[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* UN council: Seriously, nations, stop switching off the damn internet
\n* Millennials and Their Impact on Security
\n* Cybersecurity: Stop the attacker’s offense, don\u2019t do defense
\n* Malware banking campaigns against Canadians are increasing: Report
\n* Boardroom execs still don\u2019t know the value of data
\n* 7 trends in advanced endpoint protection<\/p>\n
UN council: Seriously, nations, stop switching off the damn internet
\nA resolution [PDF] entitled The promotion, protection and enjoyment of human rights on the Internet effectively extends human rights held offline to the internet.
\nIt was passed by consensus, but only after a determined effort by a number of countries, including China and Russia, to pull out key parts of the text.
\nIn particular, a number of states \u2013 notable by their authoritarian stances \u2013 were opposed to the resolution’s focus on the need for an accessible and open internet, and its condemnation of violations against people for expressing their views online.
\nA vote planned for Thursday was delayed to Friday after the issue became heated.
\nFour amendments pulling out that language were tabled, but none were adopted after an impassioned debate.
\nSome were surprised by the 13 other countries that lined up with Russia and China in an effort to delete the text on ensuring access to the internet.
\nAmong such authoritarian regimes as Saudi Arabia and Qatar were also democracies including India and South Africa.
\nLikewise on a second amendment to remove references to freedom of expression.
\nRussia and China were joined by 15 other countries including India, Kenya and South Africa.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b33a126f6e&e=20056c7556<\/p>\n
Millennials and Their Impact on Security
\nMost graduates coming into the workplace are, like every generation, completely different to those before them.
\nBut the more I interact with this new tribe, the more concerned I am for the security of any organization they work for.
\nPerhaps because they’ve grown up with technology, millennials don’t seem to have the same questions, hesitations or indeed fears about technology as my generation did.
\nThey expect to be able to bring their own device (BYOD) to work, connect their other personal devices to the corporate network, and see no reason to think twice about connecting to an unsecured WiFi Hotspot in a cafe.
\nA survey by Software Advice last year claimed that millennials were the worst generation for re-using passwords, accepting social media invites from strangers and were most likely to find security workarounds.
\nAnother survey from Equifax this year claimed that millennials were almost twice as likely to store sensitive data such as PIN numbers and passwords on mobile devices than any other age group surveyed.
\nIt has also been reported that the majority of millennials download and install mobile apps without reading the terms and conditions before hitting ‘accept’ – another new phenomenon.
\nWhen updating the software on your smartphone or downloading new applications, you are prompted to click the ‘accept’ button rather than the small T&Cs link.
\nWhile the millennials do present a threat, they are also a very engaged workforce -they don’t simply want a job, they want the right job so if they’re working for you, and you can secure them, they present a huge opportunity.
\nBut how do you secure them?
\nAn education program is now essential to ensure employees don’t present a threat to the organization.
\nFormal policies need to be developed around security and clearly communicated to all employees – covering BYOD, remote working, downloading policies etc, and could even require employees to make their devices available to the IT department for regular reviews.
\nTo stop millennials finding workarounds, the technology must be user-friendly and the organization needs to consider the privacy of the employees and use technology solutions which separate their data from the corporate data.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4f10a7f11d&e=20056c7556<\/p>\n
Cybersecurity: Stop the attacker’s offense, don\u2019t do defense
\nA strong defense isn’t enough to beat today’s sophisticated hackers.
\nCompanies must adopt a military mindset and stop the attacker’s offense.
\nTo stop offense, you switch your mindset: instead of thinking about your vulnerabilities, you look for the attacker\u2019s weak points and go after them to shut down the operation.
\nIn essence, you figure out how the enemy is working and use this to your advantage, a concept I like to call the house of cards approach to attack detection.
\nThis does not mean you launch your own attack against the attackers and hack them back.
\nYou want to be able to see all the elements at work in the hacking campaign and cut the attacker\u2019s access to your network at once.
\nRemediating security threats one by one won\u2019t do anything to protect a company.
\nOne challenge organizations face is that security operations tend to fall under the IT department\u2019s domain.
\nSecurity roles need to be filled with workers who have some security background.
\nor most organizations, cybersecurity stops and ends at computer and servers and isn\u2019t linked to physical security.
\nBut, in reality, the boundaries between cyber and physical security are disappearing.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=61fa5d0289&e=20056c7556<\/p>\n
Malware banking campaigns against Canadians are increasing: Report
\nCanadian businesses and residents are increasingly targets for malware campaigns, according to a new blog from security vendor ProofPoint.
\nThe report, issued last week, said the company has seen six different banking Trojan families, including Ursnif, Dridex, Kronos, Zeus, Gootkit, and Vawtrak, all targeting customers of financial institutions in Canada and other countries since May.
\nThe gang behind the Dridex malware is particularly stubborn.
\nWhile one of its botnets was taken down last fall and one person was arrested, campaigns using the malware are increasing. says Proofpoint.
\nSeparately, Cisco Systems\u2019 Talos threat intelligence service is warning enterprises of a new campaign that started June 27 for delivering Locky\/Zepto ransomware through attachments.
\nRegular employee awareness training is important to stifling these campaigns, not only having staff be cautious about messages with attachments but also be wary of messages that ask them to disable macros.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a3ebe06fd5&e=20056c7556<\/p>\n
Boardroom execs still don\u2019t know the value of data
\nAlmost two thirds of businesses still don\u2019t know the value of critical data assets being targeted by cybercriminals.
\nIRM surveyed security heads at their recent conference, and found that just 28 per cent of CISOs regularly conduct exercises to categorise and value the data within their IT estate in order to evaluate the risk associated with its loss. 55 per cent have taken partial action, while 17 per cent had taken no action at all.
\nCharles White, Founder and CEO of IRM, warns that poor knowledge of the value of data makes it much more difficult to draw up an effective risk strategy and determine how much should be invested to protect the data.
\nPCI regulations demand strong security to protect credit card details for example, but much more valuable passport information could be completely overlooked.
\nWhile a single credit card is worth around \u00a381 on the dark web, a passport can fetch \u00a32,000 or more, making it a much more attractive target.
\nIRM did however find that the attitude of senior executives in the boardroom had improved. 66 per cent of CISOs stated they now rarely or never had trouble in engaging with the board on the cyber agenda, while just three per cent said they always had difficulties. 57 per cent said that identifying risks and vulnerabilities was the top priority for the next 12 months \u2013 40 more than the next most popular choices of vetting third party suppliers and securing the cloud.
\nThe report also identified that people, not technology, were the top concern for most CISOs. 28 per cent stated that internal staff were the area they felt most vulnerable, followed closely by suppliers at 24 per cent.
\nCloud and Internet of Things (IoT) devices were seen as the chief technological vulnerability, with 17 per cent citing it as their top concern, followed by mobile and ECOM.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fe2b54de13&e=20056c7556<\/p>\n
7 trends in advanced endpoint protection
\nAfter extensive testing of 10 advanced endpoint protection products, we have identified a series of broad industry trends:
\n1) Virus signatures are pass\u00e9.
\n2) Tracking executable programs is so last year.
\n3) Can the product track privilege escalation or other credential spoofing?
\n4) Insider threats are more pernicious, and blocking them has become more compelling.
\n5) Data exfiltration is more popular than ever
\n6) Many tools are using big data and cloud-based analytics to track actual network behavior.
\n7) Attack reporting standards
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=423de7ddad&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=391aa1e8de)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage1.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * UN council: Seriously, nations, stop switching off the damn internet * Millennials and Their Impact on Security * Cybersecurity: Stop the attacker’s offense, don\u2019t do defense * Malware banking campaigns against…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1242","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1242"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1242\/revisions"}],"predecessor-version":[{"id":3729,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1242\/revisions\/3729"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}