People have been asking how many different mailing newsletter I produce. Here’s a link to page that lists the IT Security Lists I produce, with subscribe links: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a9bc271bc&e=20056c7556
\nSubscribe to any you are interested in.
\nRegards
\nPaul<\/p>\n
* SAP security breaches are on the rise, so what’s being done about it?
\n* Your HR policies should help, not hinder, data breach response
\n* So You Want to Be a Security Researcher?
\n* IBM promotes bitcoin tech for banks
\n* Threat Intelligence: The hot topic that makes people hesitant
\n* Cybercriminals motives more diverse
\n* A Proactive Approach To Incident Response: 7 Benefits<\/p>\n
SAP security breaches are on the rise, so what’s being done about it?
\nSAP platforms are likely to contain malware: 75% of respondents say it is very likely (33%) or likely (42%) SAP platforms have one or more malware infections.
\nBreaches can’t be detected immediately: There is little confidence a breach involving the SAP platform would be detected immediately or within one week.
\nNo one is taking responsibility for SAP security: Respondents believe it is the responsibility of SAP, not their company, to ensure the security of its applications and platform, according to 54% of respondents.
\nNo one is accountable if a data breach involving a SAP system: 30% respondents say no one is most accountable
\nIoT and other new technologies are having a major impact: 59% of respondents believe new technologies and trends such as cloud, mobile, big data and the Internet of Things increases the attack surface of their SAP applications.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8b22e53643&e=20056c7556<\/p>\n
Your HR policies should help, not hinder, data breach response
\nSAP platforms are likely to contain malware: 75% of respondents say it is very likely (33%) or likely (42%) SAP platforms have one or more malware infections.
\nBreaches can’t be detected immediately: There is little confidence a breach involving the SAP platform would be detected immediately or within one week.
\nI
\nNo one is taking responsibility for SAP security: Respondents believe it is the responsibility of SAP, not their company, to ensure the security of its applications and platform, according to 54% of respondents.
\nNo one is accountable if a data breach involving a SAP system: 30% respondents say no one is most accountable
\nIoT and other new technologies are having a major impact: 59% of respondents believe new technologies and trends such as cloud, mobile, big data and the Internet of Things increases the attack surface of their SAP applications.
\nHR policies should impose a duty on employees to promptly report any circumstances that may give rise to a data breach, such as the loss or theft of devices containing protected information, and to cooperate in any ensuing investigation.
\nIn response to a data security incident, your company will need the ability to access and forensically investigate its own computer systems and devices, including information created and stored by employees.
\nIn some incident scenarios, particularly for companies with a Bring Your Own Device (BYOD) policy or practice, incident response may require investigation of smartphones and other data storage devices owned by employees.
\nIf a mobile device containing protected information (whether or not encrypted) has gone missing or has been stolen, it is invaluable for the company to have the ability to geolocate the device, to remotely lock or \u201ckill\u201d the device, or otherwise make its data inaccessible.
\nIn other incidents, a physical search of company premises may be needed, such as to account for missing data storage devices, or in a rogue employee scenario.
\nCompanies must be cognizant of how these provisions interact with other policies in their employee handbook, and with workplace laws.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7197f4f3cd&e=20056c7556<\/p>\n
So You Want to Be a Security Researcher?
\nSecurity research includes a wide spectrum of tasks, says James Treinen, vice president of security research at ProtectWise, developer of a cloud-based platform that uses a virtual camera to record everything on an organization\u2019s network, letting security personnel see threats in real- time.
\nSecurity researchers take apart malware to see what vulnerabilities the malicious software is exploiting and glean intelligence out of the malware \u2013 how it communicates and how it is structured.
\nThey use that information to track adversaries and groups by the attack methods they have deployed.
\nAmong other things, they then build behavior profiles so security analysts and incident responders can find future instances of the malicious software.
\nAutomated tools let security analysts drill down to the malware\u2019s bits and assemble code to determine how it executed an attack.
\nThis is a different end of the security research spectrum.
\nOther security researchers\u2019 tasks might include building and hardening operating systems and networks, Treinen says.
\nA person looking to move into security research has to be immersed in technology with a desire to understand the workings of malware, encryption, and network forensics and web applications because they are all intertwined.
\nPlus, as a security researcher, you are not going do the same thing each day.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=03a8b3bda1&e=20056c7556<\/p>\n
IBM promotes bitcoin tech for banks
\nMUMBAI: Tech giant IBM is seeing several uses for Blockchain – the technology behind Bitcoin cryptocurrency – in the financial sector.
\nBesides identifying it as a cost-efficient method of conducting transactions, IBM sees this as an alternative to one-time passwords in the long run.
\n“We are committed to Blockchain technology.
\nReleasing the code and making it available on the Linux platform is a start for us.
\nOnce developers take it on, then you will have use cases identified.
\nOnce the ecosystem is in place, then we expect that some of the players involved with clearing transactions will be the first to take it on,” said Vaibhav Khandelwal, Trusteer leader, IBM.
\nTrusteer is a security software firm founded in Israel and acquired by IBM in 2013.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=062d6d078f&e=20056c7556<\/p>\n
Threat Intelligence: The hot topic that makes people hesitant
\nSAN FRANCISCO \u2013 All this week, Salted Hash will be walking the halls of the RSA Conference in California.
\nThe running theme this week is threat intelligence; what it is and what it isn’t, the vendors who produce it, and the people who use it.
\nFor two weeks, Salted Hash attempted to locate security practitioners in various market segments to talk about threat intelligence, incident response, and how the two areas overlap.
\nIt wasn’t easy.
\nFirst, while most were willing to share their experiences, they wouldn’t or couldn’t share proof of those experiences, such as redacted screenshots of the product, or anything that would confirm they were a customer of a given vendor.
\nSecond, there was another segment of people willing to talk, but only in a general sense, because the threat intelligence vendor was holding non-disclosure agreements over their heads.
\nFireEye was one of the vendors where customers stated they couldn’t speak due to a non-disclosure agreement.
\nAs it turns out, FireEye customers are in fact free to talk about their experiences, they just can’t share content.
\nMaybe the entire notion of a vendor forcing non-disclosure agreements needs to be examined.
\nIs it useful.
\nSure, keeping the sauce a secret has advantages, but how far is too far?
\nThe issue with false positives, too many alerts, and a lack of clear context will come up several times this week.
\nIt’s one of the largest sources of pain for practitioners working with threat intelligence feeds and platforms.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b9d731adb7&e=20056c7556<\/p>\n
Cybercriminals motives more diverse
\nThis is one of the key findings from the sixth annual Mandiant M-Trends report (registration required for a free report), which was compiled from advanced threat investigations conducted by Mandiant consultants in 2015.
\nKevin Mandia, SVP, and president at FireEye said disruptive attacks had increased last year and were designed to cause either public or financial harm and were typically carried out by financially motivated attackers or hacktivist groups with political or social agendas.
\nThe report also found that organisations are discovering breaches sooner.
\nIn 2015, the median number of days\u2019 attackers were present on a victim\u2019s network before being discovered dropped to 146 days from 205 days in 2014; while this number is getting better, it\u2019s clear there is still room for improvement.
\nWhereas in years gone by attackers tended to stay silent in networks for as long as possible, the report found the rise of extortion and more disruptive attacks means an organisation may discover it has been breached by the culprit themselves.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=59512c7735&e=20056c7556<\/p>\n
A Proactive Approach To Incident Response: 7 Benefits
\nHere are six examples of how digital forensic readiness can enhance an organization\u2019s proactive approach to incident response.
\nBenefit 1: Lower Investigative Costs
\nBenefit 2: Targeted Security Monitoring
\nBenefit 3: Crime Deterrence
\nBenefit 4: Investor Confidence
\nBenefit 5: Enhanced eDiscovery
\nBenefit 6: Fast Disclosure & Penalty Avoidance
\nBenefit 7: You\u2019re Probably Already Doing It
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=71f8c707f3&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=02af41a0b8)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
People have been asking how many different mailing newsletter I produce. Here’s a link to page that lists the IT Security Lists I produce, with subscribe links: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4a9bc271bc&e=20056c7556 Subscribe to any you are interested in. Regards Paul * SAP security breaches are on the rise, so what’s being done about…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1203","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1203"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1203\/revisions"}],"predecessor-version":[{"id":3690,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1203\/revisions\/3690"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}