{"id":2478,"date":"2016-07-27T00:00:00","date_gmt":"2016-07-27T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2016\/07\/27\/it-security-news-2016-07-27\/"},"modified":"2021-12-30T11:41:24","modified_gmt":"2021-12-30T11:41:24","slug":"it-security-news-2016-07-27","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2016\/07\/27\/it-security-news-2016-07-27\/","title":{"rendered":"IT Security News &#8211; 2016-07-27"},"content":{"rendered":"<h2><a id=\"a_toc\">Table of Contents<\/a><\/h2>\n<ul>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>\u200bAustralian firms face growing cyber litigation threat <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>As Biometric Scanning Use Grows, So Does Security Risk <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Researchers Struggle to Determine True Cost of Data Breaches <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Here are the key security features arriving with Windows 10 next week <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Senate body approves controversial cyber-crime bill [ISLAMABAD] <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Ransomware 2.0 is around the corner and it&#39;s a massive threat to the enterprise <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>The rise in cyber attacks shows we need to change the way we think about crime <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Nonprofit cybersecurity key to serving community responsibly, experts say <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Changing security situation, deeply convinced practicing the new security concept [auto translated &#8211; so text is challenging] <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>The Cost of a Data Breach in India: What You Need to Know <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>WinMagic survey finds 23% of businesses claim to stop a data breach a day <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>The Information Security Leader, Part 4: Three Persistent Challenges for CISOs <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Debunking the common myths of Data Loss Prevention (DLP) <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you\u2019re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye <\/li>\n<p><\/font><\/p>\n<p>\t\t\t<font color=\"darkblue\"><\/p>\n<li>Enhancing cyber security by implementing a robust threat and vulnerability management program <\/li>\n<p><\/font><\/p>\n<\/ul>\n<p><b>\u200bAustralian firms face growing cyber litigation threat <\/b> <\/p>\n<p>\t \tAustralian companies face \u2018US levels\u2019 of litigation if they fail to prepare for mandatory data breach reporting requirements which are likely to come into effect this year, a lawyer has warned.  <br \/>Speaking in Sydney, Adam Salter, a partner at law firm Jones Day\u2019s cybersecurity, privacy and data protection practice, said companies not adequately prepared are at greater risk of being sued by their corporate customers.<br \/>Litigation would be initiated for breach of privacy obligations embedded in customer contracts and by consumer customers, he said.  <br \/>Salter based his view on the firm\u2019s experience in other jurisdictions \u2013 such as the US and European Union \u2013 that have introduced mandatory data breach notification laws.  <br \/>Salter said Australian businesses should regularly review and strengthen their IT and data security systems, policies and procedures and prepare for how they would report a potential data breach to authorities and customers.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.cio.com.au\/article\/603956\/australian-firms-face-growing-cyber-litigation-threat\/\">http:\/\/www.cio.com.au\/article\/603956\/australian-firms-face-growing-cyber-litigation-threat\/<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.nbcnews.com\/favicon.ico\"><\/img> <b>As Biometric Scanning Use Grows, So Does Security Risk<\/b>  <\/p>\n<p>\t \tThe use of biometrics has exploded in recent years, with companies ranging from 24-Hour Fitness to NYU Langone Medical Center using this convenient technology to identify their customers.   <br \/>By 2019, biometrics are expected to be a 25-billion-dollar industry with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI.<br \/>Newest to the scene, Wells Fargo this fall will begin offering a smartphone app with biometric authentication for corporate customers \u2014 making all their financial information just an eye scan away.   <br \/>But there have already been cases of biometric hacking on a large scale.<br \/>An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, including RAND privacy expert and mother of two Rebecca Balebako.<br \/>She received a letter from OPM last year informing her that her personal information, including her ten fingerprints, were stolen in the breach.   <br \/>As biometric technology grows more personal and more widespread, so too do the risks to personal privacy.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.nbcnews.com\/tech\/tech-news\/biometric-scanning-use-grows-so-do-security-risks-n593161\">http:\/\/www.nbcnews.com\/tech\/tech-news\/biometric-scanning-use-grows-so-do-security-risks-n593161<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.eweek.com\/favicon.ico\"><\/img> <b>Researchers Struggle to Determine True Cost of Data Breaches<\/b>  <\/p>\n<p>\t \tDepending on the estimate, the average data breach can cost a company $7 million or $150 million.<br \/>Why are data breach costs so difficult to estimate?  <br \/>In May, tucked away in its quarterly filing to the Securities and Exchange Commission, retail giant Target updated its running total of the cost of its 2013 holiday season breach.  <br \/>While the retail giant may have outdone its peers with the bill for its breach, it is hardly alone.<br \/>U.K. mobile service provider TalkTalk attributed more than $80 million in losses to a breach that garnered information on 157,000 customers.<br \/>Following its breach in 2014, Home Depot tallied at least $161 million in costs from the loss of 40 million payment-card accounts and more than 50 million e-mail addresses, the company claimed in March.  <br \/>Yet, other companies have no idea how much damage their breaches have done.<br \/>In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.<br \/>More than a year later, the company cannot put a number to its damages.  <br \/>Yet, other companies have no idea how much damage their breaches have done.<br \/>In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.<br \/>More than a year later, the company cannot put a number to its damages.  <br \/>A more modest estimate, from the Ponemon Institute&#39;s \u201c2016 Cost of Cybercrime\u201d report, found that the average company could expect a $4 million loss per breach incident today.<br \/>U.S. companies have consistently higher losses, including an average breach cost of $7 million and an average per-capita breach cost of $221.<br \/>U.S. companies and organizations also encountered higher costs from the loss of customers, the report stated.  <br \/>Having a well-trained incident response team and extensively using encryption were the two strategies that most decreased the cost of data breaches, while the involvement of a third party in the data breach and a company\u2019s use of an extensive cloud infrastructure were the two factors that most increased costs, according to the \u201c2016 Cost of Cybercrime\u201d report.  <br \/>The disagreement between approaches is par for the course in data-breach calculations.<br \/>In a paper comparing six data-breach cost calculators, two Colorado State University researchers found that each approach made different assumptions and arrived at different per-record costs for data breaches. (Three of the calculators were created in conjunction with the Ponemon Institute and three different sponsors.)<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.eweek.com\/security\/researchers-struggle-to-determine-true-cost-of-data-breaches.html\">http:\/\/www.eweek.com\/security\/researchers-struggle-to-determine-true-cost-of-data-breaches.html<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.computerworld.com\/favicon.ico\"><\/img> <b>Here are the key security features arriving with Windows 10 next week<\/b>  <\/p>\n<p>\t \tThe new functionality aims to help IT departments protect their companies before and after a breach<br \/>Windows Information Protection aims to make it possible for organizations to compartmentalize business and personal data on the same device.<br \/>It comes alongside the general release of Windows Defender Advanced Threat Protection, a system that uses machine learning and Microsoft&#39;s cloud to better protect businesses after their security has been breached.   <br \/>Using Windows Information Protection, companies can encrypt their data on employee devices using keys that are controlled by IT.   <br \/>Companies can also set policies about which applications can be used to handle business data, so users can&#39;t live-tweet the content of a company&#39;s HR system, for example.   <br \/>For businesses to use Windows Information Protection, they&#39;ll need a Windows 10 Enterprise E3 subscription, which costs $7 per user per month.   <br \/>Windows Defender ATP requires a company be subscribed to the more expensive Windows 10 Enterprise E5 service, which is meant for companies looking for premium Windows 10 add-on features.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.computerworld.com\/article\/3100025\/security\/here-are-the-key-security-features-arriving-with-windows-10-next-week.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&amp;idg_eid=d5d83\">http:\/\/www.computerworld.com\/article\/3100025\/security\/here-are-the-key-security-features-arriving-with-windows-10-next-week.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&amp;idg_eid=d5d83<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.dawn.com\/favicon.ico\"><\/img> <b>Senate body approves controversial cyber-crime bill [ISLAMABAD]<\/b>  <\/p>\n<p>\t \tISLAMABAD: A Senate panel on Tuesday approved the controversial Prevention of Electronics Crimes Bill 2015.   <br \/>The bill, which has already been approved by the National Assembly, will now be put up for discussion in the Senate, which must approve it before it can be signed into law by the president.  <br \/>Salient features of bill  <\/p>\n<p>Up to seven years imprisonment, Rs10 million fine or both for hate speech, or trying to create disputes and spread hatred on the basis of religion or sectarianism<br \/>Up to three years imprisonment and Rs0.5 million fine or both for cheating others through internet<br \/>Up to five year imprisonment, Rs5 million fine or both for transferring or copying of sensitive basic information<br \/>Up to seven years imprisonment and Rs0.5 million fine or both for uploading obscene photos of children<br \/>Up to Rs50 thousand fine for sending messages irritating to others or for marketing purposes.<br \/>If the crime is repeated, the punishment would be three months imprisonment and a fine of up to Rs1 million<br \/>Up to three year imprisonment and a fine of up to Rs0.5 million for creating a website for negative purposes<br \/>Up to one year imprisonment or a fine of up to Rs1 million for forcing an individual for immoral activity, or publishing an individual\u2019s picture without consent, sending obscene messages or unnecessary cyber interference<br \/>Up to seven year imprisonment, a fine of Rs10 million or both for interfering in sensitive data information systems<br \/>Three month imprisonment or a Rs50 thousand fine or both for accessing unauthorised data<br \/>Three year imprisonment and a fine of up to Rs5 million for obtaining information about an individual\u2019s identification, selling the information or retaining it with self<br \/>Up to three year imprisonment and a fine of up to Rs0.5 million for issuing a SIM card in an unauthorised manner<br \/>Up to three year imprisonment and fine of up to Rs1 million rupees for making changes in a wireless set or a cell phone<br \/>Up to three year imprisonment and a fine of up to Rs1 million for spreading misinformation about an individual<br \/>Up to three years imprisonment and fine of up to Rs1 million for misusing internet<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.dawn.com\/news\/1273324\/senate-body-approves-controversial-cyber-crime-bill\">http:\/\/www.dawn.com\/news\/1273324\/senate-body-approves-controversial-cyber-crime-bill<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/www.techrepublic.com\/favicon.ico\"><\/img> <b>Ransomware 2.0 is around the corner and it&#39;s a massive threat to the enterprise<\/b>  <\/p>\n<p>\t \t&quot;The landscape is simple.<br \/>Attackers can move at will.<br \/>They&#39;re shifting their tactics all the time.<br \/>Defenders have a number of processes they have to go through,&quot; said Jason Brvenik, principal engineer with Cisco&#39;s security business group, discussing the Cisco 2016 Midyear Cybersecurity Report.  <br \/>Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said.  <br \/>The next step in the evolution of malware will be ransomware 2.0, which Brvenik said &quot;will start replicating on its own and demand higher ransoms.<br \/>You&#39;ll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted.<br \/>That&#39;s really a nightmare scenario.&quot;  <br \/>Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company&#39;s network, Brvenik said.  <br \/>New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.<br \/>For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions.<br \/>These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report.  <br \/>Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems.<br \/>Advertising is a viable model for attack.  <br \/>&quot;We saw a 300% increase in the use of HTTPS with malware over the past four months.<br \/>Ad injection is the biggest contributor.<br \/>Adversaries are using HTTPS traffic to expand time to operate.<br \/>That&#39;s the attacker opportunity as it exists today,&quot; he said.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.techrepublic.com\/article\/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise\/?ftag=TRE684d531&amp;bhid=21487072891631060763005914609462\">http:\/\/www.techrepublic.com\/article\/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise\/?ftag=TRE684d531&amp;bhid=21487072891631060763005914609462<\/a><\/b> <\/p>\n<p><b>Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs <\/b> <\/p>\n<p>\t \tTENAFLY, N.J., July 26, 2016 \/PRNewswire\/ &#8212; Security Current, an information and collaboration community by CISOs for CISOs, today announced the release of its latest ebook, A CISOs Guide to Phishing and Malware by Joel Rosenblatt, which now is publicly available.<br \/>The ongoing Security Current ebook series, A CISO&#39;s Guide to\u2026 provides insights and guidance on key issues facing today&#39;s CISO from a CISO&#39;s perspective.  <br \/>In this ebook, Rosenblatt, director of information security for Columbia University, explores real-world examples of advanced targeted attacks via email and social media, demonstrating how these evolving threats are increasing an organization&#39;s business risks.<br \/>More specifically, he explores attack vectors such as email that are being exploited as never before.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.prnewswire.com\/news-releases\/security-current-launches-ebook-on-phishing-and-malware-in-ongoing-series-for-cisos-300303829.html\">http:\/\/www.prnewswire.com\/news-releases\/security-current-launches-ebook-on-phishing-and-malware-in-ongoing-series-for-cisos-300303829.html<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/phys.org\/favicon.ico\"><\/img> <b>The rise in cyber attacks shows we need to change the way we think about crime<\/b>  <\/p>\n<p>\t \tYou are now 20 times more likely to have your money stolen online by a criminal overseas than by a pickpocket or mugger in the street, according to recent figures from the Office for National Statistics.<br \/>The figures, revealed that almost 6m fraud and cyber crimes were committed in the past year in England and Wales alone \u2013 making it now the most common type of crime experienced by adults in the UK.<br \/>The average frontline police officer also needs to be able to think about the digital crime scene as well as, or instead of, the physical one.<br \/>Being able to respond and investigate criminal cyber activity should no longer be the domain of police specialists \u2013 because, as the evidence shows, victims are more likely to suffer a cyber criminal act than any other form of crime.<br \/>Beyond law enforcement, society must think about the role of the private sector and their duty of care.<br \/>Everyone online is sitting on an internet service provider&#39;s network, which effectively owns the digital land upon which we have set up our digital lives.<br \/>In the physical world, landlords renting a property have a duty of care to the safety of their tenants, so surely it makes sense for our digital landlords to be held to the same standards.<br \/>To respond effectively we need to look at the data gathered on the nature of these crimes \u2013 to understand how cyber crimes occur, and who is most at risk.<br \/>In the long run, this will make it easier for law enforcement to work out how to tackle these cases.<br \/>But this must be done in a sensible and measured way, as the situation is likely to appear to get worse before it gets better as people become more aware of what these crimes are and how to report them.<br \/>Similarly organisations, such as the ONS and the City of London Police, will get better at recording cyber crime \u2013 causing the figures to go up again.<br \/>For now though, these new figures make it clear that cyber crime must become a significant priority for the police and crime commissioners up and down the country.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/phys.org\/news\/2016-07-cyber-crime.html\">http:\/\/phys.org\/news\/2016-07-cyber-crime.html<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"https:\/\/mibiz.com\/favicon.ico\"><\/img> <b>Nonprofit cybersecurity key to serving community responsibly, experts say<\/b>  <\/p>\n<p>\t \tRegardless of size or resources, nonprofits must keep cybersecurity top of mind.   <br \/>Regardless of size or resources, nonprofits must keep cybersecurity top of mind.   <br \/>Puckett has made cybersecurity a top priority for the foundation.<br \/>One of a nonprofit\u2019s biggest risk areas is \u201creputation,\u201d she said, and a breach of any kind can seriously compromise the trust a community places in an organization.   <br \/>\u201cNonprofits rely extremely heavily on their I.T. vendors,\u201d she said. \u201c I know why \u2014 because they don\u2019t know what they don\u2019t know \u2014 but nonprofits need to become informed with some of the basics so that they at least know the questions to ask.<br \/>If they don\u2019t know those questions, they need to reach out to resources that are available all over.\u201d  <br \/>One of those resources is the West Michigan Cyber Security Consortium (WMCSC), a free-to-join group of more than 250 local businesses and organizations sharing best practices for remaining secure.<br \/>WMCSC is working with Trivalent Group Inc., the Better Business Bureau and the Michigan Small Business Development Center to host the third annual Michigan Cyber Security Conference on Oct. 5.  <br \/>Puckett said her organization performs multiple security audits throughout the year.<br \/>One audit reviews the foundation\u2019s internal controls, such as password requirements, lockout policies, firewalls, two-factor authentication, etc.<br \/>Another audit involves a penetration test, in which a third-party consultant attempts to hack into the network to look for any weaknesses the foundation could patch up.  <br \/>The single most important issue to address, however, is employee education, sources said.<br \/>Considering how effective most of the modern security systems are, an uninformed or careless employee is actually the most likely cause of infiltration, according to Puckett.<br \/>That\u2019s why she sends out monthly security awareness letters, as well as occasional phishing tests to see if employees will fall for the common password-stealing scam.<br \/>Even going to the wrong website can have disastrous results.  <br \/>For Goodwill, protecting the information of \u201cthe people we serve\u201d is top priority, Wallace said.<br \/>Through various programs, such as career and health care services, Goodwill has access to many of its participants\u2019 personal information.<br \/>As such, the Health Insurance Portability and Accountability Act (HIPAA) plays a large part in the organization\u2019s security policies.<br \/>As one \u201cvery small example,\u201d Wallace said that neither job coaches nor any other employees are allowed in any way to interact on social media with program participants.  <br \/>\u201cIt doesn\u2019t matter what size you are,\u201d Wallace said. \u201cIt\u2019s important for any nonprofit that has private information about individuals.<br \/>You owe it to the people you\u2019re serving.\u201d<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"https:\/\/mibiz.com\/news\/nonprofit-business\/item\/23843-nonprofit-cybersecurity-key-to-serving-community-responsibly,-experts-say\">https:\/\/mibiz.com\/news\/nonprofit-business\/item\/23843-nonprofit-cybersecurity-key-to-serving-community-responsibly,-experts-say<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"http:\/\/BLANK.com\"><\/img> <b>Changing security situation, deeply convinced practicing the new security concept [auto translated &#8211; so text is challenging]<\/b>  <\/p>\n<p>\t \tAs China&#39;s first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.<br \/>By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share.   <\/p>\n<p>In recent years, emerging security events to promote the development of the network security market, the number of network security vendors continue to increase, the structural safety of the product are continuously enriched, market size and network security investment constantly increasing.<br \/>As China&#39;s first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.<br \/>By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share.<br \/>The changing face of the Internet and the escalating threat, as well as fierce competition in the market, deeply convinced of the safety concept to practice what is it.<br \/>Faced with ever-changing network security situation, the urgent need to change in response to changes in the security environment and IT attacks occurred.<br \/>Security is not safe or is it the product of a pile of security services, but an ability.  <br \/>First of all, the visual is security.<br \/>Know thyself only know yourself, see the security necessary capacity of enterprises.<br \/>Only through their own lack of understanding, to see to understand the security situation, in order to identify threats and targeted for construction safety.   <br \/>Second, companies need to continue the detection of risks, and respond quickly.<br \/>There is no perfect thing, there is no hundred percent security.<br \/>Faced advanced targeted attacks (APT), we can not completely prevent the control of an attacker in, effective approach is to control their behavior to avoid further attacks and destruction.  <br \/>inally, secure delivery should be easy to use.<br \/>First, because of the ability to secure corporate security managers have become increasingly demanding, they need only to understand the network but also to understand the application, it is necessary to understand the technology, but also need to know the laws and regulations in order to guarantee effective lines of business, operations process security; and second, because the security management becomes complex, the need for information assets, to track human behavior, security risk management, and timely elimination of security risks.   <br \/>To achieve safe optionally starting from the following three points: First, more visual elements.<br \/>The elements of user behavior, assets and other visual analysis, to find the point of risk, and in a timely manner for safe disposal.<br \/>The second point, bypassing behavior defense system visualization.<br \/>Mainly involving sensitive information, external links, abnormal traffic.<br \/>Third, in order to render the management perspective.<br \/>To make it easier to understand the risks and effective security management, security required from a management perspective will be visualized presentation.  <br \/>In continuous testing, the need for the event has occurred, unknown threats, as well as loopholes in the system for continuous detection by detecting the terminal, abnormal behavior of the server, to detect unknown threats and new threats, detect new vulnerabilities because the system updates frequently generated, and ultimately quickly issued a policy based on test results, narrow the scope of the threat, quickly fix vulnerabilities.  <br \/>In this regard, deep convinced technology from the server security, endpoint security, security cloud platform to form a continuous integral detection technology architecture that provides detection of unknown threats, cloud scanning, cloud testing and other testing services continued.  <br \/>Simple secure delivery of on-line needs easier deployment, simpler daily operation and maintenance.<br \/>Infrastructure Security delivery need to simplify the integration of security functions as possible, and in an integrated strategy deployed on the front line of safety testing, simplify policy deployment;<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/news.securemymind.com\/2016072624304.html\">http:\/\/news.securemymind.com\/2016072624304.html<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"https:\/\/securityintelligence.com\/favicon.ico\"><\/img> <b>The Cost of a Data Breach in India: What You Need to Know<\/b>  <\/p>\n<p>\t \tIBM and Ponemon Institute recently released the \u201c2016 Cost of Data Breach Study: India,\u201d the annual benchmark study on the cost of data breach incidents for companies based in India.   <br \/>Below are the key takeaways from the report:<\/p>\n<p>The average total cost of a breach was 9.73 crore INR.<br \/>This represents a 9.5 percent increase over 2015 costs.<br \/>In comparison, the global average total cost of a data breach increased by 5.4 percent.<br \/>The size of data breaches increased as well \u2014 the average size grew by 8.5 percent in 2016.<br \/>This is much more than the global average increase of 3.2 percent.<br \/>The impact of data breaches varied by industry.<br \/>Certain sectors, such as financial services, had higher data breach costs when compared with industries such as research and the public sector.<br \/>Forty-one percent of companies experienced a data breach as a result of a malicious or criminal attack, which was the most common root cause of a breach.<br \/>The cost of a data breach was directly related to the number of records comprised in the attack.<br \/>The greater the number of records lost, the higher the cost.<br \/>Data breaches that involved less than 10,000 records had an average cost of 5.96 crore INR, while breaches involving more than 50,000 records had an average cost of 16 crore INR.<br \/>The longer it takes to detect and contain a data breach, the more costly it becomes to resolve.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"https:\/\/securityintelligence.com\/the-cost-of-a-data-breach-in-india-what-you-need-to-know\/\">https:\/\/securityintelligence.com\/the-cost-of-a-data-breach-in-india-what-you-need-to-know\/<\/a><\/b> <\/p>\n<p><b>WinMagic survey finds 23% of businesses claim to stop a data breach a day <\/b> <\/p>\n<p>\t \tLONDON, UK \u2013 July 26, 2016 \u2013 WinMagic Inc., the intelligent key management and data security company, has today released survey data in which IT managers say they thwart an attempted data breach at least once a month.<br \/>The survey of 250 IT Managers found that a staggering 23% stop a breach every day.<br \/>A data breach can be the result of an attack on the network, or an employee inadvertently sending or taking information out of the corporate network without adequate care.  <br \/>The survey also spoke with 1,000 employees, 41% of whom believe IT security is solely the IT department\u2019s responsibility \u2013 A further 37% say they have a role to play in IT security too.<br \/>Even though so many employees seemingly abdicate themselves of responsibility for IT security, a fifth of IT managers want to be able to empower them to use personal devices to access work documents.<br \/>Interestingly only 36% felt such access should be restricted to approved employees.  <br \/>IT managers also rated employees as the second biggest risk behind hackers to security (24%).<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"http:\/\/www.pressreleaserocket.net\/winmagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day\/474317\/\">http:\/\/www.pressreleaserocket.net\/winmagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day\/474317\/<\/a><\/b> <\/p>\n<p><img decoding=\"async\" height = \"16\" width = \"16\" src=\"https:\/\/securityintelligence.com\/favicon.ico\"><\/img> <b>The Information Security Leader, Part 4: Three Persistent Challenges for CISOs<\/b>  <\/p>\n<p>\t \tCISOs and their teams must embody two distinct roles: subject matter experts in the technical aspects of cybersecurity and trusted advisers in making recommendations about security-related risks.<br \/>CISOs and their teams need to become confident in addressing four fundamental questions about security-related risks to help guide executive-level discussions toward making better-informed business decisions about managing risks to an acceptable level, as opposed to providing the executives with updates of tactical metrics having to do with security\u2019s activities, work progress and operational costs.<br \/>CISOs and their teams need to learn how to overcome three persistent challenges in identifying, assessing and communicating effectively about security-related risks.<br \/>A surprising percentage of information security professionals lack an accurate understanding of risk, in spite of the fact that risk is the very reason for the existence of the business function called information security.   <br \/>One of the biggest challenges for CISOs is that security professionals traditionally think of cybersecurity as intangible, which is yet another reason why engaging in executive-level discussions about the question \u201cHow secure are we?\u201d makes very little sense.<br \/>If something is intangible, our instincts tell us it can\u2019t be measured.<br \/>Not surprisingly, many people with predominantly technical and engineering-oriented backgrounds experience an inherent discomfort in not being able to quantify security-related risks with precision.   <br \/>Ironically, CISOs and their teams often use emotional and qualitative approaches to communicate risks with business decision-makers.  <br \/>Qualitative and semi-quantitative risk assessments have become extremely popular.<br \/>They\u2019re manifested in five-by-five heat maps that are typically visualized in vibrant green, yellow and red.<br \/>Security leaders say they like them because the business decision-makers seem to get it and they often lead to better conversations about risk.<br \/>\n\t\t\t<font color=\"blue\"><b>Link:<\/b><\/font> <a href=\"https:\/\/secu\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents \u200bAustralian firms face growing cyber litigation threat As Biometric Scanning Use Grows, So Does Security Risk Researchers Struggle to Determine True Cost of Data Breaches Here are the key security features arriving with Windows 10 next week Senate body approves controversial cyber-crime bill [ISLAMABAD] Ransomware 2.0 is&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2478","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2478"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2478\/revisions"}],"predecessor-version":[{"id":4965,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2478\/revisions\/4965"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}