[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nAlso, would it help to include a table of contents at the beginning of the email? This would make the email message longer, but might make it easier to jump to the sections you are interested in. Send an email to mail@paulgdavis.com if you think it is a good idea.
\nSo onto the news:<\/p>\n
Intact Insurance launches commercial drone insurance for small- and medium-sized businesses
\nIntact Insurance, Canada\u2019s largest home, auto and business insurance company, announced on Monday that it has launched drone insurance for its commercial lines customers.
\nThe unmanned air vehicle (UAV) coverage \u201ccaters specifically to small and medium-sized businesses that currently use or plan to use drones to complement their business operations,\u201d Intact Insurance said in a press release.
\nUAV coverage is the latest addition to the company\u2019s line of products and services that provide \u201cunique solutions which add value to businesses and brokers.\u201d Other recent innovative commercial initiatives launched include its cyber endorsement, which protects businesses against cyber risks and myFleet Solution, a fleet-management insurance solution for businesses with fleets.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c594c35563&e=20056c7556<\/p>\n
How email in transit can be intercepted using DNS hijacking
\nThis article looks at how an attacker can intercept and read emails sent from one email provider to another by performing a DNS MX record hijacking attack.
\nDNS hijacking attacks work as follows.
\nThe attacker poses as or compromises the DNS server used by Alice\u2019s mail server to find out where to deliver Alice\u2019s email to Bob.
\nInstead of returning the legitimate IP address, the DNS server returns the IP address of a server owned by the attacker, as illustrated in the diagram above.
\nAlice\u2019s server believes this IP address is the legitimate one for Bob\u2019s server and delivers the email to the rogue server.
\nThe attacker reads the email and to make the attack invisible, forwards the email to the real server.
\nThis shortcoming will eventually be fixed with the deployment of DNSSEC and DANE.
\nThis deployment and other ways to mitigate this type of attack are discussed at the end of this post.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5e738b60a3&e=20056c7556<\/p>\n
Hewlett Packard Enterprise Finds Security Operations Centers Lack Maturity and Skilled Professionals in 2016 State of Security Operations Report
\nHewlett Packard Enterprise (NYSE: HPE) today published its third annual State of Security Operations Report 2016, highlighting the critical role security operations centers (SOCs) play in protecting today’s digital enterprise.
\nAs organizations face an increasingly volatile threat landscape, the report assesses SOC maturity levels to help organizations improve their security posture and understand the components of a successful security operations organization.
\nPublished by HPE Security Intelligence and Operations Consulting (SIOC), the report examines 114 SOCs in more than 150 assessments around the globe and measures four areas of performance: people, processes, technology and business function.
\nThis year’s report indicates that security operations maturity remains well below optimal levels, with 85 percent of assessed organizations falling below recommended maturity levels.1 While this number is alarmingly high, it accounts for the influx of new SOCs that enterprises are building to address evolving security challenges.
\nThese findings also demonstrate the need for organizations to strike the right performance balance across all areas of the SOC, from the foundation up.
\nHPE continues to find that the majority of cyber defense organizations’ operations remain below target maturity levels.
\nA continual focus on mastering the basics and creating a solid foundation of risk identification, incident detection, breach escalation and response is key to effectiveness.
\nBenefits from advanced analytics capabilities and threat intelligence will only be realized if a strong security operations framework exists.
\nA single product or service will not provide the protection and operational awareness that organizations need.
\nInstead, organizations must focus on a continuous investment in their cyber security posture that encompasses people, process, technology and business function to effectively mitigate risks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=98f9abfa93&e=20056c7556<\/p>\n
Verisk Releases Industry’s First Cyber Exposure Data Standard
\nThe Verisk cyber exposure data standard is the first step in the process of managing accumulations of cyber risk and will help create a uniform method for data transfer throughout the industry.
\nMany of the fields are optional to provide flexibility for companies that collect different types of information or at different levels of detail.
\nThe AIR preparer’s guide will assist companies in collecting and storing the data.
\nMany client organizations, including companies in the insurance, broker, and reinsurance industry, have reviewed the standard and provided valuable input.
\nIn addition, AIR has developed an SQL implementation to allow organizations to begin to use the standard in their enterprises.
\nIn the coming months, AIR aims to provide SQL scripts that can be used for deterministic scenario analysis and accumulation analysis.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6e9f9567a3&e=20056c7556<\/p>\n
Worldwide IT spending outlook for 2016
\nWorldwide IT spending is forecast to total $3.54 trillion dollars in 2016, just a 0.6 percent increase over 2015 spending of $3.52 trillion dollars, according to Gartner, Inc. 2015 saw the largest U.S. dollar drop in IT spending since Gartner began tracking IT spending. $216 billion dollars less was spent on IT in 2015 than in 2014 and 2014 spending levels won\u2019t be surpassed until 2019.
\n“The rising U.S. dollar is the villain behind 2015 results,” said John-David Lovelock, research vice president at Gartner. “U.S. multinationals’ revenue faced currency headwinds in 2015.
\nHowever, in 2016 those headwinds go away and they can expect an additional 5 percent growth.”
\nThe devices market (PCs, ultramobiles, mobile phones, tablets and printers) is forecast to decline 1.9 percent in 2016.
\nThe combination of economic conditions preventing countries such as Russia, Japan and Brazil from returning to stronger growth, together with a shift in phone spending in emerging markets to lower-cost phones, is overlaid with weak tablet adoption in regions where there was an expectation of growth.
\nData center systems’ spending is projected to reach $75 billion in 2016, a 3.0 percent increase from 2015.
\nThe server market is the segment that has seen the largest change since the previous quarter’s forecast.
\nThe server market has seen stronger-than-expected demand from the hyperscale sector, which has lasted longer than expected.
\nTypically, this segment has spikey demand which lasts for a couple of quarters before moderating.
\nDemand in this segment is expected to continue to be strong through 2016.
\nTelecom services spending is projected to decline 1.2 percent in 2016, with spending reaching $1,454 trillion.
\nThe segment will be impacted by the abolition of roaming charges in the European Union and parts of North America.
\nWhile this will increase mobile voice and data traffic, it will not be enough to counter the corresponding loss of revenue from lost roaming charges and premiums.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=76ec04caba&e=20056c7556<\/p>\n
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
\nMy mom bought a new car the other day and like most new cars today, it comes equipped with all the modern bells and whistles, including driver assistance features.
\nIf she starts wandering out of her lane, beeps and flashing lights direct her to get back in her lane.
\nOr if she gets too close to the car ahead of her, the car brakes automatically.
\nGreat stuff for those who aren\u2019t always paying close attention, right?
\nI\u2019d say it\u2019s high time we brought these kinds of features into the information security space, because right now we\u2019re trusting employees to drive our \u201ccars\u201d\u2014 or expensive IT infrastructure \u2013 and the precious information that flows through it.
\nThe good news is User Behavior Analytics (UBA) tools offer the promise of solving this problem \u2013 if they evolve in the right direction.
\nThese tools \u2014 which draw information from various other data gathering systems in the market, such as security information and event management (SIEMs), data loss pevention (DLP) systems, etc. \u2014 are providing real value in identifying patterns and signs that reveal the presence of bad actors in the IT environment.
\nRight now, UBA and these other threat detection tools are great at identifying and addressing the symptoms of technical failure (such as system vulnerabilities), but we\u2019ve only just tapped into their capacity to really track and respond to the symptoms associated with human failure.
\nBut this can and I believe will change.
\nIt will start when UBA takes a lesson from phishing simulations.
\nThe information security community loves phishing simulation tools \u2013 and why not.
\nThese tools do a great job at identifying employees who put the organization at risk by clicking on (fake) phishing attempts.
\nOnce you know who falls prey to phishing, you can target them with just-in-time education and (ideally) improve their performance and their ability to protect the organization.
\nIt works perfectly \u2013 or so say advocates.
\nCan we \u201ctune\u201d UBA systems to identify these kinds of triggers.
\nI believe we can.
\nPair these risk triggers with a flexible deployment of just-in-time training and you\u2019ve created \u201clane assistance\u201d warnings for information security, with the added benefit of only training those who need it and not wasting the time of those who don\u2019t.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d7be571627&e=20056c7556<\/p>\n
Video: Insurance industry ‘will drag cyber-security into the light’
\nThat’s according to Trey Ford, global security strategist at Rapid7 and a trained pilot, who says that only by forensically investigating all major breaches \u2013 in much the same way as the aviation industry learned early in its history to do investigate aircraft crashes \u2013 will the IT industry get to grips with its cyber-security problem.
\nIn this exclusive interview, recorded at the London offices of SCMagazineUK.com, Ford explained how this approach helped the aviation industry develop the safety protocols that make flying arguably the safest mode of transport.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a2a7d32b10&e=20056c7556<\/p>\n
Only a quarter of cyber security employees say their firm has cyber insurance
\nOnly one-quarter (24 per cent) of UK cyber security professionals say that their firm has cyber insurance, a report by recruiters Harvey Nash has indicated.
\nHalf of around 200 IT security professionals in the UK surveyed by the recruitment firm said that their companies didn’t have cyber insurance, and 26 per cent said that they didn’t know.
\nWhen the cyber security professionals who said they didn’t have cyber insurance were asked if they had plans to buy any in the next 12 months – nearly half (46 per cent) said that they didn’t have any plans, while more than one-quarter said that they did (26 per cent) and 28 per cent said they didn’t know.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e2f946f931&e=20056c7556<\/p>\n
Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches
\nIn a survey of large enterprises, 64 percent of more than 1,100 senior IT executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is \u201cvery\u201d or \u201cextremely\u201d effective at preventing data breaches.
\nThis contradicts many security experts’ warnings that compliance standards do not constitute acceptable levels of cyberthreat prevention.
\nAdditional stats from the survey, detailed in a 2016 \u201cData Threat Report\u201d issued yesterday by 451 Research and Vormetric, appear to bear out these experts’ concerns.
\nIndeed, 61 percent of survey-takers confirmed their organization has experienced a breach in the past\u201422 percent within the past year.
\nThis 61 percent figure represents a three percentage point increase over last year’s version of the survey.
\nThe percentage of execs that cited compliance as highly effective also rose from 58 percent last year.
\nBekker suggested that in some cases, the apparent unwillingness to go above and beyond basic compliance is because IT security is a \u201cgrudge spend.
\nIt’s not necessarily something a CFO wants to spend their money on.
\nIt’s kind of like life insurance,\u201d said Bekker. \u201cIt’s always been tough to get funds allocated to security because it doesn’t necessarily give you a tangible benefit.\u201d
\nThe two most popular incentives for spending on IT security were meeting compliance standards and brand protection (46 percent for both).
\nCurrent IT spending priorities tended to lean toward classic, old-school network defenses (e.g. firewalls and intrusion prevention systems), which ranked first among intended spending categories at 48 percent.
\nConversely, products that directly mitigate theft of data in motion and at rest, such as encryption and data loss prevention, came in last (40 percent for data-in-motion defenses, 39 percent for data-at-rest defenses).
\nA surprisingly high 43 percent of respondents claimed to have \u201ccomplete knowledge\u201d of the locations of their sensitive data.
\nThe report suggests that executives may be \u201cin denial\u201d about just how much sensitive data they have disseminated across their operations.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=83262f66eb&e=20056c7556<\/p>\n
Increased risk of cyber breaches boosting forensic data analytics
\nCyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks according to executives, and are driving investment in forensic data analytics (FDA) according to EY\u2019s 2016 Global Forensic Data Analytics Survey, \u2018Shifting into high gear: mitigating risks and demonstrating returns\u2019.
\nSixty-nine per cent say that they need to do more to improve their current anti-fraud procedures, including the use of FDA tools.
\nNotably, this figure increased to 74 per cent for the C-suite cohort.
\nOf those respondents citing regulatory pressure as the reason to improve their procedures, C-suite respondents were found to be the most concerned as regulatory enforcement becomes more rigorous and widespread.
\nWith just 55 per cent saying their FDA spend is sufficient, a drop from 64 per cent in the 2014 survey, it is no surprise that three out of five say they plan to spend more on FDA in the next two years.
\nLooking at the reasons for increased investment, the survey found that responding to growing cybercrime risks and increased regulatory scrutiny are the top drivers at 53 per cent and 43 per cent, respectively.
\nHow FDA tools are deployed is also changing, with 63 per cent saying they invest at least half their FDA budget on proactive monitoring activities.
\nIn response to increased risks, the use of advanced FDA is becoming mainstream, with new technologies and surveillance monitoring techniques widely used to help companies manage current and emerging fraud and cyber risks.
\nThe rising maturity of corporate FDA efforts is also evident in the growing sophistication in their use of data.
\nSeventy-five per cent routinely analyse a wide range of structured and unstructured data, enabling them to gain a comprehensive view of their risk environment.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=751f59533c&e=20056c7556<\/p>\n
4 essentials to creating a world-class threat intelligence program
\nGundert suggests that creating a world-class threat intelligence program requires:
\n– understanding the business and its strategic assets;
\n– identifying relevant adversaries and their TTPs;
\n– working in partnership with larger security organizations; and
\n– building relevant defensive security controls that increase visibility, reduce risk, and increase profitability.
\nWhen all is said and done, Gundert suggests, “The success of a threat intelligence program is dependent on the understanding of business objectives, and building processes that allow the business objectives to be met.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c21c24aaa8&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=baabdb0aed)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 Also, would it help to include a table of contents at the beginning of the email? This would make the email message longer, but might make it easier to jump to the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1190","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1190"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1190\/revisions"}],"predecessor-version":[{"id":3677,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1190\/revisions\/3677"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}