[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————<\/p>\n
**
\n————————————————————
\n* IRS warns: 400% flood in phishing and malware this tax year alone
\n* Director hopes \u2018Zero Days\u2019 will spark debate on cyberwarfare
\n* HSBC banks on biometrics with new voice and touch services
\n* Cybercrime And Hacking Atlas[Slide Show]
\n* No cyber attack response strategy at most Indian companies
\n* Kaspersky weighs up the true cost of a cyber attack
\n* Radware Security Survey Highlights Key Factors behind Cyber Attacks in 2015-16
\n* 32 Percent of Companies Don’t Evaluate Their Third Party Vendors
\n* W3C launches effort to replace passwords
\n* DHS releases guidelines for CISA-sanctioned cybersecurity information sharing<\/p>\n
IRS warns: 400% flood in phishing and malware this tax year alone
\nThere has been a 400% surge in phishing and malware incidents in this tax season alone, the Internal Revenue Service warned this week.
\nAccording to the IRS phony emails aimed at fooling taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies.
\n\u201cThe phishing schemes can ask taxpayers about a wide range of topics.
\nE-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.
\nVariations of these scams can be seen via text messages, and the communications are being reported in every section of the country,\u201d the IRS stated.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d2f2dffc58&e=20056c7556<\/p>\n
Director hopes \u2018Zero Days\u2019 will spark debate on cyberwarfare
\nA broad public debate about the use of cyberweapons has yet to happen, however, although every modern society is vulnerable to attacks on its critical infrastructure, says Alex Gibney, an Academy Award-winning documentary maker who spent years investigating the Stuxnet case for his new film, \u201cZero Days.\u201d
\nThe movie, which premiered Wednesday at the Berlin Film Festival, traces the origins of Stuxnet to joint U.S.-Israeli efforts to foil Iran\u2019s nuclear weapons program without resorting to airstrikes.
\nBut interviews with past and present intelligence officials in both countries soon met with a wall of silence that frustrated Gibney.
\nThe CIA declined to comment on the claims made in the film, some of which have been previously reported by the New York Times and the Jerusalem Post.
\nIt referred questions to the Office of the Director of National Intelligence, which didn\u2019t respond to a request for comment.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=23af96316a&e=20056c7556<\/p>\n
HSBC banks on biometrics with new voice and touch services
\nTo illustrate this growing trend, HSBC has announced that it is taking a step closer to biometric banking in the UK by launching voice recognition and touch security services for its internet banking customers.
\nAccording to the bank, the new services will be available to up to 15 million customers, who will no longer have to go to the trouble of remembering passwords and answers to random security questions.
\nTo make use of voice recognition \u2013 which will be supplied by Nuance Communications \u2013 customers will have to enrol their specific \u201cvoice print.\u201d When users then try to log in, this sample will be cross-checked against over 100 unique identifiers such as speed, cadence and pronunciation.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a63343e8e8&e=20056c7556<\/p>\n
Cybercrime And Hacking Atlas[Slide Show]
\nA geographic guide with cybercrime threat and target trends in 10 notable countries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ec8c60de29&e=20056c7556<\/p>\n
No cyber attack response strategy at most Indian companies
\nMUMBAI: Most top executives at Indian companies have no strategy to react to a cyberattack, cyber war games held earlier this year by consultancy EY showed.
\nEY ran a cyber attack simulation for 79 CEOs sitting in one room and they struggled to come to a consensus on whom to call first if their firm was hacked.
\nThe simulation asked top executives at a slew of companies how they would react to a message from someone saying their customer database had been hacked and put on the Internet. ..
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61f143df8d&e=20056c7556<\/p>\n
Kaspersky weighs up the true cost of a cyber attack
\nKaspersky has worked it out for those of us who have not been tainted with the hacker brush, and found that the cost is large.
\nWe could have worked that out ourselves but, hey, we aren’t a large security company.
\nThe firm delivers its findings in a True costs of a cyber attack blog post, coming straight in with the big numbers: a breach can cost anywhere between $500,000 and $1.4m in terms of downtime alone.
\nJuniper Research has already spoiled the Kaspersky party here, having released numbers concerning this kind of thing almost nine months ago.
\nJuniper said that cyber crime will cost all industry over $2tn by 2019.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=29d1f8abe5&e=20056c7556<\/p>\n
Radware Security Survey Highlights Key Factors behind Cyber Attacks in 2015-16
\nNEW DELHI, India \u2013 February 17, 2016 \u2013 Radware a global leader of application delivery and application security solutions for virtual, cloud and software defined data centers, today released their Global Application & Network Security Report 2015-16.
\nThe report outlines top-level findings of the Radware industry survey on cyber attacks in the past year and offers best practice advice to organizations in planning for cyber-attack protection in 2016.
\nThe report observes that the new generation of cyber attackers are demonstrating more patience and persistence, leveraging \u201clow and slow\u201d attack techniques that misuse application resources rather than those in network stacks.
\nIn order to avoid detection and mitigation, they are using evasive techniques, which can prove highly destructive.
\nThe key findings of the survey include:
\nMore than 90% organizations reported they had experienced cyber attacks in 2015.
\nEducation and Hosting industries moved from \u201cMedium\u201d to \u201cHigh\u201d risk, indicating that they are likely to experience more DoS\/DDoS and other cyber-attacks and at a higher frequency.
\nWhile over 60% indicated being well prepared to safeguard against unauthorized access and worm and virus damage, the same proportion of respondents indicated somewhat not prepared against advanced persistent threats (APT) and information theft.
\nThere is an increase in adoption of Hybrid Solutions that integrate cloud-based protection with on premise protection.
\nIn 2015, 41% of survey participants indicated utilizing a hybrid solution.
\nIn 2014, just 21% said the same.
\nWhile reputation loss was still the biggest business concern after a cyber-attack, the percentage citing it as such decreased significantly from 47% in 2014 to 26% in 2105.
\nMore respondents are concerned about customer loss or service availability.
\nThere\u2019s been a significant growth in ransom as motivation for attackers, which increased from 16% in 2014 to 25% in 2015.
\nDDoS attacks continue to be the biggest threat for organizations as noted by almost half of the respondents, while unauthorized access follows as a close second.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d59819ee9f&e=20056c7556<\/p>\n
32 Percent of Companies Don’t Evaluate Their Third Party Vendors
\nAccording to the results of a recent NAVEX Global survey of 321 professionals involved in third-party management, fully 32 percent of respondents don’t evaluate third parties at all before engaging with them, almost half of respondents have no dedicated budget for third party risk management, and 11 percent of respondents don’t even know how many third parties they manage.
\nSurvey respondents said their top three concerns about third parties include bribery and corruption (39 percent), fraud (23 percent), and conflicts of interest (19 percent).
\nWhen asked to identify top objectives for their third party risk management programs, 90 percent said their key aim was to “protect our organization from risk and damage,” followed by “comply with laws and regulations” (82 percent), and to “meet legal and regulatory requirements” (71 percent).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2fc76ae227&e=20056c7556<\/p>\n
W3C launches effort to replace passwords
\nThe World Wide Web Consortium (W3C) is launching a new standards effort in web authentication that aims to offer a more secure and flexible alternative to password-based logins on the Web.
\nW3C\u2019s new web authentication work, based upon the member submission of FIDO 2.0 Web APIs from the FIDO Alliance, will enable the use of strong cryptographic operations in place of password exchange.
\nThe WebCrypto API provides a Javascript API to a standard suite of cryptographic operations across browsers.
\nWork in WebAppSec includes improvements to the HTTPS experience and updates to Content Security Policy, enabling application authors to set policy for what active content is permitted to run on their sites, protecting them against injection of unwanted or malicious code.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4cad0252cd&e=20056c7556<\/p>\n
DHS releases guidelines for CISA-sanctioned cybersecurity information sharing
\nThe US Department of Homeland Security has published guidelines on how the private sector and federal entities can share cyber threat indicators (CTIs) with the US federal government.
\nAmong other things, CISA allows companies to share information (CTIs, defensive measures) about cyber attacks they suffered with government agencies, without having to worry about getting sued by users for breach of privacy.
\nThe sharing will be executed through the Department\u2019s Automated Indicator Sharing (AIS) initiative, and will result in the its National Cybersecurity and Communications Integration Center (NCCIC) receiving CTIs from the various entities, anonymizing them, and disseminating them to some or all of the above mentioned federal, non-federal and private sector entities.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f470788163&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=9b3725f1c6)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: ** ———————————————————— ** ———————————————————— ** ———————————————————— ** ———————————————————— * IRS warns: 400% flood in phishing and malware this tax year alone * Director hopes \u2018Zero Days\u2019 will spark…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1201","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1201"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1201\/revisions"}],"predecessor-version":[{"id":3688,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1201\/revisions\/3688"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1201"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1201"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}