[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————
\n* Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast
\n* France votes to extend state of emergency to May 26 with terrorism threat ‘never higher’
\n* Are you ready for EU General Data Protection Regulation changes?
\n* Instagram\u2019s new security feature will help keep hackers out of your account
\n* Insurance execs changing technology use amid complex risks
\n* Five Tips for Keeping Security Costs Down
\n* Biggest risks and GRC challenges for 2016 are disclosed
\n* Visualizing The Cisco Annual Security Report (ASR 2016)
\n* Internal auditors challenged by cyber-security, data quality<\/p>\n
Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast
\nAustralians are more worried about email security than their peers in comparable countries and fully half of IT decision-makers believe their organisations are more vulnerable to attack than they were 12 months ago, according to new survey results that also found Australian businesses are more concerned about email breaches causing reputational damage than about the actual loss of data.
\nThe figures \u2013 collated in Mimecast’s Email Security Uncovered survey of 600 IT decision-makers in the US, UK, South Africa and Australia \u2013 also found that 40 percent and 39 percent of Australian respondents felt unprepared to deal with malicious insider attacks and the compromise of mobile devices, respectively.
\nThe numbers suggested that concerns about email security have permeated the C-level far more in Australia than in other countries, with 95 percent of respondents saying C-level executives were engaged with email security and risk-management practices \u2013 compared to 89 percent in South Africa and 74 percent in the UK.
\nAustralia was the only of the four surveyed markets to report that no C-suite executives were ‘not at all engaged’ with email security.
\nDespite their impact, the report noted that experience gained during attacks \u201ccan be a key tool to inform strategies to combat future threats\u201d and noted that IT security managers with direct experience in handling an attack generally felt more exposed to email threats than their peers with no direct experience.
\nThe research also found that Australians were more concerned about ransomware than their overseas peers, with 34 percent rating ransomware as a high threat compared to 25 percent in the US and 18 percent in South Africa.
\nThis is consistent with ongoing reports suggesting that ransomware authors are particularly targeting Australians with schemes designed to exploit Australians’ relative wealth and technological nous.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c0af7af5e9&e=20056c7556<\/p>\n
France votes to extend state of emergency to May 26 with terrorism threat ‘never higher’
\nThe French parliament has voted to extend the country’s state of emergency, implemented after the November 13 terrorist attacks, by a further three months to May 26 as the Government warns the threat of an attack remains great.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b80255abc4&e=20056c7556<\/p>\n
Are you ready for EU General Data Protection Regulation changes?
\nThe GDPR promises to force companies to scrutinise how they process and handle customer data, with mandatory reporting of breaches ‘that are likely to harm individuals’ and potential fines of up to 4% of global revenues.
\n– Mandatory breach notification: Should an organisation suffer a breach that compromises data, it will have 72 hours to report it to the information commissioner responsible in that country.
\nA single set of rules: Rather than maintaining 28 different national standards for data management, the GDPR will introduce a single set of regulations covering the EU as a whole.
\nPutting the owner’s rights first:
\nBusinesses that collect data must now do so explicitly, rather than assuming consent.
\nIndividuals will also be able to withdraw their own data at any point, as part of the EU’s well-publicised ‘right to be forgotten’.
\nastly, in order to avoid the sizeable penalties mentioned above, organisations must still ensure that their staff are aware of and prepared to guard against the risk of data breaches.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ccf67470cf&e=20056c7556<\/p>\n
Instagram\u2019s new security feature will help keep hackers out of your account
\nThe most surprising thing about Instagram rolling out two-factor authentication is that it didn\u2019t do it sooner.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7a1fbbaef3&e=20056c7556<\/p>\n
Insurance execs changing technology use amid complex risks
\nMore than 70 percent of insurance chief executive officers (CEOs) are making significant changes to the way they use technology to assess and meet customer expectations, according to a new survey by PwC.
\nThe report found that threats businesses are facing are becoming more complex, crossing the borders of geopolitics, regulation, cyber security, societal development, people and reputation, according to PwC.
\nAccordingly, 64 percent of insurance CEOs are making significant changes to the way they define and manage risks in response to changing stakeholder expectations.
\nSeventy nine percent of insurance CEOs see cyber threats as a barrier to growth, more than their counterparts in banking and capital markets.
\nPwC also said that cyber risk could expose insurers to significant losses, both through specific cyber coverage and their technology, errors and omissions, and other existing business lines.
\nIt said a UK Government report estimates that the insurance industry\u2019s global cyber-risk exposure is already in the order of \u00a3100 billion ($140 billion).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b60a17e585&e=20056c7556<\/p>\n
Five Tips for Keeping Security Costs Down
\n1: Build an integrated remote monitoring and management solution.
\n2: A unified system is needed for monitoring, managing and securing endpoint devices.
\n3: Gain platform robustness from a one-stop shop.
\n4: Insuring your business against cyber-threats helps.
\n5. Make a cyber-security assessment.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4597e0c520&e=20056c7556<\/p>\n
Biggest risks and GRC challenges for 2016 are disclosed
\nA need to improve overall risk oversight (76.2 percent) is a key driver for investment in governance, risk, and compliance (GRC), says MetricStream.
\nOver half (54 percent) of new business initiatives introduce new risk and regulatory concerns, suggesting that risk management professionals have evolved beyond compliance and are much more business-focused.
\nData privacy and protection issues make up 39.5 percent of GRC investment influencers, reflecting a business where data privacy, protection and cyber-security are more important now than ever before.
\nOrganisations have said that they will place GRC technology spending as a higher priority than GRC services for third party risk management.
\nLess than five percent of organisations assume they will lower their GRC spend in 2016.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4654ad172d&e=20056c7556<\/p>\n
Visualizing The Cisco Annual Security Report (ASR 2016)
\nThis year\u2019s visuals were all built with our open source tool OpenGraphiti and were all select attacks that were highlighted within the Cisco report.
\nOpenGraphiti allows researchers, not only create visual representations of the attackers infrastructure, but also interact with the data in 3D.
\nWith that we also included recordings of us pivoting through the data in the following attacks.
\nAll attack information was obtained from OpenDNS\u2019s Security Graph, which is based on our view into more than 90 billion daily DNS requests.
\nEach of the visualizations include examples of: the attacker\u2019s infrastructure domains, IPs, WHOIS information, co-occurrences, name servers, and traffic patterns.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=75298f3fdd&e=20056c7556<\/p>\n
Internal auditors challenged by cyber-security, data quality
\nAbout half of internal audit leaders lack confidence in their staffs\u2019 cyber-security expertise, and nearly half say internal audit has little or no involvement in evaluating the quality of data used in their organisation, according to a new survey.
\nFifty-two per cent of the nearly 500 respondents to The Institute of Internal Auditors (IIA) North American pulse survey said that a lack of cyber-security expertise amongst internal audit staff very much or extremely affects internal audit\u2019s ability to address cyber-security risk.
\nJust one-quarter of respondents who reported having a business continuity plan said their plan provides clear, specific procedures in response to a data breach.
\nAnd 17% said their plans provide no data breach or cyber-attack procedures at all.
\nWith regard to cyber-security, internal audit organisations primarily are focused on prevention.
\nMore than half (53%) of respondents said prevention efforts, such as hardening interior or external barriers, are the most effective method for addressing a cyber-attack.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a7f4e5172&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=6ce9d1c388)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: ** ———————————————————— ** ———————————————————— ** ———————————————————— ** ———————————————————— * Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast * France votes to extend state…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1200","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1200"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1200\/revisions"}],"predecessor-version":[{"id":3687,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1200\/revisions\/3687"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}