its 7th birthday this year.
\nGrowth vs. value stocks: As the U.S. market’s advance has matured, the mavens favor a value approach to investing.
\nA resounding 68% of the market pros choose value over growth for the next 12 months.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c4b00f57af&e=20056c7556<\/p>\n
Half of UK banks have insecure SSL
\nInternational security firm Xiphos Research has revealed that half of the UK\u2019s retail banks have insecure instances of SSL, which could make it easier for cyber criminals to cause damage.
\nXiphos Research looked at the SSL certificate instances associated with the secure login functions for some UK-based banks by anonymously submitting associated URLs to the SSL Labs service provided by Qualys.
\nThe research, conducted in November 2015, revealed that 11 out of the 22 UK retail banks tested had insecure SSL instances, as did 18 out of 25 foreign banks in the UK.
\nIt also tested 37 UK building societies, with just over half found to have insecure SSL instances.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=18fa4fef60&e=20056c7556<\/p>\n
Relationships: Critical to the Security Posture of Your Organization
\nThe best security professionals always keep the lines of communication open and warm, even when they don\u2019t need anything.
\nThey don\u2019t exploit, deceive, or cheat people.
\nThey understand that security is a profession built upon trust.
\nTrust that is built on relationships.
\nFurthermore, they understand that there are some things that money just cannot buy.
\nRelationships matter, and beyond that, they hold high value for us professionally, whether we realize it or not.
\nI don\u2019t care who you are.
\nPeople make time for things that are important to them.
\nIf you think you don\u2019t have the time to keep the lines of communication warm with people, you\u2019re doing it wrong.
\nMake the investment in relationships.
\nIt will be good for you, and it will also be good for the security posture of your organization.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fea3ab7870&e=20056c7556<\/p>\n
Experts predict more attacks on universities
\nAttacks on major state universities will continue in 2016, according to a non-profit cybersecurity readiness organization that specializes in the public sector.
\n\u201cThe universities are home to an awful lot of valuable intellectual property, so a lot of the major research universities are prime targets for attackers,\u201d said Thomas Duffy, chair of the Multi-State Information Sharing and Analysis Center (MS-ISAC) that’s operated by CIS.
\nHe was quoted by Fedscoop, writing about threats for states and localities.
\nIn the U.S, good security intentions are there, but money is the big issue, reckons CIS\u2019s MS-ISAC, in a recent presentation.
\nAlmost half (46.8%) of states have only 1-2% of the IT budget for cybersecurity.
\nThat\u2019s no increase on the previous year.
\nAdvanced anti-malware for extortion attacks are \u201ca must have\u201d too, Avakian says, as is real-time correlation of security analytics; database firewalls; identity and access management along with multi-factor authentication.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2e07d2b7ca&e=20056c7556<\/p>\n
Rip and replace can create security issues
\nHow secure a replacement system is depends in part on whether organizations go it alone with rip and replace efforts; or, if a solutions provider is involved, which parts of the project they manage.
\nChances are that the organization doesn\u2019t have many staff trained on the new system, and internal IT will have all it can do just to keep up with the implementation.
\nAsking those right questions up front and mapping out security from the outset is probably the most important role the CSO can play here.
\nThe development team probably has too much on their plate already to make security a top priority.
\nDuggan also cautions that a vendor team doesn\u2019t have the benefit of \u201ctribal knowledge\u201d about the client, as Duggan terms it.
\nSecurity measures recommended by the vendor may not address important aspects of how the business actually works and employees go about their jobs.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3c47a02092&e=20056c7556<\/p>\n
\u200bBanking Trojans are growing smarter. But will banks keep up?
\nInfection rates of banking Trojans continue to run high, despite the best efforts of financial institutions and security companies to keep this type of malware in check.
\nAccording to Morten Kjaersgaard, CEO of Danish security specialist Heimdal, the number of campaigns involving the Dyreza Trojan, also known as Dyre, has spiked while Tinba remains the most common piece of banking malware.
\nDyreza, also referred to as Dyzap by others, notably Microsoft, hooks into browser processes and then monitors for connections to specific domains, collecting credentials as the victim types them, in a style of attack known as ‘man in the browser’.
\nThe firm described Tinba as the smallest banking Trojan it had encountered, at about 20KB in size, including config and webinjects.
\nHence the malware’s name: Tinba, which means ‘tiny banker’.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=75c94f9e53&e=20056c7556<\/p>\n
Blog: DNI Clapper Names Leaders of Cyber Threat Intelligence Integration Center – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fc4f1b5cc8&e=20056c7556
\nDirector of National Intelligence, James Clapper, today announced the leaders of the Cyber Threat Intelligence Integration Center (CTIIC).
\nDirector Tonya Ugoretz will lead the center, with Maurice Bland as deputy and Office of the Director of National Intelligence (ODNI) Research Director Thomas Donahue as part of the team. – See more at: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2b3455a204&e=20056c7556
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ca2bfa8b4b&e=20056c7556<\/p>\n
Hackers are now offering ‘customer support’ to the victims they extort money from
\nRansomware is a type of virus that infects a user\u2019s machine and encrypts the files on it, leaving them inaccessible unless the victim pays for the decryption key.
\nRansoms typically range from $300 to $500, sometimes with a limited time before the price is raised or before the chance to pay is withdrawn completely.
\nThe idea behind ransomware authors extending an olive branch to victims is simple: the victim has to trust that paying up will actually restore their files.
\nIf they don\u2019t trust the legitimacy of the service, they are less likely to pay.
\nWilliams said that nearly all ransomware will change the user\u2019s background to a ransom note explaining how to pay.
\n\u201cThese instructions are written in such a way that [the attackers] are able to get money from [their victims], which I think in itself is a feat.\u201d
\nRansomware authors will take extra measures to ensure payment.
\nSome will offer alternative methods of payment.
\nOthers offer the free decryption of a single file to prove that they do in fact possess the key.
\nMany services even use the names of better known viruses in order to piggy-back on their name recognition and reputation for actually providing decryption keys.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1582d548a4&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=9cd8a462d8)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: How To Convince Management You Need More People CISOs stand a better chance of getting the resources they need if they establish proper performance metrics that show how…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1185","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1185"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1185\/revisions"}],"predecessor-version":[{"id":3672,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1185\/revisions\/3672"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}