[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* SamSam: The Doctor Will See You, After He Pays The Ransom
\n* Present These 10 Key Application Security Risk Management Findings to Your Executive Team
\n* Second-Hand Devices Are the Next Privacy Frontier
\n* How To Share Threat Intelligence Through CISA: 10 Things To Know
\n* Network security operations becoming more difficult
\n* Cyber Insurance: Make Sure You Understand Your Coverage
\n* HITRUST Head Addresses Health Data Security, Cyber Insurance
\n* Benchmarking Trends: Operational Risks Drive Cyber Insurance Purchases<\/p>\n
SamSam: The Doctor Will See You, After He Pays The Ransom
\nIn their annual report that identifies statistically significant data on global bot traffic, Distil Networks identified an influx of Advanced Persistent Bots (APBs).
\nThese can mimic human behavior, load JavaScript and external assets, tamper with cookies, perform browser automation, and spoof IP addresses and user agents.
\n\u201cThe persistency aspect is that they evade detection with tactics like dynamic IP rotation from huge pools of IP addresses, using Tor networks and peer to peer proxies to obfuscate their origins, and distributing attacks over hundreds of thousands of IP addresses,\u201d said Rami Essaid, CEO of Distil Networks.
\nMedium-sized websites (10,001 to 50,000 Alexa ranking) are at a greater risk, as bad bot traffic made up 26 percent of all web traffic for this group.
\nFor the first time since 2013, humans outnumbered bots for website traffic. 46 percent of all web traffic originates from bots, with over 18 percent from bad bots.
\nReal estate websites saw a 300 percent increase in bad bot activity, with large real estate sites experiencing the most pain
\nAs an industry, digital publishers were hit hardest by bad bots, which make up over 31 percent of all their traffic
\nMaldives, Israel and Kyrgyzstan had the highest Bad Bot GDP (number of bad bots per online user) at 526, 168, and 94 respectively
\nChina, Norway, Germany, and the Netherlands are the most blocked countries for web traffic
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c45094a93e&e=20056c7556<\/p>\n
Present These 10 Key Application Security Risk Management Findings to Your Executive Team
\nWhile there\u2019s much to be learned from the paper, here are 10 critical findings from the IBM-sponsored Ponemon Institute study \u201cState of Application Security Risk Management Report\u201d that you can leverage in C-level discussions.
\nWe present these findings, as well as some recommendations, below.
\n1) Security Professionals View the Application Layer as Extremely Vulnerable
\n2) Application Security Risk Is Growing
\n3) Executives Underestimate Application Security Risk
\n4) A Vast Majority of Organizations Don\u2019t Know Which Applications and Databases Are Active
\n5) Most Businesses Don\u2019t Conduct Application Security Testing Throughout the Development Life Cycle
\n6) More Than One-Third of Businesses Don\u2019t Perform Application Security Testing
\n7) Organizations\u2019 Risk Management Initiatives Are More Operational Than Strategic
\n8) Organizations Don\u2019t Allocate Sufficient Resources to Address Application Security Risk
\n9) Most Organizations Rate Their Ability to Curtail Security Exploits in Software Applications as Below Average
\n10) Application Security Funding\u2019s Expected to Grow
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c1e14f4789&e=20056c7556<\/p>\n
Second-Hand Devices Are the Next Privacy Frontier
\nThe second-hand mobile market is huge.
\nIn fact, Gartner estimates it will be worth approximately $14 billion by 2017.
\nAnd, it makes sense\u2014new and improved device models are launched all the time and users have a desire to get the latest shiny thing.
\nBecause of how expensive smartphones have become, most users are inclined to resell their old phones to recoup at least some of their original spend.
\nI can tell you that this issue hasn\u2019t been addressed nearly as seriously as it should have been.
\nRecently, Blancco Technology Group conducted a data recovery study, where we purchased over 122 used hard drives and mobile devices from Amazon, eBay and Gazelle and analyzed them to determine the presence of residual data and what types of deletion methods may have been used.
\nWhat we found was both frightening and unfortunate.
\nNot only did 48 percent of the used drives have residual data on them, but we were also able to recover thousands of leftover emails, call logs, texts\/SMS\/IMs, photos and videos from 35 percent of the used mobile devices.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=855b735de1&e=20056c7556<\/p>\n
How To Share Threat Intelligence Through CISA: 10 Things To Know
\nIf you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS’s new guidelines.
\nHere’s what you need to know.
\n1) You need to remove individuals’ personal data before sharing it.
\n2) The personal data you need to remove may be more extensive than you think.
\n3) Be particularly careful of Europeans’ personal data.
\n4) If you want liability protection, share with DHS or ISACs and not other federal agencies.
\n5) DHS scrubs it of personal information too, but…
\n6) Joining AIS and building a TAXII client makes all this easier.
\n7) There are other ways to share indicators with, too.
\n8) There are rules government agencies must follow, and punishments if they don’t.
\n9) There are still privacy concerns.
\n10) The liability protections themselves aren’t entirely clear.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0c953a0020&e=20056c7556<\/p>\n
Network security operations becoming more difficult
\n\u201cWe\u2019re witnessing a new network model evolving: the heterogeneous, multi-dimensional cloud infrastructure, in which enterprises have a little bit of everything \u2013 AWS, Microsoft Azure, Google, IBM SoftLayer, VMware, and Cisco.
\nAs this model evolves, organizations are struggling to implement policies that help them manage all of these fragments and meet security, compliance and risk mandates,\u201d said Jon Oltsik, principal analyst with ESG.
\nSurvey respondents cited the addition of more devices to the network (55%), increases in the number of networking and security technologies in use (52%), and the deployment of numerous new applications (50%) as the primary drivers of this increased security operations difficulty.
\nThe survey also found that 69% of respondents currently operating a private cloud, using public cloud services, or both say they are still learning how to apply security policies to hybrid cloud infrastructure.
\nThe survey found that 79% of organizations are committed to SDN as a long-term strategy and are already implementing various technologies or conducting proofs of concept.
\nThe survey also found that 91% of organizations are actively using cloud-based infrastructure-as-a-service (IaaS) and\/or platform-as-a-service (PaaS) as part of their IT strategy, and that 61% of organizations currently use multiple public cloud services.
\nSixty-one percent (61%) also say it\u2019s difficult to get the same level of visibility into cloud-based workloads as they have in their physical network, and 56% say it\u2019s difficult to audit network security controls in the cloud.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e2d0c412aa&e=20056c7556<\/p>\n
Cyber Insurance: Make Sure You Understand Your Coverage
\nToday, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.
\nIn terms of what might be covered in a cyber insurance policy, there are basically two types of coverage \u2013 \u201cfirst party\u201d coverage and \u201cthird-party\u201d coverage.
\nFirst party coverage covers the types of losses that your company might suffer directly in the event of a data incident.
\nThat may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, credit monitoring, data restoration, business interruption, lost intellectual property, theft and extortion, or damage to reputation.
\nThird party coverage refers to coverage for claims that may be made by third parties against your company arising out of a data incident, such as data breach lawsuits, for example.
\nBut key questions remain.
\nAre cyber risks covered by more general policies that are not cyber-specific.
\nIf not, what should cyber insurance look like.
\nLooking at some recent cases involving the still nascent cyber insurance market is revealing.
\nMany companies think their GCL or E&O policies cover certain cyber risks, when in reality those risks may be specifically excluded.
\nAnd many companies that have already purchased cyber insurance wrongly think it covers all first party costs in the event of an incident \u2013 like investigation, notification and credit monitoring \u2013 when it actually only covers third party claims.
\nThe fact is that, of the nearly 5,000 publicly-known data breaches over the past dozen or so years, less than 5% have resulted in litigation.
\nIf your cyber coverage only kicks in when a third party makes a claim, then practically speaking you may not have any coverage at all.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d088ccb878&e=20056c7556<\/p>\n
HITRUST Head Addresses Health Data Security, Cyber Insurance
\nHITRUST CEO speaks to Congress about the role of cyber insurance in the healthcare industry and HITRUST\u2019s new underwriting process for managing the risk of health data security breaches.
\n\u201cAs a result of increased targeting by threat actors and recent incidents, underwriters have determined the risks were greater than they had anticipated given the methods leveraged to evaluate risk and, subsequently, healthcare organizations\u2019 cyber insurance premiums have increased dramatically,\u201d Nutkis said in his testimony.
\nHITRUST collaborated with Willis Towers Watson to develop an underwriting program for healthcare providers that have HITRUST CSF or CSR Assurance Program.
\n\u201cThe benefits of the HITRUST RMF-based underwriting model for cyber insurance in the healthcare industry allows organizations to maximize the benefits of demonstrating an enhanced information security posture,\u201d Nutkis stated.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=9eac36cfa2&e=20056c7556<\/p>\n
Benchmarking Trends: Operational Risks Drive Cyber Insurance Purchases
\nStandalone cyber insurance purchases among US-based Marsh clients increased 27% from 2014 to 2015, driven mainly by an increasing awareness and appreciation of cyber risk, from the boardroom to the data center.
\nAmong the key findings from the report:
\nThe manufacturing industry saw the biggest uptick in new cyber purchases in 2015, a 63% increase over 2014.
\nThe amount of limits purchased was up 15% on average in 2015 to $16.9 million for clients of all sizes.
\nOverall capacity in the cyber market remains abundant with more than $500 million in limits available for a given risk.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c77eb4b3e7&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e99c97f64e)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * SamSam: The Doctor Will See You, After He Pays The Ransom * Present These 10 Key Application Security Risk Management Findings to Your Executive Team * Second-Hand Devices Are the Next…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1211","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1211"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1211\/revisions"}],"predecessor-version":[{"id":3698,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1211\/revisions\/3698"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}