[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
Sorry for random delivery times, on PTO\/vacation<\/p>\n
* 2016: The year of application layer security in public clouds
\n* Dangerous open-source bugs lurk inside most commercial apps
\n* The critical first hours of a data breach: What to do when your business has been hacked
\n* What’s Next For Network Security
\n* Why Physical Security Professionals Need to Get to Grips with Cyber Security
\n* Now experts say don\u2019t change your password! Security services say workers may be safer from hackers if they keep the same login
\n* Online transaction fraud to reach $25 billion by 2020
\n* Microsoft publishes Security Intelligence Report, including cloud data for the first time
\n* American Bar Association releases cyber insurance guide for lawyers
\n* Microsoft: 2015’s Most Popular Exploit Was a Vulnerability Discovered in 2010
\n* Employers vicariously liable for data breaches caused by rogue employees
\n* Where to cut corners when the security budget gets tight
\n* IBM and eight universities to teach Watson computer system to fight cyber crime
\n* Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon
\n* FDIC launching new cyber initiative after 5 more breaches
\n* Verizon Breach Report Criticized
\n* Singapore\u2019s cloud security framework \u2013 multi-tiers and incident response guidelines
\n* Homeland Security warns of hackers exploiting SAP security flaw<\/p>\n
2016: The year of application layer security in public clouds
\nOur State of the Cloud Survey estimates that 93 per cent of respondents are adopting cloud \u2013 88 per cent are using public cloud, 63 per cent using private cloud, and 58 per cent using both.
\n\u2018Hybrid Cloud\u2019 will mean cloud computing resources are interoperable with all technologies, hardware, providers, and geographies.
\nDevelopers of the world will be free to build applications without any thought to the underlying architecture.
\nSecurity focus shifts from the datacentre to just the data
\nAs data platforms modernise, security will evolve as well.
\nNo longer will organisations just build massive walls around a corporate datacentre to keep out all potential attackers.
\nThe limitations of the physical network architectures will be magnified once enterprises see the difference between an underlay for bulk transport and an overlay for application specific use-case tuning.
\nThe glaring security holes in physical networks once obfuscated will reveal themselves.
\nThe collision between the cloud way and the physical datacentre way will be violent.
\nThe concept of an on-premise datacentre will change in 2016 both in how it will be built and how it will be consumed.
\nThose with groups already working in the cloud will easily transition to a more flexible and efficient environment.
\nIt may be called private cloud or software-defined datacentre, but the name won\u2019t matter.
\nThe question for 2017 is \u2018when will the traditional physical datacentre way become extinct?\u2019
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=389dcfabdd&e=20056c7556<\/p>\n
Dangerous open-source bugs lurk inside most commercial apps
\nThe security of open-source components is a blind spot that’s leaving businesses exposed to dozens of very old bugs, security firm Black Duck Software contends in a new report, based on open-source security work it’s conducted.
\nIBM recently tapped Black Duck Software for its IBM Security AppScan to scan and map out potentially vulnerable open-source components in use.
\nThe report summarizes a review of 200 commercial applications it reviewed for customers in the six months to March.
\nThe firm finds that the average commercial application consists of over 100 open-source components.
\nHowever, at the beginning of an audit customers are only aware of about half of these.
\nIndeed, the report finds that 67 percent of commercial applications contain vulnerable open-source components and that each application, on average, has five vulnerable components that contain multiple individual vulnerabilities.
\nAccording to the firm’s numbers, each application has 22.5 individual vulnerabilities across different components.
\nBlack Duck Software product strategy VP Mike Pittenger said the problem isn’t the use of open source but rather the lack of visibility in its use and a lack of awareness of new vulnerabilities.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7d3501555a&e=20056c7556<\/p>\n
The critical first hours of a data breach: What to do when your business has been hacked
\nFirstly, a data breach costs money – \u00a31.2m on average according to the Risk:Value report from NTT Com Security.
\nBrand reputation also takes a huge hit from a data breach, you only need look at the impact of the TalkTalk data breach – over 100,000 customers and \u00a360m lost.
\nThe name of the data breach response game is protection – protect your assets, brand, reputation, customers and long-term future.
\nFollowing a data breach you must lock down your systems.
\nAfter having quarantined the vulnerability, it is imperative that you find out if the attackers have any other paths into your systems – the ‘three pronged attack’ is becoming more and more popular among hackers, as Laurance Dine Managing Principal of investigative response at Verizon Enterprise Solutions told CBR:
\nRussell Kempley, Head of Cyber Technical Services at BAE Systems, advises implementing the following procedure:
\n1- Assign an incident co-ordinator who can liaise with investigation teams and management
\n2- Ensure evidence is being captured and preserved – logs should be collected from key devices and extra logging enabled if the attack is ongoing.
\nCompromised assets should be isolated from the network if appropriate to the type of threat and business impact.
\n3- Conduct an initial assessment to identify actual or potential business impacts; this informs the response strategy and what the key outstanding questions are
\n4- Call in specialist investigation support to help get accurate answers quickly and guide the business through the recovery.
\nThe UK Government \/ CESG has a scheme to certify incident response specialists so that you can choose a firm with confidence.
\n5- Take action, inform management and other stakeholders and seek advice from legal and communications teams.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6dcd72f9b5&e=20056c7556<\/p>\n
What’s Next For Network Security
\nLAS VEGAS \u2013 Interop 2016 \u2013 Network security as we know it ultimately will operate hand in hand with software-defined networking (SDN) and virtualization, security experts here said.
\nBut a software-defined network architecture comes with some security risks of its own.
\nIt leaves organizations open to internal distributed denial-of-service (DDoS) attacks, says Camp, who in a presentation here tomorrow will show how malware can enter virtual environments.
\nIt\u2019s possible to hack a virtual machine and basically \u201cblow up that whole box and the network with it,\u201d he says.
\n\u201cYou can take the first few digits of a MAC address and … know it\u2019s a VM,\u201d he says. \u201cYou can take that VM and pop it and do resource-exhaustion\u201d and use that to DDoS the SDN.
\nThat would be an ironic twist, of course, since SDN can be used to mitigate external DDoS attacks.
\nThe best bet for protection would be to incorporate network defenses within those same boxes, Camp and other experts say.
\n\u201cSecurity is really just another part of the infrastructure, and a fundamental\u201d part of a software-defined security framework, he said.
\nBut firewall, IDS\/IPS, and other hardware-based platforms aren\u2019t going anywhere any time soon.
\nA virtual firewall would sit on a virtual switch like other network functions, and provide better visibility into network traffic, he says. \u201cAnd because it\u2019s in a VM, it\u2019s easier to scale, too.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=32205c88b0&e=20056c7556<\/p>\n
Why Physical Security Professionals Need to Get to Grips with Cyber Security
\n\u2018Stop thinking cyber security is an IT problem, because it\u2019s not; it\u2019s a business problem\u2019, advised industry expert, Mike Gillespie, at a recent NSI Summit.
\nA couple of examples\u2026<\/p>\n
Number one: Last year, news broke that hundreds of CCTV systems were live-streaming content across the internet. Nearly all of those systems, Mike explained, had been compromised because an installer had not changed the default username and password.<\/p>\n
Number two: Mike identified a server on a client\u2019s network, but couldn\u2019t find it using schematics. The IT manager claimed to know nothing about it and, on paper, it didn\u2019t exist. Eventually, the Facilities Manager admitted he had added it to the system, without communicating the change or being aware of the threat.<\/p>\n
The key advice for attendees at the NSI Installer Summit was \u2018stop thinking \u201cI\u2019m not a big corporate, this doesn\u2019t matter to me\u201d\u2019.
\nThis is impacting real, physical environments and it has the potential to cause widespread chaos.
\nIt\u2019s not just the lazy hackers who are after us, but also well-resourced, capable people \u2013 sometimes state-sponsored, sometimes terrorists.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b18dbd4fd5&e=20056c7556<\/p>\n
Now experts say don\u2019t change your password! Security services say workers may be safer from hackers if they keep the same login
\nIn a new briefing to Whitehall, power stations, banks and the public sector, cyber experts at CESG \u2013 the information security arm of intelligence agency GCHQ \u2013 concluded: \u2018It\u2019s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack.\u2019
\nThe advice continues: \u2018Most password policies insist that we have to keep changing them.
\nAnd when forced to change one, the chances are that the new password will be similar to the old one.
\n‘Attackers can exploit this\u2026New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out\u2026CESG now recommends organisations do not force regular password expiry.\u2019
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=101f5fcf2c&e=20056c7556<\/p>\n
Online transaction fraud to reach $25 billion by 2020
\nOnline transaction fraud is expected to reach $25.6 billion by 2020, up from $10.7 billion last year, according to Juniper Research.
\nThis means that by the end of the decade, $4 in every $1,000 of online payments will be fraudulent.
\nThe new study identified 3 hot areas for online fraud:
\neRetail (65% of fraud by value in 2020 \u2013 $16.6 billion)
\nBanking (27% \u2013 $6.9 billion)
\nAirline ticketing (6% \u2013 $1.5 billion).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=2339e14bce&e=20056c7556<\/p>\n
Microsoft publishes Security Intelligence Report, including cloud data for the first time
\nMicrosoft has published its latest biannual Security Intelligence Report (SIR), covering the second half of 2015.
\nThe SIR “analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide.”
\nThis report, its twentieth in the last ten years, includes security data from the Microsoft cloud for the first time, which the company says “reveals how we are leveraging an intelligent security graph to inform how we protect endpoints, better detect attacks and accelerate our response, to help protect our customers.”
\nrom a sensor network made up of hundreds of millions of systems running Microsoft anti-malware software, the data shows us that:
\nThe number of systems that encountered malware in 2015 increased in the second half of the year.
\nThe worldwide encounter rate increased to 20.5% by the end of 2015, an increase of 5.5% from six months earlier.
\nThe locations with the highest encounter rates were Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal which all had encounter rates above 50%.
\nExploit kits accounted for four of the 10 most commonly encountered exploits during the second half of 2015.
\nThe Angler exploit kit was the most commonly encountered exploit kit family.
\nAlthough ransomware had relatively low encounter rates (worldwide ER for ransomware in the first quarter of 2015 was 0.35 percent and 0.16 percent in the second quarter), its use in ransomware-as-a-service kits and targeted attacks is increasing.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=cd904f3674&e=20056c7556<\/p>\n
American Bar Association releases cyber insurance guide for lawyers
\nThe American Bar Association’s Standing Committee on Lawyers’ Professional Liability on Thursday introduced a guide for attorneys on cyber liability risk and insurance.
\nTopics in the guide, \u201cProtecting Against Cyber Threats: A Lawyer’s Guide to Choosing a Cyber-Liability Insurance Policy,\u201d include why law firms should purchase cyber liability insurance, understanding the coverage, how to prevent coverage gaps and the importance of breach response, among others.
\nThe guide also includes a list of cyber liability insurers that insure law firms and their contact information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=53b8e39b1c&e=20056c7556 (http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=22a25e885b&e=20056c7556)<\/p>\n
Microsoft: 2015’s Most Popular Exploit Was a Vulnerability Discovered in 2010
\nAccording to Microsoft’s security team and data from its anti-malware products, during 2015, the most popular security exploit was CVE-2010-2568, a vulnerability discovered in 2010 and also used in the infamous Stuxnet attacks.
\nCVE-2010-2568 is a security bug found in older versions of the Windows Shell and affects Microsoft’s Windows 7, Vista, XP, Server 2008 and Server 2003 operating systems.
\nThe vulnerability allows an attacker to deploy LNK or PIF files on an affected system and then execute code on the user’s computer, effectively taking over the device.
\nThe report also highlights positive findings, the company revealing that the number of users that employ real-time security software is growing.
\nAccording to the company, the needle has moved from 74.3 percent to 77.1 percent during all last year.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c00ba2b612&e=20056c7556<\/p>\n
Employers vicariously liable for data breaches caused by rogue employees
\nIn April 2016, the High Court of England and Wales issued its judgment in Axon v Ministry of Defence [2016] EWHC 787 (QB).
\nThe court emphasised (albeit obiter) the fact that employers can be liable for data breaches caused by rogue employees (in the present case, an employee who had passed on certain information to journalists without the permission of her employer).
\nThe impact of this decision on employers is potentially significant, and it serves as another reminder to employers to implement proper data protection processes and procedures, and to ensure that employees receive appropriate training on these issues.
\nThe decision in Axon highlights the risk that an employer may be vicariously liable for a data breach caused by a rogue employee, where the breach concerns private or confidential information to which the employee only has access by reason of the employment relationship.
\nWhile no business can ever be fully aware of every activity carried out by its employees, employers should take steps to minimise the risks of vicarious liability, by ensuring that they have in place: strong information security measures; appropriate privacy policies and enforcement of those policies; and sufficient training for employees handling personal data in the course of their duties.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8e15c33f91&e=20056c7556<\/p>\n
Where to cut corners when the security budget gets tight
\nRick Howard, CSO at Palo Alto Networks, said the best thing CISOs can do to bolster their information security program in times of budget shortages is make sure the prevention controls they already have in place are working the way they thought they were going to work when they originally bought and installed them.
\nRick Howard, CSO at Palo Alto Networks, said the best thing CISOs can do to bolster their information security program in times of budget shortages is make sure the prevention controls they already have in place are working the way they thought they were going to work when they originally bought and installed them.
\nStan Black, CSO at Citrix, said organizations short on budget can perform simple but effective security checks like making sure admin logins and passwords aren\u2019t in use, network and access policies are up-to-date and compliance regulations are being met.
\nPerforming employee trainings on how to uphold security best practices for their own safety, as well as the company’s, can enormously help reduce risk and only costs time.
\nGareth O\u2019Sullivan, director of solutions architect \u2013 EMEA at WhiteHat Security, said maintaining a secure environment is not simply about adding more security products.
\nContrary to the notion of finding products for next to no cost, Jeff Schilling, CSO at Armor, said there is no magic bullet that allows a security team to have great security without investment.
\nRyan O\u2019Leary, vice president of Threat Research Center at WhiteHat Security, added: One of the best ways to improve security without having to pay a single cent is to implement a security centric development program.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=86a767dcfd&e=20056c7556<\/p>\n
IBM and eight universities to teach Watson computer system to fight cyber crime
\nNow IBM is launching Watson for Cyber Security \u2014 a cloud-based version of their cognitive technology \u2014 that will be trained over the next year to examine threats of cybercrime.
\nCaleb Barlow, vice-president of IBM Security, said it is becoming increasingly difficult for security staff to deal with the growing number of cyber threats.
\n\u201cYour average enterprise is dealing with 200,000 incidents a day that they\u2019ve got to dig through.
\nHuman beings simply cannot look at all of that data,\u201d he said.
\nStudents at the eight universities, including the University of New Brunswick, University of Ottawa and the University of Waterloo, will put the information in a form the computer can understand and help train the system to use that information to examine cyber threats.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=68f21cba09&e=20056c7556<\/p>\n
Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon
\nAT&T Cybersecurity Insights Report
\nTakeaway: 458% increase in the number of times hackers searched Internet of Things connections for vulnerabilities
\nCisco Annual Security Report
\nTakeaway: There\u2019s a 221% increase in compromised WordPress sites
\nDell Security Annual Threat Report
\nTakeaway: Malware attacks nearly doubled to 8.19 billion, with Android ecosystem being the prime target
\nGoogle Android Security Annual Report
\nTakeaway: Google notified Google Play developers about potential security issues, which led to better security for 100,000+ apps
\nIBM X-Force Cyber Security Intelligence Index Report
\nTakeaway: The healthcare industry was the one most frequently attacked, speeding straight past financial services and manufacturing
\nMcAfee Labs Threat Predictions Report
\nTakeaway: Attacks on automobile systems will increase rapidly in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles.
\nSymantec Internet Security Threat Report
\nTakeaway: Spear-phishing campaigns targeting employees increased 55% last year
\nVerizon Data Breach Investigation Report
\nTakeaway: 89% of all cyber attacks involve financial or espionage motivations.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b60a869251&e=20056c7556<\/p>\n
FDIC launching new cyber initiative after 5 more breaches
\nThe Federal Deposit Insurance Corporation is kicking its cybersecurity efforts into high gear after reporting five more security incidents that were unknowingly caused by outgoing employees.
\nThe FDIC on May 9 said five \u201clow risk\u201d incidents occurred since October, when outgoing employees downloaded customer data while they were saving personal information to their own devices.
\nFDIC said the cases would have been reported in its annual Federal Information Security Modernization Act (FISMA) report to Congress if not for recently revised guidance.
\nThe agency immediately addressed the incidents, the FDIC said.
\nMeredith Somers
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c016475cdd&e=20056c7556<\/p>\n
Verizon Breach Report Criticized
\nThe 2016 Data Breach Investigations report, released on April 27, is considered one of the most comprehensive annual guides on data breach trends, compiling data contributed by a wide range of computer security companies, law enforcement and government agencies.
\nIt also draws on more than 3,100 confirmed data breaches, an impressive sampling of attacks (see Verizon’s Latest Breach Report: Same Attacks, More Damage).
\nBut since the release of the report this year, computer security experts have taken issue with a top 10 list of vulnerabilities that Verizon claims were responsible for 85 percent of successful exploit traffic throughout 2015.
\nThey assert that the list of vulnerabilities could mislead administrators into devoting remediation efforts toward long-known flaws that don’t reflect the real attack landscape.
\nEight of the vulnerabilities on the list were reported in 2003 or earlier.
\nOddly, the list did not contain any vulnerabilities for Adobe Systems applications such as Flash Player, which is one of the world’s most frequently targeted pieces of software.
\nIn contrast, the U.S.
\nComputer Emergency Readiness Team published a list of the 30 most commonly exploited vulnerabilities just three days after Verizon’s report.
\nNone of the top 10 vulnerabilities listed by Verizon are in US-CERT’s list.
\nIn an email statement, Verizon didn’t directly address the controversy, saying “we welcome and are open to feedback from the security community, which we continually evaluate in order to make each successive DBIR better than the next.”
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e308d491a2&e=20056c7556<\/p>\n
Singapore\u2019s cloud security framework \u2013 multi-tiers and incident response guidelines
\nTo build assurance and trust in Singapore\u2019s cloud ecosystem, the Multi-Tier Cloud Security (MTCS) standard was developed by the government in 2013, providing businesses with greater transparency and clarity on the levels of security offered by different cloud service providers.
\nMTCS has seen strong takeup since its launch, with a total number of 64 certified cloud service providers as of 2016.
\nWith the MTCS framework, certified cloud service providers define the levels of security that they can offer to their users, while businesses can use the standards to better understand and assess the cloud security they require.
\nIn February 2016, IDA also introduced a set of Cloud Outage Incident Response (COIR) guidelines, the result of two years of discussion, scoping and development by public agencies and the industry.
\nMr Khoong said that the guidelines are to be used to map out how resilient a cloud service provider can be. \u201cEnterprises will then be able to gauge the relevant cloud service providers to them and procure according to their own business continuity management needs,\u201d he said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=905392e5a5&e=20056c7556<\/p>\n
Homeland Security warns of hackers exploiting SAP security flaw
\nThe department’s Computer Emergency Readiness Team (CERT) sent an alert on Wednesday warning that at least 36 unnamed organizations are running misconfigured or outdated software, which could leave them prone to remote attacks by hackers.
\nAccording to the alert, a hacker that successfully exploits the vulnerability can gain full access and complete control to an affected SAP platform — that includes business information and processes on those systems.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c41a475d39&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=0229c58d94)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] Sorry for random delivery times, on PTO\/vacation * 2016: The year of application layer security in public clouds * Dangerous open-source bugs lurk inside most commercial apps * The critical first hours…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1227","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1227"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1227\/revisions"}],"predecessor-version":[{"id":3714,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1227\/revisions\/3714"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}