[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* Black Swans \u2013 Antifragile Network Design
\n* New investigative tool helps Kiwi businesses uncover cyber crime
\n* Ransomware attracts FTC attention
\n* HIT Think 4 signs you\u2019re not prepared for cybersecurity threats
\n* Sage data breach highlights the risk of the insider threat
\n* \u2018Mr. Robot\u2019 Launches Text-Based Hacking Game to Accompany Season One
\n* Top 10 Security Predictions Through 2020
\n* How Diversity Can Bridge The Talent Gap
\n* Threat of terrorism boots Sydney out of Economist\u2019s top 10 liveable cities
\n* Health IT pros are worried about hacking, but many still don’t encrypt
\n* Law Firms Are Seeking Data Security Certification (Perspective)
\n* Lack of Cloud, App Visibility Plagues Security
\n* Rate of cybercrimes up by 39%, says expert<\/p>\n
Black Swans \u2013 Antifragile Network Design
\nJohn Merline, blogging with Packet Pushers, explored the concept of antifragile network design and management.
\nMerline pointed to examples of recent black swan events, such as the partial router failure that brought down Southwest Airlines’ IT infrastructure on July 20, and a fire at Delta Air Lines’ Atlanta data center earlier this month that paralyzed the carrier.
\nBlack swan events have three main attributes: They lie outside of regular expectations, they have extreme effects and are often rationalized in hindsight.
\nMerline said he believes scholar Nassim Nicholas Taleb’s ideas on antifragile network design and management must be applied to reduce the possibility of black swan incidents, especially in an age of cloud-native design.
\nBlack Swans as written about by Nassim Nicholas Taleb have three attributes:
\n– The event lies outside regular expectations
\n– The event has extreme impact
\n– It is rationalized by hindsight as if it could have been planned for.
\nApplying similar principles to cloud computing means running the same application in multiple public or private clouds, which is made possible by widespread support for container platforms.
\nDoes running in multiple regions or availability zones within the same cloud platform provide separate fault domains.
\nDoes \u201cAntifragile\u201d computing imply separate cloud providers and the technology stacks?
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f58354402a&e=20056c7556<\/p>\n
New investigative tool helps Kiwi businesses uncover cyber crime
\nManaging director at Computer Forensics Brian Eardley-Wilmot, says the new tool, CheckIT, is especially useful for revealing intellectual property (IP) theft but can be used to uncover any kind of computer misuse, such as false document creation, harassment, the downloading of porn.
\n\u201cThe CheckIT process involves getting a brief from management as to what they think is happening.
\nWe then perform an exploratory examination on the hard disk\/media concerned, then we come back with indicative information that essentially says \u2018Yes, you\u2019re right and you should move to a full forensic investigation,\u2019 or \u2018No, there isn\u2019t a problem\u2019, as the case may be,\u201d Eardley-Wilmot explains.
\nEardley-Wilmot says there are four areas where CheckIT can be used, to both reveal and deter cyber-crime:
\n– When a key employee resigns and there are concerns
\n– When incontestable evidence of misconduct is needed
\n– When an employee is specifically suspected of wrongdoing
\n– When a random audit of computers and mobile devices can discourage cyber-crime
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=569763b5cb&e=20056c7556<\/p>\n
Ransomware attracts FTC attention
\nThe Federal Trade Commission (FTC) will host several panel discussions on ransomware next month to highlight the seriousness of the crime wave and offer businesses and consumers ideas to avoid becoming victims.
\nThe ransomware focus for the Sept. 7 event — the first of three by the FTC on technology issues — was announced earlier this year.
\nBut on Monday the agency listed the government officials and business representatives who will participate.
\nAmong the latter will be executives and experts from companies such as Cylance, PhishLabs and Symantec.
\nOfficials from the FTC and the FBI will also take part.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d61e04ffa5&e=20056c7556<\/p>\n
HIT Think 4 signs you\u2019re not prepared for cybersecurity threats
\nIt\u2019s clear by now that IT executives take cybersecurity threats seriously, at least in the abstract.
\nThe most recent SIM IT Trends Study, which surveys industry IT leaders, found that security is among the main issues keeping them up at night and is one of the biggest investments IT departments are making.
\nResearchers from IBM\u2019s Institute for Business Value surveyed 700 C-suite executives from 28 countries across 18 industries to assess non-IT executives\u2019 understanding of the security threats facing them and their preparedness for such threats.
\nSo where are the disconnects.
\nWhat are some of the signs that your organization isn\u2019t truly prepared for realistic security threats.
\nThe report identified several of the most significant signs your organization isn\u2019t prepared for a cybersecurity threat.
\nYou\u2019ve misidentified the actual threats.
\nYou don\u2019t have a CISO.
\nNot every C-suite member is involved.
\nYou\u2019re not willing to share information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0b37b149f1&e=20056c7556<\/p>\n
Sage data breach highlights the risk of the insider threat
\nA suspect in a recent data breach at Sage, a U.K. provider of business software, has been arrested.
\nOn Wednesday, police in London detained a company employee.
\nThe 32-year-old woman was held for alleged fraud against the company, London City Police said.
\nShe has since been released on bail.
\nTo protect their systems, companies need to reconsider offering employees unrestricted access to valuable data.
\nCompanies can also consider monitoring their employees\u2019 activities, when accessing sensitive resources, said Mimecast, a provider of business email and data security.
\nTo ward off the danger, companies can install internal safeguards that can prevent employees from sending sensitive data to anyone outside the network, Mimecast said.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a8c6c29568&e=20056c7556<\/p>\n
\u2018Mr. Robot\u2019 Launches Text-Based Hacking Game to Accompany Season One
\nFans can dive into the \u201cMr.
\nRobot\u201d world with a new mobile game that you can now download on your smart phones called \u201cMr.Robot:1.51exfiltrati0n.\u201d The fake messaging app casts players as a stranger who finds a mysterious cell and begins communicating with the show\u2019s characters.
\nThe game is developed by \u201cOxenfree\u201d and published by Telltale Games.
\nThe developers worked closely with the show\u2019s creator Sam Esmail and writer Kor Adana to give fans a chance to perform some awesome hacks.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=25f81b1eae&e=20056c7556<\/p>\n
Top 10 Security Predictions Through 2020
\nThe following list shares other Strategic Planning Assumptions (SPAs) by Gartner for security in the next two to four years.
\nThrough 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.
\nBy 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.
\nBy 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.
\nBy 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.
\nBy 2020, 80% of new deals for cloud-based access security brokers (CASBs) will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.
\nBy 2018, enterprises that leverage native mobile containment rather than third-party options will rise from 20% to 60%.
\nBy 2019, 40% of Identity of as a Service (IDaaS) implementations will replace on-premises identity and access management (IAM) implementations, up from 10% today.
\nBy 2019, use of passwords and tokens in medium-risk use cases will drop 55%, due to the introduction of recognition technologies.
\nThrough 2018, more than 50% of Internet of Things (IoT) device manufacturers will not be able to address threats from weak authentication practices.
\nBy 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7bbd8625fc&e=20056c7556<\/p>\n
How Diversity Can Bridge The Talent Gap
\nThe dirty little secret about most security job openings today is that they often inadvertently preclude women and minorities.
\nThere\u2019s also a glaring disconnect today between many job openings in cybersecurity and the types of skills the field now demands.
\nThe panelists pointed to the importance and need in security for non-technical skills and backgrounds in psychology, linguistics, communications, for example.
\nYet those skills aren\u2019t the norm in a typical job opening.
\nThere\u2019s a mindset problem here as well.
\nStudies and anecdotal data show that women are less likely to apply for a job if they don\u2019t fit all of the listed qualifications, whereas men apply even if they don\u2019t have all of the listed skills.
\nBut that\u2019s a trend that can be broken, the panelists said.
\nLeifson, who graduated from college in December and is now a SOC analyst, had a refreshing view on this: even when she doesn\u2019t meet all of the qualifications listed in a job opening, she still applies for it. \u201cI still feel confident in my skills,\u201d she said. \u201cDon\u2019t be afraid\u201d to put yourself out there and apply, she said.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=838a7e2579&e=20056c7556<\/p>\n
Threat of terrorism boots Sydney out of Economist\u2019s top 10 liveable cities
\nThe Victorian capital topped the Economist Intelligence Unit\u2019s most liveable city index for the sixth year running, again just pipping Austria\u2019s Vienna and Canadian duo Vancouver and Toronto.
\nAdelaide again landed fifth, tied with Calgary.
\nSydney was surprisingly dumped from seventh to 11th with the index report owing the drop \u201cto a heightened perceived threat of terrorism\u201d.
\nThe report owed the high rankings of Australian and Canadian cities to their wealth and medium density which can \u201cfoster a range of recreational activities without leading to high crime levels or overburdened infrastructure.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=14ad799307&e=20056c7556<\/p>\n
Health IT pros are worried about hacking, but many still don’t encrypt
\nA significant minority of security pros still report their systems are not encrypting patient data, a basic defense, according to the survey by the Healthcare Information and Management Systems Society, a Chicago-based trade group for the health information technology industry.
\nMost HIMSS survey respondents (77% acute, 74% non-acute) believe their adversaries’ primary motivation is to grab their data for medical identity theft.
\nThe good news is, surveyors found that 85% of respondents from acute care providers and 81% from non-acute-care organizations made healthcare security a higher priority in 2016 than in the past.
\nMore than half (59%) reported using encryption of their data at rest, while 64% were encrypting data in transit.
\nFlipped over, those numbers imply that 41% were still not encrypting their data in storage and 36% were not even encrypting patient information when moving it from one place to another.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=c08a6b7b7e&e=20056c7556<\/p>\n
Law Firms Are Seeking Data Security Certification (Perspective)
\nIn the wake of a number of high-profile data breaches involving law firms \u2014 including the recent Panama Papers breach \u2014 many U.S. law firms are moving toward obtaining ISO data security certification.
\nThe move toward ISO certification was initially driven by law firm clients \u2014 particularly those in financial services industry \u2014 that have long been the target of malicious cyber-attacks seeking customer credit card and financial information.
\nTo improve their data security practices, and provide assurance to jittery clients, many Am Law 100 law firms are seeking ISO certification.
\nA March 2015 ILTA survey found that 18 law firms had obtained ISO certification, and that another 30 were in the process of obtaining the certification.
\nThe trend toward ISO certification is not likely to abate as long as law firms continue to be targets of hackers.
\nIn the future, obtaining ISO certification may be like obtaining malpractice insurance for law firms \u2014 a cost of doing business.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e602fbadd1&e=20056c7556<\/p>\n
Lack of Cloud, App Visibility Plagues Security
\nEnabling a highly connected and mobile workforce means new attack vectors, as evidenced by the fact that a lack of visibility is the biggest problem IT and security professionals cite when asked about issues with their current cloud and mobile solutions (85%).
\nIn fact, data from Okta\u2019s new Secure Business Agility Report reveals that 80% of respondents pointed to weak passwords or weak access controls as a security issue.
\nAs a result, 65% of IT leaders expect a serious data breach to hit their business within the next year.
\nThe report also highlights that organizations are unsure if security is enabling or compromising productivity and agility: Just over half (52%) of IT leaders believe their current security solutions compromise productivity, while 48% believe their security measures enable the organization to adopt best-of-breed solutions that enable productivity and agility.
\nAlso, 92% of IT leaders believe their organizations could do more to integrate and support cloud applications into their infrastructure and systems.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=73a2544d6b&e=20056c7556<\/p>\n
Rate of cybercrimes up by 39%, says expert
\nJEDDAH: A Saudi information security specialist revealed a rise in the rate of cybercrimes in the country.
\nHe confirmed that Saudi Arabia leads other Gulf states in terms of electronic threats by 39 percent.
\nCompetent authorities have made efforts in this regard to increase awareness on the issues of cybercrime and malware, he pointed out.
\nInformation security researcher Mohammad Al-Sareei said the Kingdom leads the Gulf countries in electronic threats by 39 percent.
\nThis data was disclosed by Kaspersky Lab, an international software security group, and Norton, in which its latest report on the results of electronic security issues showed that about 6.5 million people in Saudi Arabia were subjected to cybercrimes last year.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3bea19ad8d&e=20056c7556<\/p>\n
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3cca38ce38)
\nUpdate subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)
\n============================================================<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * Black Swans \u2013 Antifragile Network Design * New investigative tool helps Kiwi businesses uncover cyber crime * Ransomware attracts FTC attention *…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1254","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1254"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1254\/revisions"}],"predecessor-version":[{"id":3741,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1254\/revisions\/3741"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}