[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* Physical Security Systems Enable Compliance To HIPAA And Other Privacy Laws
\n* “We just call it security”: Symantec’s global CSO on merging cyber, physical and employee security
\n* Energy Sector and Domestic Economy are Especially Vulnerable to Cyber AttacksBy: Ken Silverstein
\n* More and more organisations falling prey to cyber attacks: Report
\n* Why Chief Information Security Officers Need Their Own Cockpits
\n* India security market is on pace to grow 10.6% in 2016, Gartner says
\n* Cybercrime and cyberwar: A spotter’s guide to the groups that are out to get you
\n* HOLIDAY IN CAMBODIA FOR A YEAR AND A HALF IF YOU BREACH AN ASIA PACIFIC NETWORK
\n* Nokia malware report shows surge in mobile device infections in 2016
\n* 3 Golden Rules For Managing Third-Party Security Risk<\/p>\n
Physical Security Systems Enable Compliance To HIPAA And Other Privacy Laws
\nPhysical security systems can play a big role in helping to keep patient information safe and private, as required by various laws.
\nFor example, AMAG has developed new capabilities within its Symmetry family of products that allow healthcare institutes to demonstrate their compliance with HIPAA.
\nCompliance reporting is a key area and has been a focus for AMAG, says Dave Ella, Vice President of Product Marketing, AMAG Technology.
\nHospitals and healthcare facilities install AMAG\u2019s Symmetry access control system and Symmetry CompleteView Video Management to manage and control access and provide HIPAA compliance throughout their buildings and campuses.
\nSecurity plan policies and procedures need to protect a healthcare facility, says Ella.
\nAutomatically reviewing access permissions for employees, contractors and visitors on a regular basis is a key aspect of the plan, and AMAG\u2019s Symmetry CONNECT product is designed for that purpose.
\nAlso, capabilities within the system make documentation of adds and changes to the security system more straightforward.
\nThey include the ability to add drawings, documents and notes to any device within the system.
\nOther entities that set security guidelines include the Joint Commission accreditation and certification body, which has oversight for physical building security, water, safety, fire, and other security processes; and the Det Norske Veritas (DNV), an independent foundation that works with healthcare authorities and providers to manage risk and improve healthcare delivery.
\nToday\u2019s access control platforms enable hospitals to improve risk management and comply with new legislation or regulatory requirements.
\nFor instance, HIPAA imposes strict requirements for accessing medical records, which may necessitate the use of a smart card to enter secure areas or to access IT networks that store patient information.
\nWith video surveillance, cameras must be positioned in such a way that they don\u2019t violate HIPAA laws, says Ouellette.
\nIf a camera is pointed to a computer screen or something else that contains a patient\u2019s PII, there must be an option to draw a privacy window within the frame so that a patient\u2019s sensitive information isn\u2019t easily accessed or compromised.
\nFaced with a number of local, state and national regulatory guidelines, security directors within healthcare facilities must be able to improve hospital security and insulate the organization from potential liability claims, says Kyle Cusson, Business Development Manager, Healthcare, Pelco by Schneider Electric. \u201cThat means implementing a surveillance system that allows multiagency cooperation and response,\u201d he says. \u201cKeeping all of this in mind, having a video surveillance system that integrates with the necessary emergency and fire alarm systems, access control and other systems can promote an institution\u2019s compliance with regulatory agencies by providing proof that the organization\u2019s assets are safe and secured.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3af8d613b1&e=20056c7556<\/p>\n
“We just call it security”: Symantec’s global CSO on merging cyber, physical and employee security
\nCyber security, physical security and employee safety are as one for Symantec.
\nAs Fitzgerald puts it: \u201cWe just call it security\u201d.
\nThe result is hugely beneficial for employees in times of need.
\nBut it\u2019s proved a win for Fitzgerald and his team too.
\nSymantec has turned facilities managers, security guards and receptionists into bona fide members of its security team.
\nTheir physical presence means cyber security messages can be better communicated.
\nBringing cyber, employee and physical security together is a growing trend in Silicon Valley, Fitzgerald says.
\nThat trend is taking hold in Australia too.
\nDarren Kane, CSO of NBN Co is responsible for the security of facilities and personnel as well as information systems.
\nVodafone Australia’s recently appoint CSO, Peter Tari, has a remit to secure not just the company\u2019s data but its assets and personnel as well.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=fdbd635128&e=20056c7556<\/p>\n
Energy Sector and Domestic Economy are Especially Vulnerable to Cyber AttacksBy: Ken Silverstein
\nIn testimony before the US Congress, Energy Secretary Ernest Moniz said that cyber threats and natural disasters could seriously put the electric grid at risk and has thus listed some measures to mitigate disruptions and the economic harm that would flow from that.
\nGenerally speaking, he said that the country needs emergency response systems that kick in when fuel supplies are threatened and that the infrastructure needs to be modernized to sustain systemic shocks.
\n\u201c(T)here should be no doubt in our minds that there are nation-states and groups that have the capability to enter our systems \u2026and to shut down\u2026our ability to operate our basic infrastructures\u2026whether its generating power, moving water and fuel,\u201d Moniz said during his testimony, quoting the commander of U.S.
\nCyber Command and Director, andNational Security Agency.
\nHe goes on to discuss how natural disasters can impede the flow of electricity and economics, saying how our infrastructure is all linked.
\nHurricanes Katrina and Rita, for example, knocked out 85,000 utility poles, 800 distribution stations and thousands of miles of transmission lines.
\nWhat to do.
\nFor their part, utilities are already required under the Energy Policy Act of 2005 to certify with the Federal Energy Regulatory Commission that they have developed robust systems that can continue to generate and deliver power if attacked.
\nTo comply, they are describing their potential risks based on historical accounts.
\nMeantime, nuclear operators have their own separate requirements that they follow and that they report to the Nuclear Regulatory Commission.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b8a9e037fb&e=20056c7556<\/p>\n
More and more organisations falling prey to cyber attacks: Report
\nNearly 80 per cent of organisations in North America and Europe were victims of cyber attacks last year and nearly half of cyber attacks used malware hidden in encrypted traffic to evade detection, a report said on Wednesday.
\nThe encryption technology that is crucial to protecting sensitive data in transit such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected through an organisation\u2019s security framework.
\nThe report by US-based security company A10 Networks in partnership with Ponemon Institute surveyed 1,023 IT and IT security practitioners in North America and Europe, highlighting the challenges these professionals face in preventing and detecting cyber attacks.
\nA surprising outcome of the growing use of encryption technology is an increase in cyber attacks, it found.
\n\u201cInstead of focusing on doing everything right 100 per cent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available,\u201d said Chase Cunningham, Director, Cyber Operations, A10 Networks, in a statement.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ea198facc4&e=20056c7556<\/p>\n
Why Chief Information Security Officers Need Their Own Cockpits
\nTo overcome the latest cyber security challenges and implement a risk-based approach to cyber security, CISOs need a fully equipped cockpit.
\nThey not only need dashboards to understand the company\u2019s current state of affairs but also the levers and switches to take action to reduce risk.
\nThey need to see threats coming from outside criminals, internal employees and third party vendors, and marry those threats with associated vulnerabilities that may lead to a compromise of their most valued assets.
\nThey must facilitate the communication between incident responders and line-of-business application owners to ensure that the most severe alerts are on the top of the priority list for investigation and that the most critical vulnerabilities within their most valued assets are patched first.
\nCISOs must report their progress and challenges to the board of directors in a language they can understand and present metrics that center around impact to the business.
\nA pilot\u2019s cockpit includes features such as dashboards, communication controls, levers, warning lights, windshields and automation.
\nA CISO\u2019s cockpit must contain the same types of tools in order to reduce cyber risk in a traceable, measurable and truthful fashion.
\nWithout one, they will be flying blind, seeing fragmented pieces of their cyber risk landscape and unable to decipher threats and vulnerabilities that truly elevate cyber risks to their most precious cargo.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0c3eb2c351&e=20056c7556<\/p>\n
India security market is on pace to grow 10.6% in 2016, Gartner says
\nCHENNAI: Enterprise security spending (hardware, software and services) in India is on pace to reach $1.12 billion in 2016, up 10.6% from $1.01 billion in 2015, according to Gartner.
\nSecurity spending will continue to grow in 2017 when revenue is projected to reach $1.24 billion.
\nSecurity services (that include consulting, implementation, support and managed security services) revenue accounted for 61% of this total revenue in 2015, and this proportion will increase to 66% by 2020.
\nKey security initiatives for a majority of organisations in 2016 include security operations, incident response network and data centre security, identity governance and administration, mobile and cloud security governance, advanced threat defense, application security, security policy and programme development and governance, risk and compliance (GRC).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e046cf0207&e=20056c7556<\/p>\n
Cybercrime and cyberwar: A spotter’s guide to the groups that are out to get you
\n“Now the focus is almost entirely focused on a some kind of pay-off,” says David Emm, principal security researcher at Kaspersky Lab.
\n“The bulk of cybercrime is the equivalent of real-world opportunist thieves,” says Emm.
\nThese are the crooks you’re most likely to come across, or at least feel the impact of, as an individual — the petty criminals of the online world.
\nThey may spew out spam or offer access to a botnet for others to run denial-of-services attacks, or attempt to fool you into an advance-fee scams where the unwary are promised a big payday in return for paying (often a substantial) sum of money up-front.
\n“The twenty-first century digital criminal is best characterised as a ruthlessly efficient entrepreneur or CEO, operating in a highly developed and rapidly evolving dark market…they are a CEO without the constraints of regulation or morals,” warned a recent report from KPMG and BT entitled Taking the Offensive.
\nThese may be individuals or groups driven by a particular agenda — perhaps a particular issue or a broader campaign.
\nUnlike most cybercriminals, hacktivists aren’t out to make money from their exploits, rather to embarrass an organisation or individual and generate publicity.
\nThis means their targets may be different: rather than a company’s accounts system or customer database, they may well want to access embarrassing emails from the CEO or other company officials.
\nDespite the hype, the threat from cyber terrorism remains low, largely because these groups lack the skills, money and infrastructure to develop and deploy effective cyber weapons, which only the largest nations can hope to build. “Terrorist sympathizers will probably conduct low-level cyber attacks on behalf of terrorist groups and attract attention of the media, which might exaggerate the capabilities and threat posed by these actors,” said US director of national intelligence James Clapper in his assessment of worldwide cyber threats in September last year.
\nWhile standard criminality accounts for the vast majority of cyber threats, the use of the web by state-sponsored hackers has been widely publicised in recent years.
\nMuch of this takes the form of cyber espionage — attempts to steal data on government personnel or on expensive defence projects.
\nGovernments will spend millions on developing all-but-undetectable ways of sneaking onto the systems of other nations — or those of defence contractors or critical national infrastructure — and these projects may take years of development.
\n“There’s been an awful lot more issues being driven from insiders of late.
\nOne of the challenges is that when people think cyber they automatically think external,” says KPMG’s Quigley.
\nConfidential company documents stored on shared drives and weak internal controls on who can access data mean that the disgruntled or greedy insider could still be one of the biggest risks to businesses. “They should have insiders much higher on the radar than they do,” Quigley warns.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ce7a414f71&e=20056c7556<\/p>\n
HOLIDAY IN CAMBODIA FOR A YEAR AND A HALF IF YOU BREACH AN ASIA PACIFIC NETWORK
\nThe report, titled M-Trends 2016: Asian Pacific, is the first M-Trends report put out by Mandiant (owned by FireEye Inc.) that focuses solely on the APAC region.
\nThe report is broadly consistent with a recent RSA Security LLC report that found that 75 percent of respondents worldwide faced significant cybersecurity risk, but it found the APAC plus Japan region as the second most prepared of the three regions surveyed.
\nOne of the more stunning findings is that the median time it takes APAC organizations to even discover an attack is nearly a year and half (520 days), while the global median is 146 days.
\nThe region is also 80 percent more likely to be the target of cyberattacks than other parts of the world, according to the report.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b0fbc65895&e=20056c7556<\/p>\n
Nokia malware report shows surge in mobile device infections in 2016
\nESPOO, Finland, Sept. 1, 2016 \/PRNewswire\/ — Nokia today issued the Nokia Threat Intelligence Report \u2013 H1 2016, revealing a sharp rise in the occurrence of smartphone malware infections in the first half of the year.
\nIssued twice per year, the report examines general trends and statistics for malware infections in devices connected through mobile and fixed networks.
\nKey findings of the latest Nokia Threat Intelligence Report include:
\n* 96-percent surge in smartphone infections: The average smartphone infection rate increased 96 percent in the first half of 2016, compared to the second half of 2015 (0.49 percent vs 0.25 percent).
\n* New all-time high: In April 2016, mobile infections hit an all-time high, with 1.06 percent of devices infected by a range of malware, including ransomware, spyphone applications, SMS Trojans, personal information theft and aggressive adware.
\n* One out of 120 smartphones infected: In April, one out of every 120 smartphones had some type of malware infection.
\n* Android OS hit hardest: Android smartphones were the most targeted mobile platform, accounting for 74 percent of all malware infections compared to Window\/PC systems (22 percent), and other platforms, including iOS devices (4 percent).
\n* 75 percent jump in malware samples: The number of infected Android apps in Nokia’s malware database soared 75 percent, from 5.1 million in December 2015 to 8.9 million in July 2016.
\n* Mobile game infections detected within hours: Downloaded mobile applications are a key conduit for malware attacks.
\n* The Nokia Threat Intelligence Lab detected infected copies of an extremely popular mobile game within hours after they were posted on untrusted third-party download sites.
\n* More sophisticated malware: Malware is becoming increasingly more sophisticated, as new variations attempt to root the phone in order to provide complete control and establish a permanent presence on the device.
\n* Top three mobile threats: The top three mobile malware threats were Uapush.A, Kasandra.B and SMSTracker, together accounting for 47 percent of all infections.
\n* Fixed residential network infections rise: The overall monthly infection rate in residential fixed broadband networks reached an average of 12 percent in the first half of 2016, compared to 11 percent in late 2015, primarily due to an increase in moderate threat level adware.
\n* These infections are mostly due to malware on Windows PCs and laptops in the home, but also include infections on smartphones using home WiFi.<\/p>\n
Link: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6a3b8c43ff&e=20056c7556<\/p>\n
3 Golden Rules For Managing Third-Party Security Risk
\nRule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
\nCompanies can significantly reduce their risk of a catastrophic breach by staying a step ahead of the bad guys.
\nThe best data security approach includes rigorous risk assessment, prudent planning, consistent internal policies, and regular tracking and review of data access by your vendors and their vendor chain.
\nIt is possible to do this well.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=64267c902c&e=20056c7556<\/p>\n
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=572cbee44c)
\nUpdate subscription preferences (http:\/\/paulgdavis.us3.list-manage2.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)
\n============================================================<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * Physical Security Systems Enable Compliance To HIPAA And Other Privacy Laws * “We just call it security”: Symantec’s global CSO on merging…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1257","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1257"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1257\/revisions"}],"predecessor-version":[{"id":3744,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1257\/revisions\/3744"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}