[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.]
\nAnd so, now the news<\/p>\n
* 5 Tips For Keeping Your Wireless Network Secure
\n* Dealing With Cyber Threat in the Middle East
\n* Ransomware tops list of cyber attacks in Q2
\n* Essential certifications for smart security pros
\n* Reclamere Hosts First Conference On Emerging Healthcare Data Security Issues
\n* Mid-market business leaders reckless with sensitive data
\n* Cyber Security Survey reveals darknet use higher among 18- to 24-year-olds
\n* How to develop a cross-organizational compliance program
\n* Reviewing the latest trends in online fraud
\n* Can biometrics and the FIDO Alliance save us from password overload?
\n* Cyber security tops list of transport industry threats, survey says
\n* Tripwire Study Examines Ransomware Recovery Perceptions Among Info Security Pros<\/p>\n
5 Tips For Keeping Your Wireless Network Secure
\nBut not all WIPS security solutions are created the same.
\nThese five key questions will help you evaluate the security features offered by WIPS that protect corporate Wi-Fi networks:
\n1) How many threats does it detect – and how much information do you get about the attacks?
\n2) How long does it take the system to detect a rogue device?
\n3) Does your wireless network support forensic analysis?
\n4) Does your network support automated regulatory compliance?
\n5) How easy can you set up and change network rules?
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b2a4359f02&e=20056c7556<\/p>\n
Dealing With Cyber Threat in the Middle East
\nThere have been significant efforts from the industry to address cyber security.
\nThese efforts are partly driven by fear, particularly in the aftermath of previous attacks, and reflect industry requirements to ensure availability, reliability and safety \u2013 key foundations for profitable and efficient operations.
\nIncreasingly, they are also driven by regulation and the adoption of cyber security standards in the region.
\nMany national governments in the Middle East have stepped up their requirements.
\nQatar, for example, published the third version of its National Standards for Security of Critical Industrial Automation and Control Systems in 2014, and last year outlined further developments in its National ICT Plan 2015.
\nIn 2014, the UAE\u2019s National Electronic Security Authority also published new standards, drawing on international standards such ISO 27001 and the US National Institute of Standards & Technology.
\nSaudi Arabia, meanwhile, has been developing its National Information Security Strategy (NISS), and has had tough anti-cybercrime laws in place since 2007.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5b44fe9f7b&e=20056c7556<\/p>\n
Ransomware tops list of cyber attacks in Q2
\n* PandaLabs detected 18 million new malware samples in Q2, neutralising around 200 000 threats daily.
\n* Ransomware attacks and credential theft are tactics most used by cyber criminals.
\n* Problem areas identified by PandaLabs include POS software, bank attacks, IOT and mobile devices.
\nCyber attacks do not only originate from private entities; in recent months, it appears that cyber attacks are the latest weapon governments are using to target their adversaries.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=27ae6593af&e=20056c7556<\/p>\n
Essential certifications for smart security pros
\nI\u2019m a big believer in taking what you know the best first.
\nUse your first exam and certification to get back into good study habits, and once you pass the exam, let it help build your confidence.
\nOr if you fail, identify your weaknesses and get back on the horse.
\nI once taught a guy who failed the same test two dozen times over the course of a year.
\nBut he kept coming back and eventually eked out a passing score.
\nI\u2019ll hire a honey badger any day of the week.
\nIf your experience qualifies you for taking the CISSP, that would be a great certification to start with.
\nThe breath of the exam (not the depth of material) is what makes the CISSP challenging.
\nThe majority of people who take the exam pass it, and once you\u2019ve earned the certification you can be prepared to share your success with anyone who asks.
\nIf you want to acquire new technical skills, start with the SANS GIAC.
\nIt\u2019s fairly expensive, but nothing is better.
\nPeople already in auditing or management or those interested in doing so should consider the ISACA exams.
\nCompliance folks should look to SANS and ISACA.
\nProof of expertise in a vendor\u2019s suite of products can quickly be shared when you have that vendor\u2019s own certification.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8e06f1d053&e=20056c7556<\/p>\n
Reclamere Hosts First Conference On Emerging Healthcare Data Security Issues
\nReclamere, the company that positions businesses to implement secure data processes in the workplace and safely and securely dispose of their IT assets, announced it will hold its first conference focused on healthcare security, Sept. 22nd.
\nOpen to all interested parties, the free event is scheduled from 8 a.m. to 5 p.m. at The Ben Franklin Institute, Innovation Park, 200 Innovation Blvd., Suite 101, in University Park, Pennsylvania.
\nDesigned for healthcare IT and compliance professionals, the conference will feature insight from Reclamere CEO and nationally-recognized data security expert Angie Singer Keating, and President Joe Harford on how to proactively overcome cybersecurity challenges. (Please see bios here.)
\nWorkshops will cover these key topics:<\/p>\n
How to implement technology solutions that don\u2019t hinder patient care while still providing confidentiality and security of patient information
\nUnderstanding why risk analysis is the cornerstone of MACRA and HIPAA compliance
\nHow to painlessly vet business associates to ensure compliance with more stringent HIPAA requirements
\nLearn how even smaller and regional healthcare providers can have world class security expertise
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=50e98e49a2&e=20056c7556<\/p>\n
Mid-market business leaders reckless with sensitive data
\nIron Mountain’s latest report says managers are the “worst offenders\u201d when it comes to poorly handling business data.
\nAccording to the report, both MDs and CxOs have been completely reckless with sensitive information:
\n\u00b7 57 per cent have left confidential data on a printer for everyone to see \/ snatch \u00b7 49 per cent used their private email accounts to send sensitive data (Hillary says Hello)
\n\u00b7 40 per cent have used insecure wireless networks to send confidential information
\n\u00b7 43 per cent have thrown such data in a \u2018potentially insecure trash bin\u2019
\n\u00b7 39 per cent lost such data in a public place
\nOne in seven (14 per cent) don\u2019t follow company policies, and 6 per cent were unaware of any policies, at all.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=05748cefb6&e=20056c7556<\/p>\n
Cyber Security Survey reveals darknet use higher among 18- to 24-year-olds
\nA recent survey by the Cyber Security Centre at the University of Kent has revealed that 5% of British adults have browsed the darknet, with 1% acknowledging they have bought items from it, but this percentage is much higher (14%) for 18-24 year olds.
\nThe survey, now in its third year, also revealed that:
\n– At least 4% of British adults have been victims of ransomware, where their computer has had malware installed, which encrypts their data and then faced demands for a payment to restore it back to normal.
\nOf those polled, 26% paid the ransom – though even after they complied with the criminals’ demands, 35% of them never recovered their data
\n– Bitcoins still struggle to become popular among British users – though the ownership figures double in the 18-24 age range
\n– When it comes to data breaches, it is the older age group that wants the toughest penalties imposed.
\nApproximately 40% of British adults agree with companies suffering the breach paying larger fines, with the users affected receiving significant compensation.
\nThey believe the government should do more to prevent data breaches in companies
\n– Almost a third of all GB citizens don’t want their medical data to be shared with third parties for any reason, including improving medical care or research.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4af5edcf8f&e=20056c7556<\/p>\n
How to develop a cross-organizational compliance program
\nThe 2016 Phase 2 HIPAA Audit Program is in high gear with its focus on reviewing covered entity and business associate efforts to meet the standards and implementation specifications of the Privacy, Security and Breach Notification Rules.
\nThese Office of Civil Rights enforcement actions are resulting in greater scrutiny on how healthcare organizations maintain compliance with HIPAA.
\nBut it\u2019s not just about HIPAA\u2014many healthcare organizations still lack a coordinated strategy for identifying and addressing all the regulations and standards that apply such as state data breach notification laws, Payment Card Industry Data Security Standard or Federal Rules of Civil Procedure and translating these mandates into corporate policies, procedures and overall compliance.
\nCompliance accuracy is important because of the potential high costs associated with possible fines, penalties and lawsuits due to negligence or misinterpreting requirements as well as a greater likelihood for the confidentiality, integrity and availability of information to be compromised.
\nDeveloping a cross-organizational compliance program formally assigns the accountability and responsibility for proactively identifying and complying with regulations and standards that apply to the organization.
\nIn terms of the characteristics of an effective cross-organizational compliance program, five primary areas should be addressed:
\n– Organizational alignment
\n– Training
\n– Communication
\n– Research and review
\n– Governance, risk management and compliance oversight
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5bd2b44e7a&e=20056c7556<\/p>\n
Reviewing the latest trends in online fraud
\nThe U.S. credit card industry is now at a point of inflection similar to where the United Kingdom was a few years ago.
\nFraudsters targeting point-of-sale machines and e-commerce payment providers, hunting for primary account data, have been successful in stealing bulk credit card data and using their proceeds to literally print credit cards and cash out either physically or online.
\nA watershed moment like the one the United Kingdom had in 2005 when credit card fraud levels rose above acceptable levels is coming in the United States, where banks and retailers are finally making the move toward Chip-and-PIN to reduce card present fraud.
\nUltimately, this approach will seek to further devalue the credit card number for fraudsters as a means of monetising stolen credentials.
\nIt\u2019s possible that the new fraudster funding model will be through ransomware, which is already plaguing many computers, transforming vulnerabilities into profit.
\nThis software holds files to ransom, threatening to destroy an organisation\u2019s data unless it pays up.
\nHowever, apart from the ransomware bounty, little further value can be extracted from the fraud.
\nYet if the next-generation ransomware were to actually review, analyse and sift through the files being processed, more value from the contents of the victims computer could potentially be extracted and monetised.
\nAnother relatively new fraud marketplace is the selling of compromised machines, which can then be used to support a combination of cybercrimes covering distributed denial of service, spam, click fraud and ransomware bots, or for more targeted crimes in which the victim inadvertently provides access to sensitive private data or intellectual property
\nOther fraud schemes becoming more prevalent: Attacks in the United Kingdom relating to phishing fraud (e.g., a fake email from an organisation\u2019s CEO to its CFO to request an urgent payment transfer) are becoming increasingly popular.
\nThere have been similar attacks on companies such as private banks and law firms that hold client money \u2013 they have reported attempts to target cash under management through similar social-engineering techniques.
\nThe key challenge will be ensuring that companies avoid overspending in the wrong areas and losing focus on addressing what matters most to them.
\nAs anti-cybercrime experts begin to measure, categorise and capture cybercrime events, they ultimately will help the industry contextualise the results and enable organisations to focus on addressing the right things that matter most to them around cybersecurity.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a15cd1550b&e=20056c7556<\/p>\n
Can biometrics and the FIDO Alliance save us from password overload?
\nthe FIDO Alliance has emerged to create an open set of standards so all participating members can agree on a methodology to securely authenticate users across industries.
\nWith the creation of this organization that will set the standards, best practices for proper authentication can be developed for the benefit of all organizations and establish a united front against potential consumer compromise and breaches.
\nGoing forward, it\u2019s clear that the FIDO Alliance will be a key driver in moving the industry towards fewer passwords.
\nAt the same time, vendors and corporations will move independently of the FIDO Alliance to lessen our reliance on the broken password system with a biometric approach.
\nThat said, the FIDO Alliance does face some obstacles.
\nAs with any standards organization, it\u2019s a matter of adoption and momentum.
\nApple has not yet joined the alliance, which limits the market for FIDO-specific adoption.
\nThird parties can build a solution around Touch ID that is FIDO compliant, just with a greater degree of difficulty and time investment.
\nCertainly Apple\u2019s participation would greatly further the FIDO cause.
\nAlso, there have been some delays in the finalization of the FIDO 2.0 specification, leaving some corporations wondering if they should build towards the 1.0 standard, or wait for the new standard to be finalized.
\nSome corporations may even choose their own route and leverage the built-in biometric authenticators without following the FIDO way.
\nHowever, the benefits for the customer, including security and convenience, as well as for the organization\u2014security, customer delight, and a reduced amount of customer support\u2014far outweigh the cost of the integration.
\nIndeed, FIDO\u2019s mantra, \u201csimpler, stronger authentication\u201d is a good one and will usher in an era when we won\u2019t have to remember a hundred different passwords.
\nThis will be a welcome change for all involved.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=7735bd0529&e=20056c7556<\/p>\n
Cyber security tops list of transport industry threats, survey says
\nDigital vulnerability and rapid technological advancement rank among the top concerns for transportation industry executives, according to a recent survey.
\nBut, the survey from global advisory, brokering, and solutions company Wills Towers Watson also found little agreement from mode to mode or country to country with regard to the \u201cmost severe risk.\u201d The disparity, WTW concluded, reflects the importance of local solutions despite the growing global interconnectivity of the transportation industry and omnipresent threat of digital vulnerability.
\nThe top overall risk, across all modes of transport and throughout all regions, was the increased security threat from cyber and data-privacy breaches, according to the white paper.
\nMoreover, five of the top 10 perceived risks reported by company executives were cyber-related, with the potential failure of critical IT systems and the vulnerability of the increasingly digitalized supply chain ranking second and fourth, respectively.
\nFor those doing business on land and sea, cyber and data privacy breaches, such as those behind the IRISL and Antwerp incidents, were the no. 1 issue.
\nAlthough transportation providers in the air arena reported the failure of critical IT systems was their top concern.
\nThe recent failure of Delta\u2019s computer system and stranding of thousands of passengers highlights that risk for airlines.
\nThere is also some disparity among respondents from different corners of the world.
\nIn Asia, Australia, Europe, Russia, Central Asia, and among the Commonwealth of Independent States, cyber security was still no. 1.
\nBut, in North America, the top concern was an overdependence on national infrastructure.
\nIn Latin America, third-party security vulnerability and digital supply chain resilience topped the list.
\nAnd, in the Middle East and Africa, the threat from new and emerging competitors beat out other concerns.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=09b037d0a7&e=20056c7556<\/p>\n
Tripwire Study Examines Ransomware Recovery Perceptions Among Info Security Pros
\ncybersecurityA new report from Tripwire has revealed that many information security professionals are still apprehensive about ransomware recovery strategies in their organizations.
\nThirty-four percent of the 220 information security professionals surveyed by Tripwire said they are \u201cvery confident\u201d their companies could recover from a ransomware attack with no critical data loss, the security software developer said Thursday.
\nThe company also surveyed IT security professionals who attended this year\u2019s RSA Conference and Infosecurity Europe forum and found that 38 percent and 32 percent of respondents, respectively, believe their organizations could recover from ransomware infections.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=27126314d6&e=20056c7556
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage1.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=693fb7666f)
\nUpdate subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)
\n============================================================<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n
()<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul G Davis – his opinion and no-one else’s, apart from those of the authors of the articles.] And so, now the news * 5 Tips For Keeping Your Wireless Network Secure * Dealing With Cyber Threat in the Middle East * Ransomware tops list of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1259","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1259"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1259\/revisions"}],"predecessor-version":[{"id":3746,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1259\/revisions\/3746"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}