[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* Mapped: Terror threat around the world
\n* Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware
\n* Ninety-seven per cent of IT professionals think standard antivirus software will stop zero-day attacks
\n* Cybercrime: Banks ‘Rewarding’ Bad Behaviour
\n* Banking malware slowed in 2015 \u2013 but don’t get too comfortable, Symantec warns
\n* Over 90 percent of CISOs expect to be hit by cyber attack in 2016
\n* INSIGHT: Are you liable for a cybersecurity attack?
\n* Global security threat told
\n* Emergency Java update fixes two-year-old flaw after researchers bypass old patch
\n* Australian industry lashes out at data breach notification scheme
\n* 5 key questions to determine your security posture
\n* Only 42% of cybersecurity professionals use shared threat intelligence
\n* Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks<\/p>\n
Mapped: Terror threat around the world
\nThe map explained: Those countries in dark red have a “high” threat from terror, those in red a “general” threat, those in orange an “underlying” threat and those in yellow a “low” threat.
\nThe country had the highest terror threat level long before the deadly bomb attacks on a metro station and airport in Brussels, its capital.
\nThe Foreign Office website states: “There is a high threat from terrorism.
\nAttacks could be indiscriminate, including on public transport and transport hubs and in other places visited by foreigners.
\nBrussels hosts a number of international institutions (EU and NATO) and government and foreign embassy buildings which are sensitive locations.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5a0ccbc4b9&e=20056c7556<\/p>\n
Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware
\nMicrosoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware.
\nNow, Microsoft is announcing a new feature in its Office 2016 suite that will allow corporate network administrators to block the execution of macros that retrieve content from untrusted sources, which in most network configurations is “the Internet.”
\n“This feature can be controlled via Group Policy and configured per application,” Microsoft explains. “It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint documents that come from the Internet.”
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=49fa2fae6c&e=20056c7556<\/p>\n
Ninety-seven per cent of IT professionals think standard antivirus software will stop zero-day attacks
\nThe research was presented during today’s web seminar, entitled “Anti-virus software has had its day – how can you protect against advanced threats?”
\nIt was also revealed that while 57 per cent have rolled out additional advanced threat detection and sandboxing solutions, as well as 32 per cent using application whitelisting techniques, only 15 per cent of respondents use truly advanced tactics, such as email filtering, network heuristics or read-only virtualisation.
\nPannelist Bridget Kenyon (pictured), head of information security at University College London, expressed dismay at the results, stating:
\nWhile Kenyon acknowledged that “within a few hours the signature is in [antivirus] systems,” the fact that updating databases relies on systems being compromised in order to collect data makes standard antivirus software, in her mind, not fit for task.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2df96de78a&e=20056c7556<\/p>\n
Cybercrime: Banks ‘Rewarding’ Bad Behaviour
\nThe Metropolitan Police commissioner says customers should be given incentives to tighten their passwords and update anti-virus software instead.
\nHe said banks could make people more security conscious by refusing to reimburse people who had failed to protect themselves.
\nGCHQ says that 80% of cybercrime – which costs \u00a31bn a year – could be prevented by more complex passwords and updated security software.
\nPolice are set to include cybercrime estimates in their official crime statistics for the first time in July and Sir Bernard said this change could see crime figures double.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4967553c2f&e=20056c7556<\/p>\n
Banking malware slowed in 2015 \u2013 but don’t get too comfortable, Symantec warns
\nAustralia is amongst the world’s top ten countries affected by banking malware, according to a Symantec analysis that found that one Australian bank was targeted by nearly 55 percent of all banking trojans analysed during 2015.
\nThe company’s Financial Threats 2015 report analysed some 656 financially-targeted Trojans, which collectively sought to harvest access codes and other details from 547 banking institutions in 49 countries.
\nMalware authors’ increasing interest in Australian banks was correlated with a strong showing in the leaderboard for the countries with the most computers compromised by banking Trojans last year.
\nMore than 20,000 Australian systems suffered attacks from such malware, ranking slightly behind France and just ahead of Russia in terms of absolute numbers of banking-related compromises.
\nMobile attacks, in particular, had emerged as a favoured new attack vector by cybercriminals, with Kaspersky Labs recently noting that two mobile banking Trojans \u2013 Faketoken and Marcher \u2013 cracked the top-10 banking Trojans list.
\nIn 2015, Kaspersky Labs noted, its tools blocked more than 1.9m attempts to launch malware capable of stealing money via online banking \u2013 up 2.8 percent on the previous year.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b3c5b68f2b&e=20056c7556<\/p>\n
Over 90 percent of CISOs expect to be hit by cyber attack in 2016
\nThis was a key, and rather worrying, finding from a survey by consultancy firm CEB of 160 FTSE-level organisations entitled IT Budget Benchmark 2016.
\nFurthermore, despite so many CISOs being aware of this threat almost three-quarters said they didn’t think they had adequate security in place to deal with the threat.
\nAnd many are throwing money at the problem in response, with CEB finding that security spend will account for 6.2 per cent of all IT budget spend this year.
\nAdditionally many firms are looking to big data to help by being better able to spot threats before it’s too late.
\nHowever, CEB advised that \u2018cyber hygiene\u2019 is a better approach to tackling this threat, by educating staff to the types of cyber risks the organisation faces and making it clear good security is everyone\u2019s responsibility.
\nAnother area of increased spending is the cloud, where 92 per cent of firms expect to spend over five per cent of their IT budget on cloud services.
\nThis is a notable increase on the 62 per cent that spent over five percent of their budget on cloud in 2011.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=edeaf2d032&e=20056c7556<\/p>\n
INSIGHT: Are you liable for a cybersecurity attack?
\nBy far the most misunderstood insurance coverage is cyberliability.
\nJust the name alone sounds futuristic and \u201ctechie.\u201d Within the industry it\u2019s also referred to as cybertheft, data security and data breach coverage.
\nIn this article, I will give you a simple explanation of what it is, why your business might need it and how to start assessing your exposure.
\nWhat is it.
\nAs a business you have a duty of care for how you use and store personally identifiable information and personal health information.
\nIf this information is compromised in any way \u2013 whether accidentally released by your company or stolen from your computer, your business is responsible for the outcome to the information owners: your employees, customers, vendors, et cetera.
\nSome examples of this information would include name, Social Security number, date of birth, place of birth and maiden name.
\nObviously, credit card numbers and financial data also are critical information.
\nWhy is it important.
\nYou use the information to conduct business and, as a result, misuse is legally your responsibility.
\nThink of its treatment as you would a physical piece of property.
\nIf you take your car to get an oil change and it\u2019s damaged in the process, the duty to correct the damage is on the business that allowed the damage to happen.
\nThe same concept applies to an employee, customer or vendor\u2019s information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dc2e3ed678&e=20056c7556<\/p>\n
Global security threat told
\nWelcome to the White House.
\nNow read our take on global political landscape and trends for the next five years and beyond.
\nBottom line: Get ready for a rocky road.
\nTheir forecast calls for a slowing global economy dragged down by sluggish growth in China, and political volatility across the world, spurred by disillusionment with the status quo.
\nInsecurity will deepen rifts among social classes and religious groups.
\nExtremists will consolidate into large-scale networks across Africa, the Arab world and parts of Asia.
\nCompetition among the U.S, China and Russia will heat up, raising the risk of confrontations.
\nClimate change is a problem now.
\nAnd technological advances will force governments and their citizens to wrestle with securing data, privacy, intellectual property and jobs lost to high-tech innovations.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ad44479f57&e=20056c7556<\/p>\n
Emergency Java update fixes two-year-old flaw after researchers bypass old patch
\nOracle has released an emergency Java security update to fix a critical vulnerability that could allow attackers to compromise computers when they visit specially crafted websites.
\nThe company has assigned CVE-2016-0636 as the identifier for the vulnerability, which suggests that it is a new flaw discovered this year, but that’s not really the case.
\nPolish security firm Security Explorations confirmed via email that the new Java update actually fixes a broken patch for a vulnerability that the company originally reported to Oracle in 2013.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=df64ddfaf1&e=20056c7556<\/p>\n
Australian industry lashes out at data breach notification scheme
\nAustralian businesses say they are not sold on the government’s proposed mandatory data breach notification scheme, with some even going so far as to call for it to be abandoned.
\nHowever, Australia’s biggest industry groups are calling for changes to be made to avoid “notification fatigue” and to make their obligations clearer.
\nThe Australian Industry Group – which represents 60,000 business across a range of sectors – said it couldn’t understand why such a scheme was required at all.
\nThe Australian Retail Credit Association (ARCA) similarly argued the bill needed to be heavily edited if it was to progress any further.
\nAccording to PayPal, the legislation’s current scope of “harm” – which includes physical, psychological, economic and reputational – is “overly broad” and requires entities to assess characteristics of individuals without the requisite expertise to do so.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f1cb6c3e15&e=20056c7556<\/p>\n
5 key questions to determine your security posture
\nThese topics serve as a great starting point for important discussions surrounding an organization\u2019s security practice, with common security questions including:
\n1. What is your biggest security concern and is your security spend and expertise properly allocated to address that risk?
\n2. Do you have a clear picture of your overall security posture and of how it relates to industry best practices?
\n3. Do you currently conduct security assessments, such as penetration tests on a bi-annual basis?
\n4. How realistic is your plan to address the security gaps that you might have today?
\n5. Do you have an established process to address computer security breaches?
\n6. How confident are you of your ability to demonstrate compliance?
\n7. Given the skills gap that exists in security, do you view the ability to recruit and retain talent and expertise as a top priority?
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=668adc0720&e=20056c7556<\/p>\n
Only 42% of cybersecurity professionals use shared threat intelligence
\nIntel Security released McAfee Labs Threats Report on cyber threat intelligence.
\nMore than half, 59 percent, of survey respondents find such sharing to be \u201cvery valuable\u201d to their organizations, while 38 percent find sharing to be \u201csomewhat valuable.\u201d
\nA near unanimous 91 percent of respondents voice interest in industry-specific cyber threat intelligence, with 54 percent responding \u201cvery interested\u201d and 37 percent responding \u201csomewhat interested.\u201d
\nWhen asked why they have not implemented shared CTI in their enterprises, 54 percent of respondentssaid corporate policy as the reason.
\nIt was followed by industry regulations with the percentage of respondents at 24.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d6333b65ff&e=20056c7556<\/p>\n
Prepare to patch a critical flaw in Windows and Samba file sharing in 3 weeks
\nThe vulnerability was discovered by Stefan Metzmacher, a core developer of the Samba software, which is a popular open-source implementation of the SMB\/CIFS (Server Message Block\/Common Internet File System) networking protocol.
\nThe company, which offers Samba consulting, support and development services, has even set up an website at badlock.org where more details will be released about the flaw on the disclosure date, which coincides with Microsoft’s Patch Tuesday — the day when Microsoft releases its monthly security updates.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=41cbf2f70a&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=ebfc90070e)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * Mapped: Terror threat around the world * Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware * Ninety-seven per cent of IT professionals think standard antivirus software will…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1210","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1210"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1210\/revisions"}],"predecessor-version":[{"id":3697,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1210\/revisions\/3697"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}