[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* U.S. manufacturers spend more on regulations than security: Philly Fed
\n* Global Physical Security Market to Reach $110B by 2020, Forecast Predicts
\n* Is Cloud Security An Exaggerated Concern?
\n* Free Wi-Fi hotspots are a major security threat for businesses
\n* Access Management Increases Security, Cuts Costs
\n* Motor Mouth: Ransomware is the future of car theft
\n* Post-intrusion report shows cyber attackers are getting quieter once inside the network
\n* Could the Bitcoin blockchain one day run your entire city?
\n* The future of ICS security depends on OT-centric security solutions<\/p>\n
U.S. manufacturers spend more on regulations than security: Philly Fed
\nU.S.
\nMid-Atlantic manufacturers on average have devoted more money to complying with regulations than to security on either their data and networks, or equipment and workers, a Philadelphia Federal Reserve survey released on Thursday showed.
\nThese regional manufacturers when asked about their current capital expenditure said 5.8 percent goes to general state and federal regulatory compliance.
\nThis is greater than the 4.7 percent on data and network security, and 2.8 percent on security on physical plants, employees and transportation.
\nOver the past few years, 73.9 percent of those companies surveyed said they have raised their spending to meet regulatory requirements in various areas including environmental and worker conditions.
\nNo firms said they have cut expenditure in this area.
\nIn comparison, 60 percent of firms said they have increased spending in data and network security, while 4.6 percent have scaled back.
\nJust over 31 percent of the regional manufacturers said they have ratcheted up spending on physical security, while 3.1 percent said they have reduced expenditure.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d2518b100c&e=20056c7556<\/p>\n
Global Physical Security Market to Reach $110B by 2020, Forecast Predicts
\nTransportation \u2014 the largest application segment back in 2013 \u2014 is expected to remain the dominant segment by 2020, accounting for 20.1% of the overall industry.
\nThe physical security market is witnessing technological innovation from analog to incorporated IP networked systems.
\nThese technological shifts include disseminated public address environment integrated with smart devices, ubiquitous sensors, video displays, video analytics and power access systems.
\nRising security concerns from hardware, personnel, network and information infrastructure will also positively impact the market demand shortly, according to Grand View.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d8447c0cdc&e=20056c7556<\/p>\n
Is Cloud Security An Exaggerated Concern?
\nThe results are in: We have made zero progress since 2010.
\nThis was the year that IDC published results of a survey regarding cloud computing, and it found that security was the biggest barrier toward adoption.
\nThis statistic has found its way onto pretty much every presentation about cloud computing since 2010.
\nWork within the Cloud Security Alliance (with whom we collaborated on this research) has begun to develop the necessary tools to provide the transparency so desperately needed.
\nFor example, STAR is a registry that documents the security controls deployed by providers.
\nBut perhaps the most encouraging tool is STAR Continuous Monitoring, which provides transparency of the security posture of a provider even after the auditor has left the building.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1872e49065&e=20056c7556<\/p>\n
Free Wi-Fi hotspots are a major security threat for businesses
\nThe recently released iPass Mobile Security Report says that 62 per cent of organizations are banning their mobile workers from using free Wi-Fi hotspots, with another 20 percent planning on doing the same in the future.
\nFor 94 percent of surveyed companies, free and open Wi-Fi hotspots are a “significant mobile security threat”.
\nOut of the 500 companies from the US, UK, Germany and France that participated in the survey, 37 percent said free Wi-Fi hotspots were the biggest security threat, followed by employee lack of security attention (36 percent), and the devices in use (27 percent).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=92ef3f63b2&e=20056c7556<\/p>\n
Access Management Increases Security, Cuts Costs
\nThough IAM solutions are an investment at first, over time they actually save the organization a substantial amount of money.
\nThis is mainly because there no longer needs to be one or more full-time employees handling account management, and these employees can be utilized elsewhere in the organization.
\nIAM solutions automate the complete end user lifecycle, requiring little to no manual tasks be performed.
\nFor example, in education, at the beginning of each semester, several employees need to dedicate days of their time just to add new students and employees and move graduates to alumni status.
\nAnother way IAM solutions can save money is through licensing costs.
\nOrganizations tend to not review how many licenses they are paying for and how many are actually being used.
\nThis has also been a major issue with employees who leave the organization.
\nOften, an ex-employee will still have access to an application that the company is unknowingly paying for.
\nMany IAM solutions provide an overview of access rights, allowing managers to see exactly who has access to what systems and applications to ensure they are paying for the correct number of licenses.
\nIf there are any errors in access rights, an automated account management solution allows them to easily be corrected.
\nSo, while IT spending may be cut back, investments in IAM solutions continue to grow because of security issues, flexibility and an overall cost savings.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bea80ef383&e=20056c7556<\/p>\n
Motor Mouth: Ransomware is the future of car theft
\nImagine you car has been stolen.
\nIt\u2019s brand new, you\u2019ve barely made your third payment and it\u2019s your first luxury car, a Mercedes or BMW with all the bells and whistles.
\nYou held onto the old Taurus until the fenders almost rusted off, got pre-approved credit at the bank and cross-shopped online so assiduously that you could probably start writing for Driving.ca.
\nHere\u2019s how it works: \u201cBlack hat\u201d hackers \u2014 that\u2019s the bad kind \u2014 install a worm that disables people\u2019s most precious files.
\nThen they let them stew helplessly for a couple of hours, so that, when they finally send a malicious little email demanding money in return for control of the hard drive, the ransom demand is almost welcomed.
\nThe average amount extorted, according to experts, is about $500.
\nBut when you consider Forbes magazine estimates that just one \u201cexploit\u201d \u2014 Locky, which scrambles and renames all your important files \u2014 tries to extort as many as 90,000 victims around the world each and every day, you get an idea of how widespread ransomware already is.
\nNow, throw in the ubiquity of bitcoin \u2014 its untraceable nature is blamed for encouraging ransomware exploits around the globe \u2014 and then target industries with products notoriously lax in cyber-security.
\nLike, say, cars.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8222fe0653&e=20056c7556<\/p>\n
Post-intrusion report shows cyber attackers are getting quieter once inside the network
\nVectra Networks has published the results of its latest Post-Intrusion Report, a real-world study about threats that evade perimeter defences \/ defences and what attackers do once they get inside the network.
\nIn the current report, all organizations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration.
\nOf the 120 participating organizations, 117 detected at least one of these activities during each month of the study.
\nResearchers found that not only are command-and-control (C&C) attacks increasing, accounting for 67 percent of detections, but the use of HTTP and HTTPS C&C for hidden tunnels also made a significant jump this year.
\nTogether, HTTP and HTTPS tunnels accounted for 7.6 percent of all C&C detections, making them the third most-common C&C technique overall.
\nThis trend was consistent when normalising for the number of hosts monitored.
\nHidden C&C tunnels were observed 4.9 times per 1,000 hosts, which is up from 2.1 times per 1,000 hosts seen in the previous report.
\nLateral movement, which enables attackers to spread from east to west to gather information, dropped significantly from 34 percent of total detections in 2015 to roughly 8.6 percent of total detections this year.
\nHowever, once inside the network, attackers appear to be getting quieter.
\nOf these lateral movement detections, brute force attacks \u2013 the most popular technique last year \u2013 are down significantly, while Kerberos client and automated replication activities increased over last year, tying at 36.3 percent of lateral movement detections.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=941c57a976&e=20056c7556<\/p>\n
Could the Bitcoin blockchain one day run your entire city?
\nThe idea is that by using a cryptographically secured and totally decentralized authority that can work at the speed of a computer, we should be able to keep power distribution, water treatment, self-driving transportation, and much more from ballooning beyond all practical limits as cities continue to grow.
\nWith a robust public blockchain in place, cities could provide payment options for every business \u2014 why use your old plastic card, losing a fraction of the payment to an intermediary like a bank or credit card company and driving up the price, when you can transfer money quickly and securely, directly to a business owner?
\nThere are basically three reasons to turn to the blockchain for a smart city: You\u2019re an insurgent power in search of distinguishing features and the capacity to somehow continue your current, enormous rate of growth indefinitely (China); you\u2019re a holiday destination with an economic incentive to stay ostentatiously futuristic (Dubai, in the UAE); you\u2019re becoming so unwieldy that the concept of continuing to organize via old-world systems is just absurd (Los Angeles, maybe?).
\nHow will cities \u2014 both existing ones growing to all new sizes and new ones springing up in developing nations \u2014 manage their ballooning organizational problems and stay competitive in the global market.
\nThe answer might just be the blockchain.
\nAnd if not, the answer might be nothing at all.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c88ea86e33&e=20056c7556<\/p>\n
The future of ICS security depends on OT-centric security solutions
\nNew cybersecurity operational technologies are emerging to protect industrial control systems (ICS) against impending IT threats and attacks.
\nABI Research indicates that demand will focus on network level security in the short term but eventually shift to place the significance on embedded security and lifecycle management.
\nAs the market adapts, ICS vendors are at risk.
\nThey will need to redesign next-generation control systems with digital security in mind.
\nCybersecurity vendors need to create new product solutions for OT settings, as existing IT-based cybersecurity is not easily configurable.
\nThe age-old technique for protecting industrial networks from attacks, namely separating them from the rest of the world using an \u2018Air Gap\u2019 is no longer a functionally or operationally feasible option in today\u2019s connected world.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2ed99bfded&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f5fe89aa42)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * U.S. manufacturers spend more on regulations than security: Philly Fed * Global Physical Security Market to Reach $110B by 2020, Forecast Predicts * Is Cloud Security An Exaggerated Concern? * Free…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1222","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1222"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1222\/revisions"}],"predecessor-version":[{"id":3709,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1222\/revisions\/3709"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}